Sep 3, 2015 5:09 PM
19 Posts

How to limit Help Desk personnel to certain admin functions

  • Category: Domino Administrator
  • Platform: Windows
  • Release: 9.0
  • Role: Administrator
  • Tags: Help Desk
  • Replies: 2

Hi all,

I realize that this is a big topic (knowing what I do about Domino) but is there any way to limit "help desk" personnel (of which we now have one) from having full blown access via the administrator client?  I do not have the ability to write Domino applications so I am limited to setting security etc.

I would like them to be able to do the following:

- register a new user

- reset passwords

- check the outgoing mail boxes for dead mail etc

Are there roles that can be assigned to a user (or user group) that limits what they can do?

If this is not easily do-able, I don't want them to know the certifier ID password.  Is there a way I can create a "sub" certifier (with its own password) that they have access to that they could use to register people?

Thanks for any hints.

Albert

Sep 10, 2015 12:19 PM
19 Posts
How to limit Help Desk personnel to certain admin functions

Hi Chad,

Thanks for the links.  Have read through once already.  I am not new to Domino but can't say I understand a lot about certificates etc (other than they authenticate the identity of something).

Could you provide me a "high level" overview of what I need to do?  Here is what I understand so far (? marks mean I am guessing):

- I would start up a CA task on the server; this would issue new certificates based upon the server's current certifier (?)

- somehow the registration process would be changed so that when a help desk or admin person started to register someone, instead of having to pick and type in a password for the certifier.id file on the server, it somehow sends a request to the CA task to issue a certificate (?)

- the CA task then sends back a certificate that is merged into the user's new ID file (?)

Other questions: does the CA process need to somehow register or get a certificate itself form some pubic CA or since it uses the servers certifier.id it is trusted as a CA?

Thanks.  I will re-read the docs and maybe try to find others but thought a high level overview would help me at this stage.

Albert