, 2005-05-17
Complexity in Microsoft's software does little but hinder people from using their good security features, and the current state of Windows file permissions is a perfect example.
Expand all |
Post comment
|
Permission to Simplify
, 2005-05-17 Complexity in Microsoft's software does little but hinder people from using their good security features, and the current state of Windows file permissions is a perfect example.
Expand all |
Post comment
|
|
|
Privacy Statement |
You say "And finally, my favorite of them all is that there are check boxes for both allow and deny permissions. You cannot check both boxes, but you can uncheck them both, it means that you neither allow nor deny them those permissions, which really means that you deny them."
Say you are a member of Group1 and Group2. Imagine that Group1 has Read and Group2 has modify access to resource FolderA. This means that you would have modify access to FolderA. So the fact that both Allow and Deny are not ticked for Group1 does not mean you are denied.
Imagine I'm a member of Group3 and Group4. Group3 has modify access to FolderA. Group4 however has deny modify access to FolderA. That means that I cannot modify FolderA (as deny always overides any other permission).
I'm not sure that I've clarified anything here (which might indicate that things are too complex).
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/326/31940#31940