Manualshelf

NetWare Directory Services

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
111112113114115116117118119120
7-27
Planning NetWare Directory Services Implementation
Developing a Security Strategy for the Directory Tree
When a user is added to the membership list of a Group object or the
occupant list of an Organizational Role object, the Group or Organizational
Role is listed in that users Security Equal To list.
By using a security equivalency, you avoid having to review the whole
Directory tree structure and determine which rights need to be assigned to
which directories, files, and objects.
If an object in a User object’s Security Equal To list is deleted from the
Directory tree, the user no longer has the rights granted through that object.
User objects that manage other User objects should be granted the Write
right to the Security Equal To property. This allows User object managers to
make users security equivalent to other users that they manage.
User object managers also need the Write right to the ACL property of the
objects so that they can add to a User object’s Security Equal To property.
Every object inherits rights from the container objects that are part of its
Distinguished Name. This means, you can make a container a trustee and
objects in or below that container receive the trustee assignment as if you
individually granted such an assignment to each of them.
Every object in a container object has the rights that are granted to that
container through the Security Equal To property. However, container
objects are not listed in a User object’s Security Equal To list.
The Security Equal To property is not transitive; that is, if Tom is security
equivalent to Jill, and Jill is security equivalent to Bob, Tom is not security
equivalent to Bob through Jill. The Security Equal To property grants Tom
only those rights that Jill is explicitly granted.
In networks containing confidential data, take care that you don’t
inadvertently give a user access to restricted information.
For more information about Refer to
Inherited Rights Filter “Inherited Rights Filter, NDS OBject” in
Concepts
Security and security
examples
“Security” in Concepts