NetWare 4 allows you to manage User objects as a group, which is often more efficient than managing them individually. Six objects that can help you manage groups of User objects are described in Table 6.
Table 6. Objects That Help Manage Users
If you want a user to have access to an object, you must make a trustee assignment to that object. Rather than make trustee assignments to many users, you can create a Group object and then, with just one trustee assignment, grant access to all the users who belong to the Group.
If a trustee assignment names a Group object as the trustee, every user in the membership list of the Group object is granted the same access that is granted to the Group object.
After you have created a Group object and added User object names to it, you manage the rights of the Group object rather than the rights of the individual group members.
For example, suppose you have a word processing application on the network that many users need to access. You could create a Group object named WORD PROCESSOR USERS and add the User object names of the users who need access to the application.
Then, rather than granting file trustee rights to each of the individual User objects, you grant the file trustee rights to the Group object WORD PROCESSOR USERS for the application and the working directory.
The users can then use the word processing application just as if you had granted them file trustee rights to the application individually.
When a user is added to the membership list of a Group object, the Group is listed in that user's Security Equal To property. Security Equal To is a property of every User object that lists other objects. The user is granted all rights that any object (User, Group, Printer, etc.) in that list is granted, both object and file rights.
Only User objects can be listed in a Group, and you can add User objects from any part of the Directory tree to a Group.
IMPORTANT: A Group object is not a container. It does not contain User objects; users' names are merely assigned to a Group object.
To create a Group object, see Creating Leaf Objects.
You must create User objects before you can add them to the membership list of a Group object. See Creating Leaf Objects for instructions on creating User objects.
After you have created a Group object, use the following procedures to
You can use either the NetWare Administrator or NETADMIN utility to manage Group objects. Both procedures are documented in this section.
| For more information about | See |
|---|---|
Groups |
Group object in Concepts |
Object and property rights |
|
Using the NETADMIN utility |
NETADMIN in Utilities Reference |
Using the NetWare Administrator utility |
NetWare Administrator in Utilities Reference |
Choose the NetWare Administrator icon from the MS Windows Program Manager.
Select the Group object you want to edit.
For information on moving around in the browser and selecting objects, press <F1>.
Choose Details from the Object menu.
Select the Members button at the right side of the Object dialog.
Choose the Add button to browse the Directory tree for User objects.
Browse the Directory tree until the User object you want appears in the Objects box.
Choose OK.
Repeat Steps 5 through 7 to add more User objects to the Group object.
When you have finished adding User objects to the Group object, choose OK to save your changes and return to the browser.
At the DOS prompt, type
NETADMIN <Enter>
For information on moving around in NETADMIN and selecting objects, press <F1> after starting the utility.
Choose Manage Objects from the NETADMIN Options menu.
Browse the Directory until the Group object appears on the screen.
Use the instructions at the bottom of the screen to browse the directory. Press <F1> if you need help.
When the Group object appears in the Object list, select it and press <F10>.
The Actions menu appears.
Choose View or Edit Properties of This Object.
Choose Group members from the View or Edit Group menu.
Press <Insert> at the Group Members screen, and then press <Insert> again to browse for the User object you want to add to the Group object.
When the User object you want to add appears in the Directory, select it and press <F10>.
When the selected User object appears in the Members screen, press <Enter>.
To select multiple User objects, use <F5>.
Continue to press <Insert> and select User objects until you have added all the users you want as Group members.
To save the list of Group members, press <F10>.
To exit, press <Esc> until you return to the NETADMIN Options menu.
Choose the NetWare Administrator icon from the MS Windows Program Manager.
Select the Group object you want to edit.
For information on moving around in the browser and selecting objects, press <F1>.
Choose Details from the Object menu.
Select the Rights to File System button on the right side of the Object dialog.
To select a volume, select Include.
A list of volumes appears in the Select Object box. Or, you can browse the Directory for a volume.
From the Volumes list, select the volume that contains the directory or file.
Choose Add.
Select the volume that contains the directory or file you want to grant rights to.
From the Files and Directories dialog, select the directory or file that you want to grant rights to.
The default rights that make up this object's trustee assignment to the file or directory appear in the Rights area.
Select the check boxes next to the rights that you want to add.
You must have the Access Control right to the file or directory to make trustee assignments to the file or directory.
Choose OK.
The new trustee assignment is now effective for this object.
