Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

Editor Access for Mailfiles

Daniel Nashed  26 July 2013 10:04:28


Who is still using Manager access for user's maifiles?
Most of my customers have already switched to Editor access in mailfiles.
This used to be an issue with enabling Out of Office and Delegation.
But with OOO Service and Delegation via Adminp requests you can safely switch from Manager to Editor.

One big benefit is that the user cannot delete his mail-database by accident.
The admin is also in control of the design of the database and you can better control if the database has a FT index (User needs designer access to create the FT index).

The user is still able to create folders (this option is enabled by default, when you register an user with Editor access).

We have a customer with ACL corruption issues in 8.5.3 where the Notes Client seems to break the ACL in some cases if the user has Manager access.
IBM is still trying to figure out what is happening on client side in that case.
Interestingly we have no other customers running into the same issue.
So in case you have the same issue drop me an e-mail.


When switching to Editor access there is still one issue you could still run into.
If an user wants to store search queries the access flag "Create private agents" needs to be set.
By default "Creating private agents" is not set when you register a person with Editor access (the ACL flags set are hardcoded in the registration class).

The default for Editor access is:

"Delete documents"
"Create personal folders/views"
"Create shared folders/views"
"Replicate or copy documents"

the options which are not set:

"Create private agents"
"Create LotusScript/Java agents"

So when you want to switch to Editor access to have to keep in mind those differences and the potential issue with storing the search queries.
You have two challenges. Set the right ACL flags for new users when using the Editor access.
And you have to find a way to modify the existing ACLs for user mailfiles.

This cannot be done in an easy way with the ACL tools in the admin client.
I have added some code to my nshacl tool to allow flexible manipulation of ACL flags for Editors in databases. And also to switch user entries from Manager to Editor.
But you could run also Lotus Script agent updating just the ACL entry for the owner of the mailfile to accomplish basically the same thing.

So in general I think it is really a good idea to finally switch from Manager access to Editor access in mailfiles.
I would just wish that IBM would add a way to enable "Create private agents" by default when registering a Person with Editor access.
Or that they find another way to not require this ACL flag for storing search queries.

-- Daniel


Comments

1Paul Mooney  26.07.2013 14:59:40  Editor Access for Mailfiles

There is a free download on my site to change the owner to whatever ACL level you wish. It has been revised a few times by members of the community. Its on the resources page.

2Daniel Nashed  26.07.2013 15:33:23  Editor Access for Mailfiles

Thanks Paul! Does this work with full-admin access too?

3Alin  26.07.2013 16:26:48  Editor Access for Mailfiles

I've noticed that even with only editor access, FT index can be enabled via inotes preferences. Can somebody confirm my finding? We might missed something on iNotes configuration.

4Daniel Nashed  29.07.2013 7:05:05  Editor Access for Mailfiles

@Alin, I never looked into that but in the configuration doc in the iNotes preferences, section "Other Settings" there is an option "Full-text indexing" which is enabled by default. Did you try change that setting?

-- Daniel

5Daniel Nashed  29.07.2013 12:30:57  Editor Access for Mailfiles

sounds like it is script based. and there is no full-access admin support for that.

but it's great help in many cases and a free solution.

many customer have admin manager access in their environment.

-- Daniel

6Alin  29.07.2013 13:18:13  Editor Access for Mailfiles

@Daniel Thank you. That was it. Configuration document controls if full Text index can be enabled in iNotes preferences

7Paul Mooney  29.07.2013 17:02:24  Editor Access for Mailfiles

It runs as a signed agent by the server id file. FAA not required if I remember correctly. Have not had to run it in a few years.

Archives


  • [IBM Lotus Domino]
  • [Domino on Linux]
  • [Nash!Com]
  • [Daniel Nashed]