• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

Denying Access

This question often comes up: “If I don’t give permission to do something, is that the same as denying access?” Well, yes and no. If you do not explicitly grant permission, the default permission structure applies. If the users in question don’t have permission by default, they cannot perform the requested operation. If the model you choose is Grant All, Deny Explicit, odds are that the user can do what she is requesting. If you choose Deny All, Grant Explicit, the user most likely can’t do the operation by default. If you deny access, the user will not be able to do the requested operation, period. Let’s look at an example to see how this works.

When users double-click a file, they are requesting Read or Execute access (depending on the type of file clicked). The first thing that happens is that the system checks on who is asking for the access and compares this information with the ACL of the file. It checks to see if this user is denied access; if so, it stops checking and provides a Denied Access message. If the user is not denied access, the system reads through the list looking for an entry that allows the user to get the access requested. It continues checking until it finds an entry in the ACL that allows the requested access or until it reaches the end of the list. If it reaches the end of the list, it generates an Access Denied message. If it finds an entry that allows access, it simply allows access by opening or running the file.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint