Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

HCL Notes/Domino 8.5 Forum (includes Notes Traveler)

HCL Notes/Domino 8.5 Forum (includes Notes Traveler)
Previous Next

Why are roles no good for security?

"Roles are not good security mechanisms
They have their use, but you shouldn't leave your security to just roles. It leaves you open to other issues."

- I don't see why roles are not good for security? Instead of using a role, I could directly select the users in the Agent properties instead of "All Readers and above" but that would still give me the same results.

"For what you want to do I can't see the reason why you don't have it run as the web user. If you want you can check the web users role at that point."

- The agent access restricted databases that only the agent signer has access. If the agent is run as the web user, it won't have access to open those databases. This agent must run as the agent signer.

"Another option I have seen is you have Agent which the user calls (runs as web user). It creates a signed document in another database. A scheduled agent then runs against documents created there and processes them. The second agent cannot be run from the Web and runs under different credentials."

- That would probably works, but I find this to be way more complicated than what I want to achieve. It's more of a workaround than a solution.

I still don't understand why this is not working. As a reminder:

Account in a Domino Directory in the ACL:
User Type: Person
Access: No Access
Read public documents: Checked
Write public documents: Checked
Role selected

Agent:
All readers and above: Unchecked
Role: Checked
Allow Public access users to view and run this agent: Checked

With this config, the user doesn't have access... I have to give him Depositor or Reader access.

Thanks for your help!


Feedback response number WEBB8FAH66 created by ~Denise Prehipi on 03/25/2011

How to restrict Agent access to a s... (~Denise Prehipi... 18.Mar.11)
. . Run on behalf of (~Evelyn Desjumi... 18.Mar.11)
. . . . Agent is not running as the current... (~Denise Prehipi... 18.Mar.11)
. . . . . . Behalf of (~Evelyn Desjumi... 18.Mar.11)
. . . . . . . . It's a web agent... (~Denise Prehipi... 21.Mar.11)
. . . . . . . . . . Ahh (~Evelyn Desjumi... 22.Mar.11)
. . . . . . . . . . . . I think I can't (~Denise Prehipi... 22.Mar.11)
. . . . . . . . . . . . . . makes no sense to me (~Phil Nonhipige... 22.Mar.11)
. . . . . . . . . . . . . . . . what are you doing in your agent? (~Kirk Lopkimanf... 24.Mar.11)
. . . . . . . . . . . . . . . . OK, let me explain a bit more... (~Denise Prehipi... 24.Mar.11)
. . . . . . . . . . . . . . Roles are not good security mechani... (~Cheryl Opfreet... 24.Mar.11)
. . . . . . . . . . . . . . . . Why are roles no good for security?... (~Denise Prehipi... 25.Mar.11)
. . . . . . . . . . . . . . . . . . hummm... I think I made it (~Denise Prehipi... 28.Mar.11)




Printer-friendly

Search this forum

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS