Examples Of Effective Permissions - HP BB118BV - StorageWorks Data Protector Express Package User's Manual & Technical Reference

Figure 161 Examples of effective permissions
Example 8. The Data Protector Express administrator has direct permissions to the
System Container
The System container is the object at the very top of the catalog hierarchy. That determines his or her
effective permissions to this object. Because it is a container, the objects below it in the catalog all have
inherited permissions because the object directly above them has effective permissions.
So, for example, the Data Protector Express administrator has effective permissions to the Home Folder
because it inherits its permissions from the object that contains it, the System Container. Thus, the Data
Protector Express administrator has effective permissions to all of the objects in the catalog.
Example 9. A user (called User 1) has direct permissions to his User/Group folder,
named My Folder.
As a result, by inherited permission, this user has effective permissions to the objects stored in this folder,
including any jobs, media or job folders stored in this folder. This user does not, however, have effective
permissions to the Home Folder or to the System Container, these objects are above his User/Group
folder and thus do not inherit permissions.
Example 10. A second user (called User 2) has direct permissions to a Machine
In this case a file or application server with an attached backup drive and several associated disk drives.
The direct permissions to the file or application server mean that this second user also has effective
permissions (by inheritance) to the backup drive. So, for example, this user might be given read and write
permissions to the file or application server and thus to the backup drive.
However, he is prevented from having permissions to the volumes on the file or application server. He
is listed on the Permissions page of the volume and these direct permissions are used to deny him
access to the volume. In this example, he is granted Read permission by checking that box, but denied
Write permissions by clearing the appropriate box.
Thus even though this user has effective permissions to the container that contains the volume, his effective
permissions to the volume are determined only by his direct permissions to the volume. Because he has
direct permissions, Data Protector Express does not check to see if he has inherited permissions.
Example 1 1. The following example shows that inherited permissions are not checked
when there are direct permissions
In this case the user is a member of the Marketing group, which has five direct permissions to the
Marketing Folder; Create, Modify, Delete, Write, and Read permissions. This user also has direct
permissions to the Marketing Media Folder, but only Write permission.
This user has five effective permissions to objects contained in the Marketing Folder, but not to the
Marketing Media Folder, where he has only one (Write permission). Data Protector Express does
not look to see if this user has effective permissions to the container that contains the Marketing
Media Folder because this user has direct permissions to that object. Thus even though other members
of the Marketing group have effective permissions to the Marketing Media Folder through inherited
permissions, this user will not. This user will have only Write permissions to this folder.
Example 12. The following example shows how equivalencies and group membership
work together to determine effective permissions.
Suppose that User 1 is a member of the Marketing group and that he is made equivalent to User 2.
What permissions will the user have?
User 1 has permissions to all of the User/Group folders, except the Admin Folder. For example, he has
permissions to User 2's Folder because he is equivalent to User 2.
NOTE:
This equivalency does not give User 2 permission to User 1's Folder.
User 1 also has the same permissions to the Machine and Tape Drive that User 2 has. However, User
1's permissions to the Volume are different from those of User 2. User 1 has direct permission to the
267
User's Guide and Technical Reference