Understanding Novell eDirectory 67novdocx (en) 11 July 2008IMPORTANT: If you delegate administration to a User object and that object is subsequentlydeleted, there are no objects with rights to manage that branch.To delegate administration of specific eDirectory properties, such as Password Management, see“Granting Equivalence” on page 68.To delegate the use of specific functions in role-based administration applications, see Section 3.3,“Configuring Role-Based Services,” on page 103.1.10.5 Administering Rights “Assigning Rights Explicitly” on page 67 “Granting Equivalence” on page 68 “Blocking Inherited Rights to an eDirectory Object or Property” on page 70 “Viewing Effective Rights to an eDirectory Object or Property” on page 70Assigning Rights ExplicitlyWhen the default rights assignments in your eDirectory tree provide users with either too much ornot enough access to resources, you can create or modify explicit rights assignments. When youcreate or modify a rights assignment, you start by selecting either the resource that you arecontrolling access to or the trustee (the eDirectory object that possesses, or will possess, the rights).TIP: To manage users' rights collectively rather than individually, make a group, role, or containerobject the trustee. To restrict access to a resource globally (for all users), see “Blocking InheritedRights to an eDirectory Object or Property” on page 70. “Controlling Access to Novell eDirectory by Resource” on page 67 “Controlling Access to Novell eDirectory by Trustee” on page 68Controlling Access to Novell eDirectory by Resource1 In Novell iManager, click the Roles and Tasks button Description: Roles and Tasks button .2 Click Rights > Modify Trustees.3 Specify the name and context of the eDirectory resource (object) that you want to controlaccess to, then click OK.Choose a container if you want to control access to all the objects below it.4 Edit the list of trustees and their rights assignments as needed.4a To modify a trustee's rights assignment, select the trustee, click Assigned Rights, modifythe rights assignment as needed, then click Done.4b To add an object as a trustee, click Add Trustee, select the object, click OK, click AssignedRights to assign the trustee's rights, then click Done.When creating or modifying a rights assignment, you can grant or deny access to theobject as a whole, to all the properties of the object, and to individual properties.4c To remove an object as a trustee, select the trustee, then click Delete Trustee.