Restricting administrator access
You can specify various access levels for different types of administrators in your organization. For example, you may want to give only a few people 'system administrator' access, while all of the administrators on your team are designated as database administrators.

Administrator access rights are granted hierarchically. The privilege hierarchy looks like this:

You do not need to list a user individually in each field. Adding a user to the highest level of administrator access automatically grants that user all privileges listed for more restricted access levels below in the hierarchy.

To restrict administrator access

1. From the Domino Administrator, click the Configuration tab, and open the Server document.

2. Click the Security tab.

3. In the Administrators section, complete one or more of these fields, and then save the document.

Caution Administrators who are listed in the Full Access Administrators, Administrators, and Database Administrators fields on the Security tab of a server document are allowed to delete any database on that server, even if they are not listed as managers in the database ACL.

Full access administrators

Full access administrator is the highest level of administrative access to the server. The full access administrator feature replaces the need to run a Notes client locally on a server. It resolves access control problems -- for example, such as those caused when the only managers of a database ACL have left an organization.

Full access administrators have the following rights:

Enabling full access administrator mode

In order to work in full access administrator mode, an administrator must:

When full access administrator mode is enabled, the client's window title, tab title, and status bar indicate this. This is to remind users that they are accessing the server with the highest level of privilege and should therefore proceed with caution.

If an administrator enables full administration mode in the Administration client, this mode is also enabled for the Domino Designer and for the Lotus Notes clients. Full administrator access is also reflected in their window titles, tab titles, and status bars.

If a user attempts to switch to full access administrator mode, but is not listed as one in the Server document, the user is denied full access and a message appears in the status bar and on the server console. The client will be in full access mode, but that user will not have full administrator access to that particular server. If the user attempts to switch servers, that person's access is checked against the server document of the new server.

Disabling the full access administrator feature

You can disable the Full Access Administrators field by setting SECURE_DISABLE_FULLADMIN = 1 in the NOTES.INI file. This setting disables full access adminstrator privilege and overrides any names listed in that field in the Server document. This NOTES.INI parameter can only be set by a user with physical access to the server who can edit the NOTES.INI file for the server. This parameter cannot be set using the server console, the remote console, or set in the Server document.

Options for managing the full access administrator feature

There are several ways to grant full access administrator

You can also track how this feature is used:
See Also