Novell eDirectory - Full Service Directory
Relationship: Inference
Applies access privileges and policies based on the location (context) of an object in the directory tree.
The Novell eDirectory full-service directory calculates access privileges for the object based on inheritance, explicit, implicit security equivalence and direct trustee assignments. Inherited rights are rights that flow down the tree. Explicit security equivalencies are the rights granted by virtue of group and role memberships and direct assignments. Implicit assignments are the result of a user's location (context) in the tree. Direct trustee assignments are rights granted directly to each user. The benefit of inference is that if any of these rights should be changed, the user's cumulative rights are recalculated by the directory.
Example:
In this example, the Novell eDirectory full service directory calculates a user's rights through a variety of sources. For example, user RJOHNSON receives rights from the mechanism of inheritance. Inheritance of rights depends on where the user exists in the tree. Another source of rights is through security equivalence. RJOHNSON is a member of the Engineering Group and therefore, receives all rights granted to that group as long as he is a member. RJOHNSON has been made security equivalent to JBROWN. He has implicit security equivalence to every object that is part of his name (RJOHNSON.HR.PRV.NOVELL.ROOT.) And finally, any direct assignments, such as an assignment to HR are also included in this user's rights. Keep in mind that is this user is moved, his rights will be recalculated based on the previous criteria.