注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

mylotustips的博客

IBM Lotus协作产品家族经验分享

 
 
 

日志

 
 
关于我

欢迎大家使用SR向IBM800提交问题http://www.ibm.com/support/servicerequest 可以随时查看问题状态,上传文件

网易考拉推荐

Domino 管理员如何指派创建用户管理的权限  

2012-03-28 12:34:14|  分类: Domino服务器 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
为了专于系统维护,Domino 系统管理员常常需要把创建用户,修改群组的工作分配给行政人员。

按以下步骤进行即可:

1. 首先在Domino 目录中新建 "IDAdmin" 群组
2. 在 names.nsf, certlog.nsf , admin4.nsf 的访问控制列表中给 IDAdmin 个人组编辑者的权限
3. 在分配 names.nsf 权限时选择角色 "GroupCreator", "GroupModifier", "UserCreator" & "UserModifier"
4. 在服务器文档“安全性”选项卡,“服务器访问权限”>“创建数据库与模板”中指定上述群组名。

将账号管理员添加为IDAdmin组的成员,并验证他们能够成功创建用户账号。 
注:无需在“安全性”选项卡的 "管理员"域中添加 IDAdmin        
                                                                
相关技术文档:
What ACL rights should be granted to a Domino system administrator 
Your Lotus? Domino? environment is maintained by a team of system administrators, and you need to grant only the minimum level of database access control to each member that is absolutely required for her to fulfill her duties.

What are the guidelines for granting ACL-level access to Domino system administrators? 

The quickest way to provide administrators with the access they need is to give them the minimum levels of access:
  • For the Domino Directory, create an administrator group of type Person Group with Editor access, and list the administrators in the group.
  • For the Administration Requests database, give administrators Author access. If an administrator will be approving requests, give Editor access.
  • For the Certification Log database, give administrators Author with Create documents access.

    TaskAdministrator needs this access in the Domino DirectoryAdministrator needs this access in ADMIN4.NSFAdministrator needs this access in other databases
    Add a resource to or delete a resource from the Resource Reservations databaseNone. However, the Administration Process updates the Domino Directory to reflect the changeAuthor with Create documents accessCreateResource role in the Resource Reservations database
    Add groupAuthor with Create documents and the ServerModifier roleAuthor with Create documents access and GroupModifier role
    Add users to groupAuthor with GroupModifier role. If administrator has access greater than Author, that access is sufficient

    Add servers to and remove servers from a clusterOne of these:
    • Author access and ServerModifier role
    • Editor access
    Author with Create documents accessNone
    Approve a request to move a user name to another hierarchyOne of these:
  • Author with Create documents access and UserModifier/Server Modifier role
  • Editor access
  • Editor accessAuthor with Create documents access to the Certification Log
    Approve the deletion of a resource from the Resource Reservations databaseDelete documents accessEditor accessNone
    Create mail files automatically during user registrationAuthor access and the UserCreator roleAuthor with Create documents accessCreate new database access on the registration server
    Create replicas of databasesNo requirementAuthor with Create documents accessAll of these:
    • Create replica access to the destination server
    • Reader access to the database on the source server
    • In addition, the source server must have Create replica access to the destination server, and the destination server must have Reader access to one replica of the database.
    Delete groupOne of these:
  • Author with Delete documents access and the GroupModifier role
  • Editor access
  • Author with Create documents accessNone
    Delete serversOne of these:
  • Author with Delete documents and the ServerModifier role
  • Editor access
  • Author with Create documents accessNone
    Delete users*One of these:
    • Author with Delete documents access and the UserModifier role
    • Editor access
    Author with Create documents accessNone
    Delete users and their mail files*Delete users and their private design elements

    One of these:
    • Author with Delete documents and the UserModifier role
    • Editor with Delete documents access
    EditorNone
    Enable password-checking during authenticationEditor accessAuthor with Create documents accessNone
    Find nameEditor access with UserModifier roleNoneNone
    Move replicas from a cluster serverNoneAuthor with Create documents accessBoth of these:
    • Same access as "Create replicas of databases"
    • Manager access to the original database
    Move replicas from a non-clustered serverNoneEditorBoth of these:
  • Same access as "Create replicas of databases"
  • Manager access to the original database
  • Move user to another serverOne of these:
  • Author access and UserModifier role
  • Editor access
  • EditorCreate replica access on the new mail server

    In addition, the old mail server must have Create replica access to the new mail server, and the person whose mail file is being moved must be running a Notes Release 5 or higher client.

    Recertify user IDs and server IDsOne of these:
  • Author with Create documents access and UserModifier/Server Modifier role
  • Editor access
  • Author with Create documents accessAuthor with Create documents access to the Certification Log
    Register userAuthor with Create documents access and User/Creator roleAuthor with Create documents access if using Administration Process for  background processingIf creating mail files/roaming files, Create database access on the mail server and/or roaming server, accordingly.

    If creating replicas, Create Replica access on the replica servers.

    If CERTLOG.NSF resides on the registration server, Create document access to CERTLOG.NSF is required.

    Remove all replicas of a databaseNoneNoneNone
    Rename users and convert users and servers to hierarchical namingOne of these:
  • Author with Create documents access and UserModifier/Server Modifier role
  • Editor access
  • Author with Create documents accessAuthor with Create documents access to the Certification Log
    Sign databaseNoneNoneNone
    Specify the Master Address Book name in Server documentsOne of these:
  • Author access with ServerModifier role
  • Editor access
  • Author with Create documents accessNone
    Add Internet certificateEditorAuthor with Create documents accessNone
    Update client information in Person recordNoneNoneNone




  评论这张
 
阅读(1504)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017