Supervising the Network
2-4
Setting Up and Managing NetWare Directory Services Objects
Rights Needed to Create and Manage Objects
Types of Rights
Four kinds of rights exist in NetWare 4.1:
• Object rights control what a trustee can do with an object. These rights control
the object as a single piece in the Directory tree, but do not allow access to
information stored within that object (unless the Supervisor object right is
granted).
• Property rights control a trustee’s access to information stored within the
object—that is, the information stored in the object’s properties. Each object has
several properties: Supervisor (grants all rights to the property), Compare (grants
the right to compare property values), Read (grants the right to read the property
values), Write (grants to right to add, change, or remove property values), or Add
or Delete Self (grants the right to add or remove itself as a property value).
• Directory rights control what a trustee can do with a directory. Directory rights
also apply to files in the directory unless explicit file rights are granted and the
file’s Inherited Rights Filter doesn’t block the directory rights from flowing
through.
• File rights control what a trustee can do with a file.
In bindery-based versions of NetWare, you could assign only directory and
file rights. In NetWare Services, you can also assign rights to an object and
to properties belonging to an object.
This section discusses only object rights and property rights.
Object and property rights are assigned separately so that you can control
access to the pieces of information (or properties) contained in the object.
Any object to which you grant sufficient rights can make trustee assignments
using NetWare Administrator or NETADMIN. This section discusses the
rights that are needed to make various types of trustee assignments within
NDS.
Directory rights and file rights apply only to the file system. For a discussion
of these rights, see Chapter 3 ,“Managing the NetWare Services File
System.”