Previous PageNext Page

Chapter 4 - Managing StreetTalk File Security

Overview of Managing StreetTalk for Windows NT File Security

Restrict access to the Windows NT Server Console
Configure Banyan security attributes and access rights

Restricting Access to the Server Console

Securing an NT Console

To Lock the Windows NT Console

1. From the Windows NT Server, press CTRL-ALT-DELETE. The Windows NT Security dialog box appears.

2. Select Lock Workstation. The console is locked.

Configuring Banyan Security for StreetTalk File Services

Object level - Specify attributes for files and directories. An attribute is a property of an object, and globally determines the access of all users to the object.
User level - Specify user access rights. User access rights affect the access of designated users only. Different user access rights apply to different users.

Specifying Security Attributes for Files and Directories

Table 4-1. File and Directory Attributes

       
Attribute Directory File Definition
Read Only No1 Yes Users can open the file for reading only
Hidden Yes2 Yes This attribute is set through special programming and is primarily used by programmers. The file name does not appear when a user issues DOS DIR command.
System No Yes Equivalent to the Hidden attribute. The file name does not appear when a user issues DOS DIR command. Often assigned to operating system files.
Archive Yes Yes Automatically set to indicate that a file or directory has been modified since the last backup. Set this attribute to select files or directories to back up.
Notes
Yes = Attribute applies
No = Attribute does not apply.


1
Although you can set the Read Only attribute for a directory, the file service does not enforce this attribute on directories.
2
Be careful when copying the Hidden attribute from a directory to all the subdirectories and files in the directory. You cannot easily undo this change. You must know the names of each subdirectory or file to turn off the Hidden attribute.

Windows NT Compressed Attribute

Determining the Status of an Attribute

Understanding the Relationship Between Attributes and ARLs

Note: Although SETATTR display Macintosh attributes for StreetTalk file services, these attributes have no meaning, because these services do not support Macintosh clients.

Modifying Attribute Settings

Note: To modify attribute settings, you must have Search, Read, and Write access to the parent directory of the object you want to modify. Membership on the Admin list is not necessary. Refer to "Specifying User Access Rights for Files and Directories" later in this chapter for information on specifying user access rights.

Managing Attributes Using StreetTalk Explorer

Note: You cannot use StreetTalk Explorer to modify attributes on a local disk.

To Edit Attributes Using StreetTalk Explorer

1. In StreetTalk Explorer, open the Directories property sheet for the file service. A file service icon, labeled with the letter of the currently mapped drive, appears in the left pane of the property sheet. The right pane displays files and directories that reside in the root directory.

Figure 4-1. Directories Property Sheet

2. Select the object to manage (double-click a folder to display its contents.)

3. Right-click the object, and select Properties from the Context menu to display the access control property sheets.

Figure 4-2. Access Control Property Sheets

4. Select the File Attributes tab. The File Attributes property sheet displays the attributes for the selected item.

Figure 4-3. File Attributes Property Sheet

5. Do one of the following for each attribute:

- Select a checkbox to set, or turn on, an attribute,

- Clear a checkbox to disable, or turn off, an attribute.

6. Do one of the following:

- Click OK. StreetTalk Explorer saves any changes and closes the access control property sheets.

- Click Apply. StreetTalk Explorer saves any changes. Proceed to another configuration task or click OK to finish.

To Copy Attributes Using StreetTalk Explorer

1. In StreetTalk Explorer, open the Directories property sheet for the file service. A file service icon, labeled with the letter of the currently mapped drive, appears in the left pane of the property sheet. The right pane displays files and directories that reside in the root directory.

Figure 4-4. Directories Property Sheet

2. Select the object with the attributes you want to copy, right-click, and select Copy, File Attributes from the Context menu.

Figure 4-5. Copying Attributes for a Directory

3. Select the object to which you want to copy the attributes, right-click, and and select one of the following from the Context menu:

- Paste, File Attributes - To copy the attributes to the active object.

