Effective Rights

[nero64]

If trustee is the same, then trustee assignment overrides Inheritable rights.

If trustees are different then TA combines with IR.

Having a hard time with the second statement. My book(clarke) in one lab exercise(5.26) combines IRF with an organizational role TA and this confuses me. Because i thought a TA overrides an IRF.

 

[DrGreen26]

You just have to remember that rights flow down hill. However an IRF can block rights from going down, it just depends on what you are wanting to achieve. So that being said, it should work the way you know it to be. It is possible there could be a typo in the book you have. I can review my NW 5 books at home sometime this week and let you know what I find.



Mark C. Greenwood, CNE
m_jgreenwood@yahoo.com

With more than 10 years experience to share.

 

[kida]

I'm not sure if this help to clear things up...
direct trustee assignments applied explicitly to a directory override inherited trustee assignments. I.E. you have RFWCE to \test directory... you would normally have RFWCE to \test\second directory... but, if you were assigned RF rights to the \test\second directory, this explicit assignment overrides the inherited trustee assignm,ent of RFWCE at the parent level.

Have I added to the question? or did this help - or am I totally not understanding what the question is?

 

[nero64]

In theory when the clarke CNA Netware 5.1 book explains it i understand. Then they give you lab exercises and it's like they don't explain them enough and they add rights that come out of know where. It confuses me. Are they typos or are they correct. I understand a TA overrides the given rights but the exercises combines IRF's and TA's. I can't give you exact examples because they use charts.

Where can i get more info on calculating effective rights.

 

[DrGreen26]

Well, I would probably invest in a different book. Basically you have a couple things to remember.

There are rights that flow down from the top of the tree which are very limited. That prevents users from seeing objects in the tree they dont have rights to. Secondly you have the IRF which can "BLOCK" rights from a certain level down. The IRF works wonders when you are trying to prevent users from seeing below a certain level. Then there are effective rights where a user is assigned specific rights to specific objects. So you need to watch where those rights are and how they flow down. As complicated as it sounds, it does work a lot easier than Microsoft in that no user has rights until they are granted. That being said, if you were to map out the rights for a particular user, you should be able to figure out what rights they have and to what objects.

One rule though, never change the rights on the Public Trustee. Doing this grants or removes that particular right to everyone in the tree. I recall accidentally giving the browse object right to the PA and access to every object in the tree was granted. Though users could not open anything up, they were able to see what was in each and every folder on the network.

HTH

Mark C. Greenwood, CNE
m_jgreenwood@yahoo.com

With more than 10 years experience to share.