My company is concerned because Administrators always have access to the different individual ID's. This way they can contact everyone's mail. Password checking isn't an option either since they can disable password checking for this person temporarily so they can access the mail-file again. Is there any waterproof way of securing the mail-files while still letting the administrators do their work?
This issue has been raised before including on the Administrators discussion forum on SearchDomino. The problem is the definition of "trust." If you give administrators access to everyone's ID file, everyone's password, and full access to the administration console, then you are trusting these people to do the right thing. So, of course these people could do something malicious or destructive.
I am not sure of a good solution to this problem. The old DEC VMS operating system had a good solution. There were many different "privileges" that an administrator could have. Therefore, you could give someone the ability to just do backups, for example, but nothing else. Alternatively, just start the system, but nothing else. Unfortunately, Domino doesn't have something like this.
I would love to hear from any readers who know a solution (or partial solution) to this problem. How do you give Domino admin people the power they need to do their jobs, but prevent (or at least track) their ability to do harm?
Dig Deeper on Domino Resources - Part 6
Related Q&A from Chuck Connell
Is it possible to encrypt a user's name before sending an email? SearchDomino.com expert Chuck Connell weighs in. Continue Reading
Learn how to change authentication timeout interval for Domino Web Access logins. Continue Reading
SearchDomino.com expert Chuck Connell provides a resource for a Lotus Notes administrator who wants to filter out email containing the word "spam," ... Continue Reading