- Paste Recursive, File Attributes - To copy the attributes to a directory and recursively to all objects it contains.

The attributes are copied immediately.

Note: Pasting attributes recursively to a directory may take some time if the target directory contains many subdirectories and files.

4. Click OK to finish.

Managing Attributes Using SETATTR from the Command Line

View the status of attributes
Modify the status of attributes

Viewing Attributes from the Command Line

Modifying Attributes from the Command Line

Syntax of SETATTR Command

SETATTR [+ or -attribute] [DOS pathname(s)] [/SHOW] [/HELP]

Table 4-2. Abbreviations for Attributes

Attribute Abbreviation
Read Only RO
Hidden HI
System SY
Archive AR

SETATTR +RO JANUARY.RPT

+RO E:\STATUS\JANUARY.RPT

SETATTR -RO FEBRUARY.RPT MARCH.RPT

E:\STATUS\FEBRUARY.RPT
E:\STATUS\MARCH.RPT

SETATTR JANUARY.RPT /S

+RO +AR E:\STATUS\FEBRUARY.RPT

SETATTR /H

Managing Attributes Using the SETATTR Menu

View the current status of the object's attributes
Change the path to display the attributes of another directory or file
Edit or modify the status of attributes for the object
Copy attributes from the object to another object

Note: You cannot copy file attributes to a directory.

To Display Attribute Status from the SETATTR Menu

1. From the command prompt, enter:

SETATTR pathname(s)

where pathname(s) is the complete DOS path name for each directory or file whose attributes you want to view, edit, or copy. If you enter the command from a workstation that supports long filenames, you can specify pathnames that include long filenames.

The Set Attributes menu appears and displays the attributes for the first object specified.

2. Press F10 to view attributes for the next object specified.

To View a New Object from the Set Attributes Menu

1. From the Set Attributes menu, select Change Path. You are prompted to enter the path to a new directory or file.

2. Do one of the following:

- Enter the relative pathname for an object on the current drive or the full pathname for an object on any drive. The Set Attributes menu displays the attributes for the specified object.

- Press F5. The Select Pathname screen appears. Use the left and right arrow keys to locate and select the desired object and press ENTER. The Set Attributes menu displays the attributes for the specified object.

To Modify Attributes Using the SETATTR Menu

1. From the Set Attributes menu, select EDIT attributes. The cursor moves to the lower part of the screen and an attribute becomes highlighted.

2. Use the arrow keys to move the cursor and select the attribute you want to modify.

3. Press ENTER. The status of the selected attribute changes.

4. Press F10 to save changes. The new status becomes effective immediately.

5. Select a new object, or press F10 to exit.

To Copy Attributes Using the SETATTR Menu

1. From the Set Attributes menu, select COPY attributes.

2. You are prompted to enter the path to the directories or files to which you want to copy the attributes for the current object.

3. Do one of the following:

- To copy the attributes to all the subdirectories and files in a directory, press F2.

- To copy the attributes to all the files in the current directory, enter the wildcard:

*.*

Wildcards may be used for groups of files also. For example, to copy the attribute to all .doc files, enter:

*.doc

- To select the destination name from a list, press F5. The Select Destination screen appears. Use the left and right arrow keys to locate and select the desired object and press ENTER.

Note: You can copy attributes of files to other files and directories. If you copy from a file to a directory, you receive a warning message if any of the file attributes that do not apply to the directory are ON.

Managing Attributes on a Local Disk

You cannot simultaneously set attributes on local and network file services.
For local files, you obtain information about the DOS attributes of the files only.

Specifying User Access Rights for Files and Directories

Note: StreetTalk File does not support NTFS user security. A Banyan user's access to a StreetTalk file service depends on the Banyan access rights specified; not on the NTFS privileges for those users. By default, StreetTalk File, running as a service under the Windows NT SYSTEM account, has access to all files and directories on the server.

ARL Identifiers

Name - A StreetTalk name or template specifying who can use a directory or file.

