Sign in with
Sign up | Sign in
Your question

List Folder/Read Data

Last response: in Windows 2000/NT
Share
May 2, 2005 4:56:10 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I'm trying to clarify the exact roles of the various 'advanced
permissions'.

According to Help, 'List Folder/Read Data', when applied to a file,
allows the user to view the contents of a file.

To test this, I created:

e:\toplevel\level2\level3
and
e:\toplevel\level2\level3\testDoc.txt

To the toplevel folder,
Admins have Full Control
user81 has 'Traverse Folder/Execute File' and 'List Folder/Read Data'

These permissions are inherited all the way to testDoc.txt.

However, user81 can browse to the level3 folder but cannot read the
testDoc.txt document.

Evidently, List 'Folder/Read Data' does not allow the user to read
file contents.

Is that right or am I missing something here?

Richard

More about : list folder read data

Anonymous
May 2, 2005 4:56:11 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Check the inherited security setting on the file itself for that user for
'List Folder/Read Data' and make sure the user is not a member of any group
with deny permissions to that file. The user will need 'List Folder/Read
Data' to "files" in that folder in order to be able to read the files. You
can select various combinations of folders/subfolder/files in the "apply
onto" drop down box in special permissions. The link below may help. ---
Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;308419 -- applies
to W2k also.

<richard@tortoise.demon.co.uk> wrote in message
news:a94c715dkfj8buv0ot30f5n29703dvpaau@4ax.com...
> I'm trying to clarify the exact roles of the various 'advanced
> permissions'.
>
> According to Help, 'List Folder/Read Data', when applied to a file,
> allows the user to view the contents of a file.
>
> To test this, I created:
>
> e:\toplevel\level2\level3
> and
> e:\toplevel\level2\level3\testDoc.txt
>
> To the toplevel folder,
> Admins have Full Control
> user81 has 'Traverse Folder/Execute File' and 'List Folder/Read Data'
>
> These permissions are inherited all the way to testDoc.txt.
>
> However, user81 can browse to the level3 folder but cannot read the
> testDoc.txt document.
>
> Evidently, List 'Folder/Read Data' does not allow the user to read
> file contents.
>
> Is that right or am I missing something here?
>
> Richard
>
Anonymous
May 2, 2005 8:05:53 PM

Archived from groups: microsoft.public.win2000.security (More info?)

In your case to do what you want to do I believe what will work is simply
giving the user/group list folder contents and read general permissions on
the main security page. You should then see that user/group listed twice
under special permissions. Once or folder, subfolders, and files and then
for folders and subfolders. Those would be approximately the minimum needed
special permissions for the user/group to list the files and read them. As
the KB article shows the general read permissions consists of a few special
permissions. Users will need read for permissions to see if they have access
to the file. If you have a question about a particular special permission, I
may be able to help. --- Steve


"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:%23ikV1gzTFHA.3840@tk2msftngp13.phx.gbl...
> Check the inherited security setting on the file itself for that user for
> 'List Folder/Read Data' and make sure the user is not a member of any
> group with deny permissions to that file. The user will need 'List
> Folder/Read Data' to "files" in that folder in order to be able to read
> the files. You can select various combinations of folders/subfolder/files
> in the "apply onto" drop down box in special permissions. The link below
> may help. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;308419 -- applies
> to W2k also.
>
> <richard@tortoise.demon.co.uk> wrote in message
> news:a94c715dkfj8buv0ot30f5n29703dvpaau@4ax.com...
>> I'm trying to clarify the exact roles of the various 'advanced
>> permissions'.
>>
>> According to Help, 'List Folder/Read Data', when applied to a file,
>> allows the user to view the contents of a file.
>>
>> To test this, I created:
>>
>> e:\toplevel\level2\level3
>> and
>> e:\toplevel\level2\level3\testDoc.txt
>>
>> To the toplevel folder,
>> Admins have Full Control
>> user81 has 'Traverse Folder/Execute File' and 'List Folder/Read Data'
>>
>> These permissions are inherited all the way to testDoc.txt.
>>
>> However, user81 can browse to the level3 folder but cannot read the
>> testDoc.txt document.
>>
>> Evidently, List 'Folder/Read Data' does not allow the user to read
>> file contents.
>>
>> Is that right or am I missing something here?
>>
>> Richard
>>
>
>
Related resources
May 2, 2005 11:43:09 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks for your post Steven.

>The user will need 'List Folder/Read
>Data' to "files" in that folder in order to be able to read the files.

Thats what it says in the Help, and also on the link you sent me.
However a bit of experimentation has convinced me that 'List
Folder/Read Data' is necessary but not sufficient for a user to be
able to read a file.

The parent folder needs:
'List Folder/Read Data'.
The file needs:
'List Folder/Read Data',
'Read Extended Attributes',
'Read Permissions'

>Check the inherited security setting on the file itself for that user for
>'List Folder/Read Data' and make sure the user is not a member of any group
>with deny permissions to that file

I've checked that.

regards
Richard
May 3, 2005 1:40:50 AM

Archived from groups: microsoft.public.win2000.security (More info?)

On Mon, 2 May 2005 16:05:53 -0500, "Steven L Umbach"
<n9rou@nospam-comcast.net> wrote:

>In your case to do what you want to do I believe what will work is simply
>giving the user/group list folder contents and read general permissions on
>the main security page.

In practice, thats what I'd do. What I've been looking at are the
roles of the individual advanced permissions that are combined in
various ways to produce the 'general permissions'.

Thanks for your help,

regards
Richard
!