The Role of the Domino Directory in Application Security

A Domino Directory ( names .nsf), formerly known as the Public Name and Address Book (or to we longtime Notes geeks , the NAB ), defines each Domino domain. The Directory is the single most important database in your Domino environment because it contains many documents that define every aspect of your Domino environment. Most of the capabilities of the Directory are beyond the scope of this book. (For a good book on this topic, see Rob Kirkland's Domino System Administration from New Riders.) This subsection focuses on the information developers need to know concerning the role of the Domino Directory in regard to application security, such as creating new databases, creating replica databases, and running agents .

Server Documents

Server documents define the servers in your Domino environment and control such things as server access, database creation, security, protocols and the like. There are several security aspects of the server document that can affect your development efforts.

Consequently, you should be familiar with them as a Domino developer.

NOTE

In many organizations, you won't have the authority to change these settings, but you need to be aware of them nevertheless.

 

Creating New Databases and New Replicas on a Server

To create databases on a server, your name must be explicitly listed or you must be a member of a group that's listed in Create New Databases field, which can be found in the Security tab of the Server document. Figure 23.9 shows this section.

Figure 23.9. The Security tab of a Domino Server document controls access to the server.

graphics/23fig09.jpg

To create a replica database on a server, you must be named in the Create Replica Databases field, which is also found in the Security tab of the Server document.

Any time changes are made to these fields, the server must be restarted. To make it easy to grant this privilege to individual users, most administrators create groups such as Domino Administrators and Domino Developers, and place the group names in these two fields. Granting a privilege to an individual is then a simple matter of adding the individual to the appropriate group, thus avoiding the need to restart the server.

Running Agents on the Server

In the Security tab of the Server document, you'll also find settings that control the ability to run agents on the server. As a developer, you likely know that agents are the single most powerful development tool in your toolbox, and permission to run agents you develop is obviously necessary.

Generally speaking, developers should be listed in the Run Restricted LotusScript/Java Agents and the Run Unrestricted LotusScript/Java Agents fields in the Agent Restrictions Section. They should also be in the Run Restricted Java/JavaScript/COM and Run Unrestricted Java/JavaScript/COM fields so that they can run any agents that they develop.

Person Documents

The Person document is created every time a new user is registered and is ultimately used to authenticate both Web and Notes client users. When a user attempts to access resources on a server, the server searches the Person documents in the Directory in an attempt to authenticate the user. Among other things, it contains the user 's name, password, and certificates. Figure 23.10 shows the Basics tab of a Person document.

Figure 23.10. The Basics tab of a Person document contains all the possible names used to identify a user in the FullNames field.

graphics/23fig10.jpg

Group Documents

Group documents are used to facilitate access for a related list of people and are the preferred way to grant access to databases. Figure 23.11 displays a Group document.

Figure 23.11. This Group document is used for Domino developers in my domain.

graphics/23fig11.jpg

Part I. Introduction to Release 6

Whats New in Release 6?

The Release 6 Object Store

The Integrated Development Environment

Part II. Foundations of Application Design

Forms Design

Advanced Form Design

Designing Views

Using Shared Resources in Domino Applications

Using the Page Designer

Creating Outlines

Adding Framesets to Domino Applications

Automating Your Application with Agents

Part III. Programming Domino Applications

Using the Formula Language

Real-World Examples Using the Formula Language

Writing LotusScript for Domino Applications

Real-World LotusScript Examples

Writing JavaScript for Domino Applications

Real-World JavaScript Examples

Writing Java for Domino Applications

Real-World Java Examples

Enhancing Domino Applications for the Web

Part IV. Advanced Design Topics

Accessing Data with XML

Accessing Data with DECS and DCRs

Security and Domino Applications

Creating Workflow Applications

Analyzing Domino Applications

Part V. Appendices

Appendix A. HTML Reference

Appendix B. Domino URL Reference



Lotus Notes and Domino 6 Development
Lotus Notes and Domino 6 Development (2nd Edition)
ISBN: 0672325020
EAN: 2147483647
Year: 2005
Pages: 288

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net