Dear All,
We have implemented Group Security for a group called "All Staff. A scheduled agent which rebuilds the group document everyday with all the people in the organization updates the Readers field in the group document with another group called called “Acl_Allstaff_Access”, so that only people in this group can read the group.
This works for most of the users. However, some of the users still can send the mail by typing “All Staff” in the to field.
I have checked that the group doesnt appear in the user’s local address book and the MDC databases. The user is not able to see the group in the server address book as well.
Could any one think of whats going on as the problem is not consistent?
Could it be that instead of using a seperate field, I should use the $Readers field for the group document?
Regards,
Kiran
Subject: Group Security in NAB
You have multiple reader’s fields? I know that in the documentation it says that multiple reader’s fields are supported, but I have had the problem in the past where some of the fields were ignored, since then I have made it a habit to use only one reader’s field that is the sum of all the values I want to be included.
One other thing you can check is to verify that your group is open to everyone. From the view, right click on your group document and open the properties and check the security tab (the key one) and make sure “All Readers and Above” is checked.
Let me know if it helps…
Subject: RE: Group Security in NAB
We have a mixed set of clients. Some use 7 and Some use 8. The user who is able to send the mail is using the version 7.
The Mail server is of version 8
There is only one readers field which is updated by the ACL_AllSTaff_Access group and the All Staff group is rebuild every day by the agent and not the access group.
Regards
Kiran
Subject: Group Security in NAB
What version are you using? Domino has not always supported enforcing read restrictions on mail routing, so as long as a user knew the name of a group (or any other entity) he/she could send mail to it.
Subject: Group Security in NAB
Just to confirm, you have a Readers type field on the group doc and you have “Acl_AllStaff_Access” and you have an agent that populates the “Acl_AllStaff_Access” group nightly. However, some poeple who are members of the Acl_AllStaff_Access group are unable to “see” the group in the NAB and therefore cannot send mail to it? Check this out, go to the Acl_AllStaff_Access group and open the document properties box, second tab and locate the readers field. In the Members field, Find the names of the users who cannot see the All_Staff group document and make sure the names appear in canonical format: “cn=John Doe/ou=Sales/o=Acme”