At the DOS prompt, type
NETADMIN <Enter>
For information on moving around in NETADMIN and selecting objects, press <F1> after starting the utility.
Choose Manage Objects from the NETADMIN Options menu.
Browse the Directory until the Group object appears on the screen.
Use the instructions at the bottom of the screen to browse the directory. Press <F1> if you need help.
When the Group object appears in the Object list, select it and press <F10>.
The Actions menu appears.
Choose View or Edit Rights to Files and Directories.
Select a Volume where you want to make the Group object the trustee of a directory or file.
Press <Insert> to type the Volume object name or press <Insert> twice to browse the Directory.
Press <Insert> to type a beginning pathname to the directories in which you want to make trustee assignments, or press <Insert> again to browse for the path.
Select Directories/Files and press <Enter>.
Choose whether you want to view files, directories, or both when you are selecting one to give a trustee assignment to.
Select Trustee Search Depth and press <Enter>.
Choose whether you want to view only the files or directories in the current directory, or to search subdirectories.
To list the trustee assignments, press <F10>.
The Trustee Directory Assignments screen appears.
To select a directory or file in which the Group object should be added as a trustee, press <Insert>.
To accept the directory you specified earlier, press <Enter>; or, to browse for file system directories, press <Insert>.
To add or delete the rights granted, select Trustee Directory Assignments and press <Enter>.
The Trustee Rights Granted menu appears.
To view or add rights that are not yet granted, press <Insert>.
Press <F1> if you help.
To save the trustee assignments, press <F10>.
Continue selecting directories and files and granting rights until finished.
To exit, press <Esc> until you return to the NETADMIN Options menu.
Choose the NetWare Administrator icon from the MS Windows Program Manager.
Select the Group object you want to edit.
For information on moving around in the browser and selecting objects, press <F1>.
Choose Details from the Object menu.
Select the Members button at the right side of the Object dialog.
The list of User objects for this group appears.
From the Members dialog, select the name you want to delete.
Choose Delete.
If you want to delete other names, continue selecting names and choosing Delete.
NOTE: You can delete several users at a time by holding down the button on the mouse, dragging the mouse arrow over the names, and choosing Delete.
When you have finished deleting members, choose OK to save your changes and return to the browser.
At the DOS prompt, type
NETADMIN <Enter>
For information on moving around in NETADMIN and selecting objects, press <F1> after starting the utility.
Choose Manage Objects from the NETADMIN Options menu.
Browse the Directory until the Group object appears on the screen.
Use the instructions at the bottom of the screen to browse the directory. Press <F1> if you need help.
When the Group object appears in the Object list, select it and press <F10>.
The Actions menu appears.
Choose View or Edit Properties of This Object.
Select Group members from the View or Edit Groups menu.
Select the User object you want to delete from the Group object and press <Delete>.
To select multiple User objects, use <F5>.
To confirm the deletion, choose Yes.
To exit, press <Esc> until you return to the NETADMIN Options menu.
Profile objects contain login scripts that are used by groups of users who need similar work environments but who are not located in the same container object.
When a Profile object is named in a User object, the login script contained in the Profile object is executed when the user logs in, after any login script in the Organization or Organizational Unit has executed.
Users can have only one Profile, so only one profile script can execute for any user.
For information about creating a login script, see Creating Login Scripts.
For an example of a login script used in a Profile object, see Profile Login Script.
You can use either the NetWare Administrator or NETADMIN utility to create a Profile object. Both procedures are documented in this section.
| For more information about | See |
|---|---|
Profile objects |
Profile object in Concepts |
Creating login scripts |
|
Using the NETADMIN utility |
NETADMIN in Utilities Reference |
Using the NetWare Administrator utility |
NetWare Administrator in Utilities Reference |
Choose the NetWare Administrator icon from the MS Windows Program Manager.
Select the object that will contain the new Profile object.
For information on moving around in the browser and choosing objects, press <F1>.
NOTE: Only Organization and Organizational Unit objects can contain Profile objects.
Choose Create from the Object menu.
Select Profile from the New Object dialog.
The Create Profile dialog appears.
If Profile does not appear under New Object, you cannot create Profile objects in this container. Select or create another object to contain the Profile object.
Choose OK.
Type the Profile object name in the box provided.
(Optional) Select Define additional properties.
Select this option if you want to write a Profile login script or supply additional information about the new Profile object. Instructions for creating a Profile script are in Creating Login Scripts.
Choose Create.
If you selected Define Additional Properties, the Identification dialog appears.
(Optional) Enter information in the fields provided in the Identification page of the Object dialog.
(Optional) Select the See Also button at the right side of the object dialog.
The See Also page allows you to add information about the Profile object you are creating. For example, you might list the User objects to whom you have assigned this script.
Choose Help at any time for information on the current task.
(Optional) Choose the Login Script page at the right side of the object dialog to add commands to the Profile login script.
Use this page to specify commands that execute when a user logs in, such as a drive mapping.
To save the new Profile object and return to the browser, choose OK.
At the DOS prompt, type
NETADMIN <Enter>
For information on moving around in NETADMIN and selecting objects, press <F1> after starting the utility.
Choose Manage Objects from the NETADMIN Options menu.
Select the object that will contain the new Profile object.
The objects in the selected container are listed. To see if you're in the right context, look at the title bar on the screen.
Press <F1> if you need help.
Press <Insert>.
Select Profile.
If the Profile object class does not appear, you cannot create that object in the selected container. Press <Esc> to return to the browser, and then select a different container type.
Type the new Profile object name and press <Enter>.
If you want to create another Profile object, choose Yes. If you do not, choose No.
If you chose Yes you are prompted to type the new Profile object name. Repeat Steps 3 through 7, and then continue with Step 8.
If you chose No, then the Profile object is displayed in the Directory tree. Continue with Step 8.
To edit this object, press <F10>.
A menu appears from which you can choose to view or edit information about this object.
Choose View or Edit Properties of This Object.
Choose Login Script.
To enter commands for this Profile login script, choose No or, to copy a login script from another Profile object, choose Yes.
The commands you place in the Profile login script are executed when users who belong to this Profile object log in.
For information on the commands, press <F1> or see Login Script Commands and Variables.
To save your changes, press <F10>.
To exit, press <Esc> until you return to the NETADMIN Options menu.
An Organizational Role object allows you to assign rights to a particular position rather than to the person who occupies that position. The people who occupy that position may change frequently, but the responsibilities of the position do not.
The user assigned to an Organizational Role is called the occupant and is granted all rights that are granted to the Organizational Role object.
When a user is added to the occupant list of an Organizational Role object, the Organizational Role is listed in that user's Security Equal To property.
Security Equal To is a property of every User object that lists other objects. The user is granted all rights that any object (User, Group, Printer, etc.) in that list is granted, both to objects and to files and directories.
You can use the NetWare Administrator or NETADMIN utility to create an Organizational Role object. Both procedures are documented in this section.
| For more information about | See |
|---|---|
Organizational Role object |
Organizational Role object in Concepts |
Security equivalence |
Security Equal To in Concepts |
Using the NETADMIN utility |
NETADMIN in Utilities Reference |
Using the NetWare Administrator utility |
NetWare Administrator in Utilities Reference |
Choose the NetWare Administrator icon from the MS Windows Program Manager.
Select the object that will contain the new Organizational Role object.
For information on moving around in the browser and selecting objects, press <F1>.
NOTE: Only Organization and Organizational Unit objects can contain Organizational Role objects.
Choose Create from the Object menu.
Select Organizational Role from the New Object dialog.
If Organizational Role does not appear under New Object, you cannot create Organizational Role objects in this container. Select or create another object to contain the Organizational Role object.
Choose OK.
The Create Organizational Role dialog appears.
Type the Organizational Role object name in the box provided.
(Optional) Select Define Additional Properties.
Select the Create button at the bottom of the window.
Enter information in the fields provided in the Identification dialog.
The Identification page of the Object dialog appears.
Select the button to the right of Occupant.
Choose Add.
The Select Object window appears.
Select User objects from the Directory Context window until the objects you want are shown in the Object window.
Select the User object in the left window to occupy the Organizational Role; then choose OK.
The object you selected appears in the Occupant window.
Choose OK in the Occupant window.
When you are finished adding User objects as Occupants, choose OK in the Organizational Role window.
(Optional) Select the See Also button at the right side of the object dialog.
The See Also page allows you to add information about the Organizational Role object you are creating. For example, you might list the User objects that you have assigned as occupants.
To save the new Organizational Role object and return to the browser, choose OK.
