NetWare Directory Services
2-18
Understanding NetWare Directory Services
The Hierarchical Directory Tree
Access Control List The information about who can access object properties
is stored in a property known as the Access Control List (ACL). An object’s
ACL lists all trustees of the object. The ACL property also stores the
object’s Inherited Rights Filter.
To modify a trustee’s access to an object, you change the trustee’s entry in
the object’s ACL. Only trustees with the Write right for the object’s ACL
property can change trustee assignments or the Inherited Rights Filter.
Each trustee listed in an ACL can have different rights to that object’s
properties. For example, if ten users are listed in a Modem object’s ACL as
trustees, each of those ten users can have different rights to that Modem
object and to its properties. One trustee might have the Read right, another
might have the Delete right, etc.
See “Access Control List (ACL)” in Concepts for more information.
Inherited Rights Filter While trustee assignments grant access to an object,
the Inherited Rights Filter (IRF) prevents rights from automatically flowing
from a container object to the objects it contains.
In the Directory tree, a child object automatically receives, or inherits, rights
granted to its parent objects. The IRF can be used to block any or all of these
inherited rights so that no child objects receive them.
Through inheritance, every object and property in the Directory tree can
have an Inherited Rights Filter.
See “Inherited Rights Filter, NDS Object” in Concepts for more information.
Write The Write right to the Access Control List (ACL)
property is the same as giving the Supervisor right to the
object—it allows you to grant rights.
This right includes the Add or Delete Self right; that is, if
the Write right is given, Add or Delete Self operations
are also allowed.
Allows you to add, change, or remove any values of the
property.
Table 2-3 Property Rights
Right Description