Set of access rights - Descriptors specifying the type of access named users have to a directory or file. These rights are discussed in detail later in this chapter.

User access to all subdirectories and files
ARLs inherited by new subdirectories and files

Attributes and Access Rights

Setting File Service Access Rights

The ARL option for the file service
The Banyan Access Rights Lists (ARL) for files and directories

Setting the ARL Option

Single ARL - Puts a single ARL in effect for the entire file service. Under this setting, the ARL you create for the root directory applies to all files and directories in the file service. This is the recommended setting for file services mapped to a CD-ROM or other removeable disk.

Directory-Level - Allows a unique ARL for each directory within a file service. By default, a file service uses this setting, and all directories in the service inherit their ARLs from the root directory.

File-Level - Allows a unique ARL for each file and directory within a file service.

Modifying the ARLs

The StreetTalk user or group of users to whom the ARL applies
The access rights to associate with that user or group of users

Specifying Names in an ARL

Primary List - Automatically created for the ARL of every object
Extended List - Optional list for specifying additional names

Using Wildcards in the Name of an Identifier

Item (for example, *@group@organization)
Item@Group (for example *@*@organization)

Default ARL Settings

Modifying Default ARL Settings

Changing the name of the Owner identifier for each user's directory to the StreetTalk name of that user
Adding names for identifiers to the Extended List for their directory ARL, and assigning them the appropriate access rights

The ARL Primary List

Owner
Group
World

ARL Owner Identifier

Table 4-3. Default Names for Owner Identifier in Primary ARL

Type of Object Default Name
New File Service (root directory) Creator of the service
VINES Files Service VINES Files@servername@servers
New Subdirectory User who creates the directory
New File Determined by ARL for New Files for the directory

The Owner identifier for the file service contains your StreetTalk name
You are a member of the AdminList of the group in which the file service is created
The Group identifier contains the StreetTalk name of your group, and Control access is selected for that identifier
The Extended List includes an identifier with your StreetTalk name or the StreetTalk name of your group, and Control access is selected for that identifier

Note: In some cases, a user may be denied Control access even though such access is specified by an ARL entry. If a StreetTalk name is associated with multiple entries in the ARL, StreetTalk File provides the access rights of only one of those entries. For more information about how multiple ARL entries for a user affect access rights, refer to "Determining Access Rights for Users Listed in Multiple ARL Entries" later in this chapter.

Note: A StreetTalk user who is listed as the Owner of a file service in effect owns the ARLs for that service. However, owning the ARLs in a file service is not the same as having the rights configure that file service. To configure a StreetTalk file service (by editing its property sheets in StreetTalk Explorer), you must be a member of both the following AdminLists:

The AdminList for the group in which the file service is created
The AdminList of the server on which the file service is located.

Refer to "Modifying the Properties of a StreetTalk File Service" in Chapter 3 for more information about managing StreetTalk file services.

ARL Group Identifier

ARL World Identifier

The ARL Extended List

Maximum - A mandatory identifier that represents the Maximum Rights mask, specifying the maximum rights allowed to any other identifier on the Extended List. You can edit the rights for this identifier, but not the name.
Extended1 through Extended5 - Five optional identifiers for which you can specify both access rights and the name of a StreetTalk user, list, group, or template.

Maximum Rights Mask

Specifying Type of Access Permitted

Table 4-4. Access Rights for Directories

Type of Access Abbreviation in SETARL Description
Control C Lets a user change access rights for the directory, and edit names of the Owner and Group identifiers. Control access cannot be taken away from the Owner.
Search S Lets a user search for all files and directories contained in the directory. Also gives users access to the attributes of the directory and the files and subdirectories it contains. You must have Search access for a directory to open files in that directory.
Read R Lets a user view the names of all files and directories contained in the directory.
Write W Lets a user create and change the attributes, and create and rename files and subdirectories within this directory. A user who does not also have Search access can copy files to the directory, but not access those files.
Delete D Lets a user delete subdirectories and files from the directory.

