Top menu

How to use the logic of applying different access permissions

DESCRIPTION

This article describes the logic of applying different access permissions and their combinations.

HOW IT WORKS

1. Restrictive rules override the allowing ones;
2. Any user account not explicitly listed in an access control list (ACL) gets blocked by default.

ACL 1
Users:Read-only
Administrators:Full control
Everyone:No access
---
Wrong unless you don't want to block access for everyone: 'Everyone:No access entry does not mean 'everyone except the accounts from the list'. It means 'everyone including those listed'.

ACL 2
Users:Read-only
Administrators:Full control
---
Right: All accounts are blocked but for those that belong to 'Users' and 'Administrators' groups.


*In some cases it might be required that you add 'SYSTEM:Full control' entry for hard- or software to function properly.