Tuesday, July 27, 2010

Domino Security From 30,000 Feet

To access any bit of data on a Domino server, a user has to get over these hurdles:
  • Network or "KVM" access to the server
    • KVM access means actual or virtual access to the server's keyboard, video, and mouse. 
    • Users with KVM access may be able to bypass some of the other security measures. 
  • Authenticate with the server 
  • Server ACLs (in the Server doc, under the Security tab) 
  • File System ACL if user has requested a file in the html directory. 
  • Directory Link ACL if the data is in a database that is in a linked folder 
  • Database ACL if the data is in a database
  • Inside the database:

    • View ACL (controls who can use a view)
    • Form ACL (controls who can create documents with a form)
    • Document access
      • Section ACL (controls who can edit the fields in the section)
      • $Readers field and fields of Readers or Authors data type
        • $Readers and Readers fields control who can see/read a document
        • Authors fields control who (having Author access in the database ACL) can edit the document
      • Encrypted fields (user must have a decryption key to decrypt the data in the field)

No comments:

Post a Comment