CONFIGURING


Server document - Security tab
The Security tab of the Server document is divided into the following parts:
Administrators

There are various levels of rights and privileges for each of the types of administrators listed in the following table, explained in the instructions for restricting administrator access.

Table 1. Administrators
Field Description
Full access administratorsEnter the names of administrators who have full access to administer the server. This is the highest level of administrative privilege.
AdministratorsEnter the names of administrators who can administer the server. The default value for this field is the name of the administrator who initially set up the server.

Note: The Advanced Database Properties are available only to those administrators listed in the Administrators field on the Security tab of the Server document.

Database administratorsEnter the names of administrators who will be responsible for administering databases on the server.
Full remote console administratorsEnter the names of administrators who can use the remote console to issue commands to this server.
View-only administratorsEnter the names of administrators who can use the remote console to issue only those commands that provide system status information, such as SHOW TASKS and SHOW SERVER
System administratorEnter the names of administrators who are allowed to issue a full range of operating system commands to the server.
Restricted system administratorEnter the names of administrators who are allowed to issue only the operating system commands that are listed in the Restricted System Commands field.
Restricted system commandsEnter the subset of operating system commands that Restricted System Administrators can issue.
Administrator the server from a browser (pre-Notes 6 servers only)This setting applies only to pre-Domino 6 servers for the purposes of backwards compatibility. The Domino® 6 Web Administrator client will only work with Domino 6 servers. In the case where an existing domain's Domino Directory is upgraded from R5 to Domino 6, those servers that have not been upgraded will still need to have this setting in their Server documents so they can use earlier versions of the Web Administrator.

Security settings

Details on security settings are described in related topics on server access and password verification.

Table 2. Security settings
Field Description
Compare Notes® public keys against those stored in DirectoryClick Yes to enforce key checking for all Notes users and Domino servers , to compare the key value in the certificates passed during authentication against the key value stored in the Domino Directory.
Allow anonymous Notes connectionsClick Yes to allow users and servers outside an organization to access a server without first obtaining a certificate for the organization.
Check passwords on Notes IDsClick Enabled to enable password verification on the server.

Server access

Details on server access settings are described in related topics on server access and controlling creation of certain types of files on Domino servers.

Table 3. Server access
Field Description
Access serverSelect the check box to allow server access to users listed in all trusted directories. This option is disabled by default. If you do not select this option, then only those Notes and Internet users you specify can access the server. Click the arrow to add names of specific Notes users, servers, and groups that you want to have access to the server.
Not access serverEnter the names of Notes and Internet users and groups who are not allowed to access this server. Names entered in the "Not access server" field take precedence over names entered in the "Access server" field.
Create databases & templatesEnter the names of users, servers, and groups who are allowed to create new databases and create and update database templates on the server.
Create new replicasEnter the names of users, servers, and groups who are allowed to create new database replicas on the server. Note that servers, users, and groups who are not allowed to create new databases on the server (see above) cannot create replicas.
Create master templatesEnter the names of users, servers, and groups who are allowed to create master database templates on the server. Note that servers, users, and groups who are not allowed to create new databases on the server (see above) cannot create master templates.
Allowed to use monitorsEnter the names of Notes users who are allowed to set up their headlines to search server databases automatically for items of interest.
Not allowed to use monitorsEnter the names of Notes users who are not allowed to set up their headlines to search server databases automatically for items of interest.
Trusted serversEnter the names of servers that are trusted to assert the identities of users to this server, and thus are trusted by the current server to have authenticated those users. Used for remote agent access and xSP.

Programmability restrictions

Details on these programmability settings are described in related topics on controlling access to the server by agents, Java™, and JavaScript™.

Table 4. Programmability restrictions
Field Description
Run unrestricted methods and operationsEnter the names of users and groups who are allowed to select, on a per agent basis, one of three levels of access for agents signed with their ID. Users with this privilege select one of these access levels when they are using Domino Designer 6 to build an agent:
  • Restricted mode
  • Unrestricted mode
  • Unrestricted mode with full administration rights
Sign agents to run on behalf of someone elseEnter the names of users and groups who are allowed to sign agents that will be executed on anyone else's behalf. The default is blank, which means that no one can sign agents in this manner.
Sign agents to run on behalf of the invoker of the agentEnter the names of users and groups who are allowed to sign agents that will be executed on behalf of the invoker, when the invoker is different from the agent signer.
Run restricted LotusScript/Java agentsEnter the names of users and groups allowed to run agents created LotusScript® and Java features, but excluding privileged methods and operations, such as reading and writing to the file system.
Run Simple and Formula agentsEnter the names of users and groups allowed to run to run simple and formula agents, both private and shared.
Sign script libraries to run on behalf of someone elseEnter the names of users and groups who are allowed to sign script libraries in agents executed by someone else.
Run restricted Java/JavaScript/COMEnter the names of authenticated browser users and/or groups allowed to run server programs created with a specific set of Java and JavaScript features.
Run unrestricted Java/JavaScript/COMEnter the names of authenticated browser users and/or groups allowed to run server programs created with all Java and JavaScript features.

Internet access

Table 5. Internet access
Field Description
Internet authenticationYou can select the level of restriction Domino uses when authenticating users in Domino Directories and LDAP directories. Choose one:
  • Fewer name variations with higher security
  • More name variations with lower security

Pass-through use

Note: Support for dialup modem (X.PC) connections is available only in releases of Domino older than release 8.5. You may continue to use Domino Administrator 8.5 to configure and maintain modem support, for example using the "Cause calling" field in the following table, but only on servers running releases older than 8.5.

Table 6. Pass-through use
FieldDescription
Access this serverEnter the names of users or servers who can use a pass-through server to access this server.
Route throughEnter the names of users or servers who can use the server as a pass-through server, regardless of whether or not they are also included in the "Access server" or "Not access server" fields.
Cause callingEnter the names of users or servers who can instruct this server to call -- that is, place a phone call to -- another server in order to establish a routing path to that server. If no names are entered, no calling is allowed.
Destinations allowedEnter the names of destination servers to which this server may route clients.

Related tasks
Restricting administrator access
Comparing public key values
Setting up anonymous server access for Notes users and Domino servers
Setting up password verification
Setting up Notes user, Domino server, and Internet user access to a Domino server
Controlling creation of databases, replicas, and templates
Controlling the use of headline monitors
Controlling agents and XPages that run on a server
Controlling server access by browser clients that use Java and JavaScript
Controlling the level of authentication for Internet clients
Controlling access to a pass-through server or pass-through destination