When the default rights assignments in your eDirectory tree provide users with either too much or not enough access to resources, you can create or modify explicit rights assignments. When you create or modify a rights assignment, you start by selecting either the resource that you are controlling access to or the trustee (the eDirectory object that possesses, or will possess, the rights).
HINT:To manage users' rights collectively rather than individually, make a group, role, or container object the trustee. To restrict access to a resource globally (for all users), see Section 4.3, Blocking Inheritance. If the resource is a file or folder on a NetWare volume, you can also control access globally by setting attributes (see Section 8.1, Viewing and Modifying Server and File System Information).
Right-click the resource (file, folder, or volume) that you want to control access to > click Properties.
NOTE:Select a volume or folder to control access to all the resources below it.
On the Trustees page, edit the list of trustees and their rights assignments as needed.
For descriptions of the individual access rights, see Section 4.5, About NetWare Rights.
To add an object as a trustee, click Add Trustee > select the object > click OK > under Access Rights, assign the trustee's rights.
To modify a trustee's rights assignment, select the trustee > under Access Rights, modify the rights assignment as needed.
To remove an object as a trustee, select the object > click Delete Trustee > Yes.
The deleted trustee will no longer have explicit rights to the file or folder but might still have effective rights through inheritance or security equivalence.
Click OK.
Right-click the trustee (the object that possesses, or will possess, the rights) > select Properties.
On the Rights to Files and Folders page, click Show > select the NetWare volume containing the file system that you want to control access to > click OK.
The Files and Folders list is filled in with any files and folders that the trustee currently has rights assignments to on the selected volume.
Edit the rights assignments as needed.
For descriptions of the individual rights, see Section 4.5, About NetWare Rights.
To add a rights assignment, click Add > select the file or folder to control access to > click OK > under Rights, assign the trustee's rights.
To modify a rights assignment, select the file or folder to control access to > under Rights, modify the trustee's rights as needed.
To remove a rights assignment, select the file or folder to control access to > click Delete > Yes.
The trustee will no longer have explicit rights to the file or folder but might still have effective rights through inheritance or security equivalence.
Repeat Step 2 and Step 3 as needed to edit the trustee's rights assignments on other NetWare volumes.
Click OK.
Right-click the eDirectory resource (object) that you want to control access to > click Trustees of This Object.
NOTE:Choose a container to control access to all the objects below it.
Edit the list of trustees and their rights assignments as needed.
Click Help for details.
To modify a trustee's rights assignment, select the trustee > click Assigned Rights > modify the rights assignment as needed > click OK.
To add an object as a trustee, click Add Trustee > select the object > click OK > assign the trustee's rights > click OK.
When creating or modifying a rights assignment (in the Rights Assigned To dialog box), you can grant or deny access to the object as a whole, to all the properties of the object, and to individual properties. Click Help in the dialog box for details.
To remove an object as a trustee, select the object > click Delete Trustee > Yes.
The deleted trustee will no longer have explicit rights to the object or its properties but might still have effective rights through inheritance or security equivalence.
Click OK.
Right-click the trustee (the object that possesses, or will possess, the rights) > select Rights to Other Objects.
In the search dialog box, specify the part of the eDirectory tree to be searched for eDirectory objects that the trustee currently has rights assignments to.
Click Help for details.
Click OK in the search dialog box.
A dialog box appears showing the progress of the search. When the search is done, the Rights to Other Objects page appears with the results of the search filled in.
Edit the trustee's eDirectory rights assignments as needed.
Click Help for details.
To add a rights assignment, click Add Object > select the object to control access to > click OK > assign the trustee's rights > click OK.
To modify a rights assignment, select the object to control access to > click Assigned Rights > modify the trustee's rights assignment as needed > click OK.
When creating or modifying a rights assignment (in the Rights Assigned To dialog box), you can grant or deny access to the object as a whole, to all the properties of the object, and to individual properties. Click Help in the dialog box for details.
To remove a rights assignment, select the object to control access to > click Delete Object > Yes.
The trustee will no longer have explicit rights to the object or its properties but might still have effective rights through inheritance or security equivalence.
Click OK.