Table 4-5. Access Rights for Files

Type of Access Abbreviation in SETARL Description
Control C Lets a user change access rights for the file, and edit the names of the Owner and Group identifiers. Having Control access does not automatically grant the user any other access rights over the file.
Execute E If the file is an executable program, allows users to run the program.
Read R Lets a user open the file for reading only. Typically, assign Read access if you want to share information with other users but prevent them from modifying the files.
Write W Lets a user write to the file.

Determining Access Rights for Users Specified in Multiple ARL Identifiers

Note: Users who are members of the AdminList for the group in which a file service is created always have Control access in addition to the rights specified by the ARL entries.

Note: The StreetTalk file service displays and uses access rights for the VINES file system view. Other file system views are not supported for StreetTalk File.

Table 4-6. Summary of Rules for Matching StreetTalk Names to ARL Identifiers

Search Criteria Identifiers Searched
1. Explicitly match a users's StreetTalk name 1. Owner
2. Extended List
2. Match a user's StreetTalk group
(*@Group@Organization)
1. Group identifier on the Primary List
2. Groups or StreetTalk lists in the Extended List
3. Match for user's StreetTalk organization
(*@*@Organization)
Organizations or StreetTalk lists in the Extended List
4. All users
(*@*@*)
World identifier on the Primary List

For Directories: Search, Read, Write
For New Files: Execute and Read

For Directories: Control, Search, Read, Write, and Delete
For New Files: Control, Execute, Read, and Write

Note: The rights for identifiers on the Extended List depend on the Maximum Rights mask. You cannot give more rights to an entry than the Maximum Rights mask allows.

Inheritance Rules

New subdirectories inherit both the directory and new file ARLs of the parent directory.
New files inherit access rights according to the parent directory's new file ARL.
When a new file or directory is created, the names and access rights in both the Primary and Extended Lists are copied to the ARL of the new file or directory.
New files are protected by the new file ARL of the parent folder. Depending on how the ARL is set up, the new file ARL may differ from the ARL of the parent folder.
New folders inherit the exact same ARL that has been assigned to the parent folder. The Owner and Group are the same, no matter who creates the new folder.

Note: File system views do not apply to StreetTalk file services. The Macintosh view of the SETARL menu is not supported for StreetTalk for Windows NT.

Copying ARLs

Make the ARLs for an object match those of another
Give all files in a directory the same ARLs

Note: You cannot copy a file ARL to a directory ARL.

 From To
 File ARL File ARL
 Directory ARL  Directory ARL
 Directory ARL  File ARL (copies the New File ARL of the directory to the file)

Preserving ARLs When Copying Files

Using Banyan Management Tools to View and Change ARLs

Managing ARLs using StreetTalk Explorer
Managing ARLs using SETARL
Managing ARLs using the Banyan Client for Windows 95/98

Managing ARLs Using StreetTalk Explorer

View the ARL Primary List and Extended List
Specify the name of an ARL identifier
Edit access rights for an identifier
Copy and paste ARLs from one object to another
Test user access to an object

Viewing the ARL Primary List and Extended List

To Select the List Type

1. In StreetTalk Explorer, open the Directories property sheet for the file service. A file service icon, labeled with the letter of the currently mapped drive, appears in the left pane of the property sheet. The right pane displays files and directories that reside in the root directory.

Figure 4-6. Directories Property Sheet

2. Select the object to manage (double-click a folder to display its contents.)

3. Right-click the object, and select Properties from the Context menu to display the Access Rights List property sheet.

Figure 4-7. Access Control Property Sheets

4. Display the appropriate list by selecting one of the following radio buttons in the List type section:

- Primary list

- Extended list

5. Edit the ARL or click OK to finish.

Specifying Names for an ARL Identifier Using StreetTalk Explorer

To Add or Edit the Name of an Identifier

Specifying the Access Rights for an ARL Identifier

To Edit Access Rights for an Identifier

1. In StreetTalk Explorer, open the Directories property sheet for the file service. A file service icon, labeled with the letter of the currently mapped drive, appears in the left pane of the property sheet. The right pane displays files and directories that reside in the root directory.

