Manualshelf

NetWare 4.1/9000 Concepts

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
201202203204205206207208209210
1-188
NetWare Glossary
S
Inheritance security
By inheritance, rights granted by a trustee assignment apply to everything
below the point where the assignment is made, unless another trustee
assignment is made or unless the rights are blocked by an Inherited Rights
Filter (IRF).
Inheritance applies both to directories and files on a volume, and to objects
in the Directory tree.
For directories and files, all access rights are inherited. For objects, only
object and property rights are inherited. When property rights are inherited
all property right are inherited. Individual properties of an object can't be
inherited.
Rights are also not inherited from a volume object in the Directory tree to
the root directory of a volume, and directory rights must be assigned
separately from object rights.
Inherited Rights Filter. If you were to create a file, but didn’t want everyone
who has rights in the directory to have rights to your file, you could create a
filter that stops those rights from being inherited.
An Inherited Rights Filter has the same set of possible rights as a trustee
assignment, but instead of granting rights, it revokes rights. Its effect is this:
“Whatever rights to this file, directory, or object you would have inherited, I
am revoking all but these rights.”
Every directory, file, and NDS object has an Inherited Rights Filter. With
this filter, you can grant access more freely at the top of the object tree or
volume; then filter out rights in sensitive areas.
When all rights in a sensitive area are blocked by an Inherited Rights Filter,
no one can inherit rights. Only users with a trustee assignment in that area
have access.
The Supervisor right is unique.
If a trustee is granted the Supervisor right to a directory, that trustee inherits
the Supervisor right for all subdirectories and files—the rights can't be
blocked by another trustee assignment or an Inherited Rights Filter.
But if the Supervisor right is granted for objects and properties, it can be
blocked by an Inherited Rights Filter, like any other right can.