Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

Editor Access for Mailfiles

Daniel Nashed  26 July 2013 08:04:28


Who is still using Manager access for user's maifiles?
Most of my customers have already switched to Editor access in mailfiles.
This used to be an issue with enabling Out of Office and Delegation.
But with OOO Service and Delegation via Adminp requests you can safely switch from Manager to Editor.

One big benefit is that the user cannot delete his mail-database by accident.
The admin is also in control of the design of the database and you can better control if the database has a FT index (User needs designer access to create the FT index).

The user is still able to create folders (this option is enabled by default, when you register an user with Editor access).

We have a customer with ACL corruption issues in 8.5.3 where the Notes Client seems to break the ACL in some cases if the user has Manager access.
IBM is still trying to figure out what is happening on client side in that case.
Interestingly we have no other customers running into the same issue.
So in case you have the same issue drop me an e-mail.


When switching to Editor access there is still one issue you could still run into.
If an user wants to store search queries the access flag "Create private agents" needs to be set.
By default "Creating private agents" is not set when you register a person with Editor access (the ACL flags set are hardcoded in the registration class).

The default for Editor access is:

"Delete documents"
"Create personal folders/views"
"Create shared folders/views"
"Replicate or copy documents"

the options which are not set:

"Create private agents"
"Create LotusScript/Java agents"

So when you want to switch to Editor access to have to keep in mind those differences and the potential issue with storing the search queries.
You have two challenges. Set the right ACL flags for new users when using the Editor access.
And you have to find a way to modify the existing ACLs for user mailfiles.

This cannot be done in an easy way with the ACL tools in the admin client.
I have added some code to my nshacl tool to allow flexible manipulation of ACL flags for Editors in databases. And also to switch user entries from Manager to Editor.
But you could run also Lotus Script agent updating just the ACL entry for the owner of the mailfile to accomplish basically the same thing.

So in general I think it is really a good idea to finally switch from Manager access to Editor access in mailfiles.
I would just wish that IBM would add a way to enable "Create private agents" by default when registering a Person with Editor access.
Or that they find another way to not require this ACL flag for storing search queries.

-- Daniel


Links

    Archives


    • [IBM Lotus Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]