4.4. General security policy settings¶
You will have noticed, when selecting the default security settings for new messages in the preceeding section, that there is another security related button in the “Security” panel of the ribbon’s “Settings” tab, the “General policy settings” button. Using this button and changing the settings in this dialog you can customize general settings that pertain to operations that users can perform against the IDERI note server. If we select this button in the environment used in the preceeding sections, a screen like in figure 4.17 will appear.
As you can see, the settings that can be made using this dialog govern who is allowed to create or delete messages, and who is allowed to do other privileged operations such as enumerating clients that are currently connected to the IDERI note server, sending alert messages to clients using the Push-Model, or enumerating and modifying recipients sets. These privileged operations will be explained in the subsequent sections, so you should not worry if you currently have no idea what they mean. All you should know is, that these are privileged operations whose execution authorization can be adjusted by an IDERI note administrator.
Now you should also understand why it is a requirement to start the IDERI note administrator as a member of the local administrators group of the server where the IDERI note service runs, when starting it for the first time. This is simply because the default settings after installation of the IDERI note server only grant the members of the local administrators group on the IDERI note server the right to create a message. However, just like in the preceeding section where we granted the group ‘IDERI note Admins’ additional rights to the default message rights, you can modify the general policy settings as you see fits your needs. In order to continue our analogy to the preceeding section we will add the group ‘IDERI note Admins’ with full access rights to the general policy settings. If we add the group we will get a screen like in figure 4.18.
Note that after adding the new principal ‘note\IDERI note Admins’ only the default access rights “Create new message” and “Enumerate connected clients” are selected by default. Feel free to select the other two more privileged access rights “Delete Messages” and “Send Alerts to Clients” so that the the screen looks like figure 4.19.