NTFS & Share Inheritance / Permissions

[DHR]

Say I have three groups setup as follows...

Group1, Read & Write Folder Permission, Full Control Share Permission
Group2, Read Folder Permission, Read Share Permission
Group3, Read & Execute Folder Permission, Change SharePermission

..... and I'm a member of both Group1 and Group2, I would assume that the least access permission would be applied, so because I'm in group2 I can't modify files when I access the share. I'd expect to if I was to access the folder through explorer via the drive but not the share?

As it stands I appear to be able to modify existing files but not delete them, although I can change permissions when accessing them via the share?

 

[cokecan]

The resultant set of NTFS security permissions will simply be everything you have from both groups (least restrictive).

The same is true for share permissions in that it's based on the least restrictive rule. Things get a bit more complicated when you combine both NTFS security permissions with share permissions where the most restrictive effective permission is the one that you'd get.

In your example I would expect you to have read and write permissions when accessing the folder from the PC it's attached too and simply read permissions when accessing the folder over the network.

If you have the ability to modify and also change the permissions of the folder via the network share then I would check to see if you are inheriting some permissions from the parent folder?