Re: Why Are List Folder / Read Data Combined?

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 11/22/05 

Date: Mon, 21 Nov 2005 22:46:45 -0700

"Will" <westes-usc@noemail.nospam> wrote in message
news:%23AdUccx7FHA.3592@TK2MSFTNGP12.phx.gbl...
> Why are List Folder and Read Data combined into a single privilege?

They are two differenct privileges.
They use the same bit in the bitmask, but it is interpreted
differently depending on the object - file or folder.
You can specific where the ACE carrying the mask is
applicable to files, to folders, or both.

>They seem like very distinct things,

they are

> and I can imagine cases where I would want
> users to be able to see the files inside a folder (List Folder) but I
> would
> not want them to be able to read data in the files they list.

absolutely !

> The current
> design of ACLs doesn't let you set a permission in the folder that *new*
> files created in the folder will automatically inherit. Instead it looks
> like you have to set one ACL for the folder and then come and manually set
> permissions for files in the folder.

??? not sure I follow you at all here.
Have you used the Advanced button in the NTFS dialog?
If so, did you try highlighting a ACE and clicking Edit?
In there, notice the dropbox at the top that controls the
object the ACE is applicable to ?

> That quickly becomes completely
> unmanageable in a large file tree. You like to have ACLs inherit as much
> as possible.
>
> --
> Will
>
>