Inheritance of rights
One of the outstanding functions of the right management is the inheritance of rights. With this you can define privileges for a superior folder and alienate them to all sub folders and records. So you can save a lot of time because not every folder and every record has to be changed manually if the structure of rights changes.
If you start a new record (e.g. a password) in a folder the rights of the folder will be automatically passed on to the record. Therefore no new allocation has to be made, except you intend individual settings for this new record.
After you have added groups or users or changed a right when clicking on "Ok" the dialogue for the inheritance of rights appears automatically.
Now choose one of the following opportunities:
Not alienate rights
All permissions and rights will not be passed on, therefore they only apply to the current folder.
Pass on rights to subordinate objects, hitherto existing rights will completely drop away
All permissions and rights will be passed on. However before the inheritance all individual permissions and rights of the subordinated objects will be deleted so that only the setting applies that you have just carried out for the folder.
Pass on rights to subordinated objects, not available permissions and changes will be passed on, no groups or users will be deleted.
All changes of permissions and rights will be passed on to the subordinated objects. Not available rights will also be passed on. But individual settings of the subordinated objects remain preserved (e.g. if further users exist in a subordinated folder or record). No users or groups will be deleted. If you have deleted permissions you have to do it separately for the subordinated objects or choose the second option.
Which kind of inheritance of rights makes suggestive and should be used?
This very much depends on what your intentions are. The most secure option is the third one. So individual rights of subordinated folders and records definitely remain preserved. If you do not know how your colleagues have managed the subordinated data you can not pass on the rights.
Deactivate inheritance of rights
The inheritance of rights can be deactivated globally or per folder. At this however only the manual descent will be deactivated after the change of permissions. But if you start a new record in a folder still the rights of the folder will be passed on to the record.