Roles are not good security mechanisms

HCL Notes/Domino 8.5 Forum (includes Notes Traveler)

Subject:

They have their use, but you shouldn't leave your security to just roles. It leaves you open to other issues.

For what you want to do I can't see the reason why you don't have it run as the web user. If you want you can check the web users role at that point.

Another option I have seen is you have Agent which the user calls (runs as web user). It creates a signed document in another database. A scheduled agent then runs against documents created there and processes them. The second agent cannot be run from the Web and runs under different credentials.

But that has its own pros and cons.

Feedback response number WEBB8F9SZH created by ~Joseph Fezlulitynds on 03/24/2011

Return to top

How to restrict Agent access to a s... (~Denise Prehipi... 18.Mar.11)

. . Run on behalf of (~Evelyn Desjumi... 18.Mar.11)

. . . . Agent is not running as the current... (~Denise Prehipi... 18.Mar.11)

. . . . . . Behalf of (~Evelyn Desjumi... 18.Mar.11)

. . . . . . . . It's a web agent... (~Denise Prehipi... 21.Mar.11)

. . . . . . . . . . Ahh (~Evelyn Desjumi... 22.Mar.11)

. . . . . . . . . . . . I think I can't (~Denise Prehipi... 22.Mar.11)

. . . . . . . . . . . . . . makes no sense to me (~Phil Nonhipige... 22.Mar.11)

. . . . . . . . . . . . . . . . what are you doing in your agent? (~Kirk Lopkimanf... 24.Mar.11)

. . . . . . . . . . . . . . . . OK, let me explain a bit more... (~Denise Prehipi... 24.Mar.11)

. . . . . . . . . . . . . . Roles are not good security mechani... (~Cheryl Opfreet... 24.Mar.11)

. . . . . . . . . . . . . . . . Why are roles no good for security?... (~Denise Prehipi... 25.Mar.11)

. . . . . . . . . . . . . . . . . . hummm... I think I made it (~Denise Prehipi... 28.Mar.11)

Printer-friendly

Search this forum

Member Tools

RSS Feeds

RSS feeds

	All forum posts RSS
	All main topics RSS