A user has Full Control share permissions but only Read NTFS permissions on a network share. What is the resulting access for the user?

In a scenario where a user has Full Control share permissions but only Read NTFS permissions, the more restrictive set of permissions will ultimately apply. This principle is known as permission inheritance, where the most limiting permissions take precedence between the two types.

Share permissions are applied when accessing the shared folder over the network, while NTFS permissions apply at the file system level. Even though the user has Full Control share permissions, they can only perform actions permitted by their Read NTFS permissions. Consequently, since NTFS permissions allow only reading files and folders, actions such as modifying or deleting files, which would come under Full Control, are not permitted.

Thus, the user effectively has Read access based on the NTFS permissions, which restrict their capabilities despite having broader permissions at the share level. This means that the user can view and read files, but cannot modify or delete them.