Definitions
The terms explicit and inherit are commonly used when referring to access privileges with AppleShare File Servers. Here are definitions for explicit and inherit access privileges:
Explicit: Retain access privileges regardless of the enclosing folder's privileges.
Inherit: Always change to reflect access privileges of the enclosing folder.
The default on an AppleShare File Server is explicit access privileges. The default on Personal File Sharing is explicit access privileges.
"Default" Folder Privileges
On an AppleShare File server, each folder can have its own privileges assigned to it. When the administrator is setting up the server for the first time, all privileges default to the administrator as the owner, and no one else has privileges. But once the server is set up, and users start creating folders on the server, by default, any new folder will start off with the privileges of its parent--its enclosing folder-- except for the "Owner", which will always be the user who created the folder.
Under normal circumstances, when a folder is moved around on the server, to another enclosing folder, the privileges stay with it. They are "explicit".
There may be times when you want a folder to always adopt the privileges of its parent folder, even as it is moved around on the server. This type of privilege is called "inherited" or "adopted."
Choosing Between Inherited & Explicit Privileges
An advantage to explicit privileges is that they are more secure. It is less likely that access to a folder will be accidentally allowed, because the folder was moved on a server. Explicit privileges would be preferred for confidential information.
One advantage to using inherited privileges is that server startup time may be reduced. When the server is starting up, it must validate the information in the server volume's PDS files. If each folder has explicit privileges, they must all be checked. When folders have inherited privileges, they are using a flag that indicates "same as parent" so privileges for that folder do not need to be validated. If you've got a large volume with lots of folders, and you're noticing that its taking a very long time for the server to start up, consider changing some of your explicit privileges into inherited, where appropriate.
Older versions of AppleShare had an option to "Compact Access Privileges", a process which checked for folders that had the same privileges as the parent folder, and changed those privileges to inherited. AppleShare IP no longer has this feature.
How To Change Privileges From Explicit To Inherited
There are different ways of setting privileges of folders on an AppleShare server.
From the server, using the Web & File Admin program...
-To change a single folder's privileges:
1. Show Disk & Share Points
2. Navigate to the folder whose privileges you want to change.
3. Select that folder and click on the "Privileges" button.
4. Change the radio button to "Use enclosing folder's privileges" if you want the privileges to be inherited, or --"Set privileges for this item" if you want the privileges to be explicit.
-To change the privileges of every folder within a given folder:
1. Show Disk & Share Points
2. Navigate to and select the parent folder
3. Hold down the Option key while selecting the "Enclosing Folder" button, and select explicit or inherited, from the dialog box.
From a workstation...
-To change privileges on a single folder:
1. Log into the file server (you must be the folder's owner or an administrator of the server to change privileges from a workstation; this is determined by the user name you use to log in to the file server).
2. Mount the volume where the folder resides.
3. Select the folder in the Finder.
4. Choose "SharingŠ" from the File menu.
5. Check the "Use enclosing folder's privileges" box to give the folder inherited privileges, or UNCheck the box to give the folder explicit privileges.
To change privileges on all enclosed folders:
1. Use the "Copy these privileges to all enclosed folders" feature. Although the privileges on enclosed folders will be the same as the enclosing folder, they will be explicit privileges. From a workstation, you do not have the option to make all enclosed folders "inherit" their privileges.