IT Baseline Protection Manual S 4.121 Configuration of rights of access to the Lotus Notes Name and Address Book
S 4.121 Configuration of rights of access to the Lotus Notes Name and Address Book
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrator
The Name and Address Book (NAB) of a Notes server is the central administrative database, which contains not only the user administration information but also the essential configuration data for a server. To this end the NAB contains corresponding user documents and server documents.
It is therefore particularly important that access control is correctly configured via the ACL settings of the NAB. The following factors should be considered during configuration:
The NAB contains person-related data that must be protected appropriately.
The NAB also contains important data which must be accessible for certain system functions, e.g. e-mail addresses and certificates for e-mail encryption.
Complete protection of person related data is generally difficult to implement without simultaneous loss of functionality.
The following distinctions can be made in the configuration of access to the NAB for users:
The "All Users" group is given "Author" rights without optional attributes and without additional roles. Users are then allowed read access in the NAB to the information relating to other users. In particular, however, the following fields in the relevant tabs of their own personal document can be altered:
Basic: Personal Title, Generation Qualifier, Internet Password
Mail: Format preference incoming mail (e.g. MIME or rich text), Encryption incoming mail
Work/Home: all fields
Misc: all fields
In particular, this authorisation configuration (Author rights for all users) allows users to change their own Internet password that is used, for example, for authentication on the Web interface and for e-mail access via POP3. Since at present no integrated quality assurance is offered for the Internet password, there is nothing to prevent users from choosing weak passwords. The only remedy is to provide appropriate user training or to prohibit them to alter their Internet passwords on their own (see below).
The "All Users" group is given "Reader" rights without optional attributes and without additional roles. With this authorisation configuration, users have only read access to the NAB. All changes to their own personal document (e.g. changing the Internet password) must be performed by an Administrator.
The "All Users" group has no rights of access ("No Access") to the NAB. This authorisation configuration guarantees the protection of the personal data contained in the NAB, but it results in unacceptable losses of functionality.
It is possible to have a division of roles for administrative activities. In each case roles can be granted for the creation or amendment of
group documents ("[GroupCreator]" and "[GroupModifier]" roles),
server documents ("[ServerCreator]" and "[ServerModifier]" roles),
user documents ("[UserCreator]" and "[UserModifier]" roles), and
all other documents of the NAB ("[NetCreator]" and "[NetModifier]" roles).
The division of administrative activities into different roles is generally to be recommended. It is necessary to check whether this would be appropriate in the present operational environment.
Additional controls:
Should the NAB be visible and accessible over the Web interface?
Should the NAB be recorded in the Notes catalogue?