Is there a way to explicitly restricted an account operator from issuing Internet Password to user?
I have granted the account operators the rights to create email account but not deletion. Due to security issue, I need to restrict account operators from having the rights to issue Internet password to users.
Pls advise. Thanks!
Subject: How to explicitly restricted operators from issuing Internet password?
Have you investigated doing this with an extended ACL? I haven’t used them myself, but the Admin Help suggests that they can be used to restrict access to individual fields on forms in the Domino Directory.
Subject: RE: How to explicitly restricted operators from issuing Internet password?
I tried it on a local replica but it doesn’t seems to work the way I want. I have set the deny write on the dspHTTPpassword field but still, when the operator click on the “Edit” button on the address book, they are able to edit the field.
I’m really lost on hw effective does the extended ACL work!!!
Subject: RE: How to explicitly restricted operators from issuing Internet password?
I would suggest trying on a database on a server. It doesn’t have to be your primary Domino Directory, but it does have to be based on the pubnames.ntf template, so you could just create a new empty address book for testing.
Also, any fields that start with ‘dsp…’ are usually computed for display fields. I think the field you want to restrict is called ‘HTTPpassword’