Hi All!

Is there any reason why Root would have as a trustee an organization?
I'm trying to find out why a particular user- .testuser.orgunit.SMU_LAW -
has rights to browse and read files on several of my servers including
backupserver1_sys.smu_law.

Now I've used the nifty tool, RITEHERE which shows the following:

================================================== ======
Volume/Server: backupserver1_SYS.SMU_LAW / backupserver1.SMU_LAW

DN: [Root]
IRM: [CRWSAI]
IRM: [BCDRAI]
Direct Trustee: [BCDRAI] Admin.SMU_LAW / "[Entry Rights]"
Direct Trustee: [BCDRAI] [Inheritance Mask] / "[Entry Rights]"
Direct Trustee: [BCDRAI] Backup_Exec.SMU_LAW / "[Entry Rights]"

DN: .SMU_LAW
IRM: [CRW I]
IRM: [BCD I]
Direct Trustee: [BCDRAI] Admin.SMU_LAW / "[Entry Rights]"
Direct Trustee: [ AI] Backup_Exec.SMU_LAW / "[Entry Rights]"
Direct Trustee: [ AI] LAW2.SMU_LAW / "[Entry Rights]"

DN: backupserver1.SMU_LAW
Direct Trustee: [ AI] backupserver1.SMU_LAW / "[Entry Rights]"

Path: "SYS:" - IRM [RWCEAFMS]

Indirect Trustee: SASSYService.SMU_LAW (SecEqu to ".Admin.SMU_LAW")

Effective: [RWCEAFMS] -> .Admin.SMU_LAW
* [RWCEAFMS] for direct Trustee assignment on ".SMU_LAW"
* [RWCEAFMS] for direct Trustee assignment on "[Root]"
Effective: [RWCEAFMS] -> .Backup_Exec.SMU_LAW
* [RWCEAFMS] for direct Trustee assignment on ".SMU_LAW"
* [RWCEAFMS] for direct Trustee assignment on "[Root]"
Effective: [RWCEAFMS] -> .SASSYService.SMU_LAW
* [RWCEAFMS] for SecEqu to ".Admin.SMU_LAW"

==========================

As you can see .testuser.orgunit.SMU_LAW doesn't have rights to
backupserver1, but yet testuser.orgunit.smu_law CAN DO ANYTHING (read,
write, modify) on backupserver1. Is it getting inherited rights? The
only place I can see that it would get rights would be
because .testuser.orgunit.SMU_LAW is in the organization, SMU_LAW and
SMU_LAW is a trustee of ROOT.

thanks!

Olivia