Managing group objects

If you want a user to have access to an object, you must give the user a trustee assignment to that object. Rather than make trustee assignments to many users, you can create a Group object and make just one trustee assignment to grant access to all the users who belong to the Group.

Here are some guidelines to follow when setting up a Group object:

• Only User objects can be listed in a Group, and you can add User objects from any part of the Directory tree to a Group.

  ---

  NOTE: A Group object is not a container. It does not contain User objects; users' names are merely assigned to a Group object.

  ---

• To create a Group object, see ``Creating leaf objects''.

• You must create User objects before you can add them to the membership list of a Group object. See ``Creating leaf objects'' for instructions on creating User objects.

• After you have created a Group object and added User object names to it, you manage the rights of theGroup object rather than the rights of the individual users.

  For example, suppose you have a word-processor application on the network that many users need to access. You could create a Group object named WORD PROCESSOR USERS and add the User object names of the users who need access to the application.

  Then, rather than granting file trustee rights to each of the User objects, you would grant the file trustee rights to the Group object WORD PROCESSOR USERS for the application and the working directory.

• When a user is added to the membership list of a Group object, the Group is listed in that user's Security Equal To property. The user is granted all rights that any object (User, Group, Printer, and so on) in that list is granted, both object and file rights.

• Add members to a Group object.

• Give a Group object rights to files and directories.

• Delete members from a Group object.

Adding members to a group object using NetWare Administrator

The following list describes the prerequesites:

• A 386 or later workstation and NetWare Administrator

• The Write right to the Members property of the Group object

• The Write right to the Security Equal To property of the User object

• The Write right to the ACL (Access Control List) property of the Group object

• The Group object must already exist, and the User objects you want to add as members of the Group must already exist

1. From the Windows Program Manager or the OS/2 desktop, click on the ``NetWare Administrator'' icon.

2. Select the Group object you want to edit.

   For information on moving around in the browser and selecting objects, press <F1>.

3. From the Object menu, choose Details.

4. Choose the Members button at the right side of the ``Object'' dialog box.

5. Choose the Add button to browse the Directory tree for User objects.

6. Browse the Directory tree until the User object you want appears in the ``Objects'' box.

7. Choose OK.

8. Repeat Step 5 through Step 7 to add more User objects to the Group object.

9. When you have finished adding User objects to the Group object, choose OK to save your changes and return to the browser.

Adding members to a group object using NETADMIN

The following list describes the prerequisites:

• A workstation running DOS 3.30 and NETADMIN

• The Supervisor right to the Group object, or the Write or Supervisor right to the Members property of the Group object

• The Supervisor right to the Group object, or the Write or Supervisor right to the Security Equal To property of the User object

• The Supervisor or Write right to the ACL property of the Group and User objects

• The Group object must already exist, and the User objects you want to add as members of the Group must already exist

1. At the DOS prompt, type
   
   NETADMIN

   For information on moving around in NETADMIN and selecting objects, press <F1> after starting the utility.

2. From the NetAdmin options menu, choose Manage objects.

3. Browse the Directory until the Group object appears on the screen.

   Use the instructions at the bottom of the screen to browse the directory. Press <F1> for help.

4. When the Group object appears in the ``Object'' list, select it and press <F10>.

   The Actions menu appears.

5. Choose View or Edit Properties of This Object.

6. From the View or Edit Group menu, choose Group Members.

7. At the ``Group Members'' screen, press <Ins> and then press <Ins> again to browse for the User object you want to add to the Group object.

8. When the User object you want to add appears in the Directory, select it and press <F10>.

9. When the selected User object appears in the ``Members'' screen, press <Enter>.

   To select (mark) multiple User objects, press <F5>.

10. Continue to press <Ins> and select User objects until you have added all the users you want as Group members.

11. To save the list of Group members, press <F10>.

12. To exit, press <Esc> until you return to the NetAdmin Options menu.

Giving group object rights to files and directories using NetWare Administrator

The following list describes the prerequisites:

• A 386 or later workstation and NetWare Administrator

• The Read object right to the Volume object

• Rights to the filesystem

1. From the Windows Program Manager or the OS/2 desktop, click on the ``NetWare Administrator'' icon.

2. Select the Group object you want to edit.

   For information on moving around in the browser and selecting objects, press <F1>.

3. From the Object menu, choose Details.

4. Select the Rights to File System button on the right side of the ``Object'' dialog box.

5. To choose a Volume, select ``Include''.

   A list of Volumes appears in the ``Select Object'' box. You can also browse the Directory for a Volume.

