A user who is security equivalent to another eDirectory object effectively has all the rights of that object, both in eDirectory and in the NetWare file system. A user is automatically security equivalent to the groups and roles that he or she belongs to. All users are implicitly security equivalent to the [Public] trustee and to each container above their User objects in the eDirectory tree, including the Tree object. You can also explicitly grant a user security equivalence to any eDirectory object.
NOTE:The tasks in this section allow you to delegate administrative authority through eDirectory rights. If you have administration applications that use RBS roles, you can also delegate administrative authority by assigning users membership in those roles as explained in Section 5.3, Assigning RBS Role Membership and Scope.
If you haven't already done so, create the group or role object that you want the users to be security equivalent to.
See Section 2.2, Creating and Manipulating Objects for details.
Grant the group or role the eDirectory and NetWare rights that you want the users to have.
See Section 4.1, Assigning Rights Explicitly for details.
Edit the membership of the group or role to include those users who need the rights of the group or role.
For a group object, use the Members property page.
For an organizational role object, use the Occupant field on the Identification property page.
For an RBS role object, use the Members of Role property page.
See Section 5.3, Assigning RBS Role Membership and Scope for details.
Click OK.
Right-click either the user or the object that you want the user to be security equivalent to > click Properties.
Grant the security equivalence as follows:
If you chose the user, on the Memberships tab select the Security Equal To page > click Add > select the object that you want the user to be security equivalent to > click OK.
If you chose the object that you want the user to be security equivalent to, on the Security Equal to Me page click Add > select the user > click OK.
The contents of these two property pages are synchronized by the system.
Click OK.
If you haven’t already done so, create the user, group, role, or container object that you want to make a trustee of the object's specific properties.
If you create a container as a trustee, all objects inside and below the container will have the rights you grant. You must make the property inheritable or the container and its members will not have rights below its level.
Right-click the highest-level container that you want the administrator to manage > click Trustees of This Object.
On the property page, click Add Trustee > select the object that represents the administrator > click OK.
In the Rights Assigned To dialog box, click Add Property.
Deselect the Show All Properties check box.
For each property that the administrator will manage, assign the needed rights.
Be sure to select the Inheritable check box on each rights assignment. Click Help for details.
Click OK.
Click OK in the Properties dialog box.