Considerations for Creating Policies on Domino Servers

Web Agent Guides › Web Agent Configuration Guide › Domino Web Agents › Configure Policies for Domino › Considerations for Creating Policies on Domino Servers

Considerations for Creating Policies on Domino Servers

Consider the following when creating SiteMinder policies for the Domino server:

A user can open a form with a parent document to view default values for the form. The parent document is the original form used to create the document. To prevent a user from viewing default values on a form they should not have access to, set the SkipDominoAuth parameter to no, which prevents the user from having Super User privileges.
If you replicate databases on the same machine, create a duplicate set of rules to protect each database.
If the Domino Agent cannot associate an alias for a Notes document with a form, then each document requires its own rule for protection.
The Domino server uses special identifiers in URL commands for certain database documents, for example, $DefaultView, $DefaultForm, $DefaultNav, and $SearchForm. The Domino Web Agent converts these identifiers to a standard URL to access the document. In the case of $defaultNav, the Domino Agent performs an action of ?OpenDatabase. You do not need to create additional rules for these types of identifiers.
Resources in the Notes database are protected by their alias. If the alias does not exist, it is protected by the resource name or comment.
Notes allows multiple objects of different types to have the same name and alias. If you create a rule that uses a wildcard with the ?Open action, such as, ?Open*, be aware that this rule protects different types of resources that share the same alias or name.
Documents are protected by the form with which they were created. The action used with the form is ?ReadForm.
The Domino Agent will not ignore files with the .nsf extension. Do not add this extension to the IgnoreExt parameter.

Email CA about this topic