Network Administration: User Access and Permissions

Permissions enable you to fine-tune your network security by controlling access to specific network resources, such as files or printers, for individual users or groups. For example, you can set up permissions to allow users in the accounting department to access files in the server’s ACCTG directory. Permissions can also enable some users to read certain files but not modify or delete them.

Each network operating system manages permissions in a different way. Whatever the details, the effect is that you can give permission to each user to access certain files, folders, or drives in certain ways.

Any permissions that you specify for a folder apply automatically to any of that folder’s subfolders, unless you explicitly specify a different set of permissions for the subfolder.

Windows refers to file system rights as permissions. Windows servers have six basic permissions. You can assign any combination of Windows permissions to a user or group for a given file or folder.

Windows Basic Permissions
Permission Abbreviation What the User Can Do
Read R The user can open and read the file.
Write W The user can open and write to the file.
Execute X The user can run the file.
Delete D The user can delete the file.
Change P The user can change the permissions for the file.
Take Ownership O The user can take ownership of the file.

In Windows, the concept of file or folder ownership is important. Every file or folder on a Windows server system has an owner. The owner is usually the user who creates the file or folder. However, ownership can be transferred from one user to another.

So why the Take Ownership permission? This permission prevents someone from creating a bogus file and giving ownership of it to you without your permission. Windows doesn’t allow you to give ownership of a file to another user. Instead, you can give another user the right to take ownership of the file. That user must then explicitly take ownership of the file.

You can use Windows permissions only for files or folders that are created on drives formatted as NTFS volumes. If you insist on using FAT or FAT32 for your Windows shared drives, you can’t protect individual files or folders on the drives. This is one of the main reasons for using NTFS for your Windows servers.