Environment
Novell eDirectory
Novell NetWare
Novell Open Enterprise Server (Linux based)
Novell Open Enterprise Server (NetWare based)
Situation
Example scenario:
O=SandPit has explicit WEFRCMA rights to directory TEMP on a volume in O=Novell
CN=MyGroup.O=SandPit is a group and has no explicit rights but has Effective Rights of WEFRCMA inherited from O=SandPit
CN=MyUser.O=PlayPen is a user in Group CN=MyGroup.O=SandPit and has no rights, no explicit rights and no inherited rights
In this situation, MyGroup's members (i.e. MyUser) do not inherit the rights that the group inherited from its parent container (i.e. SandPit). Is this correct?
O=SandPit has explicit WEFRCMA rights to directory TEMP on a volume in O=Novell
CN=MyGroup.O=SandPit is a group and has no explicit rights but has Effective Rights of WEFRCMA inherited from O=SandPit
CN=MyUser.O=PlayPen is a user in Group CN=MyGroup.O=SandPit and has no rights, no explicit rights and no inherited rights
In this situation, MyGroup's members (i.e. MyUser) do not inherit the rights that the group inherited from its parent container (i.e. SandPit). Is this correct?
Resolution
This is working as designed.
An object will not gain rights inherited by an object it is Security Equivalent to.
An object will not gain rights inherited by an object it is Security Equivalent to.
Security equivalence is effective only
for one step; it is not transferred by a subsequent security
equivalence. For example, if you make a third user security
equivalent toJoein the example above, that user
receives onlyJoe’s original security settings. The
third user does not receive Admin rights or any other Security
Equal To propertiesJoemight have. Section 8.1 eDirectory Objects and Security Equivalence,
OES2: File Systems Management Guide.