Controlling data accessibility, Simplifying changes to data in directory domains – Apple Mac OS X Server (Administrator’s Guide) User Manual

86

Chapter 2

Larger, more complex organizations can benefit from a deeper directory domain hierarchy.

Controlling Data Accessibility

Hierarchies that contain several shared domains let you make directory information visible to
only subsets of a network’s computers. In the foregoing example hierarchy, the administrator
can tailor the users and resources visible to the community of Mac OS X computers by
distributing directory information among six shared domains.

If you want all computers to have access to certain administrative data, you store that data in
the shared domain at the top of your hierarchy, where all computers can access it. To make
some data accessible only to a subset of computers, you store it in a shared domain that only
those computers can access.

You might want to set up multiple shared directory domains to support computers used by
specific groups within an organization. For example, you might want to make share points
containing programming applications and files visible only to engineering computers. On the
other hand, you might give technical writers access to share points that store publishing
software and document files. If you want all employees to have access to each other’s home
directories, you would store mount records for all the home directories in the topmost
shared domain.

Simplifying Changes to Data in Directory Domains

If you need more than one shared directory domain, you should organize your hierarchy of
shared domains to minimize the number of places data has to change over time. You should
also devise a plan that addresses how you want to manage such ongoing events as

m new users joining and leaving your organization

m file servers being added, enhanced, or replaced

Under-

graduates

domain

Graduates

domain

Faculty

domain

Employees

domain

Students

domain

Campus

domain