| Field | Action |
| Sign or run unrestricted methods and operations | Enter the names of users and groups who are allowed to select, on a per agent basis, one of three levels of access for agents signed with their IDs. Users with this privilege select one of these access levels when they are using Domino Designer to build an agent:
- Do not allow restricted operations
- Allow restricted operations
- Allow restricted operations with full administration rights.
Only users who can sign or run unrestricted methods and operations can activate an agent option other than Do not allow restricted operations. These privileges are given by default to the current server and to IBM Notes Template developers.
If users in this list are also listed as a database administrator in the Server document, they are allowed to perform database operations without having to be listed explicitly in the database ACL. (for example, they can delete databases without being listed in the ACL of those databases).
Note: To have the ability to run unrestricted agents with full administration rights, the agent signer should be listed in this field, or in the Full Access Administrator field, as well as have this access level selected in the Agent properties Security tab. Being listed in Full Access Administrator list alone is not sufficient to run agents in this mode.
Note: For XPages -- To have the ability to run unrestricted XPages, the XPage builder should be listed in this field. Note that XPages do not execute with full administration rights. If XPage builders are listed in the Full Access Administrator field, their XPages will have unrestricted rights without full administration rights. |
| Sign agents to run on behalf of someone else | Enter the names of users and groups who are allowed to sign agents that will be executed on anyone else's behalf. The default is blank, which means that no one can sign agents in this manner.
Important: This privilege should be used with caution, as the name for whom the agent is signed on behalf of is used to check ACL access. |
| Sign agents or XPages to run on behalf of the invoker of the agent | Enter the names of users and groups who are allowed to sign agents or XPages that will be executed on behalf of the invoker, when the invoker is different from the agent or XPage signer. This setting is ignored if the agent or XPage signer and the invoker are the same. This is used currently only for Web agents and XPages. The default is blank, which means that everyone can sign agents or XPages that are invoked in this manner (this is for backwards compatibility). |
| Run restricted LotusScript/Java agents | Enter the names of users and groups allowed to run LotusScript and Java agents, but excluding privileged methods and operations, such as reading and writing to the file system. Leave the field blank to deny access to all users and groups. |
| Run simple and formula agents | Enter the names of users and groups allowed to run to run simple and formula agents, both private and shared. Leave the field blank to allow all users and groups to run simple and formula agents, both private and shared. |
| Sign script libraries to run on behalf of someone else | Enter the names of users and groups who are allowed to sign script libraries in agents or XPages executed by someone else. For the purposes of backwards compatibility, the default value is to leave the field empty, to allow all. |