Article ID: 244710 - Last Review: January 25, 2007 - Revision: 4.0

List of the privileges that are required in a Novell NetWare network to run Word

View products that this article applies to.
This article was previously published under Q244710

On This Page

Expand all | Collapse all

SUMMARY

This article lists the network privileges you have to have to perform specific Microsoft Word operations over a Novell network. The article includes the following sections:
  • Description of File System Directory and File Privileges
  • Novell Privileges that are Required to Only Read Documents
  • Novell Privileges that are Required to Create or to Modify Documents
  • Symptoms of Missing Novell Privileges
  • Why Novell Features File Scan as Well as Create Privileges
Back to the top

MORE INFORMATION

Description of File System Directory and File Privileges

File system security is basically the same for both Novell NetWare 3.x and Novell NetWare 4.x. A few new file attributes were added to Novell NetWare 4.x to accommodate data migration and some file compression features.

Directory privileges control general access to a directory, its files, and its subdirectories. When granted at the directory level, the privileges apply to all the files and subdirectories in that directory unless the privileges are redefined at the file or subdirectory level.

File privileges control access to specific files in a directory. They are used to redefine the privileges that users inherit from directory privileges.

There are eight privileges that can be granted at either the directory or the file level. The following is a list of Novell file system privileges.
Collapse this tableExpand this table
Novell NetWare PrivilegeDescription
SupervisorGrants all rights to the directory, its files, and subdirectories. The Supervisor file right can't be blocked with an IRF (Inherited Rights Filter). Users with this right can grant other users rights to the directory, its files, and subdirectories. Users who have this right can also grant other users any rights to the file and can change the file's Inherited Rights Filter.
ReadGrants the right to open files in the directory and read the contents or run the program.
CreateGrants the right to create a file and to salvage a file after it has been deleted.
WriteGrants the right to open and write to an existing file.
EraseGrants the right to erase (delete) the file.
ModifyGrants the right to change the attributes and name of the file, but does not grant the right to change its contents.
File ScanGrants the right to see the file with the DIR or NDIR directory command, including the directory structure from that file to the root directory.
Access ControlGrants the right to change the trustee assignments and the Inherited Rights Filter of the file.
If you make a trustee assignment in a directory, the trustee has access to the directory, its files, and its subdirectories (unless the privileges are redefined at the file or subdirectory level).

When you make a trustee directory assignment, the default privileges (Read and File Scan) allow a trustee to read the files in the directory and to see the subdirectories and files in the directory. Any trustee assignment, whether for a directory or a file, also includes the privilege to see the path leading from the root to that directory or file. A new assignment of trustee privileges at the file level can revoke privileges assigned at the directory level or allow additional privileges.
Back to the top

Novell Privileges that are Required to Only Read Documents

READ, FILE SCAN
Below is a list of directories where users need only Read and File Scan privileges to run Word (they only need to be able to read from these directories):
  • Server location of Word program directory tree (Administrative installation)
  • Server location of shared Microsoft applications (MSAPPS) directory tree (Administrative installation)
  • Windows program directory, if running shared Windows
  • Any server directories where you store graphics or other source files for links that you do not want users to be able to modify in Word.
Note In addition, you need to apply Read-Only and Shareable Flags to all the files in these locations. Usually, the Novell network administrator sets this sequence of privileges and attributes after performing the server installation of Windows or an application.
Back to the top

Novell Privileges that are Required to Create or Modify Documents

READ, WRITE, FILE SCAN, CREATE, ERASE, MODIFY (all rights except ACCESS CONTROL and SUPERVISOR)
Important These user rights apply to the directory that contains the files you are working with. Novell NetWare also allows for assigning users file level rights. Make sure the FILE SCAN right is also assigned at the file level. This is especially important when users with Trustee rights are working with documents within the same directory.

For example: If one user opens a document, Word creates a temporary file with a name similar to "~wrd0000.tmp". When a different user with Trustee rights opens a different document, their session of Word may also create a temporary file with the same file name. This may occur when the Trustee does not have the file level right of FILE SCAN assigned. When the FILE SCAN right is missing, Word cannot "see" the other temporary files that may exist in the directory.
Note NetWare version 2.x also uses OPEN and uses DELETE and SEARCH instead of ERASE and SEARCH, respectively.
The following is a list of directories where users need these privileges to run Word:
  • The workstation's Word program directory tree, if it is located on the server.
  • Temporary directory, if it is located on the server.
  • Any server directories where the user stores documents.
  • Any server directories where source files for links are located that the user needs to modify (for example, Microsoft Excel worksheets or charts).
Note: The files in these locations usually have no Flags assigned, which means the user has complete access to them.
Back to the top

Symptoms of Missing Novell Privileges

Collapse this tableExpand this table
Novell NetWare PrivilegeDescription
File ScanThe user cannot see any files in the directory, so the directory appears to be empty.
EraseThe user cannot delete files, which frequently results in a large number of temporary (.tmp) files.
ModifyThe user cannot rename files. When the user does not have Modify privileges, Word cannot rename .tmp files during a save operation. When Word saves, it deletes the previously saved version of the document and then renames the current .tmp file. Without Modify rights, Word deletes the document and then cannot rename the .tmp file, so an error occurs and the document appears to be lost. (You can copy the .tmp file to a directory in which the user has appropriate privileges and then rename it.)
Back to the top

Why Novell Features File Scan as Well as Create Privileges

If you have Create privileges but not File Scan privileges, you can create files or copy them to a directory, but you cannot view the directory. This means that, under Novell, you can create a "drop directory" where you can collect files (such as reports or logs) from many users that cannot be read by those same users.

If you have Create privileges but not File Scan privileges in a directory where you want to create Word documents, a large number of .tmp files quickly accumulate.
Back to the top
APPLIES TO
  • Microsoft Office Word 2007
  • Microsoft Office Word 2003
  • Microsoft Word 2002 Standard Edition
  • Microsoft Word 2000 Standard Edition
Back to the top
Keywords: 
kbexpertisebeginner kbsavefile kbopenfile kbsecurity kbnetwork kbinfo KB244710
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers