You have now completed this lesson. To select another lesson, click Menu or Map.
To search for information on a specific topic, click Options, and then click Topic Search.
For more information on these topics, refer to the following:
- NetWare v4.0 Concepts
- NetWare v4.0 Supervising the Network
PopUpBig
PopUp Big
destroy
buttonUp
menuButton_change
buttonDown
buttonStillDown
adjustBounds
erted
within
pText
pInverted
pExcludeTab
nverted
pText
pInverted
pExcludeTab
menuButton_change
theSelf
bButton
bButtonID
fField
fFieldID
fFieldID
bButtonID
fFieldID
ppBounds
pEnabled
fFieldID
set p
of this page to my uniquename
vBounds
vText
destroy
set p
of this page to null
buttonUp
ppEnabled
within
menuButton_change
theLocation
buttonDown
ppEnabled
pInverted
buttonStillDown
ppEnabled
within
pInverted
pInverted
theLocation
within
theObject
theLocation
pInverted
bButtonID
bButtonID
theInverted
pInverted
ppInverted
pText
fTextID
theText
pText
fTextID
pExcludeTab
bButtonID
bButtonID
theExcludeTab
pExcludeTab
bButtonID
adjustBounds
pNoAdjust
ppBounds
title
destroy
buttonUp
menuButton_change
buttonDown
buttonStillDown
adjustBounds
erted
within
pText
pInverted
pExcludeTab
nverted
pText
pInverted
pExcludeTab
menuButton_change
theSelf
bButton
bButtonID
fField
fFieldID
fFieldID
bButtonID
fFieldID
ppBounds
pEnabled
fFieldID
set p
of this page to my uniquename
vBounds
vText
destroy
set p
of this page to null
buttonUp
ppEnabled
within
menuButton_change
theLocation
buttonDown
ppEnabled
pInverted
buttonStillDown
ppEnabled
within
pInverted
pInverted
theLocation
within
theObject
theLocation
pInverted
bButtonID
bButtonID
theInverted
pInverted
ppInverted
pText
fTextID
theText
pText
fTextID
pExcludeTab
bButtonID
bButtonID
theExcludeTab
pExcludeTab
bButtonID
adjustBounds
pNoAdjust
ppBounds
PLast
EnterPage
whatRevAmI
EnterPage
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
whatRevAmI
ptemplate
:Rev 1.00
bookname
pTextPort
pTemplate
concept
Page 19 of 21
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
300,3750,9290,6270
gTextID
group id 8 of page id 341
ffield
Object Rights and Rights Granted with the All Properties Option are Inherited Separately
It is important to remember that object rights and rights granted with the All Properties option are inherited separately.
If an IRF only includes object rights, the inheritance of rights granted with the All Properties option is not affected, and vice versa.
IRF affects only object rights.
All Properties
All Properties
Object
Rights:
Object
Rights:
Property
Rights:
Property
Rights:
Rights for
All Properties still flow.l
IRF affects only object rights.
Rights for
All Properties still flow.l
destroy
buttonUp
menuButton_change
buttonDown
buttonStillDown
adjustBounds
erted
within
pText
pInverted
pExcludeTab
nverted
pText
pInverted
pExcludeTab
menuButton_change
theSelf
bButton
bButtonID
fField
fFieldID
fFieldID
bButtonID
fFieldID
ppBounds
pEnabled
fFieldID
set p
of this page to my uniquename
vBounds
vText
destroy
set p
of this page to null
buttonUp
ppEnabled
within
menuButton_change
theLocation
buttonDown
ppEnabled
pInverted
buttonStillDown
ppEnabled
within
pInverted
pInverted
theLocation
within
theObject
theLocation
pInverted
bButtonID
bButtonID
theInverted
pInverted
ppInverted
pText
fTextID
theText
pText
fTextID
pExcludeTab
bButtonID
bButtonID
theExcludeTab
pExcludeTab
bButtonID
adjustBounds
pNoAdjust
ppBounds
destroy
buttonUp
menuButton_change
buttonDown
buttonStillDown
adjustBounds
erted
within
pText
pInverted
pExcludeTab
nverted
pText
pInverted
pExcludeTab
menuButton_change
theSelf
bButton
bButtonID
fField
fFieldID
fFieldID
bButtonID
fFieldID
ppBounds
pEnabled
fFieldID
set p
of this page to my uniquename
vBounds
vText
destroy
set p
of this page to null
buttonUp
ppEnabled
within
menuButton_change
theLocation
buttonDown
ppEnabled
pInverted
buttonStillDown
ppEnabled
within
pInverted
pInverted
theLocation
within
theObject
theLocation
pInverted
bButtonID
bButtonID
theInverted
pInverted
ppInverted
pText
fTextID
theText
pText
fTextID
pExcludeTab
bButtonID
bButtonID
theExcludeTab
pExcludeTab
bButtonID
adjustBounds
pNoAdjust
ppBounds
terpage
LeavePage
enterpage
whatRevAmI
enterpage
vblueback
BlueBack
background
blueback
foreground
BlueBack
vComback
pback2
vComback
ComBack
ComBack
DoPage
pTest
pTest
set wr
_fb to it
pCor_Fb
exit_fb
pExit_Fb
vScript
revnum
quesno
cor_FB
wr1_FB
wr2_FB
wr3_FB
exit_FB
LeavePage
HFInvert
a,b,c,d
whatRevAmI
ptemplate
:Rev 1.00
bookname
.W_C
ButtonUp
ButtonUp
A,B,C,D
Select 2 choices from A, B, C, or D, and then click the Done button.
