Staff Novell Tree

This document describes the basic structure of the Monash University Staff Novell NDS tree and how management rights are granted to faculty and department staff. If you are in doubt as to whether some operation is consistent with policy please contact the ITS Service Desk. Material here is covered in the in-house training.

The staff Novell NetWare tree is named STAFF-AU and can be browsed directly by most logged in users by running ConsoleOne. ConsoleOne can be accessed via NAL or through the Y: drive mapping (Y:\mgmt\ConsoleOne\1.2\bin\ConsoleOne.exe). It is a large application (100Mb) and uses Java. Best performance can be obtained by copying the whole folder structure of the mgmt folder to your local C: drive. This can take 10 minutes. The suggested target location is C:\NOVELL\ConsoleOne.

Some functions require the NICI software is installed. This software can be found and loaded from the NAL menu. Errors will be reported by ConsoleOne if this is not done.

Top Level of the NDS Tree

The Monash University NDS Staff Tree does not represent the hierarchy of the management of the University; rather alogical division of Novell Network resources as used by the registered users and the division of rights for the management of those resources. The top level of the tree is the organization level, represented by (.o=Monash). The faculties of the University are represented at this level using abbreviations that correspond to well known mail domain names. Major service units of the University, such as Administration, Information Technology Services and Library are represented in the same manner. Each has a separate container called an Organizational Unit or OU and represented by . In addition there are containers for CDROMS, Software distribution and Network Administration. These can be seen on the left here in a screen grab from ConsoleOne. This structure allows us to create new faculties or incorporate any independent NDS trees created in a non-standard manner as first level OUs (Organizational Units).

Faculty or Division Level

The OU representing a faculty or division is further divided into resource and department containers. The standard resource containers are;

1. Application - Application objects, folders, groups and manager
2. Printer - Printer objects, operator groups and manager
3. Storage - Storage objects, Directory maps, guest groups and manager
4. Workstation - Workstation objects, Workstation groups, policies and manager

The remainder of the containers represent the major grouping of the users within the faculty. The various departments that exist within each faculty or division can be represented by either Novell groups at the OU of the faculty / division or further sub OU breakdowns based on departmental groups. This allows each department to be managed separately. Each container of staff accounts has groups, user policies, user templates, profiles and a manager.

Manager Accounts and Manager Organizational Roles

The faculty "Manager" Organizational Role is given Supervisory rights to every user and group object in the subordinate containers. This occurs at account creation time. Giving the "S" or supervisor right allows accounts that are "occupants" of the manager role to change user passwords, make and break their group memberships.

No account or role is given "S" rights to the faculty container.

Since no rights have been given to manipulate the faculty "Manager" role object itself, only authorized Information Technology Services staff can add or remove occupants of that role. Any occupant of the role will have supervisory rights to all subordinate users. This may not suit all departments within the faculty.

MGR accounts are created in the netadmin.resource.monash container for the normal occupants of the "Manager" role. These accounts are created by EWS after approval from the relevant faculty or division. If there is no one suitably qualified or with sufficient time to occupy this role, management at this level can be left to Information Technology Services.

Having the "S" object right obliges the role occupants to certain responsibilities. See http://www.its.monash.edu.au/staff/systems/novell/technical/novellmgr for further information.

Department Level

At this level we find the User objects, roles and groups and the Novell resources they normally use such as profiles and directory maps.

The rights for managers to this level means that most actions can be carried out using the CRUX system and thus keeping accounts belonging to the user across all Information Technology Services systems co-ordinated.

If the MGR account holders are Novell qualified or recognized as having suitable training there is one further set of rights possible to aid them in the administration of Novell resources. The "C" or create right for the container can be given to the manager role of the container. This is primarily for setting up roles, drive maps and profiles.

As with the right described above there are additional responsibilities and obligations;

1. Do not create user or group objects (Other occupants of the same manager role are not granted "S" rights to object you create and CRUX cannot manage those accounts and groups as they may conflict with account uniqueness elsewhere on the tree)
2. Do not create child "Organization Units" (Novell design rules prefer wide rather than deep NDS tree and we would much rather you talked with us about it first)
3. Do not add fileservers (There are detailed procedures for this which require discussion with EWS as well as access to the licences)

To obtain the "C" right to a portion of the NDS tree requires written authorization from your department along with a signed agreement to abide by the above restrictions.

Requesting NDS Managerial Rights

Manager accounts for a technical staff member must be requested by that persons supervisor in the form of a request to the ITS Service Desk. When the management account is created, the person will be contacted by telephone. Make sure that the request contains the CRUX account name of the staff member and their contact telephone number.