Agent security

You can set up basic security for an agent by using the Security tab of the Agent Properties box.

The Security tab contains the following options:

Table 1. Security tab option descriptions
Option Description
Run as Web user

Checking this option specifies the current Web user to be the agent's effective user.

Note: The effective user is the user under whose authority the agent runs. The effective user name will be used for ACL access rights; rights to create applications, replicas and templates on the server; and as the mail sender or document author. The effective user rights are not used to determine the operations the agent is permitted to perform; these are based on the agent signer (the agent owner).
Run on behalf of

Lets you specify the agent's effective user. Note that restricted signers can run agents only under the same authority as their own -- they can enter their own name only. Unrestricted signers and signers with rights to run On Behalf of anyone can run agents on behalf of anyone. Whoever you specify in this field must be included in the ACL of any application being accessed. If the agent sends mail or creates documents, the name specified here will be the mail sender or document author.

Allow remote debugging

Checking this enables the agent to be debugged through a remote debugger. Only Script can be remotely debugged; however, you can monitor or cancel the execution of agents written in Java, formula language, or simple agents.

Allow restricted operations

Lets users who have unrestricted rights specify whether the agent should run in restricted, unrestricted, or unrestricted with full administrator rights mode. The default setting is restricted mode, the safest setting. This option has no effect on users with restricted rights.

Allow user activation

Checking this box allows users with editor access to enable this agent without affecting its signature.

Default access for viewing and running this agent

The default level for viewing and running the agent is: All readers and above. You can deselect this option and choose who you want to have default access for viewing and running the agent.

Allow Public access users to view and run this agent

Lets users who have public access to documents in an application view and run the agent.

For more detailed information on agent security, including information about restricted and unrestricted rights, see the topic Security for agents and servers on the Web in the HCL Domino Designer documentation.