APAR status
Closed as fixed if next.
Error description
Unable to complete AdminP Request This request "Request Mail File Deletion" fails with the error message: Error: Both the signer and the author of this request must have Delete Document privileges in the Domino Directory." Customer has a security requirement to have 2 different types of administrators in the Domino Directory. 1.First Type of administrator have Manager Access in the ACL of the names.nsf with all the roles, and with the acl privilege "Delete Documents" 2.Second type of administrator have Manager Access in names.nsf's ACL but without the acl privilege "Delete Documents" When Customer tries to move mail files from server A to server B. The move of the mail file is initiated by the administrator that does not have the privilege to "Delete documents" As a consequence when trying to move the user's mail file from server A to server B, The last action is to perform the request "Request Mail File Deletion" These last action will be performed by the Administrator with privileges to "Delete Documents" on the ACL of the Domino Directory, in this case called " Cleaner Admin/ORG/RU" When the " Cleaner Admin/ORG/RU" performs the request type " Approve Mail File Deletion". Gets the error message when performing the "Request Mail File Deletion" "Title: ORG's Directory Path: names.nsf; Name: Administrator/OU/ORG/RU; Error: Both the signer and the author of this request must have Delete Document privileges in the Domino Directory" Customer considers that this is a Software defect as the administrator that initiate the request does not need to delete the mail file, only will move the mail file ( no delete documents privileges are required for this administrator") Only the last action requires the "Delete Documents" privileges. When administrator approves the "Request Mail File Deletion" the admin needs the "Delete documents" rights but it is not clear why the "Delete Document" privileges are needed for initiation of file move with adminp. STEPS to Reproduce: 1) Have 2 domino servers in 853 version North/ACME South/ACME 2) Register 2 Administrators First administrator " User Administrator/ACME" with Manager Access, all the roles and "Delete Documents" rights in the ACL of the Domino Directory and Second administrator " Second admin/ACME " with manager Access in the Domino Directory, with all the roles and with NO rights to " Delete Documents" in the ACL of the Domino Directory Also make sure that both administrators " User Administrator/ACME" and Second admin/Acme": - Are included in the ACL of the Admin4.nsf with Manager Access - Are included in the ACL of the Certlog.nsf with Manager Acccess. - Are included in the Server Documents of the 2 servers involved in the Security> "Administrators" Field - Are included in the server Document on the 2 servers involved in the Security > Create Databases & Templates Create New Replicas Create Master Templates 3) Register a test user with mail file located in North/ACME server for example " Test User/ACME" 4> With the Administrator " Second admin/ACME " that does not have privileges to " Delete Documents" in the ACL of the Domino Directory, initiate the move of the "Test User/ACME" from server North/ACME to Server/South/ACME" 5> All the following request as performed correctly - Monitor New Mailfile fields - Replace MailFile Fields - Check Mail Server's Access - Create New Mailfile Replica - Add New Mailfile Fields - Push Changes to New Mail server - Get Mail file Information for Deletion 6. When is generated the AdminP request Type " Approve Mail File Deletion" , switch to the Administrator " User Administrator/ACME"( the one that has priviledges to to " Delete Documents" in the ACL of the Domino Directory) Approve the request type " Approve Mail File Deletion" A request type " request Mail File Deletion" is generated this request fails with the error message: Action: Request Mail File Deletion Link to request: Name(s) acted upon: move/ACME Action requested by: User Administrator/ACME Server responding to request: South/ACME Start time: 12:37:43 Today End time: 12:37:43 Today Databases processed: None Errors: Title: Eight's Directory Path: names.nsf; Name: second admin/ACME; Error: Both the signer and the author of this request must have Delete Document privileges in the Domino Directory. Perform request again?: Best regards
Local fix
That the move of the user is performed from beguining to end with administrator that has "Delete Documents2 rights in the ACL of the domino directory, but this is against customer's security
Problem summary
This APAR is closed as FIN. We have deferred the fix to a future release.
Problem conclusion
Temporary fix
Comments
This APAR is associated with SPR# BBSZ8WGFUS. This APAR is closed as FIN. We have deferred the fix to a future release.
APAR Information
APAR number
LO70676
Reported component name
DOMINO SERVER
Reported component ID
5724E6200
Reported release
852
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-07-23
Closed date
2012-08-05
Last modified date
2012-08-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
R852 PSN
UP
[{"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Product":{"code":"SSKTMJ","label":"Lotus Domino"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5.2","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
05 August 2012