|
It's just a potential security issue. It should get deactivated when you close all of your clients. An entry is created in the log.nsf each time you grant yourself these rights: 03/13/2006 11:30:07 Chris Whisonant/COMPORIUM was granted full administrator access. However, I couldn't find an associated entry for when I turn this off. It could be a security issue if you ever had auditors or admins monitoring for when users turn this on (although only a handful of trusted admins should be in the full access group anyway!) Chris Whisonant Comporium Senior Mid-Range Systems Administrator IBM eServer Certified Systems Expert - iSeries Technical Solutions V5R2 IBM Certified System Administrator - Lotus Notes and Domino 6/6.5 IBM Certified Associate Developer - Lotus Notes and Domino 6/6.5 803.326.7270 | 803.326.6142 fax http://cwhisonant.blogspot.com/ domino400-bounces+chris.whisonant=comporium.com@xxxxxxxxxxxx wrote on 03/13/2006 11:27:53 AM: > Why turn it off? > > Rob Berendt > -- > Group Dekko Services, LLC > Dept 01.073 > PO Box 2000 > Dock 108 > 6928N 400E > Kendallville, IN 46755 > http://www.dekko.com > > > > > > Robert Laing <rlaing@xxxxxxxxx> > Sent by: domino400-bounces+rob=dekko.com@xxxxxxxxxxxx > 03/13/2006 11:08 AM > Please respond to > Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx> > > > To > Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx> > cc > > Subject > Re: LocalDomainAdmins > > > > > > > If you are listed as a Full Access Administrator, once you enable Full > Access Administration then you have god capabilities on the server and any > databases on the server. > > To enable Full Access Administration, from the Admin client click on > Administration and then Full Access Administration. You should see a > resulting entry on the console and in the log when someone selects Full > Access Administration. Remember to turn it off after you're done... > > Bob > > > > > > rob@xxxxxxxxx > Sent by: > domino400-bounces To > > +rlaing=gemko.com Lotus Domino on the iSeries / AS400 > > @midrange.com <domino400@xxxxxxxxxxxx> > cc > > > 03/13/2006 11:02 Subject > > AM Re: LocalDomainAdmins > > > Please respond to > Lotus Domino on > the iSeries / > AS400 > <domino400@midran > ge.com> > > > > > > > I had a different user create a new database with no template. It was > created without LocalDomainAdmins in the ACL. In the server doc for this > server, Full Access Administrators and Administrators includes > LocalDomainAdmins. I am a member of that group. When I use Administrator > to get the list of files on that server, right click on that database, and > select Access Control, Manage I get "You are not authorized to perform > that operation". If I select other databases - no problem. > > Summary: The administrator client, Full Access Administrators, and > Administrators, do not allow you to override the access control on > individual databases. You can only change them if you already have > Manager level. > > Or am I doing something wrong? > > Rob Berendt > -- > Group Dekko Services, LLC > Dept 01.073 > PO Box 2000 > Dock 108 > 6928N 400E > Kendallville, IN 46755 > http://www.dekko.com > > > > > > Tom Kreimer <tkreimer@xxxxxxxxxxx> > Sent by: domino400-bounces+rob=dekko.com@xxxxxxxxxxxx > 03/13/2006 10:01 AM > Please respond to > Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx> > > > To > Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx> > cc > > Fax to > > Subject > Re: LocalDomainAdmins > > > > > > > If it is not obvious, know that you can add your own entries with > square > brackets. Just type them in. Whatever you enter will be applied to new > databases. > > As mentioned in an earlier response, the Domino Administrator can > update > the ACL of all or multiple databases in one shot. > > Tom > > ==================================== > Tom Kreimer > Information Alternatives > > -----domino400-bounces+tkreimer=infoalt.com@xxxxxxxxxxxx wrote: ----- > > To: Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx> > From: rob@xxxxxxxxx > Sent by: domino400-bounces+tkreimer=infoalt.com@xxxxxxxxxxxx > Date: 03/13/2006 09:06AM > Subject: Re: LocalDomainAdmins > > I'm beginning to think that you are at least part right. On a server > that > I do this on I see LocalDomainAdmins in there, but without the square > brackets. The only ones with the square brackets are Anonymous, > Default, > LocalDomainServers and OtherDomainServers. > > Rob Berendt > -- > Group Dekko Services, LLC > Dept 01.073 > PO Box 2000 > Dock 108 > 6928N 400E > Kendallville, IN 46755 > http://www.dekko.com > > Tom Kreimer <tkreimer@xxxxxxxxxxx> > Sent by: domino400-bounces+rob=dekko.com@xxxxxxxxxxxx > 03/10/2006 11:42 PM > Please respond to > Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx> > > To > Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx> > cc > > Fax to > > Subject > Re: LocalDomainAdmins > > I don't think there is a setting or anything on the server that > changes. > My theory is that it just adds [LocalDomainAdmins] (and/or [Anonymous] > if > you choose) to all the templates. ACL entries in square brackets are > inherited by new databases, as opposed to the regular entries (not in > square brackets) that control access to the templates themselves. Maybe > there is an INI setting so that templates installed by upgrades also > get > the ACL entry added; I don't know. > ==================================== > Tom Kreimer > Information Alternatives > > (been out for a few days - and dang these lists have been busy) > > That's great for existing files PROVIDED that YOU have access to them. > But, in general, I'd like to ensure that LocalDomainAdmins > automatically > get added as a manager to new files. > > Rob Berendt > -- > Group Dekko Services, LLC > Dept 01.073 > PO Box 2000 > Dock 108 > 6928N 400E > Kendallville, IN 46755 > http://www.dekko.com > > gregg.eldred@xxxxxxxxxxx > Sent by: domino400-bounces+rob=dekko.com@xxxxxxxxxxxx > 03/02/2006 09:40 PM > Please respond to > Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx> > > Use the Admin Client. You can look at multiple ACL's and also set > multiple > > ACL's with a couple of mouse clicks. > HTH. > > Gregg > _______________________________________________ > This is the Lotus Domino on the iSeries / AS400 (Domino400) mailing list > To post a message email: Domino400@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/domino400 > or email: Domino400-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/domino400. > > > _______________________________________________ > This is the Lotus Domino on the iSeries / AS400 (Domino400) mailing list > To post a message email: Domino400@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/domino400 > or email: Domino400-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/domino400. > > > > > _______________________________________________ > This is the Lotus Domino on the iSeries / AS400 (Domino400) mailing list > To post a message email: Domino400@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/domino400 > or email: Domino400-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/domino400. > > > _______________________________________________ > This is the Lotus Domino on the iSeries / AS400 (Domino400) mailing list > To post a message email: Domino400@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/domino400 > or email: Domino400-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/domino400. > NOTICE: This message contains information which may be confidential. If the reader is neither the intended recipient nor a person responsible for delivering the message to the intended recipient, you are notified that any distribution, copying or retention of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by return e-mail, telephone or facsimile. Thank you.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.