Network protection

2. User access rights

On a network not everyone needs access to every single file except the system administrator.

At school, you can expect to access your own files but not other peoples' unless they are in a shared area. Students cannot see staff areas - nor would they expect to. Beyond that teachers cannot see school office areas.

For this to happen, 'user access rights' are applied to the files and folders on the network.

User access rights is set up by the network manager who defines groups and allocate specific permissions to those groups. People using the network will then be assigned to a group and all permissions related to that group will apply to them when they log in.

For example, a group called 'students' might be able to view the student shared area but not make any changes to files in that folder. Whereas a group called 'teachers' can view the shared area and also add and delete files.

The three common access rights are

• 'Read', which is the ability to view and open the file or folder.
• 'Write', which allows the file or folder to be modified.
• 'Execute' which gives the user the right to execute or run an executable application.

These rights can have further restrictions placed on them. For example:

• Access can be restricted to particular workstations or terminals
• Access can be restricted to certain times of day
• Accessing can be flagged so that others are notified when someone opens or changes a file

Having this level of control over user access rights helps maintain network security and ensures that people only have access to areas they have the authority to use. And if there is virus or malware, it is limited to the areas that this user has access to.