NTFS Permissions
Use NTFS permissions to specify which users and groups can gain access to files and folders,
and what they can do with the contents of the file or folder. NTFS permissions are only available
on NTFS volumes. The permissions you assign for folders are different from the permissions you
assign for files.
You assign folder permissions to control the access that users have to folders and to the files and
subfolders that are contained within the folder.
The table below lists the standard NTFS folder and file permissions that you can assign and the
type of access that each provides.
NTFS Folder Permissions
NTFS Folder Permission
Full Control
Modify
Read & Execute
List Folder Contents
Read
Write
Allows the User To
Change permissions, take ownership, and delete subfolders and files,
plus perform actions permitted by all other NTFS folder permissions
Delete the folder plus perform actions permitted by the Write
permission and the Read & Execute permission
Move through folders to reach other files and folders, even if the users
do not have permission for those folders, and perform actions
permitted by the Read permission and the List Folder Contents
permission
See the names of files and subfolders in the folder
See files and subfolders in the folder and view folder ownership,
permissions, and attributes (such as Read-only, Hidden, Archive, and
System)
Create new files and subfolders within the folder, change folder
attributes, and view folder ownership and permissions
NTFS File Permissions
NTFS File Permission
Full Control
Modify
Read & Execute
Read
Write
Allows the User To
Change permissions and take ownership, plus perform the actions
permitted by all other NTFS file permissions
Modify and delete the file plus perform the actions permitted by the
Write permission and the Read & Execute permission
Run applications plus perform the actions permitted by the Read
permission
Read the file, and view file attributes, ownership, and permissions
Overwrite the file, change file attributes, and view file ownership and
permissions
Multiple NTFS Permissions
You can assign multiple permissions to a user account by assigning permissions for a resource to
an individual user account and to each group of which the user is a member.
Permissions Are Cumulative
A user's effective permissions for a resource are the sum of the NTFS permissions that you assign
to the individual user account and to all of the groups to which the user belongs. If a user has
Read permission for a folder and is a member of a group with Write permission for the same
folder, the user has both Read and Write permission for that folder.
NTFS Permissions Inheritance
By default, permissions that you assign to the parent folder are inherited by and propagated to
the subfolders and files that are contained in the parent folder.
Understanding Permissions Inheritance
Files and subfolders can inherit permissions from their parent folder. Whatever permissions you
assign to the parent folder can also apply to subfolders and files that are contained within the
parent folder, depending on the inheritance option set for a given object. When you assign NTFS
permissions to give access to a folder, you assign permissions for the folder and for any existing
files and sub folders, as well as any new files and subfolders that are created in the folder.
Preventing Permissions Inheritance
You can prevent permissions that are assigned to a parent folder from being inherited by
subfolders and files that are contained within the folder by setting an inheritance option set for a
given object. That is, the subfolders and files will not inherit permissions that have been assigned
to the parent folder containing them.
If you prevent permissions inheritance for a folder, that folder becomes the top parent folder.
Permissions assigned to this folder will be inherited by the subfolders and files that it contains.