iSeries authorities and NDS object rights
NetWare Directory Services (NDS) objects are protected by these rights:
- Browse
- Grants the trustee the right to see the object's name in the NDS tree.
- Create
- Grants the trustee the right to create a new directory services object
within the container.
- Delete
- Grants the trustee the right to delete an object.
- Rename
- Grants the trustee the right to change the Name property for an object.
- Supervisor
- Grants all possible rights to the user object.
Attribute rights are not mapped. These rights can exist for each attribute
of an object and might differ for different attributes. This prevents the iSeries™ from working with attribute rights of NDS objects. Storage Management
Services (SMS) rights, which control a user's right to save and restore a
file, directory, NDS object, or other NetWare resource, are not mapped either.
These rights are architected by Novell but have not yet been put into effect.
iSeries authorities map to NDS rights, as follows:
Table 3. iSeries Authorities and NDS Rights
| iSeries Authorities |
NDS Rights |
| None |
Browse |
Create |
Delete |
Rename |
Supervisor |
| *EXCLUDE |
X |
|
|
|
|
|
| *OBJOPR |
|
* |
* |
* |
* |
|
| *OBJMGT |
|
|
|
|
|
|
| *OBJALTER |
|
|
|
|
|
|
| *OBJREF |
|
|
|
|
|
X |
| *OBJEXIST |
|
|
|
|
|
|
| *AUTLMGT |
|
|
|
|
|
|
| *READ |
|
X |
|
|
|
|
| *ADD |
|
|
X |
|
|
|
| *UPD |
|
|
|
|
X |
|
| *DLT |
|
|
|
X |
|
|
| *EXECUTE |
|
X |
|
|
|
|
|
Note:
The iSeries *OBJOPR authority bit is turned on when a user has any data authority
(*READ, *ADD, *UPD, *DLT, or *EXECUTE), but is not mapped explicitly to any
specific NetWare right or rights. |