pcor_fb
score
cor_fb
wr1_fb
wr2_fb
wr3_fb
exit_fb
quesno
result
stroke
fill_h
stroke_h
destroy
buttonUp
menuButton_change
buttonDown
buttonStillDown
adjustBounds
erted
within
pText
pInverted
pExcludeTab
nverted
pText
pInverted
pExcludeTab
menuButton_change
theSelf
bButton
bButtonID
fField
fFieldID
fFieldID
bButtonID
fFieldID
ppBounds
pEnabled
fFieldID
set p
of this page to my uniquename
vBounds
vText
destroy
set p
of this page to null
buttonUp
ppEnabled
within
menuButton_change
theLocation
buttonDown
ppEnabled
pInverted
buttonStillDown
ppEnabled
within
pInverted
pInverted
theLocation
within
theObject
theLocation
pInverted
bButtonID
bButtonID
theInverted
pInverted
ppInverted
pText
fTextID
theText
pText
fTextID
pExcludeTab
bButtonID
bButtonID
theExcludeTab
pExcludeTab
bButtonID
adjustBounds
pNoAdjust
ppBounds
destroy
buttonUp
menuButton_change
buttonDown
buttonStillDown
adjustBounds
erted
within
pText
pInverted
pExcludeTab
nverted
pText
pInverted
pExcludeTab
menuButton_change
theSelf
bButton
bButtonID
fField
fFieldID
fFieldID
bButtonID
fFieldID
ppBounds
pEnabled
fFieldID
set p
of this page to my uniquename
vBounds
vText
destroy
set p
of this page to null
buttonUp
ppEnabled
within
menuButton_change
theLocation
buttonDown
ppEnabled
pInverted
buttonStillDown
ppEnabled
within
pInverted
pInverted
theLocation
within
theObject
theLocation
pInverted
bButtonID
bButtonID
theInverted
pInverted
ppInverted
pText
fTextID
theText
pText
fTextID
pExcludeTab
bButtonID
bButtonID
theExcludeTab
pExcludeTab
bButtonID
adjustBounds
pNoAdjust
ppBounds
EnterPage
whatRevAmI
EnterPage
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
whatRevAmI
ptemplate
:Rev 1.00
bookname
pTextPort
pTemplate
concept
Page 9 of 21
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
4665,1470,9285,6270
gTextID
group id 11 of page id 337
ffield
The object creation defaults make it easy for users to access appropriate portions of the Directory tree and the file system.
For example, users can create, write to, and delete files in their own directories (under their home directory) without any special intervention by the network administrator.
Users can also look at the values contained in their User object properties to be sure the information is correct and up-to-date.
-to-date.
I can create, write to, and delete files in my home directory.
I can also look at the values contained in my User object properties.
EnterPage
whatRevAmI
EnterPage
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
whatRevAmI
ptemplate
:Rev 1.00
bookname
pTextPort
pTemplate
concept
Page 11 of 21
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
4665,1470,9285,6270
gTextID
group id 11 of page id 338
ffield
Security Design Considerations
When designing a security structure for NDS, keep in mind the following considerations:
- Grant other object rights along with the
Supervisor right.
- Use caution when granting rights to the
ACL property.
- Every object must have a "supervisor."
- The Supervisor object right includes
the Supervisor property right.property right
H c h
s _
A "supervisor" for every object.
Use caution with the ACL property.
Don't just grant the Supervisor right.
s _
Supervisor object right includes Supervisor property right.
EnterPage
whatRevAmI
EnterPage
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
whatRevAmI
ptemplate
:Rev 1.00
bookname
pPopup
POPUP
pTextPort
pTemplate
concept
Page 15 of 21
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
4665,1470,9285,6270
gTextID
group id 11 of page id 339
ffield
The "supervisor" of a NetWare Server object automatically has the Supervisor right in the root directory of each file system volume on that server.
