teach-ict.com logo

THE education site for computer science and ICT

2. User access rights

On a network not everyone needs access to every single file. At school, you don't need to see the staff's pay records (even if you might like to!). The staff might want to see their own pay records but the Office staff won't want them to be able to make any changes.

For this to happen, we use something called 'user access rights'.

User access rights will be set up by the network manager who will define groups and allocate specific permissions to those groups. People using the network will then be assigned to a group and all permissions related to that group will apply to them when they log in.

For example, a group called 'students' might be able to view the students' shared area but not make any changes to files in that folder. Whereas a group called 'teachers' can view the shared area and also add and delete files.

netwrok policy

The three common access rights are

  • 'Read', which is the ability to view and open the file or folder.
  • 'Write', which allows the file or folder to be modified.
  • 'Execute' which gives the user the right to execute or run an executable application.

These rights can have further restrictions placed on them. For example:

  • Access can be restricted to particular workstations or terminals
  • Access can be restricted to certain times of day
  • Accessing can be flagged so that others are notified when someone opens or changes a file

Having this level of control over user access rights helps maintain network security and ensures that people only have access to areas they have the authority to use. And if there is virus or malware, it is limited to the areas that this user has access to.

Challenge see if you can find out one extra fact on this topic that we haven't already told you

Click on this link: Example of file permissions