I've got a CompTIA Security+ certificate and a couple of certifications from the U.S. Navy from when they sponsored Windows security classes (before going commercial with it). Here is what you need.
Look at colin's two presentations - "basic" and "advanced" permissions. I will refer to them for the permission names.
1. To get to the folder where the DB app files are located, you must have EITHER "list files/read data" or "traverse folders/execute file" (advanced) or "READ" (basic) on every folder above the DB file's "home" folder EXPLICITLY INCLUDING the root folder of the drive. No exceptions. Now, normally the root folder is set for "list files/read data" for all "authenticated users" (at least). In a lax environment, that might be for "EVERYONE" which is a different group than "authenticated users."
2. To use the DB file normally, you need a complex of advanced permissions, but the EASIEST way to assure you have what you need is to have MODIFY (basic) on the folder AND all files therein, including the DB files.
What comes with MODIFY is that you gain read data/list files on the folder, but you ALSO gain create file/write data and delete file on the folder, which you need because of the lock file. The rule (and the reason you need create/delete on the folder) is that the first person to open the DB file for the day also creates the lock file, and the last person to close the DB file for the day also deletes the lock file. Obviously, the ability to do updates on the DB files comes from the "write data" permission.
3. Special case: If you only have READ on the folder, regardless of what permissions you might have on the DB files, you open that file read-only anyway because you can neither create nor modify (add yourself to) the lock file. If Access cannot manage the lock file then you are in read-only mode. NOTE however, that if you enter the file in read-only mode for this reason, you might actually block other users coming in after you because there is still a WINDOWS file lock involved and you opened the DB in read-only mode. That can screw the pooch on sharing big time.
4. On a PC workstation hosting the FE files, the person logging in on that workstation normally has FULL CONTROL (basic) in low-security domains or MODIFY (basic) in domains with more stringent security. On your home PC, you are usually the "owner" and thus have FULL CONTROL (basic).
5. In a domain environment, there are several strategies but for corporate or departmental databases, particularly if the IT Security team has their way, would be to create a group name (like "FiscalDBUsers") and assign permissions according to the group name. Then add members to the group as needed. I.e. never (well... hardly ever) add individual permissions on a project DB. Instead, add a project's group name to the domain, assign permissions (once) to the group, and then assign users to be members of the group. Mechanically, this is INCREDIBLY better than going in and dinking around with basic or advanced permissions per person, particularly if the folder isn't logically very near to the drive's root folder. (I.e. many-folder path, deep path, many-step path, whatever other way you say it in your neck of the woods.)
6. Finally, the reason the BASIC permissions list is shorter is because when you check one item on BASIC, you find that you have implicitly checked as many as six or seven items on ADVANCED. Think of the BASIC permissions as similar to macro settings that imply multiple elements in a single click.