Specifications
Setting Share Access Permissions
Chapter 5 Security Management 85
Setting Share Access Permissions
The GuardianOS supports share-level as well as file & directory-level permissions
(discussed in the next section) for all local and Windows domain users and groups.
The default permission granted to users and groups when they are granted access
to the share is full control. Administrators may restrict selected users and groups to
read-only access.
Notes on Share Access Behaviors
• Share access defaults to full control —
The default permission granted to users
and groups when they are granted access to the share is full control.
Administrators may restrict selected users and groups to read-only access.
• Share access permissions are cumulative —
If a user has read-only permission to
the share, but is also a member of a group that has been given full-access
permission to the share, the user gets full access to the share.
• Interaction between share-level and file-level access permissions —
When both
share-level and file-level permissions apply to a user action, the more restrictive
of the two applies. Consider the following examples:
Example A. More restrictive file-level access trumps share-level access.
Example B. More restrictive share-level access trumps file-level access
Share-Level Access Permissions
Full Control Users can read, write, modify, create or delete files and folder within
the share.
Read-Only Users can navigate the share directory structure and view files.
Share Level File Level Result
Full Control Read-only to FileA Full control over all directories and files in
SHARE1 except where a more restrictive file-level
permission applies. The user has read-only
access to FileA.
Share Level File Level Result
Read Only Full Control to FileB Read-only access to all directories and files in
SHARE1 including where a less restrictive file-
level permission applies. The user has read-only
access to FileB.