Allow more granular control of the Database Administrators security setting on the server document for roaming upgrade 
Use this IdeaSpace to post ideas about Domino Server.

: -1
: 1
: 2
: Domino Server / Security
: administration, roaming, database administrators
: Matt Cook501 23 Jun 2011
:
: / Email
Note: Idea description updated to correct functionality after further testing.  Roaming at registration is fine.  Upgrade to roaming afterwards is not for our service desk.
 
We currently delegate user registration to the service desk and desktop levels.
 
We would also like to delegate roaming upgrades to the service desk as well.
 
They can currently enable roaming at registration as long as it is done as a background process.  It does generate an error in the local log.nsf "Creation of the sub-directory servername!!roaming\username failed with the following error: You are not authorized to create file system folder"
 
However, to upgrade an existing person to roaming, the Database Administrators role is required on the Security tab of the server document so the folder can be created.  Roaming upgrade fails immediately.  The local log.nsf reports "Roaming Tool Error: For user XXX: You are not authorized to create file system folder"
 
Given all of the other privileges that go along with Database Administrators, it would be great if either the create folder privilege only could be granted, and more specifically to the roaming folder OR if the privilege were not needed at all and adminp could create the folder in the background to complete the roaming upgrade for existing people.



1) Christoph Stoettner35 (24 Jun 2011)
Did you test it with a Certification Authority Task?

Migrate your certifiers to CA and allow the service desk to use the CA. All database tasks then are created of adminp with server rights!

Regards
Chris
2) Matt Cook501 (24 Jun 2011)
We are using the CA process.

After further testing, enabling roaming on registration DOES work but must be done via the background. The person registering still gets an error message generated "Creation of the sub-directory servername!!roaming\username failed with the following error: You are not authorized to create file system folder"

The same error is generated when background is not used although no folder and no databases are created.

The same user rights do NOT allow someone to upgrade an existing person to roaming. Error here is "Roaming Tool Error: For user xxx: You are not authorized to create file system folder"

Given the above, I have clarified and updated the idea description.
3) David Bly190 (09 Jul 2014)
We delegate user management functions and client management to distributed admins. There are a number of client situations where the solution to a problem is to unroam/reroam a user. Our distributed admins who handle client management cannot perform this function because they don't have access to create the roaming folder during roaming setup. This requires Database Administrators access, which is much more than they need. Roaming configuration works fine for our distributed admins during initial user registration by submitting the requests to AdminP. Perhaps the same could be done for the roaming configuration of existing users?










:
:

Welcome to IdeaJam


You can run IdeaJam™ in your company. It's easy to install, setup and customize. Your employees, partners and customers will immediately see results.

Use IdeaJam to:

  • Collect ideas from employees
  • Solicit feedback and suggestions from employees and customers
  • Run innovation contests and competitions
  • Validate concepts
  • Use the power of "crowd-sourcing" to rank ideas and allow the best ideas to rise to the top

IdeaJam™ works with:

  • IBM Connections
  • IBM Lotus Quickr
  • Blogs and Wikis
  • Websphere Portal
  • Microsoft Sharepoint
  • and other applications.

IdeaJam has an extensive set of widgets and API's that allow you to extend and integrate IdeaJam™ with other applications.

Learn more about IdeaJam >>







IdeaJam developed by

Elguji Software Logo