2.3 Setting Inherited Rights and Filters

The Inherited Rights and Filters utility lets you view and set information about trustees and rights. Rights assignments on eDirectory™ containers can be inheritable or non-inheritable, but all rights assignments on directories are inheritable. You can block such inheritance on individual subordinate items so that the rights aren’t effective on those items, no matter who the trustee is. One exception is that the Supervisor right can’t be blocked.

  1. Right-click Novell Client tray application icon, then click OES Utilities > Inherited Rights and Filters.

  2. Select the folder or file you want to view or set inherited rights and filters for, then click OK.

    Inherited Rights and Filters Dialog Box

    The main part of this dialog box is the list of trustees inherited from the selected item and its parent folders.

  3. To assign or unassign rights, use the check boxes to the right of a trustee.

    For each trustee in the list, there is a set of eight check boxes, one for each right that can be inherited. If a check box is selected, the trustee has that right.

    • Read: For a directory, grants the right to open files in the directory and read the contents or run the programs. For a file, grants the right to open and read the file.

    • Write: For a directory, grants the right to open and change the contents of files in the directory. For a file, grants the right to open and write to the file.

    • Erase: Grants the right to delete the directory or file.

    • Create: For a directory, grants the right to create new files and directories in the directory. For a file, grants the right to create a file and to salvage a file after it has been deleted.

    • Modify: Grants the right to change the attributes or name of the directory or file, but does not grant the right to change its contents (changing the contents requires the Write right).

    • File Scan: Grants the right to view directory and file names in the file system structure, including the directory structure from that file to the root directory.

    • Access Control: Grants the right to add and remove trustees for directories and files and modify their trustee assignments and Inherited Rights Filters.

    • Supervisor: Grants all rights to the directory or file and any subordinate items. The Supervisor right can’t be blocked by an Inherited Rights Filter. Users with this right can grant or deny other users rights to the directory or file.

  4. To see a list of trustees for subfolders of the currently selected folder, click View Trustees Below Directory.

    A list of all the users and their rights to each subfolder appears. You can modify or remove rights from this list.

  5. To view a trustee’s current effective rights (taking into account the Inheritance filter), right-click a trustee name, then click Current Effective Rights.

    Users can receive rights in a number of ways, such as explicit trustee assignments, inheritance, and security equivalence. Rights can also be limited by Inherited Rights Filters and changed or revoked by lower trustee assignments. The net result of all these actions (the rights a user can employ) is called effective rights.

  6. To view a trustee’s properties (such as if they have the rights to modify inherited rights at this level), right-click a trustee name, then click Properties.

  7. Click Apply, then click OK when you are finished modifying inherited rights and filters.