To prevent loss of access to the file system, if the Server object does not have a "supervisor" asssigned explicitly, one will be inherited.
popup
fpopup
borderstype
rectangle
buttonup
buttonup
popup
Every object must have a "supervisor" in order to prevent the complete loss of access to an object.
destroy
buttonUp
menuButton_change
buttonDown
buttonStillDown
adjustBounds
erted
within
pText
pInverted
pExcludeTab
nverted
pText
pInverted
pExcludeTab
menuButton_change
theSelf
bButton
bButtonID
fField
fFieldID
fFieldID
bButtonID
fFieldID
ppBounds
pEnabled
fFieldID
set p
of this page to my uniquename
vBounds
vText
destroy
set p
of this page to null
buttonUp
ppEnabled
within
menuButton_change
theLocation
buttonDown
ppEnabled
pInverted
buttonStillDown
ppEnabled
within
pInverted
pInverted
theLocation
within
theObject
theLocation
pInverted
bButtonID
bButtonID
theInverted
pInverted
ppInverted
pText
fTextID
theText
pText
fTextID
pExcludeTab
bButtonID
bButtonID
theExcludeTab
pExcludeTab
bButtonID
adjustBounds
pNoAdjust
ppBounds
EnterPage
whatRevAmI
EnterPage
popup
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
pPopup
POPUP
pTextPort
pTemplate
concept
Page 8 of 21
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
4665,1470,9285,6270
gTextID
group id 11 of page id 326
ffield
Object Creation Defaults
The following default security configurations apply when you create an object:
- When you create a User object,
NetWare allows you to create the
user's home directory and
automatically assigns all rights to that
directory (SRWCEMFA).
- A User object is automatically made a
trustee of itself with the Read property
right so that the user can see his or her
own properties.
ly made a
trustee of itself with the Read property
right so that the user can see his or her
own properties.
it easy for users to access the portions of NDS and the file system that affect them.
When I am created, you
can create a user's home directory with all rights [SRWCEMFA].
I am automatically made a trustee of myself and given the Read property right.
popup
fpopup
borderstype
rectangle
No definition for home directory
buttonup
buttonup
popup
nel: Right Half
terpage
leavePage
enterpage
menuButton_change
enterpage
ppTotNo
DoPage
0,100,0
0,0,0
INDEX
0,100,0
seqno
totno
component
StartZ
leavePage
INDEX
0,0,0
0,0,0
0,0,0
menuButton_change
pHotTopics
vPage
vTopic
vName
theSelf
>@EXT
0,0,0
INDEX
0,100,0
seqno
totno
component
StartZ
leavePage
INDEX
0,0,0
0,0,0
0,0,0
menuButton_change
pHotTopics
vPage
vTopic
vName
theSelf
SlU|VK
r N ptopic10
group id 2470 of page id 304
ptopic8
group id 2461 of page id 304
ptopic7
group id 2457 of page id 304
ptopic6
group id 2453 of page id 304
ptopic5
group id 2449 of page id 304
ptopic4
group id 2445 of page id 304
ptopic3
group id 2441 of page id 304
ptopic2
group id 2437 of page id 304
ptopic1
group id 2433 of page id 304
pColdTopics
Installation - ADMIN,5
Object rights - ADMIN,5
Installation - [PUBLIC],6
Object rights - [PUBLIC],6
Object rights - \PUBLIC,7
Security configurations,8
Object rights - Creation,8
Object creation defaults,9
Granting rights with Supervisor right,12
Granting rights to Access Control List (ACL) property,13
Object rights - Supervisor,14
Server object,15
Property right,16
Design considerations,17
Property rights - Inheritance,18
All Properties option,18
Rights - Object and property,19
pHotTopics
Overview,2
Objectives,3
Default Security,4
The User Object ADMIN,5
The [PUBLIC] Trustee,6
The \PUBLIC Directory,7
Object Creation Defaults,8
Security Design Considerations,11
Design Considerations for Inheritance and IRFs,17
Summary,20
pTextPort
pptotno
pTemplate
Page 1 of 210
\,Q I
>0Q u
!!!!!!
