There is a hierarchy of NIS+ objects and authorization classes that can apply independently to each level.
The standard default NIS+ directory hierarchy is:
Directory level. In each NIS+ domain there are two NIS+ directory objects: groups_dir and org_dir. Each groups_dir directory object contains various groups. Each org_dir directory object contains various tables.
Group level or table level. Groups contain individual entries and possibly other groups. Tables contain both columns and individual entries.
Column level. A given table will have one or more columns.
Entry (row) level. A given group or table will have one or more entries.
The four authorization classes apply at each level. Thus, a directory object will have its own owner and group. The individual tables within a directory object will have their own individual owners and groups which may be different than the owner and group of the directory object. Within a table, an entry (row) may have its own individual owner or group which may be different than the owner and group of the table as a whole or the directory object as a whole. Within a table, individual columns have the same owner and group as the table as a whole.