SECURITY


Maximum Internet name-and-password access
Users who have Internet or intranet browser access to a database cannot be identified by Notes in the same way IBM® Lotus® Notes® users are identified. Use the "Maximum Internet name & password access" setting to control the maximum type of access that Internet or intranet browser users have to a database. The list contains the standard access levels for Notes users.

This option applies to users who use name-and-password authentication or access the server anonymously over the Internet and connect to servers using either the TCP/IP port or the SSL port. This option does not apply to users who have SSL client certificate IDs and who access the database over the Internet on the SSL port. Users with SSL client access receive the level of access specified in the database ACL.

Add an entry for the group Anonymous to the database ACL, if appropriate for this database. Then select the maximum access level you want to assign to all Internet and intranet users who use name-and-password authentication for a particular database. Users who access a Notes database over the Internet, either anonymously or by using name-and-password authentication, never have an access level higher than what is specified as the "Maximum Internet name & password access" level.

Caution The "Maximum" access level overrides the access level that a user may have been explicitly given in the database ACL, but only to enforce the lower of the two access levels.

For example, a user, Sandra Smith/West/Sales/Acme can use name and password to access a server using a Web browser. If Sandra Smith/West/Sales/Acme is assigned Editor access in the ACL and the "Maximum Internet name & password access" setting is Reader, the lower of the two access levels applies and Sandra is allowed only Reader access. Similarly, if Sandra Smith/West/Sales/Acme is assigned Reader access in the ACL and the "Maximum" access setting is Editor, Sandra is allowed only Reader access. However, if Sandra Smith also uses a Notes client to access the database, the "Maximum" access setting is ignored and Sandra is allowed Editor access.

The default for this option is Editor access. Tasks such as creating folders, views, and agents do not apply to Internet users.

Tip You can use this setting to prevent Internet users from accessing the database using name-and-password authentication. By setting it to "No Access," the database would then be accessible only to Notes users or Internet users who authenticate using SSL client certificates.

Selecting the maximum Internet name and password

Use this method to select the maximum Internet name-and-password access for one or more databases.

1. Make sure that you have Manager access in all the database ACLs you select.

2. From the IBM® Lotus® Domino® Administrator Server pane, select a server that has Manager access to the databases.

3. Click Files, and select one or more databases from the Domino data directory.

4. Click Tools - Database - Manage ACL.

5. Click Advanced.

6. If you have selected multiple databases, select the option "Modify Internet name & password setting."

7. Select the maximum access level from the list next to the field "Maximum Internet name & password."

8. Click OK.

Related topics