AAAAAA
AAAAAA
Index
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
A~AppBounds
3030,1470,9285,6277
AgTextID
group id 1943 of page id 304
ffield
Lesson Index
Click Next to begin this lesson or click an Index button to jump to the topic of your choice.
choice.
topic1
DbButtonID
button id 2431 of page id 304
EfFieldID
field id 2432 of page id 304
TE:EppBounds
3405,2760,6390,3075
fEpEnabled
bButton
fField
OverviewgyyzXx
topic2
FtFbButtonID
button id 2435 of page id 304
FfFieldID
field id 2436 of page id 304
FppBounds
3405,3465,6390,3780
GpEnabled
bButton
fField
Objectives
topic3
HbButtonID
button id 2439 of page id 304
tHPHfFieldID
field id 2440 of page id 304
HppBounds
3405,4155,6390,4470
HpEnabled
bButton
fField
Default Security
topic4
IppBounds
3420,4755,6405,5280
IfTextID
field id 64 of page id 154
JpEnabled
BJ:JpLines
xJTJbButtonID
button id 2443 of page id 304
JppOffset
JppLineHeight
JppLines
JppEnabled
JfFieldID
field id 2444 of page id 304
bButton
fField
The User Object
ADMINN
topic5
<L"LppBounds
3405,5535,6390,5850
nLLLfTextID
field id 64 of page id 154
LpEnabled
LpLines
LbButtonID
button id 2447 of page id 304
LppOffset
MppLineHeight
.M&MppLines
LM@MppEnabled
^MfFieldID
field id 2448 of page id 304
bButton
fField
The [PUBLIC] Trusteeiderations for Inheritance and IRFs
topic6
NfFieldID
field id 2452 of page id 304
NppEnabled
NppLines
OppLineHeight
:O0OppOffset
pOLObButtonID
button id 2451 of page id 304
OpLines
OpEnabled
OfTextID
field id 64 of page id 154
OppBounds
6285,2670,9270,3195
bButton
fField
The \PUBLIC
Directoryy
topic7
QfFieldID
field id 2456 of page id 304
HQ<QppEnabled
`QXQppLines
QvQppLineHeight
QppOffset
QbButtonID
button id 2455 of page id 304
QpLines
QpEnabled
RfTextID
field id 64 of page id 154
LRppBounds
6285,3375,9270,3900
bButton
fField
Object Creation
Defaultss
topic8
ShSfFieldID
field id 2460 of page id 304
SppEnabled
SppLines
SppLineHeight
SppOffset
TbButtonID
button id 2459 of page id 304
LTDTpLines
jT^TpEnabled
TzTfTextID
field id 64 of page id 154
TppBounds
6285,4080,9270,4605
bButton
fField
Security Design Considerations
topic9
bButton
fField
Design Considerations for Inheritance and
IRFss
topic10
VpEnabled
VppBounds
6285,5535,9270,5850
HW$WfFieldID
field id 2469 of page id 304
ZWbButtonID
button id 2468 of page id 304
bButton
fField
Summary000000000000000
buttonUp
buttonUp
dlgInit
dlgInit
Cancel
setValue
dlgBox
dialog
bCancel
getValue
bSearch
getValue
tindex.tbK
tindex.tbk
pCaller
bGoto
getValue
pptotno
pptotno
Go to Page (1 -
Page number is not within this component
bTopMenu
getValue
pTopmenu
bGlossary
getValue
glossary.tbK
glossary.tbk
pCaller
vTopMenu
vPage
vStartPage
vTotalPages
vCaller
vResult
vTempInit
vInit
coursefile
component
destroy
buttonUp
menuButton_change
buttonDown
buttonStillDown
adjustBounds
erted
within
pText
pInverted
pExcludeTab
nverted
pText
pInverted
pExcludeTab
menuButton_change
theSelf
bButton
bButtonID
fField
fFieldID
fFieldID
bButtonID
fFieldID
ppBounds
pEnabled
fFieldID
set p
of this page to my uniquename
vBounds
vText
destroy
set p
of this page to null
buttonUp
ppEnabled
within
menuButton_change
theLocation
buttonDown
ppEnabled
pInverted
buttonStillDown
ppEnabled
within
pInverted
pInverted
theLocation
within
theObject
theLocation
pInverted
bButtonID
bButtonID
theInverted
pInverted
ppInverted
pText
fTextID
theText
pText
fTextID
pExcludeTab
bButtonID
bButtonID
theExcludeTab
pExcludeTab
bButtonID
adjustBounds
pNoAdjust
ppBounds
EnterPage
whatRevAmI
EnterPage
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
whatRevAmI
ptemplate
:Rev 1.00
bookname
pPopup
POPUP
pTextPort
pTemplate
concept
Page 12 of 21
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
4665,1470,9285,6270
gTextID
group id 11 of page id 328
ffield
Grant Other Object Rights Along With the Supervisor Right
Granting the Supervisor object or property right automatically grants all of the other rights. Also, if the Supervisor right is subsequently blocked by an Inherited Rights Filter (IRF) or revoked, all of the other rights are removed. In this case, the object would have no rights to the other object.
To avoid problems, consider what rights you want to remain if the Supervisor right is blocked and be sure to grant rights individually. (Note that these rights may also be blocked at some point.)))and Add Self).
popup
fpopup
borderstype
rectangle
buttonup
buttonup
popup
If you grant the Supervisor object right without granting other rights, and the Supervisor right is subsequently blocked by an IRF, the object may then have no rights to the other object.
