Get started Bring yourself up to speed with our introductory content.

Limiting administrator access

My company is concerned because Administrators always have access to the different individual ID's. This way they can contact everyone's mail. Password checking isn't an option either since they can disable password checking for this person temporarily so they can access the mail-file again. Is there any waterproof way of securing the mail-files while still letting the administrators do their work?

This issue has been raised before including on the Administrators discussion forum on SearchDomino. The problem is the definition of "trust." If you give administrators access to everyone's ID file, everyone's password, and full access to the administration console, then you are trusting these people to do the right thing. So, of course these people could do something malicious or destructive.

I am not sure of a good solution to this problem. The old DEC VMS operating system had a good solution. There were many different "privileges" that an administrator could have. Therefore, you could give someone the ability to just do backups, for example, but nothing else. Alternatively, just start the system, but nothing else. Unfortunately, Domino doesn't have something like this.

I would love to hear from any readers who know a solution (or partial solution) to this problem. How do you give Domino admin people the power they need to do their jobs, but prevent (or at least track) their ability to do harm?

Dig Deeper on Domino Resources - Part 6

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.




  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...