I have users trying to give access to their calendar and tasks by going through Tools-Preferences-Access&Delegation. However, if a person sets “Access is for Everyone” to full access to Calendar and To-Do, it also allows users to access the mail file.
This is a huge security problem so for right now some users cannot share their calendars because it would also allow people to read their email. If I check the ACL on a mail file the entry for -Default is set to Read and Delete Public Documents.
Any thoughts?
Subject: ACL gives too much access
USE DELEGATION
Subject: RE: ACL gives too much access
On step two of the “Add People/Groups” dialog box in the “access to your mail file $ calendar” tab of the “preferences” dialog box, ensure that the End Users are selecting the radio button which states “Only calendar and To Do”. This will prevent others from being able to see the “mail” portion of the database.
Fletcher
Subject: RE: ACL gives too much access
What I’ve been doing is selecting the access is for everyone radio button and then the option to only access calendar and to-do, then users can read/modify/delete option.
From the notes client I can click on Open other users mail file, browse to that user, open their mail file, and read it like it was my own.
Checking the ACL on the server does not show anything out of the ordinary, the ACL for user -Default is set to Read Public Write Public.
Subject: RE: ACL gives too much access
That’s with your access level – how much can you see with an “ordinary user” id? (You are probably getting extraordinary permissions, probably Manager, through LocalDomainAdmins or a similar group.)
Subject: ACL gives too much access - Not really
In Notes, mail and calendar are in the same database, so naturally, you can see the folder Inbox and access the mail file, if you are allowed to see the calendar, but do you see the emails?No, you don’t see the emails. You only see calendar invitation mails, because in Notes the invitation and the calendar entry ist the same document.
So, read public documents doesn’t allow all users to read the emails, so where is the security problem? Besides the psychological point of seeing the folder Inbox and the names of the other folders and the fear, the security might not work as expected.
Andreas Hoster
mailto:andreas.hoster@herma.de
Subject: ACL gives too much access
When you go to Tools Preferences Access&Delegation - there are 3 tabs. Your users should be using the “Access to Your Schedule” tab instead of the “Access to your Mail & Calendar” tab. Hope this helps.