Modify Trustees Assigned Rights

When you make a trustee assignment, you can grant object rights and property rights. Object rights apply to manipulation of the entire object, while property rights apply only to certain object properties.

These tasks let you delegate administrative authority through eDirectory™ rights. If you have administration applications that use Role-Based Services (RBS) roles, you can also delegate administrative authority by assigning users membership in those roles.

Property Types

This screen lists the properties that the trustee has effective rights to. Each property is one of the following types:

• [All Attributes Rights]

  Represents all the properties of the object. You can manage all properties at once when the [All Attributes Rights] item is selected.

• [Entry Rights]

  Represents the object as a whole. Rights to this item don't imply any property rights, except in the case of Supervisor.

• Specific Properties

  Specific properties that the trustee has rights to, individually. By default, only properties of this object class are listed. You can manage one or more individual properties when the specific property is selected.

You can add or delete properties in addition to rights.

Rights

• Supervisor

  Gives the trustee complete power over the property

• Compare

  Lets the trustee compare the value of a property to a given value. This right allows searching and returns only a True or False result. It does not allow the trustee to actually see the value of the property.

• Write

  Lets the trustee create, change, and delete the values of a property

• Self

  Lets the trustee add or remove itself as a property value. It applies only to properties with object names as values, such as membership lists or Access Control Lists (ACLs).

• Dynamic

  If the trustee is a dynamic group, you can edit this option. Rights assigned to the dynamic group belong to each of its members. If the trustee is not a dynamic group, the option remains read-only.

Inheritance

In eDirectory, rights assignments on containers can be inheritable or noninheritable. In the NetWare® file system, all rights assignments on folders are inheritable. In both eDirectory and NetWare, you can block such inheritance on individual subordinate items so that the rights aren't effective on those items, no matter who the trustee is. One exception is that the Supervisor right can't be blocked in the NetWare file system.

To Modify Trustee Rights:

1. Modify the property rights assignment as needed.
2. Click Done.

A trademark symbol (^®, ^™, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For more information, see Legal Notices.