IBM Support

LO70676: UNABLE TO COMPLETE ADMINP REQUEST "DELETE DATABASE REQUEST"

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as fixed if next.

Error description

  • Unable to complete AdminP Request This request "Request Mail
    File Deletion" fails with the error message:
    
    Error: Both the signer and the author of this request must have
    Delete Document privileges in the Domino Directory."
    
    
    Customer has a security requirement to have 2 different types of
    administrators in the Domino Directory.
    
    1.First Type of administrator have Manager Access in the
    ACL of the names.nsf with all the roles, and with the acl
    privilege "Delete Documents"
    
    
    
    2.Second type of administrator have Manager Access in
    names.nsf's ACL but without the acl privilege "Delete
    Documents"
    
    
    When Customer tries to move mail files from server A to
    server B. The move of the mail file is initiated by the
    administrator that does not have the privilege to "Delete
    documents"
    
    
    
    As a consequence when trying to move the user's mail file from
    server A to server B, The last action is to perform the request
    "Request Mail File Deletion"
    
    These last action will be performed by the Administrator
    with privileges to "Delete Documents" on the ACL of the Domino
    Directory, in this case called  " Cleaner Admin/ORG/RU"
    
    
    When the  " Cleaner Admin/ORG/RU"   performs
    the request type " Approve Mail File Deletion". Gets the error
    message when performing the "Request Mail File Deletion"
    
    "Title: ORG's Directory Path:
    names.nsf; Name: Administrator/OU/ORG/RU; Error: Both the signer
    and the author of this request must have Delete Document
    privileges in the Domino Directory"
    
    
    Customer considers that this is a Software defect as the
    administrator that initiate the request does not need to delete
    the mail file, only  will move the mail file ( no delete
    documents privileges are required for this administrator")
    Only the last action requires the "Delete Documents"
    privileges.
    
    
    When administrator approves the  "Request
    Mail File Deletion" the admin needs the "Delete documents"
    rights but it is not clear why the "Delete Document" privileges
    are needed for
    initiation of file move with adminp.
    
    STEPS to Reproduce:
    
    1) Have 2 domino  servers in 853 version
    
    North/ACME
    South/ACME
    
    
    2) Register 2 Administrators
    
    First administrator " User Administrator/ACME" with Manager
    Access, all the roles and "Delete Documents" rights in
    the ACL of the Domino Directory
    
    and  Second administrator " Second admin/ACME " with manager
    Access in the Domino Directory, with all the roles and with NO
    rights to " Delete Documents" in the ACL of the Domino Directory
    
    
    
    Also make sure that both administrators " User
    Administrator/ACME" and Second admin/Acme":
    - Are included in the ACL of the Admin4.nsf with Manager Access
    - Are included in the ACL of the Certlog.nsf with Manager
    Acccess.
    - Are included in the Server Documents of
    the 2 servers involved in the Security> "Administrators" Field
    - Are included in the server Document on the 2 servers involved
    in the Security > Create Databases & Templates
    Create New Replicas
    Create Master Templates
    
    3) Register a test user with mail file located in North/ACME
    server for example " Test User/ACME"
    
    4> With the Administrator " Second admin/ACME " that does not
    have
    privileges to " Delete Documents" in the ACL of the Domino
    Directory, initiate the move of the "Test User/ACME" from server
    North/ACME to Server/South/ACME"
    
    5> All the following request as performed correctly
    
    - Monitor New Mailfile fields
    - Replace MailFile Fields
    - Check Mail Server's Access
    - Create New Mailfile Replica
    - Add New Mailfile Fields
    - Push Changes to New Mail server
    - Get Mail file Information for Deletion
    
    6. When is generated the AdminP request Type " Approve Mail File
    Deletion" , switch to the  Administrator " User
    Administrator/ACME"( the one that has priviledges to
     to " Delete Documents" in the ACL of the Domino Directory)
    
    Approve the request type " Approve Mail File Deletion"
    
    A request type " request Mail File Deletion" is generated
    this request fails with the error message:
    
    Action: Request Mail File Deletion
    Link to request:
    Name(s) acted upon: move/ACME
    Action requested by: User Administrator/ACME
    Server responding to request: South/ACME
    Start time: 12:37:43 Today
    End time: 12:37:43 Today
    Databases processed: None
    Errors: Title: Eight's Directory Path: names.nsf; Name: second
    admin/ACME; Error: Both the signer and the author of this
    request must have Delete Document privileges in the Domino
    Directory.
    Perform request again?:
    Best regards
    

Local fix

  • That the move of the user is performed from beguining to end
    with administrator that has "Delete Documents2 rights in the ACL
    of the domino directory, but this is against customer's security
    

Problem summary

  • This APAR is closed as FIN. We have deferred the fix to a
     future release.
    

Problem conclusion

Temporary fix

Comments

  • This APAR is associated with SPR# BBSZ8WGFUS.
    This APAR is closed as FIN. We have deferred the fix to a
     future release.
    

APAR Information

  • APAR number

    LO70676

  • Reported component name

    DOMINO SERVER

  • Reported component ID

    5724E6200

  • Reported release

    852

  • Status

    CLOSED FIN

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-07-23

  • Closed date

    2012-08-05

  • Last modified date

    2012-08-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

  • R852 PSN

       UP

[{"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Product":{"code":"SSKTMJ","label":"Lotus Domino"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5.2","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
05 August 2012