Friday, September 5, 2008

IMtegrity: allow a manager to review his employee’s recorded chats, without giving full access to the system

Q: We just implemented IMtegrity and Sametime and I’m trying to figure out how to allow a manager to review his employee’s recorded chats, without giving full access to the system. Can you point me in the right direction?

It is possible in Imtegrity 4.x. You will need to create one rule per manager. The rule will determine whether or not a person in the chat belongs to the folks who the manager is responsible for, and if so, add the managers name as an addtl. reader to the chat logs. That way, he doesn't need the 'ReadEverything' role; he'll only be able to read chat logs where he got added as a reader by a successful rule match.

You have 2 options to setup these rules (you will need one rule per manager):

- If you use OU's in your naming convention (say "Frank Foo/Marketing/NRG"), and there is a designated manager for "marketing", then they can use the "Participants names match:" expression in the rule and set it to */ou=marketing/* for example.

- If you can't use that, you will want to first set up some domino groups, ie. every manager has a group with all the folks who report to him. Then you can use the "Participants are members of the these Lotus Domino groups:" expression and just list the group name, ie. "Marketing".

Finally, the rule simply adds the managers name to the chat logs as an additional reader via the "Add Reader Access" expression.
That way, the manager has reader access of only the chat logs of people he's the manager of.

Steps to create one or more rules:

- Open imtconfig.nsf using a Notes Client
- Select Action Rules in the left outline, then click the "New Action Rule..." action
- then either use
"Participants names match:"
"Participants are members of thethese Lotus Domino groups:"

- "Add Reader Access" and add the name of the manager

Repeat for each manager. No need to restart or anything, the rule will automatically start to work at the next import interval.

No comments: