Thursday, January 10, 2008

SnTT - Need to hide a group?

Recently, I was asked by management if there was a way to make certain groups not available to all mail users in the company. The task might sound like it could be a hard one to accomplish, but by following the steps listed in the help documentation, it's actually pretty straight forward. The users can't see the group in the directory and if for some reason they were to reply to the mail message that was sent to that group, (like on a reply to all), they get a Delivery Failure:Not authorized to send mail to this user or group. Neat feature!

(From the help file)
Restricting users from sending mail to groups listed in the Domino Directory
By default, all users can send mail to groups defined in the IBM® Lotus® Domino™ Directory. To reduce unnecessary mail traffic, you can edit the reader fields for a Group document to restrict access to the group, specifying the users who are allowed to send mail to the group. Only users to whom you grant reader access can send mail addressed to the group. Users who do not have reader access to the group will not be able see the group name listed in the Domino Directory.

The restrictions apply to messages sent to either a group's IBM® Lotus® Notes® address or its Internet address and to messages originating from a Notes client as well as messages sent and received over SMTP (as from an IMAP or Notes client). From a Notes client, a user who does not have permission to use the group receives an error when attempting to send mail to the restricted group. If the same user attempts to mail from a POP3 or IMAP client, the Router generates a Nondelivery report indicating that the sender is not authorized to send mail to the specified recipient.

To restrict users from sending mail to a group

1. From the Domino Administrator, click the People & Groups tab, expand the Domino Directory that contains the group you want to restrict access to, and select the Groups view.

2. Right-click the Group document to manage and choose Document Properties.

3. Select the Security tab (the Key).

4. Deselect the All readers and above checkbox to enable editing of the readers list.

5. To enable a user to send mail to the group, select the user's name in the list.

6. To provide access to users not listed, click the Person icon to the right, add the name in the Select Names dialog box, and click OK. The user's name appears at the bottom of the list with a check next to it.

7. Deselect the names of users you want to prevent from sending mail to the group, including the Anonymous entry.

8. Close the Document Properties dialog box.

6 comments:

Garrett said...

The only thing I would add is to make sure you select your own name or group name (i.e. LocalDomainAdmins) FIRST in step #5. Otherwise you might end up hiding the group from yourself.

Not that I've ever done that. However if you do, you can use Full Access Administration to fix it. Not that I've ever had to do that either.

John said...

Hey Andy,

I've known that you can do this for awhile, but I really think it needs to be simpler and included in the the group doc proper.

In fact, I have that up at IdeaJam

http://ideajam.net/IdeaJam/P/ij.nsf/0/B4015B0D5911A0A7862573BE00743D35?OpenDocument

If you agree, jump on in and vote it up!

-Grey

Andy Donaldson said...

@Garrett - Good to point out! Thanks for the comment!

@Grey - Way ahead of ya buddy. Voted on that a while ago ;-)

Chetan Srivastava said...

Great tip.Thanks a lot Andy.

wasif said...

I have noticed one other thing in this that before Domino 8.5 dwa users were able to send emails to restricted groups. When they sent the email a dialogue box appeared saying no user found, but if you selected "send anyway", the email was sent and delivered to the group.

The only way that I have found to solve this issue is to upgrade to mail85 template.

If you have any other way please share it.

Anonymous said...

We are maybe hide a User when sending mail?