This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Rex Opfreelyoopsi
Sep 3, 2015, 9:09 PM
18 Posts

How to limit Help Desk personnel to certain admin functions

  • Category: Domino Administrator
  • Platform: Windows
  • Release: 9.0
  • Role: Administrator
  • Tags: Help Desk
  • Replies: 2

Hi all,

I realize that this is a big topic (knowing what I do about Domino) but is there any way to limit "help desk" personnel (of which we now have one) from having full blown access via the administrator client?  I do not have the ability to write Domino applications so I am limited to setting security etc.

I would like them to be able to do the following:

- register a new user

- reset passwords

- check the outgoing mail boxes for dead mail etc

Are there roles that can be assigned to a user (or user group) that limits what they can do?

If this is not easily do-able, I don't want them to know the certifier ID password.  Is there a way I can create a "sub" certifier (with its own password) that they have access to that they could use to register people?

Thanks for any hints.

Albert

~Dexter Deswechekynds
Sep 4, 2015, 5:41 AM
191 Posts
A few links
Domino Certification Authority (delegating registration):
http://www-01.ibm.com/support/knowledgecenter/SSKTMJ_9.0.1/admin/conf_dominoserverbasedcertificationauthority_c.dita

Domino Directory ACL roles (delegating other address book facilities):
http://www-01.ibm.com/support/knowledgecenter/SSKTMJ_9.0.1/admin/conf_usingadministrationrolesinthedominodirectoryacl_t.dita

Server admin levels:
http://www-01.ibm.com/support/knowledgecenter/SSKTMJ_9.0.1/admin/conf_restrictingadministratoraccess_t.dita
~Rex Opfreelyoopsi
Sep 10, 2015, 4:19 PM
18 Posts
How to limit Help Desk personnel to certain admin functions

Hi Chad,

Thanks for the links.  Have read through once already.  I am not new to Domino but can't say I understand a lot about certificates etc (other than they authenticate the identity of something).

Could you provide me a "high level" overview of what I need to do?  Here is what I understand so far (? marks mean I am guessing):

- I would start up a CA task on the server; this would issue new certificates based upon the server's current certifier (?)

- somehow the registration process would be changed so that when a help desk or admin person started to register someone, instead of having to pick and type in a password for the certifier.id file on the server, it somehow sends a request to the CA task to issue a certificate (?)

- the CA task then sends back a certificate that is merged into the user's new ID file (?)

Other questions: does the CA process need to somehow register or get a certificate itself form some pubic CA or since it uses the servers certifier.id it is trusted as a CA?

Thanks.  I will re-read the docs and maybe try to find others but thought a high level overview would help me at this stage.

Albert


This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal