4.14. Working with recipients sets¶
Recipients sets are a new feature in IDERI note that has been introduced with version 2.3. The recipients sets concept complements the access rights management system in IDERI note in a sensible way and allows to determine in a very fine grained manner those security principals (i.e. users and groups) that other principals are authorized to send messages of certain types to. Using the access rights scheme as outlined in section 4.4, it is, for example, impossible to restrict the potential recipients for a message creator. It is also impossible to restrict a message creator to only send information messages, but no warning messages and alert messages. In addition, using the access rights scheme as introduced in this section, it is impossible to restrict a message creator from creating messages with reception or acknowledgement notifications (note that in lots of enterprises it is not easily possible to use reception or acknowledgement notifications because using them would be a collection of personal data and thus a breach of privacy protection policy).
Put another way, the access settings as introduced in section 4.4 are global settings: Security principals that are granted the “Create new message” access right, are allowed to send any type of message to any recipient in the network with any type of notification required. Conversely, those principals that are denied the “Create new message” access right, are not allowed to send any message to anyone in the network. For lots of environments, such an access rights scheme is absolutely sufficient. However, in larger environments, a more fine grained access control scheme for the authorization of message creation is desirable. This is, where recipients sets come into play.
During the course of the following example we will use again the environment from the preceding sections. Our goal will be, to allow the user Albert.Tross to send IDERI note messages to his colleagues Maria.Cron and Arno.Nym, but to no one else. He should also only be able to send information and warning messages to them, but no alert messages. He should be allowed to create messages with both reception and acknowledgement notifications. In the following, we assume that Albert.Tross is neither a member of the local administrators group on our IDERI note server SV01, nor a member of the ‘IDERI note Admins’ group from section 4.4, that we granted the right to create IDERI note messages. If Albert.Tross now lauches the IDERI note administrator application and tries to create a message, he will receive an “access denied” error message. If Albert.Tross instead tries to determine his rights to send messages using the button labeled “Show my recipients” on the “Recipients Sets” panel of the ribbons “Settings” tab, he will receive a message box as in figure 4.56.
In order to grant Albert.Tross the right to send messages to his colleagues, a user with the “Modify recipients sets data” access right, as briefly mentioned in section 4.4, has to launch the IDERI note administrator and create a new recipients set. In our environment from section 4.4, it will be Adam.Sam’s task to do this, because as a member of the local administrators group of our IDERI note server SV01, he is allowed to create a new recipients set by default. In order to do so, Adam.Sam presses the button labeled “Show recipients sets” on the “Secure recipients” panel of the ribbons “Settings” tab and a dialog as in figure 4.57 will be displayed.
This figure shows, that no recipients sets have been created so far in our environment. If Adam.Sam now presses the button labeled “Add”, a dialog as in figure 4.58 will be displayed. In this dialog, Adam.Sam will supply a name for the new recipients set, which in our case will be “Message Users”. He also adds Arno.Nym and Maria.Cron as recipients and Albert.Tross as the principal who is allowed to send messages to these two recipients. In addition, Adam.Sam ticks the checkboxes for the information and alert message types, but not for the alert message type, and also ticks the two checkboxes for the message reception and acknowledgement notifications, as shown in figure 4.58.
If Adam.Sam now presses the “OK” button in this dialog, a new recipients set will be created and the recipients sets overview dialog will be updated as in figure 4.59.
If more recipients sets are created over time, the user can quickly get an overview of the recipients set contents in this dialog by selecting a recipients set in the list box on the left-hand side. If Adam.Sam now presses the button labeled “Properties”, a property sheet as in figure 4.60 will appear.
The first page on this sheet contains general settings of this recipients set, but since the recipients set is managed by the IDERI note server as a protected object using a security descriptor, the security settings of this recipients set can be inspected or manipulated on the second page of this property sheet, as shown in figure 4.61.
As can be clearly seen in this figure, authenticated users only have the right to read the recipients set’s content. The user Adam.Sam is the owner of this recipients set and therefore has the right to read, write and delete the recipients set as can be seen in figure 4.62.
Albert.Tross has the sole right to send messages to the recipients of the recipients set, as can be seen in figure 4.63.
Last, but not least, the members of the local administrators group of the IDERI note server have the same access rights as the owner of the recipients set , as shown in figure 4.64.
If now, after Adam.Sam has created the recipients set, Albert.Tross launches IDERI note administrator again and tries to determine his rights to send messages using the button labeled “Show my recipients” on the “Secure recipients” panel of the ribbons “Settings” tab, he will receive a dialog like in figure 4.65.
In this dialog, Albert.Tross can easily determine, which type of message he is allowed to send to which users or groups. By means of selecting different nodes in the tree structure with the different message types on the left-hand side, he can easily determine the possible recipients in the list box on the right-hand side of the dialog. If later on, additional recipients groups are created that grant the right to send messages to Albert.Tross or to a group where Albert.Tross is a member of, then this dialog will always show the accumulated access rights of Albert.Tross.
If now Albert.Tross tries to create an information message or a warning message for the recipients Maria.Cron or Arno.Nym, he will now succeed in doing so. However, please note that the recipients of a newly to be created message have to be supplied in the exact same way as they exist in one or more recipients sets, because as part of the check of the send access right to the recipients of a message no AD group memberships of individual recipients in AD groups that are recipients of a recipients set will be evaluated. So if for example, Albert.Tross is given the right to send messages to the domain users group instead of the individual recipients Maria.Cron and Arno.Nym and he tries to send a message only to Arno.Nym, then this will fail with an access denied error, although Arno.Nym is a domain member. As part of the access check of a newly to be created message, the IDERI note server first checks if there is a global right to send messages granted or denied to the creator of the message, as explained in section 4.4. After that it checks for each recipient of the new message whether it exists as a recipient in a recipients set that the creator of the message has the right to send the requested type of message to. So if only the domain users group exists in a recipients set that Albert.Tross is allowed to send messages to, and Albert.Tross supplies Arno.Nym as the message recipient for a new message, then this recipient will not be found in any recipients set and therefore Albert.Tross will be denied to create the message.