Книга: Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant

Object inheritance

Object inheritance

Objects are defined by using a parent-child structure. A parent object is a top-level object, and a child object is an object defined below a parent object in the hierarchy. For example, the folder C: is the parent of the folders C: Data and C: Backups. Any subfolders created in C: Data or C: Backups are children of these folders and grandchildren of C: .

Child objects can inherit permissions from parent objects; in fact, all Windows Server 2012 R2 objects are created with inheritance enabled by default. This means that child objects automatically inherit the permissions of the parent; therefore, the parent object permissions control access to the child object. If you want to change permissions on a child object, you must do one of the following:

? Edit the permissions of the parent object.

? Stop inheriting permissions from the parent object, and then assign permissions to the child object.

? Select the opposite permission to override the inherited permission. For example, if the parent allows the permission, you would deny it on the child object.

To stop inheriting permissions from a parent object, follow these steps:

1. Open the management tool for the object. For example, if you want to work with files and folders, start File Explorer.

2. Press and hold or right-click the object with which you want to work, and then tap or click Properties. In the Properties dialog box, tap or click the Security tab.

3. Tap or click Advanced to display the Advanced Security Settings dialog box.

4. On the Permissions tab, tap or click Change Permissions to display an editable version of the Permissions tab.

5. On the Permissions tab, you’ll see a Disable Inheritance button if inheritance currently is enabled. Tap or click Disable Inheritance.

6. You can now either convert the inherited permissions to explicit permissions or remove all inherited permissions and apply only the permissions that you explicitly set on the folder or file.

Keep in mind that if you remove the inherited permissions and no other permissions are assigned, everyone but the owner of the resource is denied access. This effectively locks out everyone except the owner of a folder or file; however, administrators still have the right to take ownership of the resource regardless of the permissions. Thus, if an administrator is locked out of a file or a folder and truly needs access, she can take ownership and then have unrestricted access.

To start inheriting permissions from a parent object, follow these steps:

1. Open the management tool for the object. For example, if you want to work

with files and folders, start File Explorer.

2. Press and hold or right-click the object with which you want to work, and then tap or click Properties. In the Properties dialog box, tap or click the Security tab.

3. Tap or click Advanced to display the Advanced Security Settings dialog box.

4. On the Permissions tab, tap or click Enable Inheritance, and then tap or click OK. Note that the Enable Inheritance button is available only if permission inheritance currently is disabled.

Оглавление книги


Генерация: 1.525. Запросов К БД/Cache: 3 / 0
поделиться
Вверх Вниз