1. Necessity for list authorizations
Generally access rights to NTFS-file servers are assigned deeper than the 1st directory level. As soon as this is the case, one must take care of the fact that the user can should also bo able to browse the file system for appropriate directory. Here there are various possibilities with various effects.
2. Variants of assigning list rights
For browsing through the directory system, migRaven can flexibly form list authorizations. In addition to this, two options are fundamentally offered:
- For the list authorizations, own authorization groups are formed, which for example include the “Change” authorization groups from the lower levels.
- 2. In the directories above the explicitly authorized folder, for example the “Change” authorization groups are used for assigning the list authorizations.
The optimal way is the combination from both options. It should however be used in 1st and not up to the lowest level because otherwise the account appears in several groups. But it should not also be dispensed to position one because otherwise too many entries are included in the ACLs of the above directories. An ACL can maximum includes 1800 ACEs. Too many ACL entries make the access to directories slow.