Hi all; Consider the following scenario: There are two shared folders on a file server (I have tested the following scenarios I two platforms: Windows Storage Server 2008 and Windows Server 2008 R2) with the following structure: \\Server\Data1\User-1 \\Server\Data2\User-1 The first shared folder has only Write permission for the User-1. So, when User-1 wants to copy a file or folder in that location, it must right-click on the User-1 folder and choose Paste. Now when he/she wants to create the same file or folder, he/she cannot do that because does not have Modify permission. Right? The two shared folder has Read and Write permission for User-1. Now, when User-1 want to create or copy a file or folder on that location, he/she simply opens the User-1 folder and will do the desired action. Now consider he/she wants to create or copy the same file or folder on that location, he/she CAN. Although he/she does not have Modify permission, but simply can overwrite the file or folder!!! Any idea? Thanks

Hi, Thank you for your post here. Could you please explain more about your issue here? Write permission means: Create files/write date Create folder/append date Write attribute Write extended attribute Read and Write permission means: The modify permission includes the Write permission with following extended permissions: Traverse folder/execute List folder/read date Read attributes Read extended attributes

Thanks for your reply; I must modify the second statement to clarifying it more: The second shared folder has Read and Write permission for User-1. Now, when User-1 want to create or copy a file or folder on that location, he/she simply opens the User-1 folder and will do the desired action. Now consider he/she wants to create or copy the same file or folder on that location (a file or folder with exactly the same name) , he/she CAN. Although he/she does not have Modify permission, but simply can overwrite the file or folder!!! Write permission means: Create files/write date Create folder/append date Write attribute Write extended attribute Read and Write permission means: Traverse folder/execute List folder/read date Read attributes Read extended attributes Read Permission Create files/write date Create folder/append date Write attribute Write extended attribute The modify permission includes the Write permission with following extended permissions: Traverse folder/execute List folder/read date Read attributes Read extended attributes Read Permission Delete

does the entity Creator-Owner show up in the security user list? if i do understand you right the user is allowed to modify in the folder he created? if so, it might come from permissions of the creator-owner entity

Hello Based on your explaination above, User1 with only a read/write permission will not be able to overwrite a folder because he/she does not have the delete (modify) right. To over write a folders is same as deleting and recreatingIsaac Oben MCITP:EA, MCSE

does the entity Creator-Owner show up in the security user list? if i do understand you right the user is allowed to modify in the folder he created? if so, it might come from permissions of the creator-owner entity I have deleted the Creator Owner entity from the entire mentioned structure. I simply mean that, when a user has only Write permission on a folder, he cannot replace an existing file or folder with a file or folder that has a same name in that location. Now the same user with Read and Write permission on a folder, CAN replace an existing file or folder with a file or folder that has the same name as the existing file or folder, although he DOES NOT HAVE Modify permission.

Hello Based on your explaination above, User1 with only a read/write permission will not be able to overwrite a folder because he/she does not have the delete (modify) right. To over write a folders is same as deleting and recreating Isaac Oben MCITP:EA, MCSE My problem is that the user with only read/write permission will be able to overwrite a file or folder, although he does not have modify permission!!!

Any idea?

A user with only a read/write permission will not be able to overwrite a folder except they have a delete or modify permission. Have you tested your scenerio above?Isaac Oben MCITP:EA, MCSE

>>>Any idea? Not sure what the question is...what you are explaining is by design...always has been....it is not a bug. People often infer that Modify means append data to files or folders...it does not...never has. Do you not want it to work this way? Are you trying to allows users to read and write files, but not append data to them once written? If you don't want users to modify existing files then assign Read/Write go into Advance and remove Append Data. This will prevent users from appending data....it will also remove Create folders as well. The permissions Read/Write/Modify/etc are COLLECTIONS of the individual rights available in the Advance tab and are the most common administrative concepts. However, the indivual rights can be assigned / taken away if needed to customize security. Its not really a recommended practice but can be used for special case situations.