NetWare Directory Services
7-26
Planning NetWare Directory Services Implementation
Developing a Security Strategy for the Directory Tree
Developing a Security Strategy for the Directory Tree
Access control in NDS is very powerful and flexible, and it can also be very
easy to implement.
You can use the default security provided during the installation of the
Directory tree and then add additional security as needed.
You can further control access to objects within the tree in various ways, as
explained in the following sections.
Trustee Assignments
Grant trustee assignments to objects for other objects and their properties.
Container Rights
Rights can be granted at a container level. This allows you to exploit the
hierarchal structure of the Directory tree.
By granting rights at the container, those rights are automatically available
for every object in that container unless masked by an Inherited Rights
Filter. See “Inherited Rights Filter” in chapter 1.
Group Object Rights
Create Group objects to give groups of users limited or unlimited access to
particular objects or their properties in the Directory tree.
Inherited Rights Filter
The Inherited Rights Filter is a list of rights that can be assigned for any
object. It controls the rights that a trustee can inherit from parent container
objects.
Security Equivalency
Use the Security Equal To property to give a user access to the same
information or rights that another user has access to.