4.3. Default message security settings¶
In section 4.2, we showed the security settings of the first message and raised the question, where the security principals that can be seen after the creation of the message come from. In fact, these settings can be customized to suit your particular needs in your environment. To do this, select the button “New message defaults” from the “Security” panel of the ribbon’s “Settings” tab in IDERI note administrator. If we do so in our environment that we used in the preceeding sections, we will get a screen that looks like figure 4.13.
You will notice that by default the group of administrators on the server where the IDERI note service is running, have full access, except for the “Receive message” access right. Now let’s look at the access right of “Authenticated Users”, like in figure 4.14.
Notice that authenticated users have the “Read Permissions” access right. This is necessary so that ordinary users can at least view the security settings. The third entry that is added to the default security settings for new messages is shown in figure 4.15.
Notice that by default, CREATOR OWNER has the same access rights as the administrators group on the IDERI note server computer.
CREATOR OWNER serves as a placeholder for the user who creates a message. During message creation, the default security settings for new messages are applied to the new message and CREATOR OWNER gets replaced by the user who actually currently creates the message and is therefore the owner of the new message. Because the owner of a message, just like the owner of any resource in Windows® NT derived operating systems, can assume full access rights to a message anyway, the owner gets full access rights (except for the “Receive Message” access right) by default.
Using this dialog for default security settings of new messages, you can change the default settings to your heart’s content. You might for example want to ensure that one group in your AD always has administrative access to all newly created messages, so that members of this group can modify or delete existing messages without having to be members of the local administrators group on the IDERI note server. In our example we do this by simply creating a new group in AD that is named ‘IDERI note Admins’ (note\IDERI ntoe Admins) and adding it to the default security settings like in figure 4.16.
Another advanced usage of these security settings can be employed if you almost always send messages to a certain group or the same users. As an example, if you almost always send your messages to all domain users, then you can simply add “Domain users” with only the “Receive Message” access right set in the default security settings for new messages. The result will be, that whenever you create a new message, “Domain Users” will already be added in the list box that contains the recipients of a newly created message. So the recipients list box will be prepopulated and you don’t have to add your typical recipients by browsing for users and groups using the standard dialogs. Note that you can still delete “Domain Users” from the recipients list box before pressing the OK button, if you happen to create a message that should not be sent to “Domain users”, so this merely serves as a convenience.
Note:
In the example above we changed the security settings for those messages that we will create in the future. That means that our first message that we created in the preceeding section 4.2 will remain unaffected.