At the DOS prompt, type
NETADMIN <Enter>
For information on moving around in NETADMIN and selecting objects, press <F1> after starting the utility.
Choose Manage Objects from the NETADMIN Options menu.
Select the object that will contain the new Organizational Role object.
The objects in the selected container are listed. To see if you're in the right context, look at the title bar on the screen.
Press <F1> if you need help.
Press <Insert>.
Select Organizational Role.
If the Organizational Role object class does not appear, you cannot create that object in the selected container. Press <Esc> to return to the browser, and then select a different container type.
Type the new Organizational Role object name.
Type the Mailbox Location and press <Enter>.
If you want to create another Organizational Role object, choose Yes. If you do not, choose No.
If you chose Yes, you are prompted to type the new Organizational Role object name. Repeat Step 6 and then continue with Step 8.
If you chose No, then the Organizational Role object is displayed in the Directory tree. Continue with Step 9.
To edit this object, press <F10>.
A menu appears from which you can choose to view or edit information about this object.
Choose View or Edit Properties of This Object.
Choose Identification from the View or Edit Organizational Role menu.
Specify a User object for the Organizational Role.
Select the field next to Occupant and press <Enter>.
Press <Insert>.
Type the complete name of a User object in the space provided, or press <Insert> to browse the Directory and select a User object to be the occupant of the Organizational Role.
The path from the object to the root of the tree forms the object's complete name.
Select additional User objects as needed.
To save the list of occupants, press <F10>.
Enter information in other fields as needed.
To save changes, press <F10>.
To exit, press <Esc> to return to the NETADMIN Options menu.
IMPORTANT: The following information applies only to the NETADMIN text utility and not to the NetWare Administrator graphical utility. Under NetWare 4, the NetWare Administrator utility no longer supports the USER_TEMPLATE object, but instead supports the new Template class of objects. For more information, see Managing User Accounts in the NetWare Administrator online help.
A user template contains default information that you can apply to User objects to give them default property values.
You can create a user template in an Organization or Organizational Unit object either when you create the container object or later on.
Then, when you create a User object, you are prompted to use the defaults in the user template. If you do, the property values you entered in the user template, such as login time restrictions, password restrictions, etc., are copied into the User object's properties.
The user template is actually a User object named USER_TEMPLATE. You enter information in this User object just as you would for any other User object. However, not all properties of a User object can be copied from a user template.
When you create a user template, you can copy information from the parent container's user template. For example, if you create a user template in SALES.NOVELL, you are prompted to copy the user template from NOVELL, if one exists. Using this feature, you can avoid having to reenter similar information for lower-level containers.
User template information is taken from the nearest parent container. If the container object in which you create a User object does not have a user template, you can apply the parent container's user template to the User object.
When working with user templates, remember the following:
You can use the NetWare Administrator or NETADMIN utility to create a user template. Both procedures are documented in this section.
| For more information about | See |
|---|---|
User defaults |
User template in Concepts |
User objects |
User object in Concepts |
Using the NETADMIN utility |
NETADMIN in Utilities Reference |
Using the NetWare Administrator utility |
NetWare Administrator in Utilities Reference |
For information on creating and editing user Template objects using NetWare Administrator, see Create Templates, Users, and Profiles in the NetWare Administrator online help.
At the DOS prompt, type
NETADMIN <Enter>
For information on moving around in NETADMIN and selecting objects, press <F1> after starting the utility.
Choose Manage Objects from the NETADMIN Options menu.
Browse the Directory tree to find and select the container object in which you want to add a new container object.
The objects in the selected container are listed.
To see if you're in the right context, look at the title bar on the screen. Press <F1> for help.
Press <Insert>.
From the Select an Object Class screen, select the container type that you want to create.
If the container object class you want to create does not appear, you cannot create that object in the selected container. Press <Esc> to return to the browser, and then select a different container type.
Type the new container object name and press <Enter>.
If you want to create a user template to be applied to new User objects created in this container, type Y and press <Enter>.
NOTE: You are not prompted to create a user template if you are creating a Country container object.
Choose View or Edit Properties of This Object.
Choose Edit Template User.
The View or Edit User screen appears.
Enter or change the values of the user template as needed.
The help line at the bottom of the screen gives information on each of the options as you highlight them.
For more information, press <F1>.
To save the information, press <F10>.
To exit, press <Esc> until you return to the NETADMIN Options menu.