Helpful article from Win7 News on Permissions, Rights and Privileges

Talking Tech: Permissions, Rights and Privileges

You know the old saying: “It’s easier to ask for forgiveness than to ask for permission.” That might be true in an old analog world, but in the digital domain if you don’t have permission, you just might be up a creek. Access to the resources that you need on a computer or network requires that you have the proper permissions – but many folks don’t understand how that works, and get confused by talk of rights, permissions and privileges. This week, we’re going to attempt to straighten out some of that confusion.

In Windows, in general, users have rights and privileges set on them; resources (files, folders, printers, entire drives) have permissions set on them (although access permissions are actually a type of user right). You need a user account to log on, and each user is identified by his/her account. There are some built-in user accounts, including the Administrator account and accounts that are used by Windows itself to run its services, but here we’re talking about individual user accounts that you create.

To make administration easier, user accounts are members of groups. That way, rights can be assigned to a whole group, or you can set a file’s permissions to apply to a whole group. The two most-used groups are the administrative group and the standard users group, but there are other built-in groups such as backup operators, print operators, power users, guests, etc. The built-in groups have certain pre-defined rights. You can also create your own groups. For purposes of this discussion, we’re talking about local users and groups, which apply to a specific computer. In a business network based on Windows Server Active Directory, you also have network-wide user and group accounts called domain accounts, but we’ll keep it simple and not get into that this time.

User rights refer to what all users with that type of user account can do. For example, you have standard user rights and administrative rights. Privileges are a type of user right that allows the user to do specific administrative tasks, such as shutting down the system or installing new software. To further confuse matters, the type of user right that defines what operations a user can perform on network resources (for example, creating files in a folder) is called access permissions.

File and folder permissions, printer permissions, etc. are set on the individual resource. There are two kinds of these: share permissions (also called shared folder permissions) and file-level permissions (also called NTFS permissions or security permissions). The latter apply only to files and folders on partitions that are formatted in NTFS. Shared folder permissions, as the name implies, can only be set on folders (or entire drives), not individual files. To set share permissions: In Windows 7, right click a folder or drive letter in Explorer and select Share with, then Specific people … . In the dialog box, you can select the users on your network with whom you want to share.

NTFS or file level permissions are entirely separate from the shared folder permissions. A big difference is that the shared folder permissions only apply to someone accessing the folder across the network. NTFS or file level permissions apply to persons accessing across the network, too, but also to persons logged onto your local computer.

So if another user sits down there and logs on with a different user account from yours, the NTFS permissions can prevent him/her from accessing the file or folder. To set NTFS permissions, right click the file or folder and click Properties. Then click the Security tab. Here you can select the users and/or groups with which you want to share the file or folder. You can see in the screenshot that there are a number of different permissions you can assign to each user or group: ranging from read only to full control. Here is a YouTube video that shows you how to configure NTFS permissions in Windows 7.

Don’t see a Security tab when you right click a file or folder? If you have simple file sharing enabled on XP, you won’t see it. You also won’t see it if you’re using a Home Edition of Vista, when you’re logged on normally. However, you can set file level permissions by logging on in Safe Mode; then the Security tab will appear in the file or folder’s Properties dialog box. The Security tab is back by popular demand in Windows 7 Home Premium.

In order to set permissions on files and folders, you have to either be the owner of it (the one who created it or an administrator who took ownership of it) or be assigned the special “Change permissions” permission by a user who has permission to change permissions. Confused yet? Here’s an article on how to take ownership of a file or folder in Windows 7.

Rights, privileges and permissions can be a complicated topic, but it’s important to understand them because the wrong settings can keep you from being able to do what you need to do in order to get your work done. Have you ever been locked out of files and other resources you need because of a problem with permissions? Ever received an error message telling you that you don’t have permission to perform a specific task? Do you think rights and permissions are overly complicated in Windows, or do you think the added layers of protection are necessary to keep the wrong people from accessing your data? Let us know what you think!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: