List Folder/Read Data

Archived from groups: microsoft.public.win2000.security (More info?)

I'm trying to clarify the exact roles of the various 'advanced
permissions'.

According to Help, 'List Folder/Read Data', when applied to a file,
allows the user to view the contents of a file.

To test this, I created:

e:\toplevel\level2\level3
and
e:\toplevel\level2\level3\testDoc.txt

To the toplevel folder,
Admins have Full Control
user81 has 'Traverse Folder/Execute File' and 'List Folder/Read Data'

These permissions are inherited all the way to testDoc.txt.

However, user81 can browse to the level3 folder but cannot read the
testDoc.txt document.

Evidently, List 'Folder/Read Data' does not allow the user to read
file contents.

Is that right or am I missing something here?

Richard
4 answers Last reply
More about list folder read data
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Check the inherited security setting on the file itself for that user for
    'List Folder/Read Data' and make sure the user is not a member of any group
    with deny permissions to that file. The user will need 'List Folder/Read
    Data' to "files" in that folder in order to be able to read the files. You
    can select various combinations of folders/subfolder/files in the "apply
    onto" drop down box in special permissions. The link below may help. ---
    Steve

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;308419 -- applies
    to W2k also.

    <richard@tortoise.demon.co.uk> wrote in message
    news:a94c715dkfj8buv0ot30f5n29703dvpaau@4ax.com...
    > I'm trying to clarify the exact roles of the various 'advanced
    > permissions'.
    >
    > According to Help, 'List Folder/Read Data', when applied to a file,
    > allows the user to view the contents of a file.
    >
    > To test this, I created:
    >
    > e:\toplevel\level2\level3
    > and
    > e:\toplevel\level2\level3\testDoc.txt
    >
    > To the toplevel folder,
    > Admins have Full Control
    > user81 has 'Traverse Folder/Execute File' and 'List Folder/Read Data'
    >
    > These permissions are inherited all the way to testDoc.txt.
    >
    > However, user81 can browse to the level3 folder but cannot read the
    > testDoc.txt document.
    >
    > Evidently, List 'Folder/Read Data' does not allow the user to read
    > file contents.
    >
    > Is that right or am I missing something here?
    >
    > Richard
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    In your case to do what you want to do I believe what will work is simply
    giving the user/group list folder contents and read general permissions on
    the main security page. You should then see that user/group listed twice
    under special permissions. Once or folder, subfolders, and files and then
    for folders and subfolders. Those would be approximately the minimum needed
    special permissions for the user/group to list the files and read them. As
    the KB article shows the general read permissions consists of a few special
    permissions. Users will need read for permissions to see if they have access
    to the file. If you have a question about a particular special permission, I
    may be able to help. --- Steve


    "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    news:%23ikV1gzTFHA.3840@tk2msftngp13.phx.gbl...
    > Check the inherited security setting on the file itself for that user for
    > 'List Folder/Read Data' and make sure the user is not a member of any
    > group with deny permissions to that file. The user will need 'List
    > Folder/Read Data' to "files" in that folder in order to be able to read
    > the files. You can select various combinations of folders/subfolder/files
    > in the "apply onto" drop down box in special permissions. The link below
    > may help. --- Steve
    >
    > http://support.microsoft.com/default.aspx?scid=kb;EN-US;308419 -- applies
    > to W2k also.
    >
    > <richard@tortoise.demon.co.uk> wrote in message
    > news:a94c715dkfj8buv0ot30f5n29703dvpaau@4ax.com...
    >> I'm trying to clarify the exact roles of the various 'advanced
    >> permissions'.
    >>
    >> According to Help, 'List Folder/Read Data', when applied to a file,
    >> allows the user to view the contents of a file.
    >>
    >> To test this, I created:
    >>
    >> e:\toplevel\level2\level3
    >> and
    >> e:\toplevel\level2\level3\testDoc.txt
    >>
    >> To the toplevel folder,
    >> Admins have Full Control
    >> user81 has 'Traverse Folder/Execute File' and 'List Folder/Read Data'
    >>
    >> These permissions are inherited all the way to testDoc.txt.
    >>
    >> However, user81 can browse to the level3 folder but cannot read the
    >> testDoc.txt document.
    >>
    >> Evidently, List 'Folder/Read Data' does not allow the user to read
    >> file contents.
    >>
    >> Is that right or am I missing something here?
    >>
    >> Richard
    >>
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks for your post Steven.

    >The user will need 'List Folder/Read
    >Data' to "files" in that folder in order to be able to read the files.

    Thats what it says in the Help, and also on the link you sent me.
    However a bit of experimentation has convinced me that 'List
    Folder/Read Data' is necessary but not sufficient for a user to be
    able to read a file.

    The parent folder needs:
    'List Folder/Read Data'.
    The file needs:
    'List Folder/Read Data',
    'Read Extended Attributes',
    'Read Permissions'

    >Check the inherited security setting on the file itself for that user for
    >'List Folder/Read Data' and make sure the user is not a member of any group
    >with deny permissions to that file

    I've checked that.

    regards
    Richard
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    On Mon, 2 May 2005 16:05:53 -0500, "Steven L Umbach"
    <n9rou@nospam-comcast.net> wrote:

    >In your case to do what you want to do I believe what will work is simply
    >giving the user/group list folder contents and read general permissions on
    >the main security page.

    In practice, thats what I'd do. What I've been looking at are the
    roles of the individual advanced permissions that are combined in
    various ways to produce the 'general permissions'.

    Thanks for your help,

    regards
    Richard
Ask a new question

Read More

Microsoft Permissions Windows