For definitions of other terms, see the index.
[Contents] [Top of Page]
In NDS*, an optional, multivalued property of every object. The ACL lists the objects (trustees) that can access the object, along with their explicit rights assignments.
Each value contains a complete object (trustee) name, an indication of the type of rights held by the trustee, the specific rights settings, and an indication of whether the rights are inheritable.
Any inherited rights filters that have been set on this object are also included.
[Contents] [Top of Page]
A property right that grants a trustee the right to add or remove itself as a value of the property.
This right is used only for properties that contain object names as values, such as lists of group members or mailing lists.
[Contents] [Top of Page]
A type of rights assignment that applies to all the properties of an object.
A specific (individual) property rights assignment overrides an All Properties rights assignment, but only for the specific property. The All Properties rights assignment still applies to all the other properties.
[Contents] [Top of Page]
An object right that grants the right to see an object in the NDS tree. The name of the object is returned when a search is made that matches the object.
[Contents] [Top of Page]
A property right that allows a trustee to compare the value of the property with another value to see if they are equal.
The Compare right process returns True or False, but it does not return the actual value of the property.
[Contents] [Top of Page]
An NDS object that can hold, or contain, other objects.
Container objects are used to logically group related objects in the NDS tree to provide those objects with rights and services.
Country, Organization, and Organizational Unit objects are examples of container objects.
[Contents] [Top of Page]
The position or location of an object in the NDS tree.
When an administrator adds an object (such as a server or user) to the network, that object is placed in a container in the NDS tree. The path of containers from the root of the tree to the new object constitutes the object's context.
For example, if a User object were created in a container called Sales, which itself was located in a top-level container called Acme, the context of the User object would be Sales.Acme.
[Contents] [Top of Page]
A file system right that grants the ability to create new files or subdirectories, or to salvage a file after it has been deleted.
Also, an object right that grants the right to create a new object in the current container and subordinate containers in the NDS tree.
This right is available only for container objects.
[Contents] [Top of Page]
An object right that grants the ability to delete the current object and any subordinate objects from the NDS tree.
[Contents] [Top of Page]
An object name that includes its path from the root of the NDS tree.
For example, if user KSmith is located at O=Novell, OU=Sales, then her distinguished name is KSmith.Sales.Novell.
Distinguished name is sometimes called complete name.
[Contents] [Top of Page]
The rights that an object can exercise to see or modify a particular directory, file, or object.
Effective rights are a combination of inherited rights, explicitly granted rights, and security equivalences. An object's effective rights to a directory, file, or object are calculated by the system each time that object attempts an action.
[Contents] [Top of Page]
A leaf object in the NDS tree that represents a list of User objects. It is used to provide collective, rather than individual, network administration.
The Group object differs from a container object in that instead of containing the User objects, it lists them as members.
[Contents] [Top of Page]
Rights that are implied by some other right. Specifically:
Implied rights are not stored but are applied by the system when it calculates effective rights.
[Contents] [Top of Page]
A rights assignment option that applies only to container objects.
When this option is set, the rights assignment flows down to objects and containers below this object in the NDS tree. This option can be set for all types of assignments, including rights to specific properties.
This feature is available only with versions of NDS that ship with NetWare* 5* or later. For compatibility with previous versions of NDS, by default this option is set for object rights and all properties rights, and by default it is not set for specific property rights.
Note: ConsoleOne* does not yet provide the capability to override the defaults for this option. Use NetWare Administrator or an equivalent utility.
[Contents] [Top of Page]
An entry in an object's access control list (ACL) that specifies which rights can and cannot flow down to the object and its subordinates.
[Contents] [Top of Page]
An NDS object, located at the end of a branch in the NDS tree, that doesn't contain any other objects.
Examples include User, Group, and NetWare Server objects.
[Contents] [Top of Page]
A list of commands that are executed when a user logs in to the network. The commands are typically used to establish connections to network resources.
A login script is a property of a container, Profile, Template, or User object.
[Contents] [Top of Page]
The name that is displayed for an object in the NDS tree. Each object has a name property that can contain several names, but only one of the names is designated as the naming attribute and displayed in the NDS tree.
The naming attribute for a leaf object is called common name (CN).
The naming attribute for a container object is called one of the following, depending on the object class:
[Contents] [Top of Page]
A distributed name service that provides global access to all network resources regardless of where they are physically located. Users log in to a multiserver network and view the entire network as a single information system. This single information system is the basis for increased productivity and reduced administrative costs.
[Contents] [Top of Page]
A hierarchical structure of objects in the NDS database. The NDS tree includes container objects that are used to organize the network and leaf objects that represent resources.
[Contents] [Top of Page]
A secret token, such as a password or thumb print, that authenticates (uniquely identifies) a user to the system.
[Contents] [Top of Page]
Rights to access an object. The object that possesses the rights is called the trustee.
Object rights don't affect properties or property rights, with the exception of the Supervisor object right, which grants access to all property values.
[Contents] [Top of Page]
A mandatory container object in the NDS tree that represents an organization such as a corporation, university, or operating division. It contains the objects that represent the network users and resources in the actual organization. It must reside either immediately under the root of the tree, or under a Country object.
[Contents] [Top of Page]
An optional container object in the NDS tree that represents a unit within an organization, such as a department or business unit. It contains the objects that represent the network users and resources in the actual unit and must reside immediately under an Organization object or under another Organizational Unit object.
[Contents] [Top of Page]
A leaf object in the NDS tree that provides a login script that executes after the container login script but before the User login script. It provides a common set of login script commands for either of the following:
[Contents] [Top of Page]
Rights to access the properties of an object. The object that possesses the rights is called the trustee.
Property rights include Compare, Read, Write, Add or Delete Self, and Supervisor.
[Contents] [Top of Page]
A file system right that grants the right to open and read files. Also, a property right that grants the right to read and compare the values of a property.
The Read property right implies the Compare property right.
Rights assigned at the file level can override the Read directory right.
[Contents] [Top of Page]
An object right that grants the right to change the name of an object in the NDS tree, in effect changing the object's naming attribute.
Only the last part of the distinguished name can be changed with this right. Changing other parts of the name implies a move operation.
[Contents] [Top of Page]
An NDS feature that allows a user to possess all the rights of another object. Only users can have security equivalence.
A user is automatically security equivalent to the Groups and Organizational Roles that he or she belongs to, and is implicitly security equivalent to the [Public] trustee and to each container above the user in the tree, including [Root]. A user is explicitly security equivalent to the objects listed in his or her Security Equals property.
[Contents] [Top of Page]
The graphical user interface (GUI) of the NetWare server.
[Contents] [Top of Page]
A file system right that grants all rights to a directory or file. Also, an object right that grants all rights to an object (including all its properties), or a property right that grants all rights to either all properties or to specific properties.
The Supervisor right can be blocked by an inherited rights filter on an object or property, but it cannot be blocked by an inherited rights filter on a directory or file.
There is no automatic Supervisor user in NetWare 4* or later versions.
[Contents] [Top of Page]
Any object in the NDS tree that has rights to access a network resource such as a directory or file. Rights are granted to objects (making them trustees) by trustee assignments.
[Contents] [Top of Page]
A leaf object in the NDS tree that represents a person who uses the network. It contains information about the network user it represents, such as login name, telephone number, address, and group membership.
[Contents] [Top of Page]
A file system right that grants the right to open and write to a directory or file. Also, a property right that grants the right to add, change, or remove any values of the property.
The Write property right implies the Add Self property right.
[Contents] [Top of Page]
* Novell trademark. ** Third-party trademark. For more information, see Trademarks.