Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

HCL Notes/Domino 8.5 Forum (includes Notes Traveler)

HCL Notes/Domino 8.5 Forum (includes Notes Traveler)
Previous Next
Subject: How to restrict Agent access to a single role by giving the least amount of access possible (ACL)?
Feedback Type: Question
Product Area: Domino Server
Technical Area: Security
Platform: Windows
Release: 8.5.1
Reproducible: Always

Hi,

I have an agent in a Domino database that I want to restrict access to a single role.

My database ACL has Default and Anonymous set to No Access.

I created a new entry in the ACL (Person, No Access) with a role assigned, let's say "[AccessAgent]".

In my agent, I unchecked "All Readers and above", and check only my "[AccessAgent]" role.

Obviously, since my user is set to No Access, my user, once logged, even with the "[AccessAgent]" role, cannot access the agent... which is fine so far.

So, I changed the ACL to check both "Read public documents" and "Write public documents" for that user. I then check "Allow public access users to view and run this agent" in my agent.

I thought that would do it... but my user is still not authorized.

To make this work, I have to set the user to either Depositor or Reader, which I don't want to. In the former, he could submit forms (I would have to modify all existing forms to make sure they cannot be submitted), in the latter, he could read all documents (I would have to modify all existing documents to add Readers fields).

I don't know if I'm doing wrong, but I thought what I did should work... any idea?

Thanks!


Feedback number WEBB8F3HHC created by ~Denise Prehipi on 03/18/2011

Status: Open
Comments:

How to restrict Agent access to a s... (~Denise Prehipi... 18.Mar.11)
. . Run on behalf of (~Evelyn Desjumi... 18.Mar.11)
. . . . Agent is not running as the current... (~Denise Prehipi... 18.Mar.11)
. . . . . . Behalf of (~Evelyn Desjumi... 18.Mar.11)
. . . . . . . . It's a web agent... (~Denise Prehipi... 21.Mar.11)
. . . . . . . . . . Ahh (~Evelyn Desjumi... 22.Mar.11)
. . . . . . . . . . . . I think I can't (~Denise Prehipi... 22.Mar.11)
. . . . . . . . . . . . . . makes no sense to me (~Phil Nonhipige... 22.Mar.11)
. . . . . . . . . . . . . . . . what are you doing in your agent? (~Kirk Lopkimanf... 24.Mar.11)
. . . . . . . . . . . . . . . . OK, let me explain a bit more... (~Denise Prehipi... 24.Mar.11)
. . . . . . . . . . . . . . Roles are not good security mechani... (~Cheryl Opfreet... 24.Mar.11)
. . . . . . . . . . . . . . . . Why are roles no good for security?... (~Denise Prehipi... 25.Mar.11)
. . . . . . . . . . . . . . . . . . hummm... I think I made it (~Denise Prehipi... 28.Mar.11)




Printer-friendly

Search this forum

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS