Novell Documentation: iManager 2.5

4.7 Rights

Rights refers to eDirectory trustee rights and trustees.When you create a tree, the default rights assignments give your network generalized access and security. Some of the default assignments are as follows:

User Admin has the Supervisor right to the top of the tree, giving the Admin complete control over the entire directory. Admin also has the Supervisor right to the NetWare™ Server object, giving complete control over any volumes on that server.
[Public] has the Browse right to the top of the tree, giving all users the right to view any objects in the tree.
Objects created through an upgrade process such as a NetWare migration, printing upgrade, or Windows NT* user migration receive trustee assignments appropriate for most situations.

The assignment of rights involves a trustee and a target object. The trustee represents the user or set of users that are receiving the authority. The target represents those network resources the users have authority over.

4.7.1 Modify Inherited Rights Filter

In eDirectory, rights assignments on containers can be inheritable or non-inheritable. In the NetWare file system, all rights assignments on folders are inheritable. In both eDirectory and NetWare, you can block such inheritance on individual subordinate items so that the rights aren’t effective on those items, no matter who the trustee is. One exception is that the Supervisor right can’t be blocked in the NetWare file system.

To block rights from flowing down the eDirectory tree:

In Roles and Tasks, select Rights > Modify Inherited Rights Filter.
Specify the name and context of the object whose inherited rights filter you want to modify, then click OK.

This displays a list of the inherited rights filters that have already been set on the object.
On the property page, edit the list of inherited rights filters as needed.
To edit the list of filters, you must have the Supervisor or Access Control right to the ACL property of the object. You can set filters that block inherited rights to the object as a whole, to all the properties of the object, and to individual properties, and click OK.

NOTE:These filters won’t block rights that are explicitly granted a trustee on this object, because such rights aren’t inherited.

4.7.2 Modify Trustees

To modify trustee rights:

In Roles and Tasks, select Rights > Modify Trustees.
Specify the name of the trustee whose rights you want to view, then click OK.
Click Assigned Rights to view and change.
Click Add Trustee or Delete Trustee, according to your task.
Click OK.

4.7.3 Rights to Other Objects

Fill in the Trustee Name and Context to Search from fields. iManager searches for the Trustee Name within the scope of the container defined in the Context field.

4.7.4 View Effective Rights

Users can receive rights in a number of ways, such as explicit trustee assignments, inheritance, and security equivalence. Rights can also be limited by inherited rights filters and changed or revoked by lower trustee assignments. The net result of all these actions—the rights a user can employ—are called effective rights.

A user’s effective rights to an object are calculated each time the user attempts an action. To view effective rights:

In Roles and Tasks, select Rights > View Effective Rights.
Specify the name of the trustee whose rights you want to view, then click OK.