Figure 4-11. Directories Property Sheet

2. Select the object to manage (double-click a folder to display its contents).

3. Right-click the object, and select Properties from the Context menu to display the Access Rights List property sheet.

Figure 4-12. Access Control Property Sheets

4. In the List type section, select the radio button for the type of list you want to view.

5. Select the identifier for which you want to specify access rights. The current rights for that identifier appear. For directories, two sets of rights display: New file and Directory. For files, only File rights display.

Copying ARLs Using StreetTalk Explorer

To Copy and Paste ARLs Using StreetTalk Explorer

1. In StreetTalk Explorer, open the Directories property sheet for the file service. A file service icon, labeled with the letter of the currently mapped drive, appears in the left pane of the property sheet. The right pane displays files and directories that reside in the root directory.

Figure 4-13. Directories Property Sheet

2. Select the object with the ARLs you want to copy, right-click, and select Copy, ARL from the Context menu.

Figure 4-14. Copying ARLs for a Directory

3. Select the object where you want to copy the ARL to, right-click, and and select one of the following from the Context menu:

- Paste, ARL - To copy the ARL to the active object.

- Paste Recursive, ARL - To copy the ARL to a directory and recursively to all objects it contains.

Note: You cannot copy a file ARL to a directory ARL.

The ARLs are copied immediately. Pasting an ARL recursively to a directory may take some time if the target directory contains many subdirectories and files.

4. Click OK to finish.

Setting a Consistent File ARL Using StreetTalk Explorer

Testing a User's Access to a File or Directory Using StreetTalk Explorer

Note: StreetTalk Explorer indicates Control access for an object only if such access is specifically permitted by the controlling identifier. Members of the AdminList always retain Control access, even if the access test does not indicate that the user has this right.

For more information about how StreetTalk File determines access to an object for users to whom multiple identifiers apply, refer to "Determining Access Rights for Users Specified in Multiple ARL Identifiers" earlier in this chapter.

To Test a User's Access Using StreetTalk Explorer

1. In StreetTalk Explorer, open the Directories property sheet for the file service. A file service icon, labeled with the letter of the currently mapped drive, appears in the left pane of the property sheet. The right pane displays files and directories that reside in the root directory.

Figure 4-15. Directories Property Sheet

2. Select the object to manage. (Double-click a folder to display its contents.)

3. Right-click the object, and select Properties from the Context menu to display the access control property sheets.

Figure 4-16. Control Access Property Sheets

4. Select the Test User Access property sheet.

5. Enter the StreetTalk name or nickname of the user to test, or click Browse to select a user from the StreetTalk database.

6. Click Test. The Status window displays the ARL identifier that governs the user's access. The access rights specified for the applicable identifier appear below the Status window.

Figure 4-17. Results of a User Access Test

Managing ARLs Using SETARL

Modify the Name of an ARL identifier
Modify access privileges for an ARL identifier
View ARLs for other directories and files
Copy ARLs from one object to another
Test user access to an object

Preparing to Use SETARL

Verify that the ARL displayed is the one you want. Check the Volume and Path fields for the name of the file service and the correct name of the file or directory.
Verify that the Current View field on the left side of the screen indicates that you are viewing the VINES view. StreetTalk File does not support the Macintosh view.

Table 4-7. Summary of SETARL Editing Keys

Key Function
F2 Allows you to choose StreetTalk names from a list when modifying an entry. You can select one name at a time.
F4 Previews the effects of edits on another file system view of the access rights. File system views do not apply to StreetTalk File.
F6 Moves an entry in the Extended List down one line.
F8 Tests the ARL you are editing against a StreetTalk name. Only the view you are editing is tested. To test against all views, exit Edit mode and select the Test Access command.
F10 Saves edits and exit to the Set Access Rights menu.
TAB Moves cursor from left to right among the three columns (the list of names and the two columns of access rights).
ENTER Moves the cursor from the end of one line to the beginning of the next (within the column, list of names or set of access rights).
SPACE Moves the cursor from one access right to the next, without changing the setting.
Arrow keys Move the cursor up or down one line, or left or right one space. Within the access rights columns, move the cursor from one access right to the next without changing the setting.
ESC Exits the Edit screen without saving changes.

To Modify the Name of an ARL Identifier

1. At the command prompt, enter:

SETARL pathname

where pathname is the complete DOS pathname of the directory or file for which you want to manage ARL. If you omit the pathname, the path defaults to the current directory.

The Set Access Rights menu appears.

2. Select EDIT. The Edit ARL screen appears and the cursor moves to the Owner entry.

3. Use the arrow keys to position the cursor at the entry to edit, and do the following:

- To edit the StreetTalk name of the Owner entry, enter a three-part StreetTalk name, or press F2 to select a user name. Press F10 to insert the name of the selected user.

- To edit the StreetTalk name of the Group entry, enter a StreetTalk name in the format *@Group@Organization, or enter anygroup to allow the same level of access to all groups on the network.

- To edit an entry on the Extended List, press PAGEDOWN to view the Extended List, and enter a three-part StreetTalk name, or press F2 to select a user name. For more information about how to use the Extended List, refer to "The ARL Extended List" earlier in this chapter.

4. Do one of the following:

- Press F10 to save changes to the entries and exit to the Set Access Rights menu.

or

- Continue your editing by modifying access rights as described in "To Modify the Access Rights for an Identifier," which follows.

To Modify the Access Rights for an Identifier

1. From the Edit ARL screen, position the cursor at the appropriate entry, and press TAB to move the cursor to the first access right field.

2. To set the access rights, for that entry, do the following:

- To grant an access right, type a plus sign (+ ).

- To deny an access right, type a minus sign (- ).

After you type a plus or minus sign, the cursor automatically moves to the field for the next access right.

3. Press F10 to save your changes.

To Copy an ARL to Another Destination Using SETARL

1. At the command prompt, enter:

SETARL pathname

where pathname is the complete DOS pathname of the directory or file from which you want to copy an ARL. If you omit the pathname, the path defaults to the current directory.

The Set Access Rights menu appears.

2. Select Copy ARL to Target. You are prompted to enter the directory or file to which you want to copy the current ARL.

3. Do one of the following:

- Enter a path name to another directory or file. Go to step 5.

or

- Press F5 to select a path name from a directory listing. The Select Destination screen appears. Continue with step 4.

4. Do one of the following:

- Use the arrow keys to highlight the directory or file to which you want to copy the ARL, and press ENTER to select it. You can select more than one destination directory or file. An asterisk appears next to the path name. Pressing ENTER a second time deselects a destination directory or file.

- Press F2 to select all subdirectories and files in a directory.

Note: If you are copying ARLs from a file, directory names do not appear among the list of destinations to which you can copy the ARL. You cannot copy file ARLs to a directory.

5. Press F10 to begin copying the ARLs. Each of the selected files and directories are displayed as the ARL is copied. After the ARLs have been copied, The Set Access Rights menu appears and displays the number of ARLs copied.

To Change the ARL of all Files in a Directory

1. Edit the New File ARL of the directory

2. Copy it to all files in the directory.

Copying ARLs from Other Sources With SETARL

To Copy the ARL of Another Directory or File Using SETARL

1. At the command prompt, enter:

SETARL pathname

where pathname is the complete DOS path name of the directory or file from which you want to copy an ARL. If you omit the pathname, the path defaults to the current directory.

The Set Access Rights menu appears.

2. Select Copy ARL from source. You are prompted to enter the directory or file from which you want to copy the ARL.

3. Do one of the following:

- Enter a path name to another directory or file. Go to step 5.

or

- Press F5 to select a path name from a directory listing. The Select Destination screen appears. Continue with step 4.

