File and Folder permissions
|
Special
Permissions |
Full Control |
Modify |
Read &
Execute |
List Folder
Contents(folders only) |
Read |
Write |
|
Traverse Folder/Execute File |
x |
x |
x |
x |
|
|
|
List Folder/Read Data |
x |
x |
x |
x |
x |
|
|
Read Attributes |
x |
x |
x |
x |
x |
|
|
Read Extended Attributes |
x |
x |
x |
x |
x |
|
|
Create Files/Write Data |
x |
x |
|
|
|
x |
|
Create Folders/Append Data |
x |
x |
|
|
|
x |
|
Write Attributes |
x |
x |
|
|
|
x |
|
Write Extended Attributes |
x |
x |
|
|
|
x |
|
Delete Subfolders and Files |
x |
|
|
|
|
|
|
Delete |
x |
x |
|
|
|
|
|
Read Permissions |
x |
x |
x |
x |
x |
x |
|
Change Permissions |
x |
|
|
|
|
|
|
Take Ownership |
x |
|
|
|
|
|
|
Synchronize |
x |
x |
x |
x |
x |
x |
Important
- Groups or users granted
Full Control on a folder can delete any files in that folder regardless of
the permissions protecting the file.
Notes
- Although List Folder
Contents and Read & Execute appear to have the same special
permissions, these permissions are inherited differently. List Folder
Contents is inherited by folders but not files, and it should only appear
when you view folder permissions. Read & Execute is inherited by both
files and folders and is always present when you view file or folder
permissions.
|
Permission |
Description |
|
Traverse
Folder/Execute File |
For folders:
Traverse Folder allows or denies moving through folders to reach other files
or folders, even if the user has no permissions for the traversed folders
(applies to folders only). Traverse folder takes effect only when the group
or user is not granted the Bypass traverse checking user right in the
Group Policy snap-in. (By default, the Everyone group is given the Bypass
traverse checking user right.) For files: Execute
File allows or denies running program files (applies to files only). Setting the Traverse Folder
permission on a folder does not automatically set the Execute File permission
on all files within that folder. |
|
List Folder/Read
Data |
List Folder allows or
denies viewing file names and subfolder names within the folder. List Folder
only affects the contents of that folder and does not affect whether the
folder you are setting the permission on will be listed. Applies to folders
only. Read Data allows or denies
viewing data in files (applies to files only). |
|
Read Attributes |
Allows or denies
viewing the attributes of a file or folder, such as read-only and hidden.
Attributes are defined by NTFS. |
|
Read Extended
Attributes |
Allows or denies
viewing the extended attributes of a file or folder. Extended attributes are
defined by programs and may vary by program. |
|
Create Files/Write
Data |
Create Files allows or
denies creating files within the folder (applies to folders only). Write Data allows or denies
making changes to the file and overwriting existing content (applies to files
only). |
|
Create
Folders/Append Data |
Create Folders allows
or denies creating folders within the folder (applies to folders only). Append Data allows or denies
making changes to the end of the file but not changing, deleting, or
overwriting existing data (applies to files only). |
|
Write Attributes |
Allows or denies
changing the attributes of a file or folder, such as read-only or hidden.
Attributes are defined by NTFS. The Write Attributes
permission does not imply creating or deleting files or folders, it only
includes the permission to make changes to the attributes of a file or
folder. In order to allow (or deny) create or delete operations, see Create
Files/Write Data, Create Folders/Append Data, Delete Subfolders
and Files, and Delete. |
|
Write Extended
Attributes |
Allows or denies
changing the extended attributes of a file or folder. Extended attributes are
defined by programs and may vary by program. The Write Extended Attributes
permission does not imply creating or deleting files or folders, it only
includes the permission to make changes to the attributes of a file or
folder. In order to allow (or deny) create or delete operations, see Create
Files/Write Data, Create Folders/Append Data, Delete Subfolders
and Files, and Delete. |
|
Delete Subfolders
and Files |
Allows or denies
deleting subfolders and files, even if the Delete permission has not been
granted on the subfolder or file. (applies to folders) |
|
Delete |
Allows or denies
deleting the file or folder. If you don't have Delete permission on a file or
folder, you can still delete it if you have been granted Delete Subfolders
and Files on the parent folder. |
|
Read Permissions |
Allows or denies
reading permissions of the file or folder, such as Full Control, Read, and
Write. |
|
Change Permissions |
Allows or denies
changing permissions of the file or folder, such as Full Control, Read, and
Write. |
|
Take Ownership |
Allows or denies
taking ownership of the file or folder. The owner of a file or folder can
always change permissions on it, regardless of any existing permissions that
protect the file or folder. |
|
Synchronize |
Allows or denies
different threads to wait on the handle for the file or folder and
synchronize with another thread that may signal it. This permission applies
only to multithreaded, multiprocess programs. |