Head in a blender

3 system templates that give LocalDomainServers only Designer access

Andrew M Pedisich  October 2 2008 02:37:14 PM

This isn't a big deal, but it might be worth mentioning.

I have a very strong point of view about changing the replica IDs of all system templates on the first server that I upgrade in a domain.  And that is, change them!  Every system template from every release has the same replica ID.  Admin4's rep ID  has been the same forever.

To avoid have a mish mosh of design elements, change the replica IDs.

To avoid upgrading the design of databases on servers that haven't been upgraded yet, change the replica IDs.

Typically, I use Surely Template to change them.  This is an app that's available at http://www.OpenNTF.ORG.  It was put together by Rocky Oliver and several other generous individuals.  I change them on a test server.  Then after I upgrade a production server, but before I re-start it, I replace the default templates with my special ones.

When I last did the upgrade to 8.0.1, I noticed that the application was unable to change the replica IDs of several system templates.  Just now I was preparing some for 8.0.2 upgrades and found the same thing.

ADMIN4.NTF

CERTLOG.NTF

DBA4.NTF

Turns out these three have LocalDomainServers set to Designer.  Manager is reguired by the Surely Template application.

But when you think about it, why shouldn't LocalDomainServers have Manager access to all templates?  No reason not to, is there?

- Andy


Comments

1Victor Toal  10/6/2008 11:38:42 AM  3 system templates that give LocalDomainServers only Designer access

I have advocated changing replica IDs of templates for years as well and am always happy to find others that do that as well, makes me feel better about it "Hmm, so I'm not paranoid and need a jacket with long sleeves - good!".

As far s the access to the templates go ... I am not sure why they would have that set to designer only. Maybe because they are system dB templates they wanted to add a small level of security so that ACL changes would not "just happen" to them (replication with other domains and their templates, etc.).

Just one theory ... I could be wrong and it was just somebody at Lotus nt updating correctly ...

2Paul Mooney  10/6/2008 12:12:59 PM  3 system templates that give LocalDomainServers only Designer access

I tend to lower localdomainservers access to as many databases as possible to editor with all roles, just to stop design screwups. It limits risk by only allowing push-outs from the hub

But, in this case, I reckon it was a mistake.

"Test"