There are "share" permissions, which allow you to connect to teh share itsefl, then there are file level permissions on the files/folders in the share. I like to think of the share as a gate, once inside there are cabinets where you need extra access to get at them.
Security is assigned either within the context of a domain, where security is common across multiple servers, or local where it is defined on each and every server.
That's prett high level but hope it helps.