"modify" allows permission changes

  • Thread starter Thread starter Greg Bruntzel
  • Start date Start date
G

Greg Bruntzel

According to the MS permission matrix, granting
the "Modify" permission on a file or folder DOES NOT give
the user the authority to make changes to file or folder
permissions. That authority is supposed to be reserved
for "Full Control". It is NOT working this way in our
network. While we know that "Modify" is required for a MS
Office product to write to or save changes to a file, the
user should not be able to change file/folder permissions.

Does anyone know the cause of this. The user(s) in
question DO NOT belong to higher level groups that would
all them to change permissions. Any assistance would be
greatly appreciated.

Thanks,
Greg
 
then what is modify sopposed to do??

I assumed it was change permissions up to modify. aand
full control could change ownership and other stuff
 
I have almost the same problem. According to MS users with "modify" permissions should not be able to delete, change permissions or take ownership of file or folder. Well .....in my case it is not like that. I realized that when some files started to disapear. Nobody except admin has "full control" (that's me) and non of the users is member of any other group.

I have no idea.
If I find anything I let you now.
 
I don't know exactly what you mean by "modify", but it probably translates
into the permissions GENERIC_WRITE or FILE_GENERIC_WRITE. Niether of these
permissions includes WRITE_DAC (required to change access permissions),
DELETE (obvious), or WRITE_OWNER. You may want to take a closer look at the
access control list on the directory in question.

Is there any additional information you can provide about the directory or
file(s)?

Thanks!
-Dave

--
This message is provided "AS IS" with no warranties, and confers no rights.
This message originates in the State of Washington (USA), where unsolicited
commercial email is legally actionable (see
http://www.wa.gov/ago/junkemail).
Harvesting of this address for purposes of bulk email (including "spam") is
prohibited unless by my expressed prior request. I retaliate viciously
against spammers and spam sites.

Goran Racic said:
I have almost the same problem. According to MS users with "modify"
Click to expand...
permissions should not be able to delete, change permissions or take
ownership of file or folder. Well .....in my case it is not like that. I
realized that when some files started to disapear. Nobody except admin has
"full control" (that's me) and non of the users is member of any other
group.
 
Back
Top