6. From the ``Volumes'' list, select the volume that contains the directory or file.

7. Choose Add.

8. Select the Volume that contains the directory or file you want to grant rights to.

9. From the ``Files and Directories'' dialog box, select the directory or file that you want to grant rights to.

   The default rights that make up this object's trustee assignment to the file or directory appear in the ``Rights'' area.

10. Select the check boxes next to the rights that you want to add.

    You must have the Access Control right to the file or directory to make trustee assignments to the file or directory.

11. Choose OK.

    The new trustee assignment is now effective for this object.

Giving a group object rights to files and directories using NETADMIN

The following list desribes the prerequisites:

• A workstation running DOS 3.30 and NETADMIN

• The Read object right to the Volume object

• Rights to the filesystem

1. At the DOS prompt, type

   NETADMIN
   

   For information on moving around in NETADMIN and selecting objects, press <F1> after starting the utility.

2. From the NetAdmin Options menu, choose Manage Objects.

3. Browse the Directory until the Group object appears on the screen.

   Use the instructions at the bottom of the screen to browse the directory. Press <F1> for help.

4. When the Group object appears in the ``Object'' list, select it and press <F10>.

   The Actions menu appears.

5. Choose View or Edit Rights to Files and Directories.

6. Select a Volume object where you want to make the Group object the trustee of a directory or file.

   Press <Ins> to type the Volume object name or press <Ins> twice to browse the Directory tree.

7. Press <Ins> to type a beginning pathname to the directories in which you want to make trustee assignments, or press <Ins> again to browse for the path.

8. Select ``Directories/Files'' and press <Enter>.

   Choose whether you want to view files, directories, or both when you are selecting one to give a trustee assignment to.

9. Select ``Trustee Search Depth'' and press <Enter>.

   Choose whether you want to view only the files or directories in the current directory, or to search subdirectories.

10. To list the trustee assignments, press <F10>.

    The ``Trustee Directory Assignments'' screen appears.

11. To select a directory or file in which the Group object should be added as a trustee, press <Ins>.

12. To accept the directory you specified earlier, press <Enter>; or, to browse for the file system directories, press <Ins>.

13. To add or delete the rights, select ``Trustee Directory, Rights'' and press <Enter>.

    The Trustee Rights Granted menu appears.

14. To view or add rights that are not yet granted, press <Ins>.

    Press <F1> if you need help.

15. To save the trustee assignments, press <F10>.

16. Continue selecting directories and files and granting rights until finished.

17. To exit, press <Esc> until you return to the NetAdmin Options menu.

Deleting members from a group object using NetWare Administrator

The following list describes the prerequisites:

• A 386 or later workstation and NetWare Administrator

• The Supervisor right to the Group object, or the Write or Supervisor right to the Members property of the Group object

• The Supervisor right to the Group object, or the Write or Supervisor right to the Security Equal To property of the User object

• The Supervisor or Write right to the ACL property of the Group and User objects

1. From the Windows Program Manager or the OS/2 desktop, click on the ``NetWare Administrator'' icon.

2. Select the Group object you want to edit.

   For information on moving around in the browser and selecting objects, press <F1>.

3. From the Object menu, choose Details.

4. Select the Members button at the right side of the ``Object'' dialog box.

   The list of User objects for this group appears.

5. From the ``Members'' dialog box, select the name you want to delete.

6. Choose Delete.

7. If you want to delete other names, continue selecting names and choosing Delete.

   You can delete several users at a time by holding down the button on the mouse, dragging the mouse arrow over the names, and choosing Delete.

8. When you have finished deleting members, choose OK to save your changes and return to the browser.

Deleting members from a group object using NETADMIN

The following list describes the prerequisites:

• A workstation running DOS 3.30 and NETADMIN

• The Supervisor right to the Group object, or the Write or Supervisor right to the Members property of the Group object

• The Supervisor right to the Group object, or the Write or Supervisor right to the Security Equal To property of the User object

• The Supervisor or Write right to the ACL property of the Group and User objects

1. At the DOS prompt, type

   NETADMIN
   

   For information on moving around in NETADMIN and selecting objects, press <F1> after starting the utility.

2. From the NetAdmin Options menu, choose Manage Objects.

3. Browse the Directory tree until the Group object appears on the screen.

   Use the instructions at the bottom of the screen to browse the directory. Press <F1> if you need help.

4. When the Group object appears in the ``Object'' list, select it and press <F10>.

   The Actions menu appears.

5. Choose View or Edit Properties of This Object.

6. From the View or Edit Groups menu, select Group members.

7. Select the User object you want to delete from the Group object and press Delete.

   To select multiple User objects, press <F5>.

8. To confirm the deletion, choose ``Yes''.

9. To exit, press <Esc> until you return to the NetAdmin Options menu.