The following is tip #4 from "Managing Lotus Domino servers -- 15 tips in 15 minutes," excerpted from Chapter 14...
of the book Lotus Notes and Domino 6 System Administrator Exam Cram 2, published by Sams Publishing.
Changing administrator access
Domino allows for multiple levels of administrators. They include:
- Full access administrator: All levels of access to the system, including operating system and Domino system configuration access. This is the highest level of access available on the Domino system.
- Administrator: Access at this level is the same as a database administrator and full-console administrator access.
- Full console administrator: View-only access to the Domino Console. This level of administrator is not able to make changes to the system configuration.
- System administrator: Limited to the restrictions of operating system administrator only.
Administrator access, or defining how an administrator can change server configurations, is set using the Domino Administrator client. Select the Configuration tab, and then open the Server document. Navigate to the security page and add or change users to groups as needed.
Full access administrators can be prevented from accessing the server by adding the line SECURE_DISABLE_FULLADMIN=1 in the Notes.ini file. This does not act the same as a deny user list, however, and if a user is explicitly defined in the Domino Directory or a database with specific access, that setting will override the setting in the .ini file.
Options for setting up full access administrators include:
- Generate a full admin ID file that can only be used by full access administrators.
- Generate a certifier ID with OU-level full administrator access and certify users.
- Don't assign anyone and only add users to the Full Access Administrator field as needed.
Changing server access
Server access is enabled by completing the information in the Server Access section on the Security tab of the Server document. Modification of the fields on the Security tab allow an administrator to change access to the server.
Available server access control types include
- Access Server: This field is used to define users and groups who can access the server.
- Not Access Server: This field defines users and groups who are prohibited from accessing the server. This field is typically used for users who have left the company or may have been moved to a different Domino domain.
- Create Database & Templates: This field defines users who can create new database and template files and can also execute copy commands.
- Create New Replicas: This field defines users who can create new replicas of databases or template files.
- Create Master Templates: This field defines users who can create master templates. Master templates have a template name defined in the database properties. If this field is left undefined, no users will have the ability to create master templates.
- Allowed to Use Monitors: This field defines users and groups who are permitted to use monitors on the server.
- Not Allowed to Use Monitors: This field defines users who cannot use monitors on the server.
- Trusted Servers: This field defines which servers can access the server.
Managing Lotus Domino servers
Tip 1: Activity logging on your Lotus Domino server
Tip 2: Applying policy documents on your Lotus Domino server
Tip 3: Automating Lotus Domino server tasks
Tip 4: Changing access levels on your Lotus Domino server
Tip 5: Configuring Domino network names on your Lotus Domino server
Tip 6: Decommissioning a Lotus Domino server
Tip 7: Defining a backup process on your Lotus Domino server
Tip 8: Enabling protocols on your Lotus Domino server
Tip 9: Enabling transaction logging on your Lotus Domino server
Tip 10: Identifying a registration server on your Lotus Domino server
Tip 11: Implementing directories on your Lotus Domino server
Tip 12: Recertifying a Lotus Domino server ID
Tip 13: Using the Domain Search tool on your Lotus Domino server
Tip 14: Setting up authentications on your Lotus Domino server
Tip 15: Prepare for your Lotus Domino server exam
This chapter excerpt from Lotus Notes and Domino 6 System Administrator Exam Cram 2, by Karen Fishwick and Tony Aveyard, is printed with permission from Sams Publishing, Copyright 2005. Click here for the chapter download.