|
midrange.com
And, anyone who has Editor (or better) access to the Domino directory
(names.nsf) can edit the "Full Access Administration" field, right? So
knock those admins down to "author", grant "roles" as needed, add
individuals or groups to the admin fields where needed, and/or investigate
using the Extended ACL to control access to some parts of the Dom. Dir.
Can I get anyone to second that motion? I haven't done the Extended ACL
thing yet myself, and I have had one Lotus support person advise against
it , for version 6, anyway.
Tom
====================================
Tom Kreimer
Information Alternatives
Having Full Access Administration rights bypasses any ACL security setup,
and depending on your organization that may not be a good thing.
Bob
rob@xxxxxxxxx
Sent by:
domino400-bounces To
+rlaing=gemko.com Lotus Domino on the iSeries / AS400
@midrange.com <domino400@xxxxxxxxxxxx>
cc
03/13/2006 11:27 Subject
AM Re: LocalDomainAdmins
Please respond to
Lotus Domino on
the iSeries /
AS400
<domino400@midran
ge.com>
Why turn it off?
Rob Berendt
--
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
Robert Laing <rlaing@xxxxxxxxx>
Sent by: domino400-bounces+rob=dekko.com@xxxxxxxxxxxx
03/13/2006 11:08 AM
Please respond to
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>
To
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>
cc
Subject
Re: LocalDomainAdmins
If you are listed as a Full Access Administrator, once you enable Full
Access Administration then you have god capabilities on the server and any
databases on the server.
To enable Full Access Administration, from the Admin client click on
Administration and then Full Access Administration. You should see a
resulting entry on the console and in the log when someone selects Full
Access Administration. Remember to turn it off after you're done...
Bob
rob@xxxxxxxxx
Sent by:
domino400-bounces To
+rlaing=gemko.com Lotus Domino on the iSeries / AS400
@midrange.com <domino400@xxxxxxxxxxxx>
cc
03/13/2006 11:02 Subject
AM Re: LocalDomainAdmins
Please respond to
Lotus Domino on
the iSeries /
AS400
<domino400@midran
ge.com>
I had a different user create a new database with no template. It was
created without LocalDomainAdmins in the ACL. In the server doc for this
server, Full Access Administrators and Administrators includes
LocalDomainAdmins. I am a member of that group. When I use Administrator
to get the list of files on that server, right click on that database, and
select Access Control, Manage I get "You are not authorized to perform
that operation". If I select other databases - no problem.
Summary: The administrator client, Full Access Administrators, and
Administrators, do not allow you to override the access control on
individual databases. You can only change them if you already have
Manager level.
Or am I doing something wrong?
Rob Berendt
--
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
Tom Kreimer <tkreimer@xxxxxxxxxxx>
Sent by: domino400-bounces+rob=dekko.com@xxxxxxxxxxxx
03/13/2006 10:01 AM
Please respond to
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>
To
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>
cc
Fax to
Subject
Re: LocalDomainAdmins
If it is not obvious, know that you can add your own entries with
square
brackets. Just type them in. Whatever you enter will be applied to new
databases.
As mentioned in an earlier response, the Domino Administrator can
update
the ACL of all or multiple databases in one shot.
Tom
====================================
Tom Kreimer
Information Alternatives
-----domino400-bounces+tkreimer=infoalt.com@xxxxxxxxxxxx wrote: -----
To: Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>
From: rob@xxxxxxxxx
Sent by: domino400-bounces+tkreimer=infoalt.com@xxxxxxxxxxxx
Date: 03/13/2006 09:06AM
Subject: Re: LocalDomainAdmins
I'm beginning to think that you are at least part right. On a server
that
I do this on I see LocalDomainAdmins in there, but without the square
brackets. The only ones with the square brackets are Anonymous,
Default,
LocalDomainServers and OtherDomainServers.
Rob Berendt
--
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
Tom Kreimer <tkreimer@xxxxxxxxxxx>
Sent by: domino400-bounces+rob=dekko.com@xxxxxxxxxxxx
03/10/2006 11:42 PM
Please respond to
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>
To
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>
cc
Fax to
Subject
Re: LocalDomainAdmins
I don't think there is a setting or anything on the server that
changes.
My theory is that it just adds [LocalDomainAdmins] (and/or [Anonymous]
if
you choose) to all the templates. ACL entries in square brackets are
inherited by new databases, as opposed to the regular entries (not in
square brackets) that control access to the templates themselves. Maybe
there is an INI setting so that templates installed by upgrades also
get
the ACL entry added; I don't know.
====================================
Tom Kreimer
Information Alternatives
(been out for a few days - and dang these lists have been busy)
That's great for existing files PROVIDED that YOU have access to them.
But, in general, I'd like to ensure that LocalDomainAdmins
automatically
get added as a manager to new files.
Rob Berendt
--
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
gregg.eldred@xxxxxxxxxxx
Sent by: domino400-bounces+rob=dekko.com@xxxxxxxxxxxx
03/02/2006 09:40 PM
Please respond to
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>
Use the Admin Client. You can look at multiple ACL's and also set
multiple
ACL's with a couple of mouse clicks.
HTH.
Gregg
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
