Your post made me go back and look at my test...just in case I missed something (as it definitely sounded like we're seeing different things).
There's a few things to note
- - the server (in this case, the Router) would have access to all the person docs, so yes, once an email has been accepted into mail.box, the server will try to route it
- - however, with "Mail on server" (as per location doc), a properly configured xACL would flag all addresses that don't match a valid entry, like this:
Consequently, Road Runner would be removed from the recipients list before the email reached the router. Again, that's for "mail on server" scenarios.
Local mail would likely work differently (e.g. could go directly into mail.box, and then not be checked again upon connection to the server). Of course type-ahead also works differently with local mail, as the server's NAB isn't referenced (so we're still OK for Jake's desired scenario--prevent /webusers from showing up in addressing type-ahead). Local replica of directory assistance is another matter...
Main thing is, what Jake needed is definitely possible in ND6. The /webusers don't appear in type ahead or the address dialog. If the name is typed out completely, a dialog pops up (like the one above). I tried it out, and it worked.
Unfortuntely there's a bug....which we'll get to in a second...
First, a correction for my earlier post:
>>Only hitch so far is that the /webusers were still viewable in the "Person" view. Perhaps tweaking those rules further would prevent that as well (it was only a quick test for me, so I didn't go the full route of testing for that too...call me lazy ;-)<<
Well, not so much a correction as a confirmation. The granularity available with xACL does allow you to target 'person' documents directly (browse, read, create). By denying the ability to browse those docs (for the given 'category' of users) the documents are no longer displayed in the view.
In theory anyway...and really, I did see it work that way. But here's the bug...
If you re-save a NAB document (either in the Administrator, or in the Notes client), the xACL rules no longer prevent the doc from appearing a view... At least with currently available versions of Notes.
Side effect is that the type-ahead 'prevention' no longer works either (once a doc is re-saved). Ouch.
Apparently a fix is in the works. Hopefully it makes the cut for 6.0.3 (due out next month).... Until then, my "solultion" is pretty useless... Doh.
This bug has other implications too. If you try to prevent users from even viewing the server doc, well, first edit of the server doc and it's visible again (although they can't open it). All in all, the bug takes a big bite out of the granularity that xACL can provide. Hopefully it's fixed soon.
In the meantime, the bug explains why we saw different results. My test docs hadn't been resaved in quite a while. So the type-ahead prevention worked, the address dialog worked, the docs were even hidden when opening the NAB directly... Re-saved 'em...and boom.
Return to top
. . . . re: Extended ACL should do the tric... (~Richard Rerebu... 18.Jul.03) 
Print this page
