DOCUMENT:Q114939 21-MAR-2002 [word97]
TITLE :WD97: Novell NetWare Network Privileges Required to Run Word
PRODUCT :Word 97 for Windows
PROD/VER::
OPER/SYS:
KEYWORDS:kbdta word8 word97kbfaq
======================================================================
-------------------------------------------------------------------------------
The information in this article applies to:
- Microsoft Word 97 for Windows
-------------------------------------------------------------------------------
SUMMARY
=======
This article lists which network privileges you need to perform specific Word
for Windows operations over a Novell network. The article includes the following
sections:
- Description of File System Directory and File Rights
- Novell Privileges Required to Only Read Documents
- Novell Privileges Required to Create or Modify Documents
- Symptoms of Missing Novell Privileges
- Why Novell Features File Scan as Well as Create Privileges
MORE INFORMATION
================
Description of File System Directory and File Rights
----------------------------------------------------
File system security is basically the same for both Novell NetWare 3.x and Novell
NetWare 4.x. A few new file attributes were added to Novell NetWare 4.x to
accommodate data migration and some file compression features.
Directory rights - control general access to a directory, its files, and its
subdirectories. When granted at the directory level, the rights apply to all the
files and subdirectories in that directory unless the rights are redefined at
the file or subdirectory level.
File rights - control access to specific files in a directory. They are used to
redefine the rights that users inherit from directory rights.
There are eight rights that can be granted at either the directory or file level.
The following is a list of Novell file system rights.
Novell NetWare Right Description
Supervisor Grants all rights to the directory, its files, and
subdirectories. The Supervisor file right can't
be blocked with an IRF (Inherited Rights Filter).
Users with this right can grant other users
rights to the directory, its files, and
subdirectories. Users who have this right can
also grant other users any rights to the file and
can change the file's Inherited Rights Filter.
Read Grants the right to open files in the directory and
read the contents or run the program.
Create Grants the right to create a file and to salvage a
file after it has been deleted.
Write Grants the right to open and write to an existing
file.
Erase Grants the right to erase (delete) the file.
Modify Grants the right to change the attributes and name
of the file, but does not grant the right to
change its contents.
File Scan Grants the right to see the file with the DIR or
NDIR directory command, including the directory
structure from that file to the root directory.
Access Control Grants the right to change the trustee assignments
and the Inherited Rights Filter of the file.
If you make a trustee assignment in a directory, the trustee has access to the
directory, its files, and its subdirectories (unless the rights are redefined at
the file or subdirectory level).
When you make a trustee directory assignment, the default rights (Read and File
Scan) allow a trustee to read the files in the directory and to see the
subdirectories and files in the directory. Any trustee assignment, whether for a
directory or a file, also includes the right to see the path leading from the
root to that directory or file. A new assignment of trustee rights at the file
level can revoke rights assigned at the directory level or allow additional
rights.
Novell Privileges Required to Only Read Documents
-------------------------------------------------
READ, FILE SCAN
Below is a list of directories where users need only Read and File Scan
privileges to run Word (they only need to be able to read from these
directories):
- Server location of Word program directory tree (Administrative installation)
- Server location of shared Microsoft applications (MSAPPS) directory tree
(Administrative installation)
- Windows program directory, if running shared Windows
- Any server directories where you store graphics or other source files for
links that you do not want users to be able to modify in Word.
NOTE: In addition, you need to apply Read-Only and Shareable Flags to all the
files in these locations. Usually, the Novell network administrator sets this
sequence of privileges and attributes after performing the server installation
of Windows or an application.
Novell Privileges Required to Create or Modify Documents
--------------------------------------------------------
READ, WRITE, FILE SCAN, CREATE, ERASE, MODIFY (all rights except ACCESS
CONTROL and SUPERVISOR)
IMPORTANT: These user rights apply to the directory that contains the files
you are working with. Novell NetWare also allows for assigning users file
level rights. Make sure the FILE SCAN right is also assigned at the file
level. This is especially important when users with Trustee rights are
working with documents within the same directory.
For example: If one user opens a document, Word creates a temporary file with
a name similar to "~wrd0000.tmp". When a different user with Trustee rights
opens a different document, their session of Word may also create a temporary
file with the same file name. This may occur when the Trustee does not have
the file level right of FILE SCAN assigned. When the FILE SCAN right is
missing, Word cannot "see" the other temporary files that may exist in the
directory.
NOTE: NetWare version 2.x also uses OPEN and uses DELETE and SEARCH instead of
ERASE and SEARCH, respectively.
The following is a list of directories where users need these privileges to run
Word:
- The workstation's Word program directory tree, if it is located on the
server.
- Temporary directory, if it is located on the server.
- Any server directories where the user stores documents.
- Any server directories where source files for links are located that the user
needs to modify (for example, Microsoft Excel worksheets or charts).
NOTE: The files in these locations usually have no Flags assigned, which means
the user has complete access to them.
Symptoms of Missing Novell Privileges
-------------------------------------
File Scan The user cannot see any files in the directory, so
the directory appears to be empty.
Erase The user cannot delete files, which frequently
results in a large number of temporary (.TMP) files.
Modify The user cannot rename files. When the user does not
have Modify privileges, Word cannot rename .TMP
files during a save operation. When Word saves, it
deletes the previously saved version of the document
and then renames the current .TMP file. Without
Modify rights, Word deletes the document and then
cannot rename the .TMP file, so an error occurs and
the document appears to be lost (you can copy the
.TMP file to a directory in which the user has
appropriate privileges and then rename it).
Why Novell Features File Scan as Well as Create Privileges
----------------------------------------------------------
If you have Create privileges but not File Scan privileges, you can create files
or copy them to a directory, but you cannot view the directory. This means that,
under Novell, you can create a "drop directory" where you can collect files
(such as reports or logs) from many users that cannot be read by those same
users.
If you have Create privileges but not File Scan privileges in a directory where
you want to create Word documents, a large number of .TMP files quickly
accumulate.
Additional query words: novell extra rights privilege permissions privileges permission mspress wrk install filescan word8 word97 setup exe
======================================================================
Keywords : kbdta word8 word97 kbfaq
Technology : kbWordSearch kbWord97 kbWord97Search kbZNotKeyword2
Version : :
=============================================================================
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.
Copyright Microsoft Corporation 2002.