4.5 Role Requirements Are Rigidly Enforced

On NSS and NTFS it is possible to define customized permissions. For example, you can create a directory in which users can create files even though they have no permission to view them afterward.

Customized permissions do not apply to Filr.

The NSS and NTFS requirements set forth in Table 4-2 and Table 4-3 are very rigid.

If any permissions are missing for a given role, Filr defaults to a more restrictive role. Additionally, if each and every permission required for the Viewer role is not present, then Filr grants no role to the user, as illustrated in the following sections.

4.5.1 NSS Example

Figure 4-6 shows that if the NSS write right is missing, the user can only function as a viewer, even though all of the Contributor-specific rights are present.

Figure 4-6 Missing Write right limits to only Viewer role

4.5.2 NTFS Example

Figure Figure 4-7 shows that for NTFS, if the Read & Execute privilege is missing, the user has no Filr role, even though all of the other permissions are present.

Figure 4-7 Missing Read & Execute privilege prevents access through Filr