Granting and Revoking Rights

In the directory allocated to you, you are generally given all the rights that were listed earlier. Other users cannot access your directories, if you choose not to let them do so. However, there are certain situations under which you may want to share one of your files/directories with someone else on the LAN. You can permit this by granting rights to him or her for your files and directories by using the GRANT command. The syntax is:

GRANT rightlist [FOR filename/dirname] TO username/groupname

Rights that can be granted are:

  • ALL
  • Create
  • Access Control
  • No
  • Read
  • Erase
  • Write
  • Modify
  • File Scan

The command

GRANT R W F TO USER2

will grant Read, Write and File Scan rights for the current directory to the user USER2.

There are times when you would like to allow all the users belonging to a particular group, access to your files and directories. Rather than granting rights to all the users individually, which could be extremely laborious, you can grant the same rights to the group as a whole. For example, to grant Modify and Access Control rights to the group STAFF for the directory PROGS, you can issue the command

GRANT M A FOR PROGS TO STAFF

If you would like to grant all rights to a user USER1 for the directory GAMES, the command

GRANT ALL FOR GAMES TO USER1

will ensure the same.

Apart from granting rights for a directory, the GRANT command can also be used to grant rights to a user for specific files. For example, Write and Erase rights can be given by you to USER8 for a file START.BAT, by issuing the command

GRANT W E FOR START.BAT TO USER8

Now that you know how to give other users access to your files and directories, the need may arise, in due course, to take away these privileges. This can be achieved through the REVOKE command, for which the syntax is:

REVOKE rightlist [FOR filename/dirname] FROM username/groupname

Rights that can be revoked are the same as those that can be given away, with the exception of the No rights option that is not available with the REVOKE command.

Consider a situation in which you no longer want a particular user, USER2, to view the contents of your files in the current directory.

The command

REVOKE R FROM USER2

will achieve this.

If you would like to take away the Access Control right from the group STAFF for the directory PROGS, you may use the command

REVOKE A FOR PROGS FROM STAFF

To remove all rights from user USER1 for the current directory, you could use either one of the following commands:

REVOKE ALL FROM USER1

            or

GRANT N TO USER1

To revoke the Write right for the file START.BAT from USER8, you can use the command

REVOKE W FOR START.BAT FROM USER8

The granting and revoking of rights is subject to the possession of the Access Control right. If you do not possess this right, you will not be able to grant or revoke rights.