Microsoft Knowledge Base Article 325361 contains the following summary:
This step-by-step article describes how to configure security for files and folders on a network in Windows Server 2003. This may be useful to protect data from unauthorized access.
For example, you receive a call from the manager of your accounts receivable department. The manager has been working on several spreadsheets that are stored on a file server in your domain, and is concerned that employees who should not have access to these files may be able to open and edit the files. The files are in a folder that is named c:\Accounts on the server, and the folder is shared as Accounts. The share permissions on the Accounts share for members of the Domain Users group are set to Full Control. The manager wants to permit the members of the Accountants group to edit the files and add new files, and the members of the Sales group to be able to read the files but not edit them. The manager will be the only person who can make any changes to the permissions, and no one else will have access to the files.