File and Folder Permissions
Applies To: Windows 7, Windows Server 2008 R2
The following table lists the access limitations for each set of special NTFS permissions.
Special permissions | Full Control | Modify | Read & Execute | List Folder Contents (folders only) | Read | Write |
---|---|---|---|---|---|---|
Traverse Folder/Execute File |
x |
x |
x |
x |
||
List Folder/Read Data |
x |
x |
x |
x |
x |
|
Read Attributes |
x |
x |
x |
x |
x |
|
Read Extended Attributes |
x |
x |
x |
x |
x |
|
Create Files/Write Data |
x |
x |
x |
|||
Create Folders/Append Data |
x |
x |
x |
|||
Write Attributes |
x |
x |
x |
|||
Write Extended Attributes |
x |
x |
x |
|||
Delete Subfolders and Files |
x |
|||||
Delete |
x |
x |
||||
Read Permissions |
x |
x |
x |
x |
x |
x |
Change Permissions |
x |
|||||
Take Ownership |
x |
|||||
Synchronize |
x |
x |
x |
x |
x |
x |
Important
Groups or users granted Full Control permission on a folder can delete any files in that folder regardless of the permissions protecting the file.
Additional considerations
Although List Folder Contents and Read & Execute appear to have the same special permissions, these permissions are inherited differently. List Folder Contents is inherited by folders but not files, and it should only appear when you view folder permissions. Read & Execute is inherited by both files and folders and is always present when you view file or folder permissions.
In this version of Windows, the Everyone group does not include the Anonymous Logon group by default, so permissions applied to the Everyone group do not affect the Anonymous Logon group.
Additional references