Full Access Administration mode for lotus notes

0
votes

I am writing a remote java agent for lotus notes agent. I need access some note which has acl restrict for the account. My client suggests using “full access administration” mode to view those document since the note acls is not allowed to be changed.

After searching the api document of IBM, I did not see any method can turn on the full access administration mode. Does anyone know how to connect to the lotus notes server as “full access administration” mode?

Just want to clarify, I am using diiop to access the lotus notes server. Therefore, I need activate the full access mode through the diiop function call.

3
javalotus-noteslotus-domino
Is the thing you're writing an actual Domino agent (i.e. edited as an agent in Domino Designer)? If so, why do you need DIIOP? Is the remote server in a different Domino network to which you can't directly connect?Scott Leis
@Scott Leis no, the program is not a Domino agent using Domino designer. It is a standalone java program using ncso.jar for reading the content of documents from lotus notes server.Alvin

3 Answers

4
votes

The NotesFactory class has two createSessionWithFullAccess methods, but they don't allow you to specify a host.

For remote Domino servers accessed via DIIOP, I think what you're trying to do isn't directly possible.

There is a workaround that would require some development on the target Domino server.
Someone could write a Domino agent in any database on that server, where that agent has its security set to allow full access, and is designed to return data from specified documents.

Domino web agents can't return Domino Java objects; they can only return text data. You'd have to call the agent as a normal HTTP request without using DIIOP, then parse the data somehow.

Having such an agent is a security risk, but that can be managed if the database containing the agent disallows anonymous access, and required HTTP requests to be authenticated.

3
votes

To run an agent with full admin rights you simply need to change the runtime security- properties of the agent itself to 3. Allow restricted operations with full administration rights (Second Tab of agent properties). The signer of the agent of course has to be allowed to use full admin mode, otherwise the following error message will occur on the console:

Agent Manager: Error validating execution rights for agent '(agent name)' in database '(filename.nsf)'. Agent signer '(username)', effective user '(username)'. Examine 'Programmability Restrictions' field in the Server Record.

0
votes

There does not appear to be any means to create a Full Access session across IIOP.

There exist NotesFactory.createSessionWithFullAccess() and NotesFactory.createSessionWithFullAccess(String password). But, these methods must be run locally on the server where the database is, and will not work over IIOP. They have been in place since Release 6.

Source: Domino Designer 9.0.1 Help. IBM Domino Designer Basic User Guide and Reference / Java/CORBA Classes / Java Classes A-Z / Supporting components / NotesFactory (Java)