I had a rights issue at work recently and it made me read up on Windows rights.
Here is a nice refresher on best practices for Windows Share rights assignments. Believe it or not it's really pretty simple. I think the key is to remember that it's the sum of both the security (NTFS) rights and the share rights that matters. I had an issue with RDP rights vs. share rights that I had to iron out and this answered the question.
Just make sure to tighten up the inherited rights if you use his suggestion on giving Authenticated Users full access to the Share.