3.6 Effective Rights Table
The Effective Rights table is a special table. It does not
represent an eDirectory object class. It represents the rights that
the objects in the eDirectory tree have to the objects in the branch
of the eDirectory tree specified by the data source. The rights
are calculated by treating each object in the tree as a trustee
of each object in the container and its subcontainers and as a trustee
of each of those object’s attributes. The following equation
gives an estimate of the total number of rows in this table:
(# of objects in the data source context) x
(# of objects in the tree) x
(average number of mandatory & optional attributes per object class)
As the equation shows, the number of rows in the effective
rights table is extremely large for even a small table. A table
for a tree with 20 objects in the data source context, 100 objects
in the tree and an average of 50 attributes per object class would
have approximately 100,000 rows. You will almost always need to
use a where clause to restrict the number of rows returned by your
queries of the Effective Rights table.
The table below lists and defines each of the columns in the
Effective Rights table. Notice that this table does not include
the NDS_Tree, NDS_Context, or NDS_FullName.
Table 3-7 Details of the Effective Rights Table
Object Name |
SQL_VARCHAR |
The full name of the object for which
the trustee has rights. Values for object name include all of the
objects in the context specified by the data source. |
Object Class |
SQL_VARCHAR |
The class of the object for which the
trustee has rights. |
Trustee Name |
SQL_VARCHAR |
The full name of the object that has
rights to the object specified by the Object Name column. Values
for trustee name include the names of all objects in the directory. |
Trustee Class |
SQL_VARCHAR |
The class of the trustee object. |
Attribute |
SQL_VARCHAR |
The name of the protected attribute.
A value of [entry rights] indicates the rights
are for the object itself. A value of [all attributes] indicates
the rights are applied to all attributes. |
Privileges |
SQL_INTEGER |
An integer whose value represents the
combination of the individual privileges that are granted. |
Add Self |
SQL_BIT |
The trustee has rights to add or remove
itself as an attribute value. This right is used only for attributes
that contain object names as values, such as lists of group members
or mailing lists. |
Browse |
SQL_BIT |
The trustee has the right to see object
in the NDS tree. |
Compare |
SQL_BIT |
The trustee has the the right to compare
the values of an attribute. |
Create |
SQL_BIT |
The trustee has the right to create a
new object in the NDS tree. This right is available only for container
objects. |
Delete |
SQL_BIT |
The trustee has the right to delete the
object from the NDS tree. |
Read |
SQL_BIT |
The trustee has the the right to read
and compare the values of an attribute. The Read right implies the Compare
right. |
Rename |
SQL_BIT |
The trustee has the right to change the
name of the object. |
Supervisor |
SQL_BIT |
The trustee has all rights to the object,
all of the object's attributes, or a specific attribute. |
Write |
SQL_BIT |
The trustee has the right to add, change,
or remove any values of the attribute. The Write property right
implies the Add Self property right. |
For example query statements and their results, see