Adding Security to an Application
Domino has long been known for providing a very robust and granular security model that can meet almost any need. Domino supports seven levels of security (shown in Table 5.1).
| Level | Description |
|---|---|
| Network | Security provided at the network level by the network infrastructure: OS, Routers, firewalls, and so forth. |
| Authentication | A user is required to provide his or her credentials (username and password) to gain access to the system and to set the level of access granted. |
| Server Access | The Domino Server document provides numerous settings that enable administrators to control who can access the server and what actions they can perform on the server, such as creating databases or running agents. |
| Database Access | Each database has seven primary access levels set and controlled in the database Access Control List that can be associated with users, groups, and roles: Manager, Designer, Editor, Author, Reader, Depositor, and No Access. |
| Design Element Security | Forms, Views, Folders, and Agents can be secured so that only named people, groups, and roles can use them. |
| Document Security | Among the most powerful and flexible of the Domino security features are Author and Reader fields. See “Using Authors Fields” and “Using Readers Fields,” later in this chapter. |
| Field Security | Domino provides the capability to secure individual fields in a document through the use of digital signatures and encryption. For more information, see Chapter 11, “Workflow.” |
Defining Security Levels for Application Users
The database Access Control List (ACL) is the frontline of Domino database security: it controls access to a database. There are seven distinct access levels in the ACL: No Access, Depositor, Reader, Author, Editor, Designer, and Manager. Table 5.2 explains each of the seven access levels from lowest to highest. Each of these access levels provides automatic privileges as well as numerous optional privileges. The automatic privileges are fairly straightforward, but the optional privileges require further explanation, which is provided in the list following Table 5.2.
The optional ACL privileges are described as follows:
Read public documents— Enables designated users to read documents, access views and folders, run agents, and use forms designated as Available to Public Access Users. This setting is found in the Security tab of the Forms, Views, and Folders and Agents properties boxes. This option enables users with No Access or Depositor access—not Reader access—to view specific documents, forms, views, and folders. Documents available for public access users must contain a reserved field named $PublicAccess, which should be set to the text value one ("1").
Write public documents— Enables users without Author or Editor access to create, modify, and delete documents, using forms that have been designated as Available to Public Access Users (found on the Security tab of the Form properties box).
Create documents— Enables users with Author access or above to add new documents to the database. Authors without this setting can read documents and edit documents they have created (if they are named in an Authors field explicitly or through a group or role), but cannot create new documents. This is an automatic privilege for Editor or higher access.
Delete documents— Enables users to delete documents if they have at least Author access and are listed in an Author field. For access levels higher than Author, toggles the capability to delete documents off and on. For example, a user with Editor access but without Delete Documents enabled cannot delete any documents.
Create private agents— Enables users with Reader access and above to create private agents on the server. Even if a user can create these agents, he or she may not be permitted to run them based on other security settings in the Server document in the Domino Directory.
Create personal folders/views— Enables users to create personal folders and views on the server. Deselecting this option does not prevent users from creating personal folders and views. However, the folders or views are stored in their local workstations rather than on the server.
Create shared folders/views— Enables users with Editor access to create folders and views that can potentially be accessed by other users. You can deselect this option to save disk space on a server and to maintain tighter control over database design.
Create LotusScript/Java agents— Enables users to create LotusScript and Java agents that are stored in the database on a server. Although a user may create an agent, his or her ability to run it depends on access granted in the Agent Restrictions section of the Server document in the Domino Directory.
Replicate or Copy Documents— This property is new to Domino 6 and specifies whether users with Reader access and above can replicate or copy documents.