• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 275
  • Last Modified:

Domino Directory Security

'User A' is able to see another user's person document and detach ID files stored in other users person documents. How do I prevent this in Domino R6.5?

The ACL on the names.nsf is set to the following:
Default = Reader

0
isltt
Asked:
isltt
  • 2
1 Solution
 
Bozzie4Commented:
You DON'T store id files in the Domino directory.  That's very bad practice.  If you do store them to facilitate installation of new clients, remove them immediately after.  

And a normal setting on the ACL is to give everybody in your organization Author access (without Create documents), because like that, they can change their own password.  This does not necessarily mean that Default is Author !  
I'd recommend:
Default : no access
Anonymous : no access
*/YourOrganization : Author
...

cheers,

Tom
0
 
islttAuthor Commented:
thanks....but the fact remains that user A can can access another users' person document. With author - Would they then be able to change web passwords of other users?
0
 
Bozzie4Commented:
No, it's absolutely normal they can see (read , access) other users' person documents.  Because you could use the Domino Directory as a repository for public data (like phone number, department, manager,...), it's an advantage.
But they can't EDIT those documents. With Author access (no extra roles, of course), you can only edit your own Person document, nothing else.  And you can't even edit all the data in your own person document (username etc.) is not editable.

Send me an email if you need to detach the ID's from the directory in bulk ....

cheers,

Tom
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now