4. Use the arrow keys to highlight the directory or file from which you want to copy the ARL, and press ENTER to select it.

5. The ARL is copied to the current file or directory. The Set Access Rights menu appears and reports that the ARL was copied.

Note: If you are copying ARLs to a directory, file names do not appear as sources from which you can copy ARLs. You cannot copy file ARLs to a directory.

Changing the Current Path to View a Different ARL

To View the ARLs of a Different File or Directory

1. From the Set Access Rights menu, select Change Path. You are prompted to enter the path to another file or directory.

2. Do one of the following:

- Enter a pathname. Go to step 4.

or

- Press F5 to select a file or directory from a directory listing. The Select Path screen appears. Continue with step 3.

3. Use the arrow keys to highlight the directory or file to which you want to copy the ARL, and press ENTER.

4. The Set Access Rights menu appears, displaying the ARL of the directory or file you selected.

Testing a User's Access to a File or Directory Using SETARL

Note: SETARL indicates Control access for an object only if such access is specifically permitted by the controlling identifier. Members of the AdminList always retain Control access, even if the access test does not indicate that the user has this right.

To Test a User's Access Rights Using SETARL

1. From the Set Access Rights menu, select Test Access. The Test Access menu appears.

2. Do one of the following:

- Enter the StreetTalk name of the user to test. If you enter an invalid StreetTalk name, you are prompted to try again.

or

- Press F2 to select a name from a list. Press F10 to test rights for the selected user.

The access rights permitted to the specified user appear, along with the applicable ARL entry that determines those access rights.

Note: The Access Rights Lists for Macintosh and UNIX rights do not apply to StreetTalk File.

3. If you are testing the ARL of a directory, press F4 to toggle between the ARL of the directory and the ARL for new files in the directory.

4. Press ESC to exit the Test Access menu.

To Test a User's Access from the Edit ARL Screen

1. From the Edit ARL screen, press F8.

2. When prompted, enter a StreetTalk name, or press F2 to select a name. Press F10 to test rights for the selected user.

The access rights permitted to the specified user appear, along with the applicable ARL entry that determines those access rights.

3. Press ESC to clear the test results from the screen, or continue editing with the results displayed. The test results change as you edit the applicable entry of the user tested.

Managing ARLs Using the Banyan Client for Windows

To Edit ARLs from the Windows 95/98 Explorer

1. Double-click the Network Neighborhood or My Computer icon, and locate the file or directory for which you want to set access rights.

2. Right-click the file or directory, and select Properties from the Context menu. The property sheets for the item appear and display the following tabs:

- Primary ARL

- Extended ARL

- Primary ARL New Files

- Extended ARL New Files

3. Click the tab for the type of ARL you want to set.

4. Edit the entries and access rights for the ARLs, as follows:

- Enter a StreetTalk name for the Owner, Group, or Extended List entry.

- Select the appropriate checkbox to provide access rights for the entry.

5. Do one of the following:

- Click Apply to save changes and continue editing ARLs.

- Click OK to finish and save changes.

Optimizing Access Rights Lists

Preventing ARL Performance Problems

Location of ARL Data on the Windows NT Server

Daily ARL Cleanup

Generating an ARL Report

To Generate an ARL Report

Example: Running DumpARL for Two StreetTalk File Services

You must run DumpARL from the directory containing your StreetTalk File software.

Reading the DumpARL Report

Table 4-8. Comparing ARLs for File Services with Different Offset Numbers

 

Offset 1
File Service 1
C:\directory1

Offset 2
File Service 2
C:\directory2
 

Directory ARLs

ARLs for New Files

Directory ARLs

ARLs for New Files

Owner

CSRWD

CERW

CSRWD

CERW

Group

-SR--

-ER-

-SR--

-ERW

World

-SR--

-ER-

-SR--

-ER-

Extended

CSRWD

CERW

CSRWD

CERW

Previous PageTop Of PageNext Page