Server document - Security tab
This topic is an overview of the tabs and fields on the document.
The Security tab of the Server document is divided into the following parts:
- Administrators
- Security settings
- Server access
- Programmability restrictions
- Internet access
- Pass-through use
Administrators
There are various levels of rights and privileges for each of the types of administrators listed in the following table, explained in the instructions for restricting administrator access.
| Field |
Description |
|---|---|
| Full access administrators |
Enter the names of administrators who have full access to administer the server. This is the highest level of administrative privilege. |
| Administrators |
Enter the names of administrators who can administer the server. The default value for this field is the name of the administrator who initially set up the server. Note: The Advanced Database
Properties are available only to those administrators listed in the
Administrators field on the Security tab of the Server document. |
| Database administrators |
Enter the names of administrators who will be responsible for administering databases on the server. |
| Full remote console administrators |
Enter the names of administrators who can use the remote console to issue commands to this server. |
| View-only administrators |
Enter the names of administrators who can use the remote console to issue only those commands that provide system status information, such as SHOW TASKS and SHOW SERVER |
| System administrator |
Enter the names of administrators who are allowed to issue a full range of operating system commands to the server. |
| Restricted system administrator |
Enter the names of administrators who are allowed to issue only the operating system commands that are listed in the Restricted System Commands field. |
| Restricted system commands |
Enter the subset of operating system commands that Restricted System Administrators can issue. |
| Administrator the server from a browser (pre-Notes 6 servers only) |
This setting applies only to pre-Domino 6 servers for the purposes of backwards compatibility. The Domino® 6 Web Administrator client will only work with Domino® 6 servers. In the case where an existing domain's Domino® Directory is upgraded from R5 to Domino® 6, those servers that have not been upgraded will still need to have this setting in their Server documents so they can use earlier versions of the Web Administrator. |
Security settings
Details on security settings are described in related topics on server access and password verification.
| Field |
Description |
|---|---|
| Compare Notes® public keys against those stored in Directory |
Click Yes to enforce key checking for all Notes® users and Domino® servers , to compare the key value in the certificates passed during authentication against the key value stored in the Domino® Directory. |
| Allow anonymous Notes® connections |
Click Yes to allow users and servers outside an organization to access a server without first obtaining a certificate for the organization. |
| Check passwords on Notes® IDs |
Click Enabled to enable password verification on the server. |
Server access
Details on server access settings are described in related topics on server access and controlling creation of certain types of files on Domino® servers.
| Field |
Description |
|---|---|
| Access server |
Select the check box to allow server access to users listed in all trusted directories. This option is disabled by default. If you do not select this option, then only those Notes® and Internet users you specify can access the server. Click the arrow to add names of specific Notes® users, servers, and groups that you want to have access to the server. |
| Not access server |
Enter the names of Notes® and Internet users and groups who are not allowed to access this server. Names entered in the Not access server field take precedence over names entered in the Access server field. |
| Create databases & templates |
Enter the names of users, servers, and groups who are allowed to create new databases and create and update database templates on the server. |
| Create new replicas |
Enter the names of users, servers, and groups
who are allowed to create new database replicas on the server. Note: Servers,
users, and groups who are not allowed to create new databases on the
server cannot create replicas. |
| Create master templates |
Enter the names of users, servers, and groups
who are allowed to create master database templates on the server. Note: Servers,
users, and groups who are not allowed to create new databases on the
server cannot create master templates. |
| Allowed to use monitors |
Enter the names of Notes® users who are allowed to set up their headlines to search server databases automatically for items of interest. |
| Not allowed to use monitors |
Enter the names of Notes® users who are not allowed to set up their headlines to search server databases automatically for items of interest. |
| Trusted servers |
Enter the names of servers that are trusted to assert the identities of users to this server, and thus are trusted by the current server to have authenticated those users. Used for remote agent access and xSP. |
Programmability restrictions
Details on these programmability settings are described in related topics on controlling access to the server by agents, Java™, and JavaScript™.
| Field |
Description |
|---|---|
| Run unrestricted methods and operations |
Enter the names of users and groups who are allowed to select, on a per agent basis, one of three levels of access for agents signed with their ID. Users with this privilege select one of these access levels when they are using Domino® Designer 6 to build an agent:
|
| Sign agents to run on behalf of someone else |
Enter the names of users and groups who are allowed to sign agents that will be executed on anyone else's behalf. The default is blank, which means that no one can sign agents in this manner. |
| Sign agents to run on behalf of the invoker of the agent |
Enter the names of users and groups who are allowed to sign agents that will be executed on behalf of the invoker, when the invoker is different from the agent signer. |
| Run restricted LotusScript/Java agents |
Enter the names of users and groups allowed to run agents created LotusScript® and Java™ features, but excluding privileged methods and operations, such as reading and writing to the file system. |
| Run Simple and Formula agents |
Enter the names of users and groups allowed to run to run simple and formula agents, both private and shared. |
| Sign script libraries to run on behalf of someone else |
Enter the names of users and groups who are allowed to sign script libraries in agents executed by someone else. |
| Run restricted Java/JavaScript/COM |
Enter the names of authenticated browser users and/or groups allowed to run server programs created with a specific set of Java™ and JavaScript™ features. |
| Run unrestricted Java/JavaScript/COM |
Enter the names of authenticated browser users and/or groups allowed to run server programs created with all Java™ and JavaScript™ features. |
Internet access
| Field |
Description |
|---|---|
| Internet authentication |
You can select the level of restriction Domino® uses when authenticating users in Domino® Directories and LDAP directories. Choose one:
|
Pass-through use
| Field |
Description |
|---|---|
| Access this server |
Enter the names of users or servers who can use a pass-through server to access this server. |
| Route through |
Enter the names of users or servers who can use the server as a pass-through server, regardless of whether or not they are also included in the Access server or Not access server fields. |
| Cause calling |
Enter the names of users or servers who can instruct this server to call -- that is, place a phone call to -- another server in order to establish a routing path to that server. If no names are entered, no calling is allowed. |
| Destinations allowed |
Enter the names of destination servers to which this server may route clients. |