Parameter:
RestrictedOperationsShort description: List of operations (e.g.
Console, RestrictedAgent) that are only allowed for authorized users / groups.Profile
Parameter | RestrictedOperations |
Category | Security / TLS |
Component | Server |
Available since | 9.0.1 |
Supported versions | 9.0.1, 10.0, 11.0, 12.0, 14.0, 14.5, 14.5.1 |
GUI equivalent | Server document |
Possible values | Comma-separated list of operation tokens (e.g. Console, RestrictedAgent, RestrictedLotusScript) |
Description
So that not every administrator has to be allowed to do everything, Domino can place certain security-critical operations under additional control.
RestrictedOperations is the switch list: it names the operations for which additional permission profiles apply. For each named operation, RestrictedOperationsList references the corresponding user / group list. This makes it possible to grant, for example, console commands, restricted agents, or restricted LotusScript on a granular basis – without anyone having to become a “full console admin”.Example configuration
RestrictedOperations=Console,RestrictedAgent RestrictedOperationsList=ConsoleAdmins,AgentApprovers
Notes & pitfalls
- Always set together with
RestrictedOperationsList– each listed operation needs a counterpart.
- Changes take effect after a server restart.
- Additionally document both INI values in the Server document so that the security state remains reproducible.
- Operation tokens are version-dependent – verify the list in the Domino documentation of the target version before use.