fighting for truth, justice, and a kick-butt lotus notes experience.

Traveler 9.0.1.18 needs Editor access under Maximum Internet Access ACL settings

Detlev Poettgen  Juli 13 2017 01:10:19 PM
A customer called me today, that he has trouble with a few of his Traveler users.
After updating IBM Traveler to v9.0.1.18 users are no longer able to sync and the deletion of these Traveler devices (using the traveler delete command) is not working any more.

When trying to delete the Traveler user using:

tell traveler delete * Detlev Poettgen


He gets this errors on the console:

Traveler: SEVERE  Detlev Poettgen[*] NotesException Notes error: You are not authorized to perform that operation
                          id=4000 occurred trying to access device profiles Exception Thrown: Notes Exception(4000) : Notes error: orized to perform that operation
Traveler: SEVERE  Detlev Poettgen[*] NotesException Notes error: You are not authorized to perform that operation
                         id=4000 occurred trying to access device security profiles Exception Thrown: Notes Exception(4000) : Note not authorized to perform that operation



IBM enabled the Run-as-User function with Traveler 9.0.1.18 and the way Traveler will access the users mail database:


Starting with IBM Traveler 9.0.1.18, the new run as user feature will now be enabled by default. When running as the user, the Traveler server will access the user's mail file as the user ID instead of the server ID.

This feature resolves several long standing issues with accessing the user's mail file as the server ID, including:
  • Honor ACL controls on mail file and corporate lookup for the user.
  • Prevent event notices and automated responses from being sent from the server ID.
  • Prevent the server ID from being assigned as the owner of the mail profile when there is no owner defined.

Important:
For run as user feature to function properly, the Traveler server must be listed as a trusted server in the user's Mail Server document.


So we first checked, if the Traveler server was listed as a Trusted Server in the mail server document.
That was all fine and other users located on the same mail server were able to sync.

So when looking at the ACL of the users mail database, we found really quick the reason:

Image:Traveler 9.0.1.18 needs Editor access under Maximum Internet Access ACL settings

For the users mail database the Maximum Internet name and password access was set to Reader.
After changing it to Editor, the user was able to sync again and a traveler delete command works again.


Update 17.07.2017:


During the last few days I got asked, how you can check, if all your Traveler users are having set Maximum Internetname and password access to Editor.

As far as I know, there is no out-of-the-box solution available from IBM. The Admin-Client will not show this ACL setting in a view and catalog.nsf will not contain this setting.

So I created a small database QuickFix for Traveler , which will query the mail databases of all Traveler users and shows some consolidated database properties (Size, Quota, Template, ACL, Owner, Soft Deletions, Max. Internet Access, #Documents).
From there you can select the databases with Max. Internet access lower then Editor and it will fix it for you.

If you want to use this database, too - just drop me an Email or leave a comment with your mail address. I will send you the QuickFix for Traveler app.





 



Treffpunkte

Archive