EnterPage
whatRevAmI
EnterPage
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
whatRevAmI
ptemplate
:Rev 1.00
bookname
pTextPort
pTemplate
concept
Page 13 of 21
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
4665,1470,9285,6270
gTextID
group id 11 of page id 329
ffield
Use Caution When Granting Rights to the ACL Property
The Access Control List (ACL) property of an object contains the names of all objects that can access that object.
An object with the Write property right to the ACL property has the power to grant itself Supervisor object rights.
Be aware of this as you plan your security structure so that you don't mistakenly give an object more rights than you intended.
object.
ded to a given object.
If you have the Write property right to the ACL property, you can grant yourself Supervisor rights.
An object with the Write property right to the ACL property has the power to grant itself Supervisor object rights.
+9*u
EnterPage
whatRevAmI
EnterPage
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
whatRevAmI
ptemplate
:Rev 1.00
bookname
pPopup
POPUP
pTextPort
pTemplate
concept
Page 14 of 21
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
4665,1470,9285,6270
gTextID
group id 11 of page id 330
ffield
Every Object Must Have a "Supervisor"
To prevent the complete loss of access to an object, every object must have a "supervisor." The "supervisor" of an object is any object with the Supervisor object right or the Write right to the ACL property of that object.
Note that the Supervisor object right may be from an explicit trustee assignment or from inheritance.
ect. The Supervisor right can come from an explicit trustee assignment on that object, or through inheritance.
ect rights, you could lose access to that object.
popup
fpopup
borderstype
rectangle
buttonup
buttonup
popup
Every object must have a "supervisor" in order to prevent the complete loss of access to an object.
The Supervisor Object Right Includes the Supervisor Property Right
When you grant the Supervisor object right, you automatically grant the Supervisor property right to all properties.
Because of this, you can freely use IRFs to block access to individual properties without fear of blocking access to those whom you have given the Supervisor object right..ight..lock access to individual properties without fear of blocking access for those you have chosen to give the Supervise right.
popup
fpopup
borderstype
rectangle
buttonup
buttonup
popup
When you grant the Supervisor object right, you automatically grant the Supervisor property right to all properties.
EnterPage
whatRevAmI
EnterPage
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
whatRevAmI
ptemplate
:Rev 1.00
bookname
pPopup
POPUP
pTextPort
pTemplate
concept
Page 17 of 21
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
4665,1470,9285,6270
gTextID
group id 11 of page id 332
ffield
Design Considerations for Inheritance and IRFs
Inheritance is a powerful tool that helps you avoid hours of work creating explicit trustee assignments. Considerations to keep in mind include:
- Individual property rights are not
inherited.
- Object rights and rights granted with
the All Properties option are inherited
separately.
roperty rights are not
inherited
- Object and All property rights are
inherited separately
popup
fpopup
borderstype
rectangle
buttonup
buttonup
popup
Individual property rights are not inherited.
Object rights and rights granted with the All Properties option are inherited separately. are inherited separately.
Individual property rights are not inherited.
Object rights and rights granted with the All Properties option are inherited separately. are inherited separately.
destroy
buttonUp
menuButton_change
buttonDown
buttonStillDown
adjustBounds
erted
within
pText
pInverted
pExcludeTab
nverted
pText
pInverted
pExcludeTab
menuButton_change
theSelf
bButton
bButtonID
fField
fFieldID
fFieldID
bButtonID
fFieldID
ppBounds
pEnabled
fFieldID
set p
of this page to my uniquename
vBounds
vText
destroy
set p
of this page to null
buttonUp
ppEnabled
within
menuButton_change
theLocation
buttonDown
ppEnabled
pInverted
buttonStillDown
ppEnabled
within
pInverted
pInverted
theLocation
within
theObject
theLocation
pInverted
bButtonID
bButtonID
theInverted
pInverted
ppInverted
pText
fTextID
theText
pText
fTextID
pExcludeTab
bButtonID
bButtonID
theExcludeTab
pExcludeTab
bButtonID
adjustBounds
pNoAdjust
ppBounds
EnterPage
whatRevAmI
EnterPage
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
whatRevAmI
ptemplate
:Rev 1.00
bookname
pTextPort
pTemplate
concept
Page 18 of 21
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
4665,1470,9285,6270
gTextID
group id 11 of page id 334
ffield
Individual Property Rights are Not Inherited
Because each type of object has different properties, individual property rights are not inherited. For example, Printer objects have a Serial Number property, which User objects do not have.
If you want property rights to flow down for inheritance, you must use the All Properties option to grant rights. You can then override specific property rights on each object as needed. ach object as needed. eded.
