Mail file access

You can control access to mail files. For example, you can allow a group of administrators to access mail files. Or In hybrid environments, you can allow on-premises servers to run agents that access mail files in the service.

You can set access to mail files in the following ways:
  • Change access control lists in mail files before you migrate the mail files to the service.
  • Use a custom mail template to set access to mail files of new users as you provision them. This method does not change access to mail files that are migrated to the service or to mail files of users that are already provisioned. For more information, see the information about access control lists in the wiki article SmartCloud Notes® template validation requirements.
  • Use SmartCloud Notes Administration to set access to mail files of users who are already provisioned.
The following table describes the levels of access allowed:
Table 1. Mail file access levels
Access level Description
No Access Specified name cannot access the mail file.
Reader Access Specified name can read but cannot change mail file documents.
Author Access Specified name can read and create mail file documents.
Editor Access Specified name can read, create, edit, and delete mail file documents.
Note the following differences from database access control in a traditional Domino environment:
  • The mail file owner has Editor access, and you can't change the access level for the mail file owner. To prevent a user from accessing his or her mail file, suspend or delete the user.
  • You can't set access roles or access level privileges.
  • The default access level is No Access. You can't change the default access level, but a mail file owner can change default access through delegation.
  • The Anonymous access is set to No Access and can't be changed. The cloud servers do not allow anonymous access to mail files.
  • You can't assign Designer access as you do in a traditional Domino environment. However, company administrators can change the design of a mail file by applying a standard or custom template through SmartCloud Notes Administration.
  • You can't assign Manager access. The following table describes how actions that Manager access allows in a traditional Domino environment are handled in the cloud:
    Table 2. How actions allowed by Manager access in Domino are handled in the cloud
    Tasks controlled through Manager access in on-premises Domino Cloud behavior
    Encrypt database All mail files are encrypted.
    Modify replication options Only mail file owners can change replication options.
    Modify database access control list Any person with the Administrator role in the user account in the cloud can change mail file access through the SmartCloud Notes administration interface.
    Delete database Mail files are deleted only after a person with the Administrator role removes a user's cloud email subscription.
  • You can't add the name of an on-premises server to the access control list. To control the access of on-premises servers, add the servers to a group in the directory, and add the group to the access control list.
  • You can assign access to groups you create in the directory, but not to the following standard groups that are seen in traditional Domino environments: LocalDomainAdmins, LocalDomainServers, OtherDomainServers. In addition, you can't assign access to names that begin with the letters Saas.