It's probably best and most important to understand that access to shares (locally or across a network) are actually an aggregate of two seperate security settings defined in the properties of the individual file or folder being shared.
1. Share Permissions (for users comming at you from across the network) defined under the sharing tab in file and or folder properties.
2. NTFS Permissions (for users setting at the console) defined under the security tab in file and or folder properties.
When these two permissions are defined, they are combined and the most restrictive is what is actually applied to the share.
For years it has been a generally accepted practice to configure share permissions (Everyone = Full Control) and then use the NTFS Permissions to more granularly define explicitly who has access and how much access they have. I still consider this a good practice if for no other reason than it saves a lot of back checking between the two permission sets to make sure nothing is conflicting.
Additionally you need to understand that permissions can be applied to both individual users as well as groups and you need to consider this when a user is having problems accessing a file or folder to which he has explicitly been granted access. What group does he belong to, what permission does that group have to the same file or folder. If he has write access but the group he belongs to only has read access, then he will only have read access.
Here's a very good reference
if you can suffer through it and learn it, you shouldn't have any permission problems going forward.