We Engineers move the world

 

Exam Details

Braindump

Favorites

 

Email: Webmaster

 

 

 

 

 

 

 

Trust Relationship:

Imagine your computer is a house (Domain A). It is filled with stuff (resources) like a TV, Stereo, Refrigerator, a bedroom with a bed and other furniture and so on. Now you want your neighbor (a friend of yours), who lives in the house next door (Domain B) to be able to come into your house and use some of your stuff. So if you give him access to your things you really must TRUST him.

So A trusts B. A is the trusting (things) domain, B is the trusted (heads, people) domain. Don't forget this!! When you get to answering a question just think of the house and neighbor analogy to remember who is trusting and who is trusted.

Trusted Domains contain users or people. Trusting Domains contain stuff or resources.

Now to trust your neighbor but still limit what he can access or use you have locks on all your stuff. You give him a set of keys that open some of the stuff. Imagine that there is a door on every room in your house and to be able to use the stuff in the room you have to have a key to open the door. Or if you prefer (this is a strange house you live in) there are windows instead of doors to every room. Your access is defined by what permission you have been granted.

That's really all there is to it! It gets confusing when you start to add lots of trusts back and forth but just think of this analogy and you'll do fine.

Ah.... also remember these rules:

1 ) Global Groups only contain users from the Domain in which the Global Group resides

2) The above mentioned Global Group (with users in it) gets put into local groups created in the trusting (resource) Domain.

So if you set up a Global group in Domain B above (your friend's house) only Domain B users can be put in it. Like imagine your neighbor has a BIG family and you want to give them all different levels of access to your stuff. Say you want to let your friend and his wife use your TV and Stereo but his kids can only use the TV. Create a global group called Adults at his house and put him and his wife into it. Create another Global Group called Kids and put his kids into it. remember you can't put your kids, who live in your house, or another neighbors (Domain) kids into his Global Groups (Rule #1 above).

Then create local groups at your house One called TV another called Stereo. Put the DomainB/Adults Global Group (which has your friend and his wife as members) into both of these local groups (TV and Stereo) and put the DomainB/Kids Global Group into only the TV local group.