File and Folder Permissions
Overview
- Applies to: Windows 7, Windows Server 2008 R2
- Provides details on access limitations for NTFS permissions.
Special NTFS Permissions
The table below outlines the access limitations associated with different sets of NTFS permissions.
| Special Permission | Full Control | Modify | Read & Execute | List Folder Contents (folders only) | Read | Write |
|---|
| Traverse Folder/Execute File | ✓ | ✓ | ✓ | ✓ | | |
| List Folder/Read Data | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Read Attributes | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Read Extended Attributes | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Create Files/Write Data | ✓ | ✓ | | | | ✓ |
| Create Folders/Append Data | ✓ | ✓ | | | | ✓ |
| Write Attributes | ✓ | ✓ | | | | ✓ |
| Write Extended Attributes | ✓ | ✓ | | | | ✓ |
| Delete Subfolders and Files | ✓ | | | | | |
| Delete | ✓ | ✓ | | | | |
| Read Permissions | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Change Permissions | ✓ | | | | | |
| Take Ownership | ✓ | | | | | |
| Synchronize | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Important Considerations
- Full Control: Users with Full Control can delete any files within a folder, regardless of specific file permissions.
- List Folder Contents vs. Read & Execute:
- Both permissions appear similar but differ in inheritance.
- List Folder Contents is inherited only by folders and not files.
- Read & Execute is inherited by both files and folders.
- Everyone Group: Does not include the Anonymous Logon group by default.
Additional References
- For further details on managing permissions, refer to Managing Permissions.
- Explore more about specific NTFS permissions to understand how effective permissions are determined and where to apply them.