Restricting administrator access
You can specify various access levels for different types of administrators in your organization. For example, you may want to give only a few people 'system administrator' access, while all of the administrators on your team are designated as database administrators.
About this task
Administrator access rights are granted hierarchically. The privilege hierarchy looks like this:
- Full access administrator -- gets all rights and privileges of all administration access levels listed.
- Administrator -- gets all rights and privileges of database administrator and full-console administrator (but not system administrator).
- Full console administrator -- gets rights and privileges of view-only console administrator (but not system administrator)
- System administrator -- gets rights and privileges of restricted system administrator
You do not need to list a user individually in each field. Adding a user to the topmost level of administrator access automatically grants that user all privileges listed for subordinate levels in the hierarchy.
To restrict administrator access
Procedure
Results
Full access administrators
About this task
A full access administrator has the greatest level of administrative access to the server. The full access administrator feature replaces the need to run a Notes® client locally on a server. Establishing a full access administrator resolves access control problems that can result when the only managers of a database ACL depart from an organization.
Full access administrators have the following rights:
- All of the rights granted to administrators at every access level (refer to Table 1).
- Manager access, with all access privileges enabled, to all databases
on the server, regardless of the database ACL settings. Note: ACL roles must still be enabled manually for full access administrators.
- Manager access, with all roles and access privileges enabled, to the Web Administrator database (WEBADMIN.NSF).
- Access to all documents in all databases, regardless of Reader names fields.
- The ability to create agents that run in unrestricted mode with full administration rights.
- Access to any unencrypted data on the server.Note: Full access administrator does not allow access to encrypted data. The use of the specified user's private key is required to decrypt documents that are encrypted with public keys. Similarly, a secret key is required to decrypt documents encrypted with secret keys.
Enabling full access administrator mode
About this task
In order to work in full access administrator mode, an administrator must:
- Be using the Administrator Client.
- Be listed in the Full Access Administrators field in the Administrators section of the Security tab in the Server document. By default, this field is empty.
- Enable Full Access Administration mode in the Administrator client by selecting . If this mode is not enabled, then users will not have full administrator access to the server, even if they are listed as a full access administrator in the Server document. They will instead be granted Administrator rights.
When full access administrator mode is enabled, the client's window title, tab title, and status bar indicate this. This is to remind users that they are accessing the server with the highest level of privilege and should therefore proceed with caution.
If an administrator enables full administration mode in the Administration client, this mode is also enabled for the Domino Designer and for the Notes clients. Full administrator access is also reflected in their window titles, tab titles, and status bars.
If a user attempts to switch to full access administrator mode, but is not listed as one in the Server document, the user is denied full access and a message appears in the status bar and on the server console. The client will be in full access mode, but that user will not have full administrator access to that particular server. If the user attempts to switch servers, that person's access is checked against the server document of the new server.
Disabling the full access administrator feature
You can disable the Full Access Administrators field
by setting SECURE_DISABLE_FULLADMIN = 1
in the NOTES.INI file.
This setting disables full access administrator privilege and overrides
any names listed in that field in the Server document. Only a user
who has physical access to the server and who can edit the NOTES.INI file
for the server can set this NOTES.INI parameter.
This parameter cannot be set using the server console, the remote
console, or set in the Server document.
Options for managing the full access administrator feature
About this task
There are several ways to grant full access administrator
- Create a special Full Admin ID file -- for example, Full Admin/Sales/Renovations -- and only put that name in the Full Admin field. You must then either log in with or switch to this user ID in order to gain this level of access. Optionally, you could set up this ID file to require multiple passwords.
- Create an OU-level certifier for granting full administrator access, and issue additional IDs to trusted administrators -- for example, Jane Admin/Full Admin/Acme.
- Leave the Full Access Administrator field empty. Add the name of a trusted individual for emergency situations, and remove it when the situation has been resolved.
- Populate the Full Access Administrator field with a limited set of trusted administrators.
You can also track how this feature is used:
- Configure the Event Handler to send notification through EVENTS4.NSF when full access administration privileges are invoked.
- Any database activity done using full access administrator access is recorded in the database activity log, under Database Properties.
- Use of the feature is logged by the server.