DIRECTORY SERVICES
Extended ACL
An extended access control list (ACL) is an optional directory access-control feature available for a directory created from the PUBNAMES.NTF template -- a Domino Directory or an Extended Directory Catalog. An extended ACL is tied to the database ACL, and you access it through the Access Control List dialog box using an IBM® Lotus® Notes® or ® Lotus® Domino™ Administrator client. You use an extended ACL to apply restrictions to the overall access the database ACL allows a user -- you cannot use it to increase the access the database ACL allows. Use an extended ACL to set access to:
All documents with hierarchical names at a particular location in the directory name hierarchy, -- for example all documents whose names end in OU=West/O=Acme.
All documents of a specific type, -- for example all Person documents
A specific field within a specific type of document
A specific document
An extended ACL allows you to:
Delegate your Domino administration, for example, allow a group of administrators to manage only documents named under a particular organizational unit.
Set access to precise portions of the directory contents.
Set access to documents and fields easily and globally at one source, rather than requiring you to control access through features such as multiple Readers and Authors fields.
Control the access of users who access the directory through any supported protocol: Notes (NRPC), Web (HTTP), LDAP, POP3, and IMAP.
Limit access to Internet passwords stored in the Domino Directory to protect against attacks by malicious sources trying to guess passwords.
Note
Server processes such as the Router task do not enforce extended ACL restrictions. However, in the case of the Router task specifically, you can prevent some users from sending mail to a group by editing the Readers field for the group and including only the names of users you want to allow to send mail to the group. When users omitted from the Readers field attempt to send mail to the group, the Router won't deliver the mail.
See also
Restricting users from sending mail to groups listed in the Domino Directory
Using an extended administration server
Setting overall access levels in the Domino Directory ACL
Configuring a database ACL
Elements of an extended ACL
Extended ACL examples
Extended ACL guidelines
Enabling extended access
Setting up and managing an extended ACL
Glossary
Feedback on
Help
or
Product Usability
?
Help on Help
All Help Contents
Glossary