From: Joseph Kusmiss (4/18/95)
To: Frank Belvin, MaryAnn Cavanagh, Fred Chase, Diane Coe, Richard Walzer, 
Ron Watro, Ken Zwirble, Beth Abramowitz, Maureen Cheheyl, Julie Connolly, 
Chris Eliopoulos, Rosalie McQuaid, Marion Michaud, Charlie Pratt, Jeffery Sebring, 

Mail*Link¨ SMTP               RE>RIGHTS ELUCIDATION ADDEN
Received: by iegate.mitre.org with SMTP;18 Apr 1995 15:00:46 -0500
Received: (from root@localhost) by mbunix.mitre.org (8.6.10/8.6.9) id PAA07107 for
 fnc@mbunix.mitre.org; Tue, 18 Apr 1995 15:00:11 -0400
Received: from qmgate.mitre.org (qmgate.mitre.org [129.83.100.120]) by
 mbunix.mitre.org (8.6.10/8.6.9) with SMTP id PAA07095; Tue, 18 Apr 1995 15:00:09
 -0400
Message-ID: <n1413905293.49509@qmgate.mitre.org>
Date: 18 Apr 1995 14:55:16 -0500
From: "Joseph Kusmiss" <Joseph_Kusmiss@qmgateib.mitre.org>
Subject: Re: RIGHTS ELUCIDATION ADDEN
To: "Frank Belvin" <fb@mitre.org>, "MaryAnn Cavanagh" <macavan@mitre.org>,
        "Fred Chase" <fnc@mitre.org>, "Diane Coe" <dec@mitre.org>,
        "Richard Walzer" <rwalzer@mitre.org>, "Ron Watro" <watro@mitre.org>,
        "Ken Zwirble" <kzwirble@mitre.org>,
        "Beth Abramowitz" <Beth_Abramowitz@qmgateib.mitre.org>,
        "Maureen Cheheyl" <Maureen_Cheheyl@qmgateib.mitre.org>,
        "Julie Connolly" <Julie_Connolly@qmgateib.mitre.org>,
        "Chris Eliopoulos" <Chris_Eliopoulos@qmgateib.mitre.org>,
        "Rosalie McQuaid" <Rosalie_McQuaid@qmgateib.mitre.org>,
        "Marion Michaud" <Marion_Michaud@qmgateib.mitre.org>,
        "Charlie Pratt" <Charlie_Pratt@qmgateib.mitre.org>,
        "Jeffery Sebring" <Jeffery_Sebring@qmgateib.mitre.org>
X-Mailer: Mail*Link SMTP-QM 3.0.2
X-MDF: Mail for fnc sent to  fnc@mbunix.mitre.org

        Reply to:   RE>RIGHTS ELUCIDATION ADDENDUM

NOTE: THE INHERITED RIGHTS FILTER also belongs in ALGORITHM. It will filter
any INHERITED RIGHTS as you go up the TREE. The IRF is associated with the
THING and applies to ALL TRUSTEES. (Exception: SUPERVISOR rights in File
System cant be blocked. In NDS they can be blocked.)

JOE 

--------------------------------------
Date: 4/18/95 2:42 PM
To: Joseph Kusmiss
From: Joseph Kusmiss
If I ever give that NetWare talk again this is the way I will explain rights:

Each THING (Object,Property,Directory,File) has different types of rights that
can be associated with it (for a particular TRUSTEE) by a TRUSTEE ASSIGNMENT. 

Each TRUSTEE ASSIGNMENT is an entry on an ACCESS CONTROL LIST(ACL) associated
with a THING. The ACL entry has the name of the TRUSTEE and their rights to
the THING. A TRUSTEE can be a USER or other OBJECT.

Each TRUSTEE can also  be SECURITY EQUIVALENT to other TRUSTEES.  A SECURITY
EQUIVALENCE is some other  TRUSTEE on a list of security equivalences
associated with a TRUSTEE. The TRUSTEE gets their (the TRUSTEES on the list)
rights (except for any coming from their SECURUTY EQUIVALENCES).

QUESTION: What rights does a TRUSTEE have to a particular THING?

ALGORITHM:  Is the TRUSTEE on an ACL for the THING?. YES. Add those rights to
a LIST. If NO look higher up in the tree for an ACL with that TRUSTEE (for any
inherited rights). This is called INHERITANCE. First ACL blocks any higher up.

FINALLY go through any security equivalences for TRUSTEE and find the rights
from the above algorithm for those TRUSTEES . ADD those rights to the list.

RESULT: TRUSTEE's rights to the THING are on the LIST.

NOTE: TRUSTEES have rights. THINGS do not have rights. There must be some
TRUSTEE assignment to start the process. ( Default assignments will be covered
in the Advanced Course).

Hope this helps.   JOE



======================================================================