Modify Trustees Assigned Rights

When you make a trustee assignment, you can grant object rights and property rights. Object rights apply to manipulation of the entire object, while property rights apply only to certain object properties.

These tasks allow you to delegate administrative authority through eDirectory™ rights. If you have administration applications that use Role-Based Services (RBS) roles, you can also delegate administrative authority by assigning users membership in those roles.

Property Types

This page lists the properties that the trustee has effective rights to. Each property is one of the following types:

• [All Attributes Rights]: Represents all the properties of the object. You can manage all properties at once when the [All Attributes Rights] item is selected.
• [Entry Rights]: Represents the object as a whole. Rights to this item don't imply any property rights, except in the case of Supervisor.
• Specific Properties: Specific properties that the trustee has rights to, individually. By default, only properties of this object class are listed. You can manage one or more individual properties when the specific property is selected.

You can add or delete properties in addition to rights.

Rights

• Supervisor: Gives the trustee complete power over the property.
• Compare: Allows the trustee to compare the value of a property with a given value. This right allows searching and returns only True or False result. It does not allow the trustee to see the value of the property.
• Write: Allows the trustee to create, change, and delete the values of a property.
• Self: Allows the trustee to add or remove itself as a property value. It applies only to properties with object names as values, such as membership lists or Access Control Lists (ACLs).
• Dynamic: If the trustee is a dynamic group, you can edit this option. Rights assigned to the dynamic group belong to each of its members. If the trustee is not a dynamic group, the option remains read-only.
• Nested: If the trustee is a nested group, you can edit this option. Rights assigned to the nested group belong to each of its members. If the trustee is not a nested group, the option remains read-only.

Inheritance

In eDirectory, rights assignments on containers can be inheritable or non-inheritable. In the NetWare® file system, all rights assignments on folders are inheritable. In both eDirectory and NetWare, you can block such inheritance on individual subordinate items so that the rights are not effective on those items irrespective of the trustee. One exception is that the Supervisor right cannot be blocked in the NetWare file system.

Modifying Trustee Rights

1. Modify the property rights assignment as desired.
2. Click Done.

A trademark symbol (^®, ^™, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For more information, see Legal Notices.