AFS Privileges is an application that allows you to permit (or de-permit) other users or groups from folders that you have control over.
The AFS file system has seven access rights (or permissions) which folders (and all the files inside them) can be assigned:
Directory (Folder) ACLs
There are four access rights that apply to the folder itself:
Lookup - The user or group can list the names of files and sub-folders within the selected folder, but they can't read the contents of any of them. To be able to read the contents of the file, the user/group would also need "read" access.
Insert - The user/group can add or copy new files into the folder. I.E. the user will be able to put a file into this directory so that you can have access to it.
Delete - The user/group can remove (or move) files and sub-folders from this directory.
Permit - The user/group can change privileges on this folder.
File (Document) ACLs
These access rights apply to all files in the folder.
Read - The user/group can open and read the contents of any of the files. They can also list the files in any sub-folder.
Write - The user/group can make changes to any document in the specified directory.
Lock - Programs/applications use this access right to temporarily lock files so that other users/programs won't access the file as it is being used. This keeps the file from being corrupted.
Combinations of these access rights can be used to do different things. For example, by giving system:anyuser (everyone) insert and lookup access to a folder, you are creating a "Drop Folder" where people can leave files for you to use. Read and lookup access to system:anyuser allows everyone to read/open public files that you have left in that folder. The folders that belong to you automatically have all seven access rights. Even if you delete your name from the access list by accident, you can still make changes/restore your name to your folders easily.