• Home
• LTS Help Desk
• Workshops
• Permission to Use

Windows 2000

Permission Types: An Overview

When you set permissions you are specifying what level of access users have to a folder and what actions users can perform. Specifically, you are setting what users can do within the folder such as save, delete, create a new folder, or some other action. There are several different types of permission levels. For example, there is a permission type commonly called Museum, which allows users to see files and/or folders but not to "touch" the files (i.e., make changes to or delete the files). Another permission type is referred to as Black Hole, because once users submit a document they never see it again in the folder. The files are still accessible to the owner of the folder in which they were saved. 

These different types of permissions can be set using the Permission Entry dialog box. For information on how to access this dialog box, please start with the document Advanced Folder Level Permissions.

• Considerations
• Black Hole
• Museum
• Edit Your Own Stuff
• Edit and Snoop
• Free-for-All

Considerations

The settings listed under each type of permission are merely a guide; you may modify these settings as you see fit. For example, under the Black Hole permission type, the example as given allows users to create folders. If this is not what you what, simply do not check the Create folders / Append data box (you do not have to check Deny). The same applies to all other permission types.

Be aware that different types of permissions will allow for different levels of security. The Black Hole and Museum settings offer the most security; Free-for-All offers the least and is only appropriate where security is not an issue.

The following table represents the different folder permission types and the relative security level of each:

Permission type	Security level
Black Hole	High
Museum	High
Edit Your Own Stuff	Medium-High
Edit and Snoop	Medium-Low
Free-for-All	Very low

Important Notes

• Be careful if you check any of the Deny checkboxes. When you deny a permission, the denied permission takes precedence over any other related Allow permissions.
   
• By default, any permissions applied to a folder will also apply to any object within the folder (such as files or subfolders). However, you can set unique permissions for each object within the folder.
   
• When you copy a file or folder with permissions to another folder, the copy of the file or folder will take on the permissions of the new destination.
  
  
• If a box is checked but grayed out, this means that the permission is applied and has been inherited from the "parent" (original) folder. You cannot uncheck one of these checkboxes unless you unchecked Allow inheritable permissions from parent to propagate to this object in the Access Control Settings dialog box (see Advanced Folder Level Permissions for more information). You may still check other permissions. 

Black Hole

Under this permission setting, a user will never see a file they save to the folder. However, the file is still accessible to the owner of the folder. Owners of folders have full permission within the folder.

Overview:

• Users can add files (but not overwrite an existing file)
• Users cannot see a list of files
• Users cannot edit their own document
• Users cannot read or edit anyone else's document

To set a file or folder with permissions of this type, in the Permission Entry for... dialog box, in the Permissions section, under the Allow heading check the following:

• Traverse folder / Execute file
• Read attributes
• Create files / Write data
• Create folders / Append data
• Write attributes
• Write extended attributes
• Read permissions

All other checkboxes under both the Allow and Deny headings should be left unchecked.

Museum

This permission setting allows users to "see but not touch." That is, they can view and access the contents of the folder but cannot make changes to this content nor save any kind of file to the folder.

Overview:

• Users can see a list of files
• Users can read or access every document or file in the folder (but cannot add new files)
• Users cannot edit existing files
• Users cannot add new files

To set a file or folder with permissions of this type, in the Permission Entry for... dialog box, in the Permissions section, under the Allow heading check the following:

• Traverse folder / Execute file
• List folder / Read data
• Read attributes
• Read extended attributes
• Read permissions

All other checkboxes under both the Allow and Deny headings should be left unchecked.

Edit Your Own Stuff

Permissions under this setting are just as it sounds: owners/authors of documents can edit their own documents and files, but cannot do so for documents and files owned by others. Any user can create a file and edit it, but users cannot edit any file that is not his or her own.

Overview:

• Users can add files
• Users can see a list of files (but cannot read any that are not their own)
• Users can edit their own file(s)
• Users cannot read or edit documents that are not their own

To set a file or folder with permissions of this type, in the Permission Entry for... dialog box, in the Permissions section, under the Allow heading check the following:

• Traverse folder / Execute file
• List folder / Read data
• Read attributes
• Read extended attributes
• Create files / Write data
• Create folders / Append data
• Write attributes
• Write extended attributes
• Read permissions

All other checkboxes under both the Allow and Deny headings should be left unchecked.

Edit and Snoop

This permission setting has a fairly low security level but is useful in some instances. Please be aware that users can read anyone else's files (however, users cannot edit anyone else's files).

Overview:

• Users can add files
• Users can see a list of files
• Users can edit their own file(s)
• Users can read anyone else's files or documents
• Users cannot edit anyone else's file

To set a file or folder with permissions of this type, in the Permission Entry for... dialog box, in the Permissions section, under the Allow heading check the following:

• Traverse folder / Execute file
• List folder / Read data
• Read attributes
• Read extended attributes
• Create files / Write data
• Create folders / Append data
• Write attributes
• Write extended attributes
• Read permissions

All other checkboxes under both the Allow and Deny headings should be left unchecked.

Free-for-All

This permission setting is primarily for those not concerned about security. As the name implies, users can mostly do what they want, with the exception of deleting subfolders and files, changing permissions, and taking ownership of files that are not theirs.

Overview:

• Users can see a list of files
• Users can access/read any file
• Users can edit every document
• Users can add files
• Users can delete any file

To set a file or folder with permissions of this type, in the Permission Entry for... dialog box, in the Permissions section, under the Allow heading check the following:

• Traverse folder / Execute file
• List folder / Read data
• Read attributes
• Read extended attributes
• Create files / Write data
• Create folders / Append data
• Write attributes
• Write extended attributes
• Delete
• Read permissions

All other checkboxes under both the Allow and Deny headings should be left unchecked.

Copyright © 1995-2008 UW-Eau Claire and the Board of Regents of the University of Wisconsin System