|
If
a user belongs to one or more groups, it is possible that multiple
permissions apply to a single file or folder. In such a case, permissions
are resolved as follows (higher numbered levels take precedence):
-
Level 1
-
If the user has View, Publish, or Manage permissions through
group-acquired permissions, the permission granting the greatest
access to features applies. These three group permissions are additive.
-
Level 2
-
If the user has any Denied permission through group-acquired
permissions, all group-acquired View, Publish, or Manage permissions
are removed and the user is not allowed access.
-
Level 3
-
If the user has View, Publish, or Manage permissions through
user-specific permissions, these permissions are additive to the
corresponding group-acquired permissions. In addition, these permissions
override any group-acquired Denied permission.
-
Level 4
-
If the user is assigned the Denied permission setting through
user-specific permissions, the user is denied access regardless
of any group-acquired permissions.
-
Level 5
-
If the user is a member of the Administrator group, the administrator permission
applies, regardless of any other individual or group setting.
-
Level 6
-
If there are no permissions applied by either user or group
(and none is inherited from a parent folder), the user cannot access
or perform any actions on the folder or file.
The following
table illustrates the way that group and user permissions apply:
|
Group G1 permissions
|
Group G2 permissions
|
Union (G1, G2) permissions
|
User permissions
|
Resulting permissions
|
|
View
|
Publish
|
Publish
|
Manage
|
Publish+Manage
|
|
Manage
|
None
|
Manage
|
Publish
|
Publish+Manage
|
|
Denied
|
Publish
|
Denied
|
Manage
|
Manage
|
|
View
|
Manage
|
Manage
|
View
|
Manage
|
|
Manage
|
None
|
Manage
|
Denied
|
Denied
|
|
None
|
None
|
None
|
None
|
None
|
|
|
|
