Controlling access to the administration interface

All access to IBM Traveler administration data is controlled using the Domino® database access control list (ACL) on the IBM Traveler administration database (LotusTraveler.nsf).

Default and Anonymous access to this database is disabled by default which is the recommended setting. It is also recommended that delete access be disabled for all levels, as deleting records directly from the database using the administration client is not supported.
Table 1. ACL Access Levels

ACL access level for a user

Actions user can perform

None

User cannot open the database or view any IBM Traveler data.

Reader (or above)

User can open the database and view any data accessible by database views.

Editor (or above)

User can save device preferences and security profile settings in the Default Settings document.

Administrator Role is checked

User can perform security actions, such as:
  • Approve Device
  • Wipe Device
  • Deny Access to device
  • Promote or Delete client builds
Note: If the Domino® Administrator client is being used to manage the IBM Traveler administration database, then Domino® Full Remote Console administrator access is required for the user before they can issue any device actions or make changes to the Default Settings document. This restriction does not apply to the IBM Traveler web based administration application.