Postby implodeme » Mon Sep 13, 2010 6:59 pm
Figured this out. I was improperly using ommodaci
ACI entries are related to the entries within a group and not the group itself.
aci for groups exist [Implicit allow] -- if a group exists there is a system aci set (everyone)
omshowaci - list all defined users of a aci for a group if defined, else respond with message omshowaci : [OM 18206] The directory entry has no ACI item defined.
omaddaci - this is used to create a new entry to a group alias.
**Not tested is how this affects the [implicit allow] default. The assumption is you would need to first set "none" for Local Users, Default, and then "read" for users you want to allow. Notes from my previous system admin indicate if not using the implicit allow all aci values will need to be defined.
ommodaci - this is in reference to an already added entry into a group. Example: change the perms for "Manager Two" in my example below
In the case of my configuration change.
#> omshowaci -l SendToEveryone
Manager One read
Manager Two read
Scalix Administrators config modify read remove
Local Users none
Default none
I need to add 'Manager Three'
#> omaddaci -l SendToEveryone -n "Manager Three" -c read