Property rights

Object rights do not allow trustees to see the information stored in the object's properties. Property rights are required to read the information in an object's properties. Property rights control access to each property of an object.

For example, if you include a private telephone number as a property for a User object, you can use property rights to prevent others from seeing that telephone number. At the same time, you can use property rights to allow other properties, such as Address or Fax Number, to be viewed.

The following list describes property rights that you can assign to a trustee:

Supervisor

Gives all rights to the property. You can block the Supervisor property right with an Inherited Rights Filter.

Compare

Allows the trustee to compare any value with an existing value of the property. The comparison can return True or False, but cannot give the value of the property.

Read

Allows the trustee to read the values of the property. This right includes the Compare right; that is, if the Read right is given, Compare operations are allowed also.

Write

Allows the trustee to add, change, or remove any values of the property. The Write right implies the Add or Delete Self right.

Giving the Write right to the ACL property is the same as giving the Supervisor right to the object.

Add or Delete Self

Allows the trustee to add or remove itself as a value of the property, but not to change any other values of the property. This right is only used for properties where a User object can be listed as a value, such as group membership lists or mailing lists. The Write right includes the Add or Delete Self right.