MORE INFORMATION
File and Directory Permissions
On a LAN Manager for OS/2 system, you can control access to all files
and directories under the FAT, HPFS, or HPFS386 file systems. On a
Windows NT system, you can control users' access to directories and
files on drives formatted to use the Windows NT file system (NTFS).
Drives formatted to use FAT and HPFS do not support Windows NT
security. You can, however, secure Windows NT shared directories no
matter what file system is in use.
The standard permissions for files and directories and their meanings
are shown in the following tables, along with the individual
permissions each standard permission represents.
LAN
Manager NTFS Description
-----------------------------------------------------------------------
R Read (RX) User can read the contents of the
file and run it if it is an
application.
W
(Write) Change (RWXD) Lets the user open and write to a
file, changing its contents. Windows
NT allows deletion of the file.
D N/A Lets the user delete files.
(Delete)
X
(Execute) N/A Lets the user run a program, but
not read or copy it.
A N/A
(Change Attributes) Lets the user change file attributes.
P N/A
(Change Permissions) Lets the user grant permissions for
the file to other users.
Y Full Control (All) For LAN Manager, serves as a shortcut
(Yes) to RWCDA permissions. When you give a
user Y permission, you are granting
RWCDA permissions.
For Windows NT, enables user to read,
modify, delete, set permissions for,
and take ownership of the file.
N No Access Prevents a user from using the file
(No) or directory in any way, even if the
user is a member of a group that has
been granted access to the file. On
LAN Manager, Y access given to a user
overrides N access given to a group.
On Windows NT, deny access takes
precedence. For example, if a user
has Full Control access for a file,
but is a member of a group that has
No Access for the same file, access
is denied.
In the second column of the following table (for NTFS directory
permissions), the first set of individual permissions applies to the
directory itself, and the second set of individual permissions applies
to new files subsequently created in the directory.
Directory Permissions
LAN
Manager NTFS Description
-----------------------------------------------------------------------
R Read (RX)(RX) User can read files in the
(Read) directory and run applications in
the directory.
W Change (RWXD)(RWXD) User can read and add files and
(Write) change the contents of current
files.
C Add A user with C permission can create
(Create) (WX) (Not Specified) a file and after creating it, can
read from or write to the file
until closing it.
Add & Read Add enables a Windows NT user to
(RWX) (RX) add files to the directory but not
to read the contents of current
files or change them.
Add & Read enables a user to add
files to the directory and read
current files, but not to change
any files.
D N/A Users can delete files and
(Delete) subdirectories within the shared
directory but cannot delete the
shared directory itself.
X N/A Lets the user run a program in the
(Execute) directory, but not read it or copy
it.
A N/A
(Change Attributes) Lets the user change the attributes
of files in the directory.
P N/A
(Change Permissions) The user can change the permissions
for the directory or files in the
directory.
Y Full Control
(Yes) (All)(All) For LAN Manager, serves as
shortcut to RWCDA permissions. When
you give a user Y permission, you
are granting RWCDA permissions.
User can read and change files, add
new ones, change permissions for
the directory and its files, and
take ownership of the directory and
its files.
N No Access
(No) (None)(None) Prevents a user from using the file
or directory in any way. Usually,
you can prevent a user from
accessing a file or directory
simply by not giving the user any
permissions to it; however, you
must use N permission to prevent a
specific user from accessing a file
while granting access to the file
or directory to a group the user
belongs to. For Windows NT, users
cannot access the directory in any
way, even if they have Full Control
access through membership in a
group.
N/A List (RX) User can only list the files and
(Not Specified) subdirectories in this directory and
change to a subdirectory of this
directory. User cannot access new
files created in this directory.
NOTE: Permissions on shared Windows NT directories that are not NTFS
are identical. Note that if a directory is both shared and on an NTFS
volume, permissions are cumulative over the network.
Printer Permissions
LAN
Manager Windows NT
Printer Printer Descriptions/
Queue Permissions Differences
-----------------------------------------------------------------------
Y Print Users can send jobs to the printer
(Yes) queue.
N No Access Prevents a user from accessing the
(No) printer queue.
Y+P Full Control Users can send jobs to and set
(Yes+Change Permissions) access permissions for the printer
the printer queue. Users can print
documents, change print settings,
and completely manage documents
and printers.
N/A Manage Documents Users can pause, resume, restart,
delete, and control settings for
documents.