SECURING


Maximum Internet name-and-password access

Users who have Internet or intranet browser access to a database cannot be identified by Notes® in the same way Notes users are identified. Use the Maximum Internet name & password access setting to control the maximum type of access that Internet or intranet browser users have to a database. The list contains the standard access levels for Notes users.

About this task

This option applies to users who use name-and-password authentication or access the server anonymously over the Internet and connect to servers using either the TCP/IP port or the SSL port. This option does not apply to users who have SSL client certificate IDs and who access the database over the Internet on the SSL port. Users with SSL client access receive the level of access specified in the database ACL.

Add an entry for the group Anonymous to the database ACL, if appropriate for this database. Then select the maximum access level you want to assign to all Internet and intranet users who use name-and-password authentication for a particular database. Users who access a Notes database over the Internet, either anonymously or by using name-and-password authentication, never have an access level higher than what is specified as the Maximum Internet name & password access level.

CAUTION: When setting a value in the Maximum Internet name & password access field, be aware that the value you specify supersedes the maximum level allowed by the database ACL. As a result you might be restricting a user's access to a level that is less than the level defined in the database ACL.

For example, a user, Sandra Smith/West/Sales/Acme can use name and password to access a server using a Web browser. If Sandra Smith/West/Sales/Acme is assigned Editor access in the ACL and the Maximum Internet name & password access setting is Reader, Sandra is allowed only Reader access. Similarly, if Sandra Smith/West/Sales/Acme is assigned Reader access in the ACL and the "Maximum" access setting is Editor, Sandra is allowed only Reader access. However, if Sandra Smith also uses a Notes client to access the database, the "Maximum" access setting is ignored and Sandra is allowed Editor access.

The default for this option is Editor access. Tasks such as creating folders, views, and agents do not apply to Internet users.

Tip: You can use this setting to prevent Internet users from accessing the database using name-and-password authentication. By setting it to "No Access," the database would then be accessible only to Notes users or Internet users who authenticate using SSL client certificates.

Use this method to select the maximum Internet name-and-password access for one or more databases.

Procedure

1. Make sure that you have Manager access in all the database ACLs you select.

2. From the Domino® Administrator Server pane, select a server that has Manager access to the databases.

3. Click Files, and select one or more databases from the Domino data directory.

4. Click Tools -> Database -> Manage ACL.

5. Click Advanced.

6. If you have selected multiple databases, select the option Modify Internet name & password setting.

7. Select the maximum access level from the list next to the field Maximum Internet name & password access.

8. Click OK.

Parent topic: The database access control list

Related concepts
Setting up database access for Internet users
Name-and-password authentication for Internet/intranet clients

Related tasks
Configuring a database ACL