8.7 Dynamic Queries and Security
Only the LISTSERV administrator can define new dynamic queries. Once a query has been defined, list owners can use them:
- For access-control purposes, without any special authorization from the LISTSERV administrator. In an access-control scenario, the result of the dynamic query is a simple yes/no/error response. The data returned by the query is processed only to the extent necessary to determine if the attempted action is authorized or not.
- For enumeration purposes, if authorized by the LISTSERV administrator (see below). The result of an enumeration is a list of e-mail addresses that LISTSERV may process further, for instance to send an administrative notice to the e-mail addresses enumerated in the “Notify=” list header keyword. In an enumeration scenario, LISTSERV only queries the e-mail and full name attributes of the directory (for DBMS queries, LISTSERV fetches all columns but discards all but the e-mail and name columns).
- To augment the membership of a mailing list, if authorized by the LISTSERV administrator (see below). In this scenario, all attributes are made available.
Note: There is no way for a list owner to obtain a list of available queries. List owners can only learn of the availability of pre-defined queries from the LISTSERV administrator. List owners are also unable to view the query definition.
To authorize the use of a dynamic query in a list header keyword, the LISTSERV administrator must update the list header the first time the query is used. From then on, the list owner can take of day-to-day list header management, and in particular, may:
- Update other keywords in the list header than the one containing the query.
- Change non-query elements in the keyword containing the query. For instance, if the “Notify=” keyword was changed to contain a query, the list owner can add additional e-mail addresses to the keyword.
- Change the relative position of the query within the keyword. For instance, change the relative position of a query in a “Sub-Lists=” keyword, where sub-lists are processed in the specified order.
- Remove the query altogether. In that case, only the LISTSERV administrator can re-add the query.
Authorization is on a per-keyword basis, and includes all parameters. A list owner authorized to use the DEPT query with parameter HR in the “Notify=” keyword can only use it in this keyword, and with the HR parameter.