Hi,
The powers that be decided that we were going to enable extended acl so
that we could lock down various things. However one of the side effects is that a group of superusers that used to administer their own departments inotes passwords can no longer do so. Unfortunately everyone within the same site is in the same OU so there isn’t really a way of telling one user from the next, however we do have multi- purpose groups set up for each department. Is there a way within the xacl that I can allow the superusers access to the person doc’s only for the people within their dept or am I stuffed? At the moment when I set it I only have the option to allow them access for everyone on site rather than just a specific smaller section of users. Also I’m not sure if it makes a difference when xacl is up and running but the super users are in the administrators field of the person docs for people within their department that they can administer.
Any help offered will be greatly appreciated as this change is resulting in
stroppy superusers.
Thanks,
Elle