20.6.2 To Set or Change a Shared Folder’s Access Control Rights (Sun Java System Messaging Server 6.3 Administration Guide)

Sun Java System Messaging Server 6.3 Administration Guide

20.6.2 To Set or Change a Shared Folder’s Access Control Rights

Users can set or change the access control for a shared folder using the Communications Express interface. Administrators can set or change the access control for a shared folder using the readership command line utility. The command has the following form:

readership -s foldername identifier rights_chars

where foldername is the name of the public folder for which you are setting rights, identifier is the person or group to whom you are assigning the rights, and rights_chars are the rights you are assigning. For the meaning of each character, see Table 20–3.

Note –

anyone is a special identifier. The access rights for anyone apply to all users. Similarly, the access rights for anyone@domain apply to all users in the same domain.

Table 20–3 ACL Rights Characters


Character	Description
`l`	lookup– User can see and subscribe to the shared folder. (IMAP commands allowed: `LIST` and `LSUB`)
`r`	read– Users can read the shared folder. (IMAP commands allowed: `SELECT`, `CHECK`, `FETCH`, `PARTIAL`, `SEARCH`, `COPY` from the folder)
`s`	seen– Directs the system to keep seen information across sessions. (Set IMAP `STORE` `SEEN` flag)
`w`	write– Users can mark as read, and delete messages. (Set IMAP `STORE` flags, other than `SEEN` and `DELETED`)
`i`	insert– Users can copy and move email from one folder to another. (IMAP commands allowed: `APPEND`, `COPY` into folder)
`p`	post– Users can send mail to the shared folder email address. (No IMAP command needed)
`c`	create– Users can create new sub-folders. (IMAP command allowed: `CREATE`)
`d`	delete– Users can delete entries from the shared folder. (IMAP commands allowed: `EXPUNGE`, set `STORE` `DELETED` flag)
`a`	administer– Users have administrative privileges. (IMAP command allowed: `SETACL`)

20.6.2.1 Examples

If you wish everyone at the sesta domain to have lookup, read and email marking (but not posting) access to the public folder called golftournament, issue the command as follows:

readership -s User/public/golftournament anyone@sesta lwr

To assign the same access to everyone on the message store issue the following:

readership -s User/public/golftournament anyone lwr

To assign lookup, read, email marking and posting rights to a group, issue the command as follows:

readership -s User/public/golftournament group=golf@sesta.com lwrp

If you want to assign administrator and posting rights for this folder to an individual, jdoe, issue the command as follows:

readership -s User/public/golftournament jdoe@sesta.com lwrpa

To deny an individual or group access to a public folder, prefix the userid with a dash. For example, to deny lookup, read and write rights to jsmith, issue the command as follows:

readership -s User/public/golftournament -jsmith@sesta.com lwr

To deny an individual or group an access right, prefix the ACL rights character with a dash. For example, to deny posting rights to jsmith, issue the command as follows:

readership -s User/public/golftournament jsmith@sesta.com -p

Note –

Posting messages to a shared folder using the uid+folder@domain address requires that the p (post) access right be used with the readership command. See 20.6.2 To Set or Change a Shared Folder’s Access Control Rights