Microsoft Knowledge Base Article 301195 contains the following summary:
This step-by-step guide describes how to configure security for files and folders on a network to protect data from unauthorized access.
For example, assume that you get a call from Fran, the manager of your Accounts Receivable department. Fran has been working on several spreadsheets that are stored on a file server in your domain, and is concerned that employees who should not access these files may be able to open and edit the files. The files are in a folder named C:\Accounts on the server, and the folder is shared as Accounts. The share permissions on the Accounts share for Domain Users members are set to Full Control. Fran wants to allow the members of the Accountants group to edit the files and add new files, and the members of the Sales group to be able to read the files but not edit them. Fran should be the only person who can make any changes to the permissions, and no one else should have any access to the files.
