NDS Object and Property Rights NDS security is similar in many ways the file system security. The file system security is controlled through access rights given through trustee assignments to directories and through directory and file attributes. NDS security uses an Access Control List (ACL) to give trustee assignments to objects on the NDS tree. This access control consists of two categories of right to that object: object rights, which control what a trustee can do to the object itself, and property rights, which controls what a user is allowed to view or change in the objects information fields or properties. (Simpson 218, 280, 281) There are six different NDS object rights.
They are supervisor, browse, create, delete, rename, and inheritable. The supervisor right gives the trustee all NDS rights to both the object and its properties. Unlike the supervisor right in the file system access control, this supervisor right can be blocked with inherited rights filters. The browse right allows the trustee only to see the NDS object on the tree, but can not alter it in any way. The create right allows a trustee to create a new object within a container object. The delete right allows a trustee to delete an object from the NDS tree.
The rename right allows a trustee to rename the object. The inheritable right allows the trustee s rights to be inherited by leaf objects and subcontainers under a container. (Lindberg 229, Simpson 282, 283) There are also six NDS property rights. They are supervisor, compare, read, write, add self, and inheritable. The supervisor right gives a trustee all rights to the properties of an NDS object and again object supervisor rights can be blocked by inherited rights filters. The compare right allows a trustee to compare a property to properties in another NDS object, this right is automatically granted with the read right.
The read right allows a trustee to view the properties of a NDS object. The write right allows a trustee to add, modify, and delete properties of an object, this right also automatically adds the add self right. The add self right allows a trustee to add or remove their user object to or from an object s properties. The inheritable property right allows properties of an object to be inherited by leaf objects or subcontainers in a container object. (Lindberg 229, 230, Simpson 282, 283) With NDS security a user can obtain right in several ways. Some times it may be difficult to calculate or track exactly what rights a user may have.
The combinations of these rights are called the users effective rights. Basically a users effective rights are all of his inherited right from parent containers that are not blocked by inherited rights filters or his trustee assignments and security equivalencies to an object. (Lindberg 232) Novell NetWare 5. 0 offers a new object and property right as part of it NDS security. This inheritable right for object and properties can be removed and this would prevent any of the object and property rights from being inherited by child leaf objects and subcontainers.
This is a powerful right because as mentioned in the calculations of a users effective right, his rights are fully dependent on his inherited rights unless he is made a trustee of an object. Removal of this right could also be used as an alternative to inherited rights filters. If you wanted to assign a trustee rights only to a certain object you could simply remove the inheritable right and those rights would not flow down the tree, rather than modifying the inheritable right filters of the child leaf objects and subcontainers. (Lindberg 230, 231) Works Cited Lindberg, Kelly J. P. NetWare 5 Administrator s Handbook 1999 Simpson, Ted Hands-On Novell NetWare 5.
0 with Projects 1999.