Tip:
Highlight text to annotate it
X
This video shows how to change a user's mail file ACL with ID Manager.
Please note that users that create Change Mail File ACL requests in ID Manager do not have to have any access to the user's mail file to
successfully create a request.
To start, click on the "Change A User's Mail File ACL" button.
Select the Profile To Use. This is a document that provides a number of default values for ID Manager.
Select the name of the user that you're going to change the Mail File ACL for. The user's mail server and mail file will be displayed.
Select the actions that you want to perform. You can add, modify or delete an ACL entry using this utility.
ID Manager administrators can control which of these actions are available to users.
For example, you can allow a user to add an ACL entry, but not modify or delete ACL entries.
For this demo, I'm going to perform all three actions.
First I'm going to add a new ACL entry to this mail file.
Select the name of the user to add to the mail file ACL, select the user type, access level and other ACL settings.
Next I'm going to modify an existing ACL entry
Select the ACL entry to modify. Note that even though the requester has no access to the user's mail file, only existing ACL entries are
available to select.
Also note that the -Default- ACL entry, the mail file owner's ACL entry and the administration server's entry are available to be modified.
ID Manager administrators have the option to prevent these ACL entries from being modified.
For this demo they are available.
ID Manager administrators can also protect specific ACL entries to prevent them from being modified. In this demo, "LocalDomainAdmins",
"LocalDomainServers" and "OtherDomainServers" have been protected and can not be selected for modification.
The current ACL settings for the selected user will be displayed.
Select the new user type, access level and other ACL settings.
Next I'm going to delete an existing ACL entry.
Select the ACL entry to delete. Note that even though the requester has no access to the user's mail file, only existing ACL entries are
available to select.
Also note that the the mail file owner's ACL entry and the administration server's entry are not available to be deleted.
ID Manager administrators have the ability to prevent these ACL entries from being deleted.
For this demo they are not available.
ID Manager administrators can also protect specific ACL entries to prevent them from being deleted.
In this demo, "LocalDomainAdmins", "LocalDomainServers" and "OtherDomainServers" have been protected and
can not be selected.
This request was created with a status of "Approved", but requests can also have an initial status of "New" where someone will need to
approve the request before it will be processed. Whether the initial status is new or approved is controlled by the Change Mail File ACL profile
document.
Normally, ID Manager would automatically process this request after it is saved and closed, but for this demo, I'm going to press the
"Change ACL Now" button.
Many of the buttons that are visible here would not be visible for a help desk user. For example, the "approve", "deny" and "hold" buttons and the
"change ACL now" button would usually not be visible. Whether a button is hidden or visible is controlled by the ID Manager administrator.
This request is complete. Let's take a look at at the ACL.
This is the ACL of the user's mail file. Manager access to the mail file is required for this action.
Here you can see that the ACL entry added by ID Manager is now in the ACL, the modified ACL entry has been modified, and the
deleted ACL entry is gone.
For more information on changing a user's mail file ACL with ID Manager, please see the ID Manager documentation database.