I am a developer with an organization that has implemented very restrictive centralized system administration. Server documents are configured to allow only the server ID rights to run unrestricted agents on the server. As a result, every time I modify a back-end agent that must run on the server (i.e. not agents running with the privileges of the user who triggers them), I must submit a request to have the system admins re-sign the agent. This process may take hours or days to complete. Obviously, that timeline isn’t convenient for development, especially if I need to make a series of successive changes, e.g. when troubleshooting a problem. I would like to petition for the privilege to use the Domino Administrator client Database Tool to Sign database. (I’m experienced as both an admin and developer, and frankly more knowledgeable than many of the people working as admins). Since using that tool would allow me to re-sign the database (and thus the agents) as needed (convenient) without giving me physical access to the server ID (security), I’m hoping my request might be considered. However, my only chance of being granted this privilege is if I can specify exactly in as limited a means as possible how to grant this privilege without also granting significant other server administration privileges … if that is in fact possible.
PLEASE NOTE: I’m asking for the specific rights/privileges and steps required to enable access to use this specific database tool. I know the arguments for both sides (dev and admin) for and against this access. Therefore, and I apologize if this is too blunt, but I don’t require a host of opinions about why or why not this should be done, only the specifics of how.