How can GroupWise Proxy Access be determined using GWCheck or Mailbox Maintenance?

  • 7000712
  • 27-Feb-2009
  • 11-Sep-2019

Environment

Novell GroupWise 5.5
Novell GroupWise 6.0
Novell GroupWise 6.5
Novell GroupWise 7.0
Novell GroupWise 8.0
Novell GroupWise 2012
Novell GroupWise 2014
Novell GroupWise 18

Situation

It can be difficult to troubleshoot Proxy problems without actually opening the client.
How can Proxy Access be determined using GWCheck or Mailbox Maintenance?
What do the results from GWCheck mean?

Resolution

Proxy rights for individual users can be verified without opening the user's GroupWise client by running GWCheck or Mailbox Maintenance against the PostOffice with: Analyze/Fix Databases, Contents with Databases to User and Logging to Verbose.

This will show up in the log as follows:

### GENERIC_RECORD check- ACCESS_Record
Access granted for user USERID = <value>
Access granted for user USERID.PO.DOMAIN@INTERNET_DOMAIN_NAME = ##
 
The first iteration of the "Access granted for user" log entry will display either the Display Name or UserID followed by what the user's access privileges are, based upon a bit mask.  The second iteration of the "Access granted for user" log entry is displaying the email address for that same user and the number that follows is actually the character length of that string.
 
Notes:  The following numbers can be seen in the log file indicating which Proxy rights have been granted.  The value given is the sum of the individual rights.  I.E. Read and Write to Tasks = 48.
 

0       On the Access Rights list but with no rights given
1       Read Mail/phone
2       Write Mail/phone
4       Read Reminder Notes
8       Write Reminder Notes
16      Read Tasks
32      Write Tasks
64      Read Appointments
128     Write Appointments
256     Subscribe to my notifications
512     Read items marked private
1024    <not used>
2048    <not used>
4096    <not used>
8192     Subscribe to my alarms
16384    <not used>
32768    <not used>
65536    <not used>
131072   <not used>
262144   <not used>
524288   <not used>
1048576  Modify folders
2097152  Modify Rules
4194304  Modify security options
8388608  Modify regular options


NOTE: To do this on all users, simply run the GWCheck against the entire post office rather than a single user.
Example:
 
313 GENERIC_RECORD check- ACCESS_RECORD
Access granted for user JDOE =  8963
Access granted for user JDOE.PO1.SOME_DOM@novell.com = 28
 
This example user would have the following access privileges upon the sum of the value following the first iteration of the user's ID:
8192    Subscribe to my alarms
512      Read items marked private
256      Subscribe to my notifications
2          Write Mail/phone
1          Read Mail/phone
-------------------------------
8963    Total

Additional Information

Formerly known as TID# 10050654
 
In GroupWise 7, the second iteration of "Access granted for user USERID.PO.DOMAIN@INTERNET_DOMAIN_NAME = ##" was added.

Helpful TIP:
In order to make checking log files for users who have given out"All User Access", a customer provided feedback with a trick that they do.  On linux, they take the GWCheck log file and run the following command on it: "grep -E 'Checking user|Access granted'<gwcheck.log_or_.ckl_file> > po-output.log".  So this command would take a gwcheck.log or a .ckl from the /postoffice/wpcsout/chk directory, scan for user and their proxy access settings and put the output to another file for easier reading.  So as an example, if this was to be ran on a .ckl file it may look like: grep -E 'Checking user|Access granted' 4e459c48.ckl > po-output.log, The output provided may look similar to this:
Checking user = Resource1 (dbi / 177)    121856 bytes, 08/12/11 20:00 (Resource1 Resource1 [])
Checking user = LTU801 (dct / 224)    249856 bytes, 08/12/11 20:00 ( a [])
     Access granted for user <All User Access> = 10239

Change Log

2/27/09 - Added second iteration with corresponding information relating to it and when it approximately added.