Permission on the Notes server to encrypt

hcl-bot · October 31, 2008, 1:42am

HI

I want to encrypt docments( fields) on a server through a background lotusscript agent. I red in the help that there most be an option on the server to give permission to the agent to encrypt on the server.

I cannot find this option on the server. can someone tell me where on the serverdocument I can give permission to encrypt on the server?

Regards

hcl-bot · October 31, 2008, 4:43am

Subject: I’m afraid the Help is unclear …

its not a setting on the SERVER that allows any script/agent to encrypt

its a setting on the particular script … in this case an agent … that allows the script to do restricted operations

which happen to include encryption

search Designer help for “Restricted LotusScript and Java agent operations”

The options can be set using the designer tool, agent properties, “key tab”… about half way down

FYI

there is a setting on each ACL entry that determines if they can run any a restricted agent

You will need to ensure that ID that is executing the script has that right

and of course the ID may be

the server or agent signer or named user or who triggers the agent

depending on circumstances and/or other agent settings

However you need to take similar care with any script that executes on the server anyway

hcl-bot · November 2, 2008, 10:02am

Subject: RE: I’m afraid the Help is unclear …

Hi

I have checked the points you mentioned. On the agent properties the allowed restricted operations was enabled and on the ACL I canot find the option to allow an id to run restricted opertions. Can you tell me where I can find it?

When the document is created (with the encryption key) the $Seal item is created but not the $SealData item. In the debugger I can see that the $SealData item is created but when saving the document the item dissapears.

Regards

hcl-bot · November 3, 2008, 4:13am

Subject: Oops, My Mistake

Sorry to have confused youthe ACL entry in the column of checkboxes on right of window Basics tab

is the ability to CREATE an agent not RUN it

(as I’m sure you noticed)

However your original supposition that its a server config may be right after all -

there is a field on the SERVER document in the Domino Directory (aka names.nsf)

SEcurity Tab

Programmability Section (top right block)

Run unrestricted methods and operations:

Check to see if the “effective” user, is permitted there

Let us know how you get on

and apologies again

hcl-bot · November 3, 2008, 4:00pm

Subject: RE: Oops, My Mistake

Hi

The effective user was already permitted to run restricted and unrestricted actions.

Regards