Second day in Brno ...
... and I found a great restaurant - U měděné pánve. Also the training today was quite funny and each time I have a training I found a new things. Last time I spoke about ID's with multiple password and I wasn't able to change the ID with multiple passwords to a "normal" ID with one password. It's quite easy - just change the password in normal way via File \ Security \ User Security \ Change password and you'll have a "normal" ID back.
Each time I spoke about settings Domino to send internet emails and describing how to set up Foreign SMTP document with non existing domain and then set up connection document with this non exisiting domain and non existing server, each time the people ask me - why there must be the server name? And I really don't know, why the field is here, when it make nonsence.
But I had also time for going through Partner Forum database and found one interesting thread. Day after I had a call from my client which had exactly the same question - how can I disallow access to user's mail files for Domino administrators? And finally there was, probably the only one, response - just create a new set of private/public keys for this user, enable the encryption of incoming mails and enable the encryption of saved mails. Then the administrator should have access to your mail file but he'll not be able to read anything. Really love the enhanced functionality of Lotus Notes.
Technorati: Volný čas
Second day in Brno ...
How to protect user data against access of an administrator (or other readers)? Modify $Readers field on all (or selected) documents e.g. through document properties or by an agent.
Second day in Brno ...
Don't forget that you could use the FullAccess Administrator feature and it allows you to see all documents ;)
Second day in Brno ...
Are you sure? I have enabled FullAccess Administrator in all of our server documents, but when I changed Readers in a document in my mail box, my colleague, who has the same Admin access in the server documents and who can read documents in my mailbox, don't see the document in any wiew.
Second day in Brno ...
Please, excuse my typing errors, factual, gramatical and typographical mistakes, etc, etc ... :-)
Second day in Brno ...
I tried to simulate the same situation in our current R6 (6.5.x) and it work as you wrote in the article - FullAccess admin can read all documents in all DB's on server independent on ACL or individual content of the $Readers field.
Second day in Brno ...
Absolutly sure, don't forget that you must enable your Full Administrator Access in your Administrator client. The server document just specify who is able to enable it. And it's enabled per each session or before you'll stop it.
Second day in Brno ...
I read in discussion on http://www.svetnotes.cz possible reason of the problem. Try to connect with an Administration client to destination server using a passthru server (not direct connection from Adm. client). Then enable Full Access Administrator and try to open a database you have no permition to access it.