Solved

Lotus Notes Mail activity log

Posted on 2013-01-17
28
1,806 Views
Last Modified: 2013-12-18
I am needing to know how a person shows up in the User Detail activity log on a person's Mail Database in Lotus Notes. The one where up go to File>application>properties and click the i tab and select User Detail in the activity section. We have noticed on several peoples mail database users preforming some reads; like 3-5 on different dates. No one has access in the ACL to the database or calendar or anything like that. This person is not a Domino administrator either. So we find it very odd they appear in the log at all.
So my main question is what are the different ways someone would show up in that log without having access to the mail database or calendar?
Thanks for your input.
0
Comment
Question by:JohnMantsch
  • 8
  • 7
  • 6
  • +1
28 Comments
 
LVL 10

Assisted Solution

by:larsberntrop
larsberntrop earned 125 total points
Comment Utility
Select open mail file, then do File:Application:Design Synopsis, click the "Choose DB Info", and chek thebox for "Access lists"

Post result.  I think default access may still allow access to some parts of the db, like Public documents.
0
 

Author Comment

by:JohnMantsch
Comment Utility
No, we checked the ACL already. The default is no access.. There is the domino servers and others such as Unity; No other user is listed and then only the Domino Admins have access, wbut the person that shows up as having done serveral reads is not in the Admin group.
How else would someone show up in that log other than actually opening your mail file and reading emails?
0
 
LVL 10

Expert Comment

by:larsberntrop
Comment Utility
There is more to the ACL. Please select or open mail file, then do File:Application:Design Synopsis, click the "Choose DB Info", and check the box for "Access lists", post results.

Someone might have used "Open another person's calendar" and read the public documents available.
0
 
LVL 10

Expert Comment

by:larsberntrop
Comment Utility
Oh, and be sure to check the User Detail activity log against the ACL Log.  User might have had more access in the past?
0
 

Author Comment

by:JohnMantsch
Comment Utility
I did do that. No users were given access int he past. This happend just a couple days ago.
The ACL log was last updated a month ago.

Access List Information
User/Group Name:      -Default-
Access Level:      No Access
Role(s):      [None Assigned]
User/Group Name:      OtherDomainServers
Access Level:      No Access
Role(s):      [None Assigned]
User/Group Name:      UnityServers
Access Level:      Manager
Can Delete Documents:      Yes
Role(s):      [None Assigned]
User/Group Name:      Domino_Admin
Access Level:      Manager
Can Delete Documents:      Yes
Role(s):      [None Assigned]
User/Group Name:      Anonymous
Access Level:      No Access
Role(s):      [None Assigned]
User/Group Name:      LocalDomainAdmins
Access Level:      Manager
Can Delete Documents:      Yes
Role(s):      [None Assigned]
User/Group Name:      LocalDomainServers
Access Level:      Manager
Can Delete Documents:      Yes
Role(s):      [None Assigned]
User/Group Name:      CN=dommail2/O=VPB
Access Level:      Manager
Can Delete Documents:      Yes
Role(s):      [None Assigned]
User/Group Name:      CN=John Mantsch/O=VPB
Access Level:      Manager
Can Delete Documents:      Yes
Role(s):      [None Assigned]
User/Group Name:      Telephony Server Group
Access Level:      Manager
Can Delete Documents:      Yes
Role(s):      [None Assigned]
0
 
LVL 46

Expert Comment

by:Sjef Bosman
Comment Utility
For instance: Appointments are public documents, and usually Default has No Access but does have access to Public Documents.
0
 

Author Comment

by:JohnMantsch
Comment Utility
Ok, well forgive my lack of knowledge; but how does one view an appointment you create in your calendar if they do not have access to your calendar?
I appriciate your help on this by the way. :-D
0
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 125 total points
Comment Utility
Because it's a document with one special field: $PublicAccess, which is set to 1. By definition this document is visible for anyone having public access  to the database, provided they use a view allowing public access as well. That's the way the mail template is designed and constructed.

The owner of the calendar can manage these access rights, using the Calendar preferences dialog box.

