Manualshelf

User Guide

ManualsBrandsNovell ManualsOtherNETWARE 6-DOCUMENTATION
2291229222932294229522962297229822992300
Administering Rights 59
ConsoleOne User Guide
104-001316-001
August 29, 2001
Novell Confidential
Manual 99a38 July 17, 2001
Sources of Rights
A given file or folder can have multiple rights assignments associated with it,
each linked with a different trustee (possessor) of the rights. Rights to a folder
are inherited by the trustee to items within the folder, so the trustee can
exercise the rights on subordinate items without having an explicit assignment
on those items. You can, however, place a filter on individual subordinate
items to block specific rights from being inherited. Such filters apply globally
to all trustees holding the specified rights.
Besides having explicit and inherited rights to a file or folder, a user can also
have rights to a file or folder through security equivalence to another
eDirectory object. For example, if a user is a member of an eDirectory group
or role and that group or role has been granted certain rights, the user
effectively has those additional rights through security equivalence. For more
information, see Novell eDirectory Administration Guide > eDirectory Rights.
How NetWare Calculates Effective Rights
A users effective rights are calculated by NetWare each time the user tries to
access a file or folder on a NetWare volume. You can view a users effective
rights to any file or folder as explained in “Viewing Effective Rights” on page
56. Following is the process used by NetWare to calculate effective rights.
This process is similar to, but not the same as, the process used by eDirectory
to calculate users’ effective rights to eDirectory objects and properties. For
information on that process, see Novell eDirectory Administration Guide >
eDirectory Rights.
1. Checks whether the user effectively has the Supervisor right to the
NetWare server where the target file or folder resides. (eDirectory
supplies this information to NetWare.)
If so, the user effectively has all rights in the file system of the server,
and the rest of this process is skipped.
If not, continues with the next step.
2. Determines which eDirectory objects the user is security equivalent to.
(eDirectory supplies this information to NetWare.)
3. Descends to the next level in the file system along the path to the target
file or folder.
HINT: The next level below the NetWare server is the root folder of the volume.