Basic NTFS Permissions

Read: Users can view files and file properties.

Read permission on a file = advanced permissions:

• List Folder/Read Data
• Read Attributes
• Read Extended Attributes
• Read Permissions                # reading permissions of the file or folder(ie. Read, Write ...)

Read & Execute: Users can run executable files, including scripts.

Advanced Permissions

"Traverse Folder / Execute File"

Applies to folders only

allows or denies moving through folders to reach other files or folders,
even if the user has no permissions for the traversed folders

Applies to files only

Execute File allows or denies running program files

"List Folder/Read Data"

• viewing filenames and subfolder names within the folder (Applies to folders only)
• viewing data in files (Applies to files only)
• inherited by folders only

Traverse folder v.s. List folder

Traverse folder:

Give access to a subdirectory without giving access to parent directories.

i.e.

They will be able to navigate through the top two directories and get to dir3 where they have more permissions,
but will not even see what files exist in the top two directories.

\\server\dir1\dir2\dir3       # read, write and execute
\\server\dir1\dir2            # no permissions
\\server\dir1                 # no permissions
\\server                      # no permissions

Read & Execute   

# Meaning for Folders

Permits viewing and listing of files and subfolders as well as executing of files; inherited by files and folders     

# Meaning for Files

Permits viewing and accessing of the file’s contents as well as executing the file

 * inherited by files and folders

Read Attributes:

Allows or denies viewing the attributes of a file or folder,

such as read-only and hidden. Attributes are defined by NTFS.

Read Extended Attributes

Extended attributes are defined by programs and may vary by program.