Hello, I have a parent directory called: Data I've created a child directory in this data folder that is called: final versions I've set Modify permissions for a user on the data directory. I've added read rights to final versions for this same user. according to the rules, is that explicit permissions go above inherited permissions. The way I interpet it is that the Read permissions take precedence (since they're explicit) over the modify rights (inherited). When I try this out the user does have Modify rights on this folder. Can anyone explain this behaviour to me? Many thanks, Glenn
Permission precedences don't work that way. Explicit permissions and Inherited permissions don't take precedence over each, they get combined together, the user has the benefits of both. What you need to know instead is that there are two types of permission settings: "Allow" and "Deny". Deny permissions take precedence over Allow permissions. What you have to set up in your case: * Set the user to have Modify and Read Allow permissions on the Data folder. Set these permissions to be inheritable. * Explicitly set a Modify Deny permission for the user on the Final Verions folder. (Careful not to also set Read Deny). If you need help with setting Deny permissions, post again.
Hello, I've followed your steps above, but whenever I want to click deny for Modify the other checkboxes are checked as well.
You are right, I am sorry, I wasn't precise enough. Modify = Read + Write + few others, so as you say, if you check Deny for Modify, it checks everything else too. Instead, you have to check Deny for Write, that will almost do what you want. If you also want the person not to be able to delete files, then you have to edit advanced permissions, and also set Deny for Delete (which doesn't show up on the basic permission list). Edit: There is actually a different, easier way to achieve what you want, which you might also want to try: Switch off inheritable permissions on the Final Versions folder. You will have to add Full Control permission for yourself, and Read permission for your user. To switch off inheritable permissions, under the advanced security settings for the Final Versions folder, untick the check box titled "Include inheritable permissions from this object's parent"