Manualshelf

NetWare Directory Services

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
21222324252627282930
2-14
Understanding NetWare Directory Services
The Hierarchical Directory Tree
For example, you might want to search for all User objects at a certain
location, such as building M1. You cannot easily list all objects located in
building M1 if you have entered “Bldg. M1,” “M1 Bldg,” and “M-1” as
values in the Location property of various User objects.
Standardizing the value for the Location property for all User objects at the
site (such as M1, M2, and M3) makes it easier to search for objects located
in each building.
Object and Property Rights
NetWare 4™ software uses four different categories of rights:
File-system directory rights
File-system file rights
NDS object rights
NDS property rights
Previous versions of NetWare had file-system directory and file rights and
some access control to bindery objects in bindery-based NetWare networks.
NetWare 4 replaces bindery control with NDS object and NDS property
rights. These rights determine what you can do within the Directory tree.
Because the Directory tree is a hierarchical structure, rights assigned in the
Directory tree flow down through the tree. This is an important concept to
understand and consider when designing your Directory tree.
The concept of rights flowing down through the tree is referred to as
inherited rights. This functionality is controlled by the Inherited Rights
Filter (IRF). An IRF is a list of rights that can be assigned to objects in
containers beneath a parent container within the tree hierarchy. It controls
the rights that a trustee can inherit from container objects. See “Inherited
Rights Filter, NDS Object” in Concepts for more information.
To allow you to better control access to NDS objects and their properties,
object and property rights are assigned separately.
Object Rights Rights that control access to an object as an entity are called
object rights. Object rights control what trustees of an object can do with
that object. Object rights do not allow the trustee to access information
stored in that object’s properties unless the trustee has the Supervisor object
right, which includes the Supervisor property right.