Hiding Users
I've read a few post on how to hide a single user from being visible in the Domino Directory. Has anyone come up with a way to hide everyone from a single user? We have a new business we are looking to get into. We will have a "sales force" (they aren't our employees, they're agents or brokers or something) that need to have a company email address for our business. Would like to have them in our existing Domino domain (so I don't have to set something new up). They are going to be INotes only users. We're running V8.5 on the servers. It's almost like we have a wholly owned subsidiary where we're going to be running their infrastructure, but don't want them fully integrated into ours.
Any ideas would be appreciated!
|
Ratings
0
Comments (6)
The typical approach of hiding one user from most others involves setting read restrictions on their document in the Directory to LocalDomainServers, LocalDomainAdmins, etc., so that the user can still receive email and support but is hidden from everyone else.
To flip that around, if you wanted to hide everyone from a single
user or group, create a group that contains everyone that should be
hidden, and add that group to the readers list for the hidden
users. This will allow everyone who is hidden to see each other,
but anyone who isn't hidden can't see anyone who is. Just be
certain to also include LocalDomainServers and LocalDomainAdmins,
for the reasons mentioned above.
Tim,
For hiding a single user, what you suggest in the first paragraph
is basically what I've seen on the net before.
For hiding the directory from that user, I had thought about
basically what you suggest in the second paragraph. I was just
hoping someone else had a better solution. This one strikes me as
way to much manual overhead and error prone (because it's all
manual).
The best way to further restrict access to the directory you should use the Extended ACL (XACL).
You can restrict based on hierarchical. For example you can deny
all users in */dept1/Acme access to the target OU=dept2.
You can also restrict at the field level.
Two main points to be aware of (as it can be confusing).
1. You can only restrict access, never give more access.
2. Disabling fields from being read can stop some things from
working for the user.
What about Directory Assistance and putting these users into another Domino Directory, where you'll limit access to existing people? So the server will route the emails, administrators will have two list of people (one existing and one new) and each group will be able to select from their own people. Could be quite elegant solution.
I think a separate address book with Directory Assistance isn't a bad idea for this, but you're still going to be able to see the people in the primary address book as well unless you implement one of the other solutions.
@5 Are you sure? How that could be, when the people will be in second Domino Directory into which you aren't able to see? At least my experience tell me :)