APPLICATION DESIGN
Who can create agents?
To control who can create agents that run on servers, use database ACLs.
Note Web users cannot create agents.
To control who can run agents on servers, use the Server document in the IBMR LotusR Domino(TM) Directory and database ACLs. See the topic "Controlling agents that run on a server" in the Lotus Domino Administrator Help for more information.
Private agents
To control who can run private agents, open the Server document in the Address Book and click the Security tab. In the Programmability Restrictions section:
Shared agents
To control who can run shared agents, use the database ACL. Users with Reader access or higher can run shared agents.
LotusScript and Java include operations that have full access to the serverfs system and can manipulate system time, file I/O, and operating system commands. Users or groups with unrestricted access can run an agent that includes any of these operations in the LotusScript and Java components. Users or groups with restricted access can include most operations. The only restricted commands are those that allow access to the serverfs system.
Caution Unrestricted Java and LotusScript agents can potentially violate security. Only a limited number of trusted users should have unrestricted rights.
Where can agents run?
To control whether agents are allowed to run on servers, use the Server document in the Address Book. Click the Security tab. In the Server Access section:
Note These restrictions apply to agents running from other servers or from a client. Agents that are already scheduled to run on the server will not be affected by the Server Access section.
To control which documents agents can process, IBMR LotusR Domino(TM) checks the ACL of the database where the documents are stored, as follows:
Domino checks the security restrictions differently depending on whether the agent is running:
An agent runs locally when:
On the server
An agent runs on the server when it is running in a database stored on a server and it is started by one of the following:
Foreground or background
An agent runs in the foreground when a user starts it from the Notes Actions menu, selects it from the Designer Agents list, or clicks an Action button. When agents run in the foreground, security restrictions are not checked.
An agent runs in the background when it is scheduled or it is triggered by an event (for example, when documents are modified) or when it is called by agent.runonserver. When agents run in the background, Domino checks security restrictions.
From the Notes client or the Web
Agents run in the Notes client or on the Web based on the effective user. The effective user is the user under whose authority the agent runs. The effective user depends on the environment in which the agent runs.
To specify that Domino verify the invoker's access to the database, follow these steps:
1. Double-click an agent name in the agent list.
2. Click the Security tab.
3. Check "Run as Web user."
When "Run as Web user" is checked, Domino prompts Web users for their name and password when they attempt to run the agent. Domino uses the login information to check for the invokerfs rights in the database ACL.
Security controls for agents that are called by agents
When agents call other agents, Domino checks the security restrictions for each agent. However, when the agent signers are different, Domino checks security as follows:
Domino checks all agents that are called against the rights of the signer of the first agent.
Domino checks each agent that is called against the rights of the signer of each agent.