Permission in AD are privileges granted to users or groups to perform certain operations on objects. Permissions are usually granted by object owners or administrators.
Users and groups are assigned permissions (to read, write, create child objects etc.) over objects in AD. These permissions can be of two types:
Permissions on objects can be assigned in two ways
Permissions on objects can be inherited in two ways.
Due to various inheritance and assignments, conflicting permissions may be assigned to an object. In such scenarios deny permissions take precedence over allow permissions. Say for example
You can view the permissions on an object in the user interface in the security tab of object’s properties.
Note: To view the special permissions click on the advanced Tab, An advanced security settings dialogue box appears in which you can navigate through the various tabs to understand the special permissions.