The access controls and restrictions for eDirectory are similar in concept to those used for access to the NetWare® file system. eDirectory identifies the volumes the file system stores, but the file system enforces its own access controls.
In order to access a specific server’s file system you must:
To locate the part of the file system you want to access you must have the ability to find the Volume object for the volume (for example, SYS:) that you wish to access. Each volume on all servers in the network will be represented by an object in eDirectory. If you have eDirectory privileges to see and read a particular volume object then you will be able to locate the server on which that volume resides and attempt to access that volume.
Having located the server and volume you wish to access, you must then obtain a licensed connection to the server. Each server has a limited number of licensed connections it can handle. An object obtains one of those connections by first authenticating itself through eDirectory, then requesting a connection.
If you have Write or Supervisor privileges on a server object in eDirectory, you automatically have Supervisor privileges on that server’s file system. Otherwise your privileges to a NetWare server are according to the trustee assignments found in the given server’s file system security mechanism.
The file system trustee assignments for NetWare 4.x and 5.x are the same as for previous versions of the operating system. These trustee assignments are kept with the volume with which they are associated and are not part of the eDirectory database. A file system trustee assignment consists of the granted rights and an Entry ID for the trustee. eDirectory supplies the Entry ID for the trustees. This Entry ID is a unique ID for the trustee and is valid only on the local server. If the server does not contain the partition which contains the entry's object, eDirectory creates an external reference on the server and this external reference supplies an Entry ID for the file system.
If you have adequate trustee assignments, your request to allocate a file system directory handle will be granted. At that point you will be able to access everything in that area of the file system according to your effective (file system) rights.