I setup IIS ftp site, authentication is done using iis manager users, I don't know actually what 's the authority of these users over the IIS, "I mean can them access any other things except the ftp files they upload/download, can they misuse any other IIS resources or administration privilege ", I'm afraid of any security vulnerability, specially all documentation only mention how to set up such users but no detailed documentation about their security impact.
I appreciate any help to understand the security model, or any reference to clear documentation, because it's my first time to deal with IIS.