Anonymous_User Absent Member.
Absent Member.
794 views

eDir rights

Running 2 NW6.5sp2 servers and 3 NW5.0 servers.

I have several contexts inside my tree. I added a user inside a context
and I only want this user to have access to 1 folder on one of the NW5.0
servers. Thats it. I don't want this user to be able to see ANYTHING
else on the network like how many servers I have, contexts, etc.

Well, logged in as this user, in Windows Explorer I can see the tree, I
can expand the tree and see the entire kittenkaboodle! Whats interesting
is that on one NW6.5 server called 2LAWN i can expand volume 1, but not
volume 2. On another server NW5.0 called 3LAWN I cannot expand sys, can
expand vol1 but will only see this user's folder. 2LAWN is off root,
and 3LAWN is inside another context separate from the context I placed
the user in.

So I know its a rights issue, but where do I look to remove this
particular user from being able to see these servers off root?

THANKS!!

mercedes
Labels (2)
0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: eDir rights

By default every user can browse the entire tree. This is by virtue of
the [public] trusteeship, to allow objects to walk the tree to find
their context before they log in. You don't want to change this as it
may interfere with normal working.

Note this is browse access only, they can't change anything without
extra rights. You can revoke file system rights easily enough, but not
NDS Browse rights.
--
Andrew C Taubman
Novell Support Forums Volunteer SysOp
http://support.novell.com/forums
(Sorry, support is not provided via e-mail)

Opinions expressed above are not
necessarily those of Novell Inc.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: eDir rights

GOSH! I have a very strenuous situation and I didn't want this person
seeing anything.

Oh Well

THANKS!~!
Olivia

> By default every user can browse the entire tree. This is by virtue of
> the [public] trusteeship, to allow objects to walk the tree to find
> their context before they log in. You don't want to change this as it
> may interfere with normal working.
>
> Note this is browse access only, they can't change anything without
> extra rights. You can revoke file system rights easily enough, but not
> NDS Browse rights.
> --
> Andrew C Taubman
> Novell Support Forums Volunteer SysOp
> http://support.novell.com/forums
> (Sorry, support is not provided via e-mail)
>
> Opinions expressed above are not
> necessarily those of Novell Inc.


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: eDir rights

Every other tree in the world works just fine like this, including in
high security environments like defence and banking. So whatever
security problem you think this is causing you, well, it isn't 🙂
--
Andrew C Taubman
Novell Support Forums Volunteer SysOp
http://support.novell.com/forums
(Sorry, support is not provided via e-mail)

Opinions expressed above are not
necessarily those of Novell Inc.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.