Environment
Novell GroupWise 2012
Novell GroupWise 8
Situation
The Administrator has determined that User's with Minimum User Access have more proxy rights.
Determine who has given users with Minimum User Access right more proxy rights than they should.
Determine who has given users with Minimum User Access right more proxy rights than they should.
Resolution
In the instance of this customer, all users are supposed to give Minimum User Access proxy rights to read their calendar. The GroupWise Administrator wanted to determine who has given the appropriate rights to Minimum User Access, and who has given more rights to Minimum User Access.
1. Run GWCHECK either from the Standalone GWCHECK utility or the GWCHECK available in the form of Mailbox/Library Maintenance.
2. Do an Analyze/Fix of the Contents of the User databases (not message databases). Don't even bother to do the "Fix Problems" in this run, we want this to be as quick of a GWCHECK run as possible. Make sure to put the Logging onto "Verbose logging".
3. View the GWCHECK log file. If you run the standalone the log will come up with the GWCHECK utility. For more details on GWCHECK logging, see documentation: https://www.novell.com/documentation/groupwise2012/gw2012_guide_admin/data/a3n60l6.html#abbxisq
4. Search the log for statements such as this:
181 GENERIC_RECORD check- ACCESS_RECORD
- User [taykratzer] has granted "Minimum User" Access rights
Access granted for user "Minimum User" = 64
The access granted line tells you the access that has been given to Minimum User. In this case the user taykratzer has given everyone rights to view his calendar. That's what the 64 means. If the value were "1" that would mean that taykratzer gave everyone rights to read his mailbox.
Notes: The following numbers can be seen in the log file indicating which Proxy rights have been granted. Combinations are the sum of the individual rights. I.E. Read and Write to Tasks = 48.
0 On the Access Rights list but with no rights given
1 Read Only Mail/phone
2 Write Mail/phone
4 Read Reminder Notes
8 Write Reminder Notes
16 Read Tasks
32 Write Tasks
64 Read Appointments
128 Write Appointments
256 Subscribe to my notifications
512 Read items marked private
1024 Modify options/rules/folders
Archive items (disabled)
8192 Subscribe to my alarms
10239 Everything
NOTE: To do this on all users, go into GroupWise View, select all folks in the post office, right-click and select mailbox maintenance for all the users. It is apparently not possible to get this information when you do the verbose logging and just run it on the entire post office.
1. Run GWCHECK either from the Standalone GWCHECK utility or the GWCHECK available in the form of Mailbox/Library Maintenance.
2. Do an Analyze/Fix of the Contents of the User databases (not message databases). Don't even bother to do the "Fix Problems" in this run, we want this to be as quick of a GWCHECK run as possible. Make sure to put the Logging onto "Verbose logging".
3. View the GWCHECK log file. If you run the standalone the log will come up with the GWCHECK utility. For more details on GWCHECK logging, see documentation: https://www.novell.com/documentation/groupwise2012/gw2012_guide_admin/data/a3n60l6.html#abbxisq
4. Search the log for statements such as this:
181 GENERIC_RECORD check- ACCESS_RECORD
- User [taykratzer] has granted "Minimum User" Access rights
Access granted for user "Minimum User" = 64
The access granted line tells you the access that has been given to Minimum User. In this case the user taykratzer has given everyone rights to view his calendar. That's what the 64 means. If the value were "1" that would mean that taykratzer gave everyone rights to read his mailbox.
Notes: The following numbers can be seen in the log file indicating which Proxy rights have been granted. Combinations are the sum of the individual rights. I.E. Read and Write to Tasks = 48.
0 On the Access Rights list but with no rights given
1 Read Only Mail/phone
2 Write Mail/phone
4 Read Reminder Notes
8 Write Reminder Notes
16 Read Tasks
32 Write Tasks
64 Read Appointments
128 Write Appointments
256 Subscribe to my notifications
512 Read items marked private
1024 Modify options/rules/folders
Archive items (disabled)
8192 Subscribe to my alarms
10239 Everything
NOTE: To do this on all users, go into GroupWise View, select all folks in the post office, right-click and select mailbox maintenance for all the users. It is apparently not possible to get this information when you do the verbose logging and just run it on the entire post office.
Additional Information
This may have been user error, or it may be because of known issues with the GroupWise allowing Minimum User Access to gain more access then the user has specified.
Formerly known as TID# 10058931
Formerly known as TID# 10058931