Is it possible to register a new user and apply editor without delete privileges to the Mail File owner

hcl-bot · April 11, 2008, 10:40am

I guess the Subject says it all :-)I*m baffled and must be missing something totally obvious.

When new users are created from the Admin Client… I*m able to set the owner access level at Editor, however, I’m unable to set privileges.

We have a non delete policy and I have not found a way to set the owner privileges.

The Delete documents, Create personal folders/Vies and Create shared folders/view are on by default.

Create private agents and create LotusScript/java agents are unchecked.

I’d like to also have Delete documents unchecked.

Thanks in advance.

Jim

Embarrassed to ask

hcl-bot · April 11, 2008, 10:46am

Subject: Is it possible to register a new user and apply editor without delete privileges to the Mail File owner

there is no way in the registration process to set that.

hcl-bot · April 11, 2008, 10:52am

Subject: grrr, thanks

At least I know I’m not going nuts.

hcl-bot · April 11, 2008, 11:34am

Subject: Is it possible to register a new user and apply editor without delete privileges to the Mail File owner

Would it be possible for your organization to move to a mail journaling model? That way, you can keep all mail sent/received in the journal, and still allow users to manage their mailboxes.

One benefit of that approach is that you can keep the storage requirements and overhead down on your production mail servers by either housing the journal on another server, or by journalling locally and then migrating the journal NSF’s off to a file server, tape, etc.

Another benefit is that in the case of a production request, you can go back to centrally managed/stored journal files rather than having to touch every user mail file.

hcl-bot · April 11, 2008, 11:48am

Subject: RE: Is it possible to register a new user and apply editor without delete privileges to the Mail File owner

Good suggestion and we are already moving towards that model. The bigger story, when we were first hit with compliance, we modified an existing template to police mail delete. So even if a person had delete access, we would intercept the call and not allow the delete (limitation of that model aside).

Like anything it was supposed to be a very temporary thing, but we’re already in our 4th year of this model.

The problem is that the mail template is killing us in other areas, specifically with calendar and scheduling, as its based on an R5 template.

I’ve already won the battle of standards based systems so i’m not keen to redesign an R7 template.

The situation as it stands now is…

We are stuck on R654 FP3 servers, with R7.02 clients deployed and our modified R5 mail template.

The compliance model will not be in place for some months, but there is a strong push to move to R7 servers. That push in part is coming from me as i’m sick to death of the whole Exchange vers Domino discussions (Anyone have a slam dunk pres they can send me?)

We will not use the R5 template on the R7 environ as we feel this will just escalate our problems, but I have the go ahead to update the template, and remove delete access altogether, and then once the compliance model is in place, give that access back.

Seems like i’m victim to an assumption that the owner of a mail file should have delete access. Prior to Sox I suppose that was a valid assumption

Anyway, I think the only course of action I have is to modify a catalog view and monitor the situation.

Alternately, I do have a view in our nab for created date… I suppose I can write a nightly agent to examine all new mail files and modify the ACL as needed as a nightly task.

Seems like such an obvious feature that should be there.

What really has me baffled though… I know that when making users before, we had to give the priv to make folders. This was a common call to helpdesk when we didnt. So some where along the lines, these have now been put on by default. Maybe its simply that we’re using the R7 admin client now…

Anyway, I do appreciate the journeling suggestion. This is definitely the long term plan. We’ve landed on a solution by OpenText called livelink, as we already have thier archiving model in place, and we are heavily invested with Hitachi san technology.

Wouldn’t mind any opinions on that if you have any.

Thanks

Cheers