Container
Object
Use All Properties option to grant rights.
Container
Object
Some can inherit rights . . .
Or you can override specific property rights . . .
Some can inherit rights . . .
Or you can override specific property rights . . .
Use All Properties option to grant rights.
pFeedbackPort
pTextPort
pTemplate
PCor_Fb
Correct. The User object ADMIN has the Supervisor object right to the Root object and a User object is automatically made a trustee of itself.
pTest
One of your choices is correct. B, however, is incorrect. All users can "walk the tree" at installation. Please select two items again.
One of your choices is correct. D, however, is incorrect. All users have access to \PUBLIC at installation. Please select two items again.
B and D are incorrect. They are not default configurations. Please select two items again.
pExit_fb
A and C are correct. The User object ADMIN has Supervisor object rights to the Root object and a User object is automatically made a trustee of itself.
Page 10 of 21
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pFeedbackPort
destroy
pFeedbackPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pFeedbackPort
destroy
pFeedbackPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
285,4635,4710,6270
gTextID
group id 7 of page id 335
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
gTextID
group id 29 of page id 335
ppBounds
315,1485,9330,6285
The \PUBLIC directory is blocked from all objects except the user object ADMIN.
A User object is automatically made a trustee of itself.x
Only the network administrator can "walk the tree."can "walk the tree"""ree.""
The User object ADMIN has the Supervisor object right to the Root object.
Answer
ButtonUp
ButtonUp
LChPageHi
1,2,3,4
HFInvert
1,2,3,4
0,0,0
0,100,0
exit_fb
fill_h
stroke_h
quesno
result
nvert
1,2,3,4
0,0,0
0,100,0
exit_fb
fill_h
stroke_h
quesno
result
Answer
ffield
Which two of the following are default configurations provided by NetWare v4.0 at installation?ion?
buttondown
buttonup
buttondown
HFInvert
A,B,C,D
0,0,0
0,100,0
Hfinvert
0,100,0
0,0,0
buttonup
HFInvert
A,B,C,D
0,0,0
0,100,0
Hfinvert
0,100,0
0,0,0
buttonup
buttondown
buttonup
buttondown
HFInvert
A,B,C,D
0,0,0
0,100,0
Hfinvert
0,100,0
0,0,0
buttonup
HFInvert
A,B,C,D
0,0,0
0,100,0
Hfinvert
0,100,0
0,0,0
buttonup
buttondown
buttonup
buttondown
HFInvert
A,B,C,D
0,0,0
0,100,0
Hfinvert
0,100,0
0,0,0
buttonup
HFInvert
A,B,C,D
0,0,0
0,100,0
Hfinvert
0,100,0
0,0,0
buttonup
buttondown
buttonup
buttondown
HFInvert
A,B,C,D
0,0,0
0,100,0
Hfinvert
0,100,0
0,0,0
buttonup
HFInvert
A,B,C,D
0,0,0
0,100,0
Hfinvert
0,100,0
0,0,0
buttonup
Select 2 choices from A, B, C, or D, and then click the Done button.utton..
-- ** Set scn to the scenario number. If there is no scenario
-- then set scn to ""
-- set scn to ""
set scn to my pScn
-- ** Prog. set correct answer here ("T"/"F")
-- set ans to "F"
set ans to my pAns
-- ** Prog. set feedbacks here
-- set cor_fb to " "
set cor_fb to my pCor_Fb
-- set wr1_fb to " "
set wr1_fb to my pWr1_Fb
end EnterPage
to handle LeavePage
set SysLockScreen to true
send FInvert "true,false"
clear text of field "feed"
end LeavePage
to handle whatRevAmI
system bookname,rev
push ptemplate of this page&&":Rev 1.00"&CRLF onto rev
!4!push ptemplate of this page&&":Rev 1.00"&CRLF onto rev
normal
nner and Pagination
BlueBack
comback
Banner
Controlling Access to the Directory Tree
buttonup
buttonup
Do you want to exit the course?
Would you like to leave a bookmark?
bmark
bookname
pmark
smark
tmark
result
review
revnum
numrev
revdes
atmpt
component
tbkfile.dll
review
numrev
revdes
component
BookName
seqno
totno
bmarkfile
result
revnum
atmpt
Would you like to leave a bookmark?
