Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security on Mail Database 1

Status
Not open for further replies.
spi200

spi200

IS-IT--Management
Jun 9, 2002
371
AU
Hi All

Has anyone seen how you can set up a email notification of unauthorized access to a database. Maybe an agent or similar which monitors access. ie We have 3 people who have administrator rights, so how do you tell if they are into the other admins mail database. I have seen this done before, but do not know how it is done (I am a New Notes Admin).

Thanks

David


 
Sort by date Sort by votes
You cannot get into a Notes database if you are not listed in the Access Control List. If your 3 users are in a group called Admin and that group is listed in the ACL of each mail database as Manager they will all get in. If you only have the person who owns the mail database listed in the ACL as manager they others won't get in even if they are in an Admin group.

The only draw back of doing this is that person leaves the company say, nobody can get into the database unless you have access to the password on their ID or know the password of the original ID you might have created. You really need to have at least one admin group with manager access to mail databases.

You can do what you are trying to do by using the ACL but you really need to take a good look at what you are really trying to achieve.

I'm not sure about e-mail notification though.

Hope this helps.
 
Upvote 0 Downvote
This is not completely true. An administrator always has a way to get into a mailbox, even if they are not listed in the ACL.

I will not list all the tricks to do this but most Admin know them.
In R6 this is now even part of the Domino environment: it is called "Full access administration" and an administrator listed here has access to every database on the server regardless of the ACL. Even more: these people can see and modify every private document also.

The Notes log lists any attempt to open a database without authorization. You can add a trigger for this kind of event and receive an e-mail when this happens.

However: when the administrator is listed in the ACL or uses one of the trick this will not be listed in the log. The access will be recorded in the database itself and you can view this in the database properties.

If you would like to log this then you would have to build a solution into the mail template that sends an notification each time a memo is opened and the user ID is not the same as the owner of the mailbox or a person listed in the delegation access.
This should be easy to do.

It is possible however that this event will be triggered also when an admin creates a new replica of a mailbox or some customized agent runs in the mailbox with the admin his name. So be carefull when adding such functionality!

Success!


Kind regards,

Dominik Malfait
dominik@amazingit.com
 
Upvote 0 Downvote
Thanks Guys

Sounds great, thanks for all the input.


Regards

David
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MDGarcia
  • Locked
  • Question
Error in onLoad object
Replies
1
Views
5K
pmonett
pmonett
ihcc2uni
  • Locked
  • Question
You are not authorized to access that database.
Replies
7
Views
6K
pmonett
pmonett
postmaster420
  • Locked
  • Question
New to notes , need formula which search database and display search result
Replies
1
Views
228
pmonett
pmonett
jimcoo
  • Locked
  • Question
outbound mail to addresses with accented characters
Replies
0
Views
104
jimcoo
jimcoo
mps1270
  • Locked
  • Question
Database Refresh Automation
Replies
0
Views
100
mps1270
mps1270

Part and Inventory Search

Sponsor

Back
Top