Keyword magic for the Web, Part 2: Agent security sidebar

[Back to "Keyword magic for the Web, Part 2"]

Agent security
Running LotusScript and Java agents on the Domino server requires knowledge of the security setup of the server. For example, in Release 5, Web-based agents cannot access databases on other servers. In Notes/Domino 6, that restriction has been removed through the use of Run-on-Behalf-of capabilities. In any of the releases, security settings in the server document located in the Domino Directory govern who can run agents and what type of agents they can run.

Notes has two types of agents that can be run: Unrestricted and Restricted. Unrestricted agents are those that access the file system or that run operating system commands. Access to the file system means that the agent can read, write, and delete files through the operating system. Because these types of operations can be potentially dangerous to the integrity of the server, Domino allows only users with the correct access to run unrestricted agents. In the Server document, you enter the names of the users or groups who can run these agents into the Run unrestricted Agents (R5) or Run unrestricted methods and operations (Notes/Domino 6) field. Java agents have similar fields that allow you to define who can run unrestricted Java agents. It is important to restrict the list of users to only those whom you trust to have unrestricted access to the server.

Restricted agents, whether LotusScript or Java agents, don’t access the file system or run operating system commands. Typically, restricted agents send email, modify Notes documents, and other Notes-specific tasks. The agents described in this article are restricted agents. Generally, the Server document allows any user to run restricted agents. You can set this up by setting the field Run restricted agents to an asterisk (*). This allows any user to run restricted agents on the server.

Developers sign agents when the agent is saved. Usually, the server uses this signature to determine if the user is allowed to run the agent based on the unrestricted/restricted settings in the Server document. Many times, however, when your form invokes an agent through the WebQuerySave or WebQueryOpen events, you want the agent executed based on the Web user’s credentials. On the Property page of the agent, you can select the option Run as web user. When selected, the agent runs as if the current user had saved (signed) the agent. If you allow a limited set of users to run unrestricted agents, then the agent designated as Run as web user may not run. Likewise, if you limit the list of users that can run restricted agents, your agent may not run if the current user is not in the list.

As a general rule, then, make sure your agents are signed by the correct user ID, given your particular server security settings. Also when you select Run as web user, ensure that the users invoking the agent have the appropriate ability to run agents on the server.