NetWare 4.1/9000 Concepts
1-68
NetWare Glossary
I
The directory's IRF controls which parent directory effective rights can be
exercised in the current directory. The file's IRF controls which of the
current directory's rights can be exercised in the file.
The following figure shows how a trustee assignment to a parent directory is
inherited by a file or subdirectory. Compare Figure 24.
Figure 1-23 Inheritance of file system trustee assignment
The Supervisor right cannot be blocked in the file system. A trustee who has
the Supervisor right in the root directory of a volume has the Supervisor
right to the entire volume: it can’t be blocked with an IRF.
Inherited Rights Filter, NDS object
A list of rights that can be created for any object, which controls the rights a
trustee can inherit from container object.
The Inherited Rights Filter (IRF) for any object is part of the access control
information for that object.
To change the IRF of an object, you must have at least the Write and Read
property rights to the ACL property of that object.
The IRF cannot grant rights, it can only revoke rights.
The effect of the IRF, for every object that doesn’t have a trustee assignment
to an object, is: “Whatever rights to this object you would have inherited, I
am revoking all but these rights.”
1. Nick's trustee assignment to directory PROJECTS:
2. IRF on file PLAN:
3. Nick's effective rights to PLAN:
A right must be in both lines 1 and 2 to flow to line 3.
File system
[ RWCE F ]
[SR C F ]
[ R C F ]
directory and
file rights