access, permissionsHow the GuardianOS and Windows differ in processing file-level access permissions.
This information is not Operating System specific
The GuardianOS processes access permissions differently than does the Windows operating system. When a user attempts to perform an action on a file and directory, Windows collects all permissions that apply to the user before deciding whether to allow the user to perform the action. The GuardianOS, on the other hand, uses the first applicable permission it finds to decide whether to allow the user to perform the action.
The GuardianOS searches for access permissions in the following order:
- 1. User owner
- 2. User
- 3. Group owner<
- 4. Group
- 5. Everyone
When a match is found, the search stops and the specified access permission is applied. Assume the user joan brown is attempting to modify the file settings.doc. Joan brown is a member of the group sales. As a user, jbrown has read-only access to the file; the group sales has read-write access to the file, as follows:
- settings.doc: username:jbrown:RO; groupname:sales:RW
The following shows how Windows and the GuardianOS treat these settings:
Match found for jbrown, read access found, continue searching for necessary access. Match found for group sales, read-write found, allow user jbrown to modify the file.
Match found for user jbrown, stop searching and prevent user from modifying file.
In this case, Windows would grant write access to Joan Brown, allowing her to modify the file. The GuardianOS, on the other hand, would not allow Joan Brown to modify the file.