Setting up access to the Web Administrator database

Domino® automatically sets up default database security when the Domino Web Administrator database (WEBADMIN.NSF) is created for the first time. At that time, all names listed in either the Full Access Administrators or Administrators fields of the Server document are given Manager access with all roles to the Web Administrator database.

In addition, the HTTP server task periodically (about every 20 minutes) updates the Web Administrator database ACL with names that have been added to the Server document in either the Full Access Administrators or Administrators fields, but only if the names are not already on the ACL list.

For more information on how the HTTP server task synchronizes names in the Server document with those on the Web Administrator database ACL, see Giving additional administrators access to the Web Administrator in the related links.

Access control list

The default ACL settings for the Web Administrator database are listed in the following table. You do not need to change these settings if the administrator's name appears in the Administrators field of the Server document.

Table 1. Default ACL settings
Default name Access level
User and group names listed in either of these fields on the Server document:
  • Full Access Administrators
  • Administrators
Manager with all roles
The name of the server Manager
-Default- No access
Anonymous No access
OtherDomainServers No access

Authenticating administrators

You can use either an Internet password or an SSL client certificate to access the Web Administrator. The Web Administrator uses either name-and-password or SSL authentication to verify your identity. The method the Web Administrator uses depends on whether you set up the server or the Domino Web Administrator database (WEBADMIN.NSF), or both to require name-and-password or SSL authentication.

To access the Web Administrator database, you must have name-and-password authentication or SSL client authentication set up on the server. Name-and-password authentication is enabled for the HTTP protocol by default.

To use name-and-password authentication, you must have an Internet password in your Person document. To use SSL client authentication, you must have a client certificate, and SSL must be set up on the server.