When attempting to access a shared object (file/folder), access rights are checked according to priority levels in the following order:
•If the element the user is trying to access has Direct rights different from Inherited from the parent object
•The user who is trying to access the element has personal access rights as a User, as well as access rights as part of the Groups to which the user is included.
•Type of the access right of the user who is trying to access the element: Owner, Can manage, Can edit, Can view, Access denied.
1.The subordination of elements (folders and files). Shared objects can have two kinds of rights: Direct and Inherited. If for the embedded element:
•The Direct permissions are set, then they have a higher priority than the Inherited permissions of the parent folder.
•The Direct permissions have not been set, then the elements gets the Inherited access rights from the parent folder.
2.Profile. Access to shared objects can be granted to individual Users and/or Group of users. That means that a user can have personal rights of the User, as well as the rights of the Group to which the user belongs, for the same element. At the same time:
•If a user has personal access rights granted to a single User, they take precedence over the access rights granted to a Group. For example, if a user has Can view permission and the group where the user is included has Can manage permission, then the user will only have Can view access right.
•If a user has no personal access rights, but is a member of several Groups with different types of access rights, the user gets the rights of the Group with the higher type of access rights. For example, if one of the groups the user is included in has Can view permissions, and the other group has Can manage permissions, the user will have Can manage permissions.
3.Access permission type. Elements may be provided with the following types of rights: Owner, Can view, Can edit, Can manage, Access denied:
•The Owner access permissions have higher priority than Access denied.
•The Access denied access permissions have higher priority than Can manage.
•The Can manage access permissions have higher priority than Can edit.
•The Can edit access permissions have higher priority than Can view.