Troubleshooting agents (Agent security at a glance sidebar)

[back to "Troubleshooting agents"]

Agent security at a glance (sidebar)

Figuring out agent security is not easy because there are so many different situations that you need to consider while troubleshooting a problem. The following tables should help you identify when the agent security is enforced, and whose rights are used to authenticate the access rights. Note that the tables below apply to personal and shared agents.

Table 1. Where agents can run
This table identifies the four valid situations where agents can run. The rest of the tables expand on the information included in this first one -- that is, for where an agent can run (where the value is "yes"), the rest of the tables explain the corresponding agent restrictions, database ACL rights, embedded agent rules, and whether the agent can access databases on other servers.

Type of agent/Where agent runs	Server	Workstation	Web
Background	yes	yes	no
Foreground	no	yes	no
Web	no	no	yes

Table 2. Agent restrictions
This table identifies whose user ID is used to authenticate agent restrictions.

Type of agent/Where agent runs Server Workstation Web

Background agent creator agent creator no

Foreground no not used no

Web no no agent creator

o

Table 3. Database ACL rights
This table identifies whose user ID is used to authenticate database ACL rights. (Note: Releases 4.61 and 4.55 will correct some inconsistencies in how these rules apply to the database where the agent resides.)

Type of agent/Where agent runs Server Workstation Web

Background agent creator agent invoker no

Foreground no agent invoker no

Web no no agent invoker or agent creator*

* based on the setting of "Run as Web User" flag

o

Table 4. Embedded agent rules
This table summarizes the rules for embedded agents. (Note: Releases 4.61 and 4.55 will correct some inconsistencies introduced in 4.53 and 4.6 in how these rules apply to simple agents calling LotusScript agents.)

Security type/Where agent runs Server Workstation Web

ACL creator of each agent agent invoker agent invoker or creator of each agent

Restriction creator of each agent creator of each agent, or not used creator of each agent

Table 5. Access to databases on other servers
This table summarizes the rules for where agents can access databases on other servers.

Type of agent/Where agent runs Server Workstation Web

Background no yes no

Foreground no yes no

Web no no no

Security type/Where agent runs	Server	Workstation	Web
ACL	creator of each agent	agent invoker	agent invoker or creator of each agent
Restriction	creator of each agent	creator of each agent, or not used	creator of each agent