SECURITY

User types in the ACL
A user type identifies whether a name in the ACL is for a person, server, or group. When you assign a user type to a name, you specify the type of ID required for accessing the database with that name. The user types are Person, Server, Mixed Group, Person Group, Server Group, and Unspecified. The -Default- group in the ACL is always assigned Unspecified as the user type. If you have added Anonymous to the ACL, then it should have a user type of Unspecified.

User types provide additional security for a database. For example, assigning the Person user type to a name other than "unspecified" prevents an unauthorized user from creating a Group document with the same person name, adding his or her name to the group, and then accessing the database through the group name.

Designating a name as a Server or Server Group prevents a user from using the server ID at a workstation to access a database on the server. Be aware, though, that designating a name as a Server or Server Group is not a foolproof security method. It is possible for a user to create an add-in program that acts like a server and uses a server ID to access the server database from a workstation.

Instead of assigning a user type to each name, you can automatically assign a user type to all unassigned names in the ACL. The user type assigned to each name is determined by the Domino Directory entry for that name. Using this method, a group is always designated as "Mixed Group," and not as a "Person Group" or a "Server Group." To assign a "Person Group" or "Server Group" to a name, you must select the name and manually assign that user type.

You can assign user types to entries in multiple database ACLs, or you can have the server automatically assign user types to unspecified entries in a single database ACL.

To automatically assign user types to ACL entries

Use this method when you have just added a large number of entries to a database ACL.

1. Make sure that you have Manager access in the database ACL.

2. From the IBM® Lotus® Domino™ Administrator Server pane, select the server that stores the databases.

3. Click Files, and select a database from the Domino data directory.

4. Click Tools - Database - Manage ACL.

5. Click Advanced.

6. On the Advanced panel of the ACL dialog, click "Lookup User Types for 'Unspecified' Users."

The server uses the Domino Directory to look up each entry in the ACL and assign a user type of Person, Server, or Mixed Group. If it cannot find a match in the Directory, then the entry in the ACL will be left as "Unspecified."

See also