Monday, 14 September 2009

Domino and Web Admin Reader Access

So, here is the scenario.

I'm stepping back a bit from the day-to-day server maintenance. I needed to setup an employee to be able to log into the Domino webadmin.nsf database to see if there were any users logged into the server.

I gave the fellow 'View only' administrator permissions in the Server Document, and then gave him 'Reader' access to the webadmin.nsf database, and set him up with only the 'ServerStatus' role.

When he went to log into the database, he got a pop-up with 'You are not authorized to perform that operation.'.
In the server log, I found the following:

So, it looks like an agent gets run on access to webadmin.nsf, that the 'Reader' level user doesn't have permissions to run.

A quick test across all my servers shows that it's only an issue in the 6.x code stream. Domino 7.x and 8.x work fine.

So, now the work around I found. Grant your user 'Author' access, have them access the webadmin.nsf application, then lower them to 'Reader' again. It'll be a bit (read: great) pain, but a good reason to upgrade to Domino 8.5.