| Permission | When granted on a folder | When granted on a file |
|---|---|---|
| Read (READ) |
Allows grantee to list the items in the folder | Allows grantee to read the file and its metadata |
| Write (WRITE) |
Allows grantee to create new items in the folder | Allows grantee to create new versions of the file |
| Full Control (FULL_CONTROL) |
Allows grantee the READ, READ_ACP, WRITE, and WRITE_ACP permissions on the folder. Allows grantee to move, rename, and delete the folder. | Allows READ, READ_ACP, WRITE, and WRITE_ACP permissions on the file. Allows grantee to move, rename, and delete the file. |
| View Permissions (READ_ACP) |
Allows grantee to read permissions on the folder | Allows grantee to read permissions on the file |
| Modify Permissions (WRITE_ACP) |
Allows grantee to modify/grant permissions on the folder | Allows grantee to modify/grant permissions on the file |
Permission Inheritance
By default, newly created files inherit their permissions from their parent folder. By default, newly created folders do not inherit from their parent folder but can be configured to do so by adjusting the "Subfolders Inherit Permissions" folder property.
Every user is automatically added to the "All Users" group. By default, the "All Users" group is granted READ access to the root folder on your domain. Without this READ permission on the root folder, a user would not have a clear path to any other files or folders on the domain.
Administrators should keep in mind that under these default settings, all users have the ability to see metadata for all files and folders directly within the root folder. We recommend creating subfolders for any files or folders with private metadata and then simply restricting READ & WRITE privileges on those subfolders. However you also have the option of setting home folders for individual users and avoiding the need to establish a clear path from root for the given user.