08-30-2009, 12:03 PM
|
 |
Proprietor
|
|
Join Date: Nov 2008
Posts: 2,238
|
|
KB01469 - Minimum Access Control List permissions for the BES (Domino)
KB01469 - Minimum Access Control List permissions for the BlackBerry Enterprise Server
Environment
- BlackBerry® Enterprise Server versions 2.0 to 4.1
- IBM® Lotus® Domino®
Overview
Every IBM Lotus Domino messaging and collaboration server database, including databases used by the BlackBerry Enterprise Server, has an Access Control List (ACL) that specifies the levels of access that users and servers have to a database. Database access levels and privileges are assigned to the ACL and control which tasks can be performed in the database.
For each user, group, or server listed in the ACL, select the basic access level and user type, and refine the access level by selecting various access privileges. A role created by the database or application developer can further refine the permissions.
Resolution
The minimum ACL permissions for the BlackBerry Enterprise Server are as described in the following table.
| BlackBerry profiles database | The BlackBerryAdmins group and the BlackBerry Enterprise Server (the IBM Lotus Domino messaging server that runs the BES add-in task) require Manager access, as well as the DeleteDocuments privilege and the [Admin] role to the profiles database (BlackBerryProfiles.nsf). The BlackBerry device users are granted Author access to the profiles database. These are default permissions.
| | BlackBerry device users' mail file | The BlackBerry Enterprise Server requires Editoraccess, as well as the CreateDocuments and WritePublic privileges. For Read/Unread marks synchronization in BlackBerry Enterprise Server software version 4.0, the BlackBerry Enterprise Server must have Manager access to the mail files of BlackBerry device users. Manager access is required because the unread table is a private view in the user's mail file database. Editor or Designer access does not allow access to private views.
| | BlackBerry state database | Manager access (including all optional privileges) is required by the Server ID that runs the BES add-in task. This is required for message redirection and for BlackBerry state database management. Manager access is the default setting. |
Checking Permission Levels in the ACL
To check a database ACL for the permissions granted to the BlackBerry Enterprise Server, perform the following steps:
- In IBM® Lotus Notes®, open the database used by the BlackBerry Enterprise Server.
- Click File>Database>Access Control. The ACL appears.
- Select the BlackBerry Enterprise Server name. Or, if you have added the BlackBerry Enterprise Server to the LocalDomainServers group, select the LocalDomainServers group.
- Verify that the permissions described above are selected for the BlackBerry Enterprise Server. Check the Access drop-down list, the privileges check boxes (listed below theAccess drop-down list), and the Roles list box.
Additional Information
Refer to the IBM® Lotus® Domino® Administrator Help files for more information on Access Control Lists.
__________________
http://blog.port3101.org/hdawg/
The views expressed by me on Port3101 and its affiliated sites are my own and do not necessarily reflect the views of my employer.
|
Linear Mode
