User Guide
Administering Rights 53
ConsoleOne User Guide
104-001316-001
August 29, 2001
Novell Confidential
Manual 99a38 July 17, 2001
4a
To add a rights assignment, click Add Object > select the object to
control access to > click OK > assign the trustee’s rights > click OK.
4b To modify a rights assignment, select the object to control access to
> click Assigned Rights > modify the trustee’s rights assignment as
needed > click OK.
When creating or modifying a rights assignment (in the Rights
Assigned To dialog box), you can grant or deny access to the object
as a whole, to all the properties of the object, and to individual
properties. Click Help in the dialog box for details.
4c To remove a rights assignment, select the object to control access to
> click Delete Object > Yes.
The trustee will no longer have explicit rights to the object or its
properties but might still have effective rights through inheritance or
security equivalence.
5 Click OK.
Granting Equivalence
A user who is security equivalent to another eDirectory object effectively has
all the rights of that object, both in eDirectory and in the NetWare file system.
A user is automatically security equivalent to the groups and roles that he or
she belongs to. All users are implicitly security equivalent to the [Public]
trustee and to each container above their User objects in the eDirectory tree,
including the Tree object. You can also explicitly grant a user security
equivalence to any eDirectory object.
NOTE: The tasks in this section allow you to delegate administrative authority
through eDirectory rights. If you have administration applications that use RBS
roles, you can also delegate administrative authority by assigning users
membership in those roles as explained in “Assigning RBS Role Membership and
Scope” on page 63.
In This Section
“Granting Security Equivalence by Membership” on page 54
“Granting Security Equivalence Explicitly” on page 54
“Setting Up an Administrator Over an Object’s Specific eDirectory
Properties” on page 55