Commenter Lee asked how ACLs are evaluated when an object has multiple hard links. I replied with comments of my own, which turned out to be wrong after I did some experiments. Here is what I found out about hard link permissions and believe to be true.
Can permissions on multiple hard links to the same data be different?
No. Permissions on all hard links to the same data on disk are always identical. The same applies to attributes. That means if you change the permissions/owner/attributes on one hard link, you will immediately see the changes on all other hard links.
Which permissions on the link target are required to create a hard link?
Only the permission “write attributes” (for programmers: FILE_WRITE_ATTRIBUTES) is needed on the target. Whether or not you are the owner of the target is not relevant.
These topics do not seem to be documented anywhere. So how did I find out? I tried it out (on Windows 7 RC).