Alrighty now, I have done some experimenting and here is how permissions work.
Out of the box, the authusers item is implicitly defined with reader permissions at the root level, and is explicitly propagated throughout the entire tree. Implicit propagation happens with any user or group added at the root, that is the Public Folders folder. Because of this, ALL USERS have at least read only permissions to EVERYTHING in the Public Folders. Pretty normal there. But then things get a bit tricky.
If you add a user or group to a sub-folder, the permissions you set there are specific to that folder only, and do not affect permissions further up the tree, that is in any sub-folders inside of it. Simply adding myuser to sub-folder company does not give me permissions to folder department1 inside the folder company. BUT... and here is the tricky part boys...
If instead of adding myuser in the company folder, you add it to theoffice, which is in department1which is in company, which is in public folders, why then access throughout the entire path is IMPLIED, even though you do not speicifically give myuser access to department1 or company, or even public folders. That is you will be able to navigate through public folders, through department1, and into theoffice and see the items in it, simply because it would be boneheaded to make us apply permissions down through the path for every share and path to the shares.
Now I can see how this is very convenient, in a way. It will save me a lot of work. Essentially, just ignore containers (folders containing folders or stores) and just assign permissions to the stores themselves, and the server will imply the permissions to get to them. Is that clear? It's upside down or inside out or backwards from traditional file sharing permissions I think, but certainly simpler.
If I am wrong on any point here Iwould welcome any corrections from the Kerio folks. Otherwise this may be a good starting reference to post in the Knowledgebase.
I appreciate your efforts to explain the PF permissions but I don't think I understood..
Using the following as an example:
My understanding is that:
1) Permissions applied at 'Root' will apply to all Public Folders
2) Permissions applied at 'Parent' will affect itself and all it's subfolders
3) Permissions applied at 'Child' will give "Traversal" access to the above folders (Root&Parent) but will NOT give access to view the contents of these folders.
Perhaps you could confirm if I have understood correctly...
Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of