Stephen Bailey commented on Apr 16, 2008

Policies parameter management

Surely it would be better to have the ability to resign the policies view with an admin id once the policy documents have been updated.

I understand that IBM are recommending the practise of using generic ids in case an admin leaves the company, and any policies that the admin had signed cease to work - is that it?

Having said this, generic accounts are basically dangerous if they are not carefully managed - they should always be used with care.


Jérôme Deniau commented on Feb 15, 2008

Policies parameter management

Just if Lotus users can search (full text search), if they do search for your account they will find all documents to match your personal name. that probably will not matter in your situationn, but it can have impacts on a provider helpdesk site. If the administrator does not have a generic name, the "end user" can directly call the company and ask to connect to the real administrator name, if you do use a generic administrator ID (ie: admin02), no one can be connected by phone to this administrator. It is a simple security point of view of course. Of course you should maintain a mapping list for Admin IDS and personal ID inside the company, plus dual security to use the admin ID (ID password + ID card together).

Stefan Erndl commented on Feb 15, 2008

Policies parameter management

While I can clearly see the technical reasons why not to use a personal ID, using a non-personalized account/ID is not an option for us. External auditors go straight through the roof in case they detect anything like this, as we (like all NASDAQ listed enterprises) have to comply with SEC rules. As for a personalized, 2nd "admin" account, I do not get the point - what would be the advantage compared to using my personal ID then ?

Thanks & Regards,