Server access for Notes users, Internet users, and Domino servers

To control user and server access to other servers, Domino® uses the settings you specify on the Security tab in the Server document as well as the rules of validation and authentication. If a server validates and authenticates the Notes® user, Internet user, or server, and the settings in the Server document allow access, the user or server is allowed access to the server.

Grant server access to users and servers who need to access resources stored on the server. Deny access to prevent specified users and servers from having access to all applications on the server.

Access settings in the Server document control server access for both Notes and Internet users. By default, the Server access settings apply only to Notes clients. You can enable these settings for each of the Internet protocols through the Ports tab of the Server document.

Types of server access controls

Server access list

The server access list controls the access that Notes users, Domino servers, and users who access the server using Internet protocols (HTTP, IMAP, LDAP, POP3) have to that server. Keep in mind that using a server access list activates an additional security check and can, therefore, increase the time required to access the server.

Deny access list

The deny access list denies access to Notes users and Internet clients you specify. For example, use a deny access list to prevent access by users who no longer work for your company but who may still have their Notes user IDs, or who still have a Person document in the Domino Directory with a legitimate Internet password and would otherwise be able to access the server using an Internet protocol.

Notes ID lock out

Notes ID lock out denies access to Notes users you specify. Like a deny access list, Notes ID lock out prevents access by users who no longer work for your company but who may still have their user IDs.

Anonymous access

Anonymous access lets Notes users and Domino servers access the server without having the server validate and authenticate them. Use anonymous access to provide the general public with access to servers for which they are not cross-certified. When you set up anonymous server access, Domino does not record the names of users and servers in the log file (LOG.NSF) or in the User Activity dialog box.

When users attempt to connect to a server set for anonymous access and the server can't authenticate them, they see this message:

Server X cannot authenticate you because the server's Domino Directory does not contain any cross-certificates capable of authenticating you. You are now accessing the server anonymously.

You can also set up Internet clients to access servers anonymously.

Network port access

Network port access allows or denies access to specified Notes users and Domino servers, based on the network port they try to use. For example, you can deny access to Alan Jones/Sales/East/Renovations when he dials into the server but allow access when he uses TCP/IP to connect to the server.