388
|
Chapter 11: Securing and Sharing Your Data
Controlling Access to Your Data
When your disk drive or storage device is formatted using NTFS, you can use NTFS
permissions to control access to your data. As mentioned earlier, NTFS permissions
can be broken down into five broad categories: basic permissions, special permis-
sions, ownership permissions, inherited permissions, and effective permissions. The
sections that follow discuss how to use each type of permission.
Basic Permissions
With NTFS, permissions are stored in the filesystem as part of the access control list
(ACL) assigned to a file or a folder. As described in Table 11-1, files and folders have
a slightly different set of basic permissions.
When working with permissions, keep in mind that some permissions
are inherited based on the permissions of a parent folder. Inherited
permissions are applied automatically, and you cannot edit inherited
permissions without first overriding them.
Table 11-1. Basic permissions for files and folders
Permission How it’s used Used with…
Full Control Grants full control over the selected file or folder. Permits reading,
writing, changing, and deleting files and subfolders. Also permits
changing permissions, deleting files in the folder regardless of
their permissions, and taking ownership of a folder or a file. Select-
ing this permission selects all the other permissions as well.
Files and folders
Modify Permits reading, writing, changing, and deleting a file or folder.
With folders, permits creating files and subfolders, but does not
allow taking ownership of a file or folder. Selecting this permission
selects all the permissions below it.
Files and folders
Read & Execute Permits executing files. With folders, permits viewing and listing
files and subfolders as well as executing files. If applied to a folder,
this permission is inherited by all files and subfolders within the
folder. Selecting this permission selects the List Folder Contents
and Read permissions as well.
Files and folders
List Folder Contents Permits viewing and listing files and subfolders as well as execut-
ing files. Inherited only by subfolders and not by files within the
folder or its subfolders.
Folders only
Read Permits viewing and listing the contents of a file or folder. Permits
viewing file attributes, reading permissions, and synchronizing
files. Readis theonly permissionneeded torun scripts.Read access
is required to access a shortcut and its target.
Files and folders
Write Permits creating new files in folders and writing data to existing
files. Permits viewing file attributes, reading permissions, and syn-
chronizing files. Doesn’t prevent deleting a folder or file’s contents.
Files and folders