FORUM PLAN UPDATE
Date revision: This forum will remain open to new posts and responses until December 1, 2018. (After that date, you will still be able to view and search the forum.) Also, we're taking a second look at the best place to host future conversation. For now, keep using this forum, and stay tuned for more news.


Sep 3, 2015, 5:09 PM
19 Posts

How to limit Help Desk personnel to certain admin functions

  • Category: Domino Administrator
  • Platform: Windows
  • Release: 9.0
  • Role: Administrator
  • Tags: Help Desk
  • Replies: 2

Hi all,

I realize that this is a big topic (knowing what I do about Domino) but is there any way to limit "help desk" personnel (of which we now have one) from having full blown access via the administrator client?  I do not have the ability to write Domino applications so I am limited to setting security etc.

I would like them to be able to do the following:

- register a new user

- reset passwords

- check the outgoing mail boxes for dead mail etc

Are there roles that can be assigned to a user (or user group) that limits what they can do?

If this is not easily do-able, I don't want them to know the certifier ID password.  Is there a way I can create a "sub" certifier (with its own password) that they have access to that they could use to register people?

Thanks for any hints.

Albert

Sep 10, 2015, 12:19 PM
19 Posts
How to limit Help Desk personnel to certain admin functions

Hi Chad,

Thanks for the links.  Have read through once already.  I am not new to Domino but can't say I understand a lot about certificates etc (other than they authenticate the identity of something).

Could you provide me a "high level" overview of what I need to do?  Here is what I understand so far (? marks mean I am guessing):

- I would start up a CA task on the server; this would issue new certificates based upon the server's current certifier (?)

- somehow the registration process would be changed so that when a help desk or admin person started to register someone, instead of having to pick and type in a password for the certifier.id file on the server, it somehow sends a request to the CA task to issue a certificate (?)

- the CA task then sends back a certificate that is merged into the user's new ID file (?)

Other questions: does the CA process need to somehow register or get a certificate itself form some pubic CA or since it uses the servers certifier.id it is trusted as a CA?

Thanks.  I will re-read the docs and maybe try to find others but thought a high level overview would help me at this stage.

Albert


FORUM PLAN UPDATE
Date revision: This forum will remain open to new posts and responses until December 1, 2018. (After that date, you will still be able to view and search the forum.) Also, we're taking a second look at the best place to host future conversation. For now, keep using this forum, and stay tuned for more news.