My colleagues in the Netherlands are having trouble administering their users’ mail files, because by default the ACL is left virtually blank except for the user themself having manager access. As far as I was aware, the user’s level of access is defined by the registration document, which for the Netherlands policy checks out as the user is specified as having manager access. I have suggested that the local IT staff could access their users’ PCs remotely and add themselves to the ACL while logged in as the user (who by default has manager access), but this is no use if the user has left the company.
Am I right in thinking that the template that the mail file is created with should define the other users who have access to the database? The Netherlands policy uses a non-standard template, which seems to have been created for iMail use. As I’ve taken charge of our Domino infrastructure with no handover, I don’t want to change this in case something else might be affected. However, is there a way to modify the design of the template so that our Netherlands administrators are listed as having access as well? I had a quick look at it in Designer but couldn’t see a straightforward mention of the database ACL.
If I’m barking up the wrong tree here, where else could I check to try and give these guys access to the mail files they are creating?
Subject: Can a mail file template set the database ACL?
Hello Tom,
yes, you can give automatically other users/groups access while creating a database based on a template.
In your case just add the group name of the NL-admins to the ACL of the template, embedded in brackets […]. Assign the type to “Person Group” and give the group manager access.
If then you create a database, the new one has got this entry (without brackets).
Subject: RE: Can a mail file template set the database ACL?
Thanks for that info, but there is another problem…
The [!_svr_administrators_nl] group is listed with manager access and all access/roles ticked. However, if I look at its effective access it shows only ‘read public documents’ and ‘replicate or copy documents’ and the group that is shown on the right from which it is apparently inheriting this access, is -default- (not in brackets).
When I look back on the acl, there is a -default- and a [-default-] listed. Should I remove one of these?
Subject: RE: Can a mail file template set the database ACL?
You should not remove one of them. The one in brackets is for the DB that is created based on that template to inherit, while the other without brackets is the default value for the template DB itself.
The effective access that you are seeing, is that in the DB that was created from the template or on the template itself? If the later, then you’ll want to also add the group without the brackets to give that level of access for that group to the template.
Subject: RE: Can a mail file template set the database ACL?
Hi Rebecca,
I see the group listed in brackets on the template ACL, and when I click effective access it shows what I described above. The template is used to make all Netherlands mail files, and when I go to the ACL of any of these mail files the group isn’t listed at all.
Would adding the group without brackets to the template ACL not just give them access to change the rest of the ACL structure?
Subject: RE: Can a mail file template set the database ACL?
The acl of existing databases will not change by modifying acl on a template. This only works for new created databases.If the group “[!_svr_administrators_nl]” ist listed in the template with manager access, new databases built by using this one will have an entry “!_svr_administrators_nl” with manager access. If not, you might have used the wrong template.