Inheritance and propagation flags dictate how individual access control entries are pushed down to child objects.
Inheritance flags are described by the System.Security.AccessControl.InheritanceFlags enumeration. The possible values are as follows:
- None: Objects will not inherit this access control entry
- ContainerInherit: Only container objects (such as directories) will inherit this entry
- ObjectInherit: Only leaf objects (such as files) will inherit this entry
Propagation flags are described by the System.Security.AccessControl.PropagationFlags enumeration. The possible values are:
- None: Propagation of inheritance is not changed
- NoPropagateInherit: Do not propagate inheritance flags
- InheritOnly: This entry does not apply to this object, only children
These two flag fields are used to build the Applies to option shown in the graphical user interface when setting security on a folder. The following table shows how each option is created:
Option |
Flags |
This folder only |
|
This folder, subfolders, and files |
|
This folder and subfolders |
|
This folder and files |
|
Subfolders only |
|
Files only |
|
The NoPropagateInherit propagation flag comes into play when the tick-box only applies these permissions to objects and/or containers ticked within this container. This may be used with all but in this folder, only right (where it has no effect).