Securing your Domino Leap deployment
The data for each Domino Leap application is stored in a separate Domino database. The
ACLs of the database, the permissions, and the access to documents within it are matched
as closely as possible to the Domino Leap permissions model - which is enforced by
Domino Leap code. One difference is that Domino Leap offers a further refinement and
enforcement beyond simply "Author" in a Domino Database ACL. With enough privilege and
access through a non-Domino Leap channel, users can create documents in the Domino
database that they wouldn't be able to create through Domino Leap UIs or REST endpoints.
If this is a concern, below are some of the options that can be leveraged:
- NRPC Access - The Domino Leap server can be configured to disallow communication through non-Domino Leap channels. For example, the Domino administrator may wish to limit communication via NRPC port on the Domino Leap server.
- Hide Form - Another option is to hide Forms from the Create menu in a Domino Database by unchecking the box to "Appear in Create Menu".
- Separate Database - Another option is to advise application authors to use a separate Domino Leap application if the creation of documents related to a specific form needs to be more tightly controlled.
- Extending via Domino Application Modifications - Domino applications can have various form or database events added to monitor and control any unintended activity. For example, an agent that alerts when a form is created by someone without the right role. This option is similar to how protections are enforced in a traditional Domino application.