bmark
bookname
pmark
smark
tmark
result
review
revnum
numrev
revdes
atmpt
component
tbkfile.dll
review
numrev
revdes
component
BookName
seqno
totno
bmarkfile
result
revnum
atmpt
buttonup
buttonup
Find_Menu
coursefile
place
Find_Menu
coursefile
place
Index
ButtonUp
ButtonUp
0,100,0
component
ponent
ButtonUp
ButtonUp
0,100,0
component
Index
buttonup
buttonup
0,0,0
seqno
buttonup
buttonup
0,0,0
seqno
buttonup
buttonup
0,0,0
seqno
buttonup
buttonup
0,0,0
seqno
buttonup
buttonup
\help
pCaller
vCaller
place
\help
pCaller
vCaller
place
Dialog
dlgInit
button bSearch,b19,TRUE
button bGlossary,b21,TRUE
button bGoTo,b22,TRUE
button bTopMenu,b25,TRUE
button bCancel,b20,FALSE
dlgBox
524480,5,30,20,111,116,,,Options,8,Helv,bSearch,3.70,6.07,50.86,32.16,19,1342242816,128,Topic Search,0,bGlossary,57.87,6.07,50.86,32.16,21,1342242816,128,Glossary,0,bGoTo,3.70,42.26,50.86,32.16,22,1342242816,128,Go To Page,0,bTopMenu,57.68,42.17,50.86,32.16,25,1342242816,128,Main Menu,0,bCancel,31.54,83.61,50.90,12.31,20,1342242817,128,Cancel,0
ctrlID
Options
buttonup
buttonup
pCaller
vCaller
place
buttonup
buttonup
pCaller
vCaller
place
destroy
buttonUp
menuButton_change
buttonDown
buttonStillDown
adjustBounds
erted
within
pText
pInverted
pExcludeTab
nverted
pText
pInverted
pExcludeTab
menuButton_change
theSelf
bButton
bButtonID
fField
fFieldID
fFieldID
bButtonID
fFieldID
ppBounds
pEnabled
fFieldID
set p
of this page to my uniquename
vBounds
vText
destroy
set p
of this page to null
buttonUp
ppEnabled
within
menuButton_change
theLocation
buttonDown
ppEnabled
pInverted
buttonStillDown
ppEnabled
within
pInverted
pInverted
theLocation
within
theObject
theLocation
pInverted
bButtonID
bButtonID
theInverted
pInverted
ppInverted
pText
fTextID
theText
pText
fTextID
pExcludeTab
bButtonID
bButtonID
theExcludeTab
pExcludeTab
bButtonID
adjustBounds
pNoAdjust
ppBounds
keyUp
whatRevAmI
keyUp
0,0,0
0,0,0
Do you want to exit the course?
Would you like to leave a bookmark?
bmark
bookname
pmark
smark
tmark
result
review
revnum
numrev
revdes
atmpt
component
tbkfile.dll
review
numrev
revdes
component
BookName
totno
bmarkfile
result
revnum
atmpt
popup
seqno
isCntrl
isShift
whatRevAmI
Background Title Rev 1.00
bookname
Overview
Street
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
:ppBounds
ApTextPort
9,<gTextID
3030,1470,9285,6277
ffield
group id 235 of page id 318
NetWare v4.0 makes access to resources fast and efficient. A well-planned strategy for access control will ensure that your system is completely secure, while users have easy access to resources they are authorized to use.
In order to create an effective security plan, you need to understand the default security structure from which you will be working. You also need to understand specific security rules and considerations..fully understand the details involved in planning security, however, you will want to use other Novell Education training products in addition to this lesson.n training products in addition to this lesson.ou actually create your security system.m.tem.
EnterPage
EnterPage
DoPage
DoPage
Page 2 of 21
normal
` `
` `
L o t ~ t Q
L o t ~ t Q
AAA!!!"
` `
8 {F
` `
8 )J
L o t ~ t Q
4Yo <
c AAA
L o t ~ t Q
` rv8
Objectives
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
gTextID
3030,1470,9285,6277
ffield
group id 448 of page id 319
At the end of this lesson, you will be able to do the following:
- Identify the default security structure of a new Directory
tree.
- Identify security design considerations.
- Identify design considerations for inheritance and
Inherited Rights Filters (IRFs).
EnterPage
EnterPage
DoPage
DoPage
Page 3 of 21
pTextPort
N AAA
Summary
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
gTextID
group id 815 of page id 321
ppBounds
3030,1470,9285,6277
ffield
Designing security for a complex network requires careful planning. NetWare v4.0 makes this task easier by providing default security configurations, including:
- The User object ADMIN with Supervisor rights
- [PUBLIC] as a trustee to the Root
- Access to utilities in the \PUBLIC directory
- Object creation defaults
When designing your security system, keep careful track of which objects have Supervisor priviledges. Consider how Supervisor rights flow down, and be sure that all objects have at least one object with the Supervisor object right.
Also remember that object rights and rights granted with the All Properties option are inherited separately. Individual property rights cannot be inherited.
EnterPage
EnterPage
DoPage
DoPage
Page 20 of 21
EnterPage
whatRevAmI
EnterPage
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
whatRevAmI
ptemplate
:Rev 1.00
bookname
pTextPort
pTemplate
concept
Page 4 of 21
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
4665,1470,9285,6270
gTextID
group id 11 of page id 322
ffield
Default Security
NetWare v4.0 helps you plan your security system by providing default security configurations at installation. These serve as a starting point for system-wide security design. Default security configurations affect the following areas:
- The User object ADMIN
- The [PUBLIC] trustee
- The \PUBLIC directory
- The defaults for object creation n n n faults system-wide security design.
[PUBLIC]
[PUBLIC]
LOGIN
PUBLIC
SYSTEM
USERS
APPSUsererr
LOGIN
PUBLIC
SYSTEM
USERS
APPSUsererr
ADMIN
ADMIN
EnterPage
whatRevAmI
EnterPage
popup
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
pPopup
POPUP
pTextPort
pTemplate
concept
Page 5 of 21A
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
4665,1470,9285,6270
gTextID
group id 11 of page id 323
ffield
The User Object ADMIN
The User object ADMIN is created at installation. You log in the first time as ADMIN in order to create other objects in your Directory tree.
ADMIN has the Supervisor object right for the Root object, giving it all rights to all objects in the Directory tree. It also has the Supervisor object right to the NetWare Server object, giving it supervisor rights to all volumes attached to the server.
Because of these extensive rights, the User object ADMIN makes initial object creation quick and efficient.quick and efficient..and efficient.
I'm created
at installation.
I create the other objects in the Directory tree.
I have the Supervisor object right to the Root object and the NetWare Server object..
ADMIN
ADMIN
popup
fpopup
borderstype
rectangle
No definition for object right
buttonup
buttonup
popup
EnterPage
whatRevAmI
EnterPage
popup
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
pPopup
POPUP
pTextPort
pTemplate
concept
Page 6 of 21
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
4665,1470,9285,6270
gTextID
group id 11 of page id 324
ffield
The [PUBLIC] Trustee
[PUBLIC] is a special trustee that represents all persons using network services, whether they are logged in or not.
At installation, [PUBLIC] is a trustee of the Root object with the Browse object right. This grants everyone the ability to browse through and view all objects in the tree, also known as "walking the tree," even if they are not logged in.
Access Control
(PUBLIC)
popup
fpopup
borderstype
rectangle
No definition for trustee
buttonup
buttonup
popup
hatRevAmI
EnterBook
whatRevAmI
LeaveBook
whatRevAmI
:Lesson Book Rev 1.19
bookname
EnterBook
seconds
altkey
sizetopage
reader
setSysBooks
ppTotTry
ppBancont
ppLevel
ppPlace
PMark
SMark
TotNo
TMark
result
revnum
numrev
revdes
atmpt
component
normal
svEnterTime
svTotalIdle
svStartIdle
result
revnum
numrev
revdes
atmpt
component
level
bmarkfile
StartZ
coursefile
place
bookname
seqno
totno
bancont
tottry
LeaveBook
MMM dd y hh:min:sec AMPM
set vLastTime to p
time of book bmarkfile
set p
LastDate of book bmarkfile to vLastDate
set p
Time of book bmarkfile to vDiff
FromGoTo
vLastTime
vCommand
vLastDate
vDiff
vTotal
svEnterTime
svLeaveTime
svTotalIdle
bmarkfile
place
title
EnterPage
whatRevAmI
EnterPage
popup
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
DoPage
whatRevAmI
ptemplate
:Rev 1.00
bookname
pPopup
POPUP
pTextPort
pTemplate
concept
Page 7 of 21
estroy
destroy
adjustBounds
pText
pText
gTextID
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
pTextPort
destroy
pTextPort
gTextID
pText
fText
pText
fText
theText
adjustBounds
pNoAdjust
ppBounds
ppBounds
4665,1470,9285,6270
gTextID
group id 11 of page id 325
ffield
The \PUBLIC Directory
The container object holding the Volume object for the SYS: volume has Read and File Scan rights ( R F ) to the \PUBLIC directory (on the SYS: volume). This allows users to easily access network applications kept in the \PUBLIC directory.
For example, the Organizational Unit Sales has Read and File Scan
( R F ) rights to the \PUBLIC directory on the SYS: volume contained within it.
All users within the Sales container, therefore, have those rights ( R F ).
Sales
LOGIN
PUBLIC
SYSTEM
USERS
APPSUsererr
ADMIN
LOGIN
PUBLIC
SYSTEM
USERS
APPSUsererr
ADMIN
Sales has the Read and File Scan rights to the \PUBLIC directory...
Sales
Sales has the Read and File Scan rights to the \PUBLIC directory...