Hi,
I’ve seen the folowing example in the literature. It doesn’t seem right to me for I thought that the effective permissions of userA to the shared folder folderX is given by the intersection of the respective NTFS and Share permissions. i.e. in set logic notation, something like:
Resulting Permissions of UserA =
(NTFS1 + NTFS2+ …+ NTFSUserA) intersect
(ShareX1 + ShareX2 + …+ShareUserA)
where:
NTFSi = the permission granted userA to folderX due to his membership in groupi.
NTFSUserA = NTFS permissions granted directly to userA.
ShareXi = share permissions granted to userA due to his membership in groupi.
ShareUserA = share permissions granted directly to userA.
In the example that has prompted this post, John is a member of the Marketing Group and the share folder is named MktgDocs. The Marketing Group is given the following permissions:
NTFS permissions to MktgDocs = Full Control
Share permission to MktgDocs = Modify
Finally, the example claims that granting explicit share permission of Read to John limits John to only reading files in the MktgDocs folder. ?
Thanks for any help,