Granting Selected Rights for a Temporary Admin

Novell Cool Solutions: Tip
By David Gersic

Posted: 24 Jan 2007


A Forum reader recently asked:

"I have someone coming in this week to update the name, title, phone number, etc., in ConsoleOne so our GroupWise address book more accurately reflects our current user community. I have often set file rights for users but have never had the need to set edit-only rights that would allow for updating but not deleting users. What is the easiest way to go about doing something like that? I certainly do not want to give him full admin rights to the tree."

And here's the response from David Gersic ...


Give this person the ACLs in the directory that they need. In this case, they need to be able to read and write the Given Name, Surname, Full Name, Title, and Telephone Number attributes - maybe a few more.

Then he'll have to make sure that the GroupWise process that updates the address book from eDirectory actually does what it's supposed to, unless he also wants to give this clerical person the GroupWise admin utilities and rights within GroupWise to make these changes.

Assuming you give them ACLs to allow them to access these attributes in eDirectory, how are you going to get the changes in to GroupWise?

It's a trick question, somewhat, as there are several possible answers.

1) You can give this person sufficient rights in eDirectory, plus give them rights to administer GroupWise. Then with the GroupWise administration utilities (ConsoleOne snap-ins) they can make the changes directly.

2) You can have them update eDirectory only and use GroupWise's data import/sync process to update the GroupWise address book from the directory.

3) You can run the IDM driver for GroupWise, which will automatically sync the eDirectory changes into the GroupWise database in real time.

Peter Kuo adds:

I'd have this person create an LDIF with the proper info, and then the administrator can import the file ... no rights required!

