NTFS Permissions

Use NTFS permissions to specify which users and groups can gain access to files and folders, and what they can do with the contents of the file or folder. NTFS permissions are only available on NTFS volumes. The permissions you assign for folders are different from the permissions you assign for files.

You assign folder permissions to control the access that users have to folders and to the files and subfolders that are contained within the folder.

The table below lists the standard NTFS folder and file permissions that you can assign and the type of access that each provides.

NTFS Folder Permissions

NTFS Folder Permission / Allows the User To
Full Control / Change permissions, take ownership, and delete subfolders and files, plus perform actions permitted by all other NTFS folder permissions
Modify / Delete the folder plus perform actions permitted by the Write permission and the Read & Execute permission
Read & Execute / Move through folders to reach other files and folders, even if the users do not have permission for those folders, and perform actions permitted by the Read permission and the List Folder Contents permission
List Folder Contents / See the names of files and subfolders in the folder
Read / See files and subfolders in the folder and view folder ownership, permissions, and attributes (such as Read-only, Hidden, Archive, and System)
Write / Create new files and subfolders within the folder, change folder attributes, and view folder ownership and permissions

NTFS File Permissions

NTFS File Permission / Allows the User To
Full Control / Change permissions and take ownership, plus perform the actions permitted by all other NTFS file permissions
Modify / Modify and delete the file plus perform the actions permitted by the Write permission and the Read & Execute permission
Read & Execute / Run applications plus perform the actions permitted by the Read permission
Read / Read the file, and view file attributes, ownership, and permissions
Write / Overwrite the file, change file attributes, and view file ownership and permissions

Multiple NTFS Permissions

You can assign multiple permissions to a user account by assigning permissions for a resource to an individual user account and to each group of which the user is a member.

Permissions Are Cumulative

A user's effective permissions for a resource are the sum of the NTFS permissions that you assign to the individual user account and to all of the groups to which the user belongs. If a user has Read permission for a folder and is a member of a group with Write permission for the same folder, the user has both Read and Write permission for that folder.

NTFS Permissions Inheritance

By default, permissions that you assign to the parent folder are inherited by and propagated to the subfolders and files that are contained in the parent folder.

Understanding Permissions Inheritance

Files and subfolders can inherit permissions from their parent folder. Whatever permissions you assign to the parent folder can also apply to subfolders and files that are contained within the parent folder, depending on the inheritance option set for a given object. When you assign NTFS permissions to give access to a folder, you assign permissions for the folder and for any existing files and sub folders, as well as any new files and subfolders that are created in the folder.

Preventing Permissions Inheritance

You can prevent permissions that are assigned to a parent folder from being inherited by subfolders and files that are contained within the folder by setting an inheritance option set for a given object. That is, the subfolders and files will not inherit permissions that have been assigned to the parent folder containing them.

If you prevent permissions inheritance for a folder, that folder becomes the top parent folder. Permissions assigned to this folder will be inherited by the subfolders and files that it contains.