Web Server Permissions
As well as any NTFS security permissions that you might apply to folders and files stored on disk, Web server permissions, which apply to all users, are assigned to Web sites, virtual directories and the files stored in them.
Web server permissions also affect WebDAV permissions by specifying which actions are allowed for accessing documents using WebDAV-enabled applications, such as Microsoft Office. The WebDAV protocol lets users read, write, and create documents via Hypertext Transfer Protocol (HTTP).
Web server permissions can be applied globally or locally. Global Web server permissions are applied at the Web Sites (parent object) node level. These settings are inherited by all of the Web sites, virtual directories and files (child objects) beneath the parent level.
If you set Web server permissions locally for individual Web sites, virtual directories, or files, those settings can override the global permissions. If global and local settings conflict, IIS asks whether you want to apply the global settings or retain the local settings.