Permission
Effect
Traverse Folder / Execute File
Traverse Folder allows moving through folders to reach other files
or folders, even if the security principal has no permissions for the
traversed folders. (Applies to folders only.)
Traverse Folder takes effect only when the security principal doesn’t
have the Bypass traverse checkinguser privilege (which the Everyone group
has by default).
Execute File allows running program files.
Setting the Traverse Folder permission on a folder doesn’t automatically
set the Execute File permission on all files in that folder.
List Folder / Read Data
List Folder allows viewing a folder’s file and subfolder names.
List Folder affects only the contents of the folder—it doesn’t
affect whether the folder for which you’re setting the permission
is listed.
Read Data allows viewing, copying, and printing files.
Read Attributes
Allows a security principal to see an object’s attributes (e.g., Read-only, System, Hidden).
Read Extended Attributes
Allows a security principal to see an object’s extended attributes (e.g., EFS, Compression).
Create Files / Write Data
Create Files allows creating files within the folder (applies to folders
only).
Write Data allows making changes to the file and overwriting existing
content (applies to files only).
Create Folders / Append Data
Create Folders allows creating folders within the folder (applies to
folders only).
Append Data allows making changes to the end of the file but not changing,
deleting, or overwriting existing data (applies to files only).
Write Attributes
Determines whether a security principal can write or modify standard attributes (e.g., Read-only, System, Hidden) of files and folders. Doesn’t deal with content of files or folders, only their attributes.
Write Extended Attributes
Determines whether a security principal can write or modify extended attributes (e.g., EFS, Compression) of files and folders. Doesn’t deal with content of files or folders, only their attributes.
Delete Subfolders and Files
Allows deleting subfolders and files, even if the Delete permission hasn’t been granted on the subfolder or file.
Delete
Allows deleting the file or folder. If you don’t have Delete permission on a file or folder, you can still delete it if you’ve been granted Delete Subfolders and Files on the parent folder.
Read Permissions
Allows reading permissions (e.g., Full Control, Read, Write) of the file or folder. Doesn’t have to do with reading the file itself.
Change Permissions
Allows modifying permissions (e.g., Full Control, Read, Write) of the file or folder. Doesn’t have to do with changing the file itself.
Take Ownership
Determines who can take ownership of a file or folder. Owners can always have Full Control, and their permission to the file or folder can’t be taken away permanently unless their ownership is taken away as well.
Synchronize
Not manipulated much by administrators. Deals with synchronization issues with multithreaded, multiprocess programs and how multiple threads trying to access the same resource cooperate.