There is a good reason for this behaviour: it alows Notes to assist you when planning a new meeting, because it has access (more correctly: the current user has access) to all individual calendars.
0
 
LVL 10

Expert Comment

by:larsberntrop
Comment Utility
I thought the public Access would show up in the ACL synopsis, but it is left out...
0
 
LVL 15

Expert Comment

by:akhafaf
Comment Utility
Hi there,,

Firstly, let me ask you what you get in the logs ( log.nsf) ???
Secondly, for more details of about how access is provided to a user's calender you can refer to this .
http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=%2Fcom.ibm.notes85.help.doc%2Fpref_delegate_mailcaltodocon_t.html

Finally, did you try something ??? on the top left you can find a " Switch to "  " Another database" can you just switch to another database and check what you get ...

Best Wishes
0
 
LVL 10

Expert Comment

by:larsberntrop
Comment Utility
Hrmph.  My first comment contained a reference to Public Documents, and no points.

Unfriendly.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
Comment Utility
Agreed.
0
 
LVL 15

Expert Comment

by:akhafaf
Comment Utility
larsberntrop &  sjef_bosman  I also agree with both of you just be happy and simle :)
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 46

Expert Comment

by:Sjef Bosman
Comment Utility
I simle all day long ;-))
0
 
LVL 15

Expert Comment

by:akhafaf
Comment Utility
Unfortunately, there is not extra points for simles in EE :)

LooooooooooooooooooooooooooooooooooooooooooooL
0
 
LVL 10

Expert Comment

by:larsberntrop
Comment Utility
I think points should be split between larsberntrop & sjef_bosman
0
 
LVL 46

Expert Comment

by:Sjef Bosman
Comment Utility
Please note that JohnMantsch is a new EE member, and therefore probably knows neither habits nor rules of the EE community...
0
 

Author Comment

by:JohnMantsch
Comment Utility
I agree points should have been given to larsberntrop. I apologize for not completely reading all the rules and guidelines thoroughly.
No one completely answered my question. The answer about public access was good on WHY; but not how someone can access a calendar entry without access to the calendar.
I am new here and did not take the time to figure everything out before I posted that question. I really meant to award partial points but made a mistake.
Please award 75 points to both larsberntrop & sjef_bosman and reopen the question for the rest of the 100 points.
Public access in not checked in the ACL for Default and Anonymous. The person that showed up in the log has no access to the mail or calendar. So if they cannot open the calendar; what actions does a user take to show up in the activity log for the mail database?
Thank you for your help; and I apologize again for the misunderstanding.
0
 
LVL 15

Expert Comment

by:akhafaf
Comment Utility
John,,, Did you try the suggetions In my previous comment ??? it could help you getting a clearer view ...
0
 

Author Comment

by:JohnMantsch
Comment Utility
akhafa:
The log.nsf is not logging security events, just replication and miscellaneous events.
I do not see a swith to another databse on the top left of the calendar.  Only Switch to Mail, To Do, or Contacts.
Thank you
0
 
LVL 15

Expert Comment

by:akhafaf
Comment Utility
John,,,

- In the Miscellaneous events you can see if this user has attempted to access another's database ..
http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=%2Fcom.ibm.help.domino.admin.doc%2FDOC%2FH_VIEWING_THE_LOG_FILE_LOGNSF_OVERVIEW.html

- I am so sorry ,, In fact that was a feature in the Lotus Notes 6.x and 7.x but what I was really up to is if the user tries to access another user's database you will get it in the User Detail activity log ...
0
 

Author Comment

by:JohnMantsch
Comment Utility
Thank you akhafa: I will keep an eye on that log; for now it goes back only 7 days.
So you are saying that even if a person does not have access to a person's mail database; if the attempt to open it; that activity shows up in the users activity log?
0
 
LVL 15

Expert Comment

by:akhafaf
Comment Utility
You can keep your eyes on the " Server Console " also because it will show you e.g. John Smith attmpts to access johnsmith.nsf database...
0
 
LVL 15

Expert Comment

by:akhafaf
Comment Utility
0
 
LVL 15

Expert Comment

by:akhafaf
Comment Utility
With respect to everybody  but I think JohnMantsch has mentioned in comment # 38801671  that he will try my suggestion which could give him a clear image about what he is looking for and come back in 7 days !!!!!!!!!!!
0
 

Author Comment

by:JohnMantsch
Comment Utility
Thanks everone; this question is closed.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

This is an old article, please see an updated version of this article, located here: http://www.experts-exchange.com/articles/23619/Notes-8-5x-Windows-7-Notes-info-and-tips.html
I thought it will be a good idea to make a post as it will help in case someone else faces these issues. I trust this gives an idea how each entry in Notes.ini can mean a lot for the Domino Server to be functioning properly. This article discusses t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now