Lotus Domino Administrator 8 Help - Setting a subject's access to an extended ACL target

DIRECTORY SERVICES

Setting a subject's access to an extended ACL target
To set a subject's access to an extended ACL target in an IBM® Lotus® Domino™ Directory or an Extended Directory Catalog, follow these steps:

1. Review the guidelines for setting up an extended ACL.

2. Open the Domino Directory or Extended Directory Catalog.

3. Make sure you have enabled extended access for the directory.

4. If more than one administrator manages the extended ACL, enable the advanced database property "Allow document locking." Document-locking ensures that only one administrator can modify the extended ACL at a time.

Choose File - Application - Properties
Select "Allow document locking."

For more information on locking documents, see Notes 6 Help.

5. Choose File - Application - Access Control to open the Access Control List dialog box. Make sure you have one of the following:

Manager access.
Editor or Designer access and the Administer extended ACL access to the target for which you are setting the subject's access. Either a database manager or someone with Administer access to the target must give you this access.

6. With Basics selected, click Extended Access.

7. In the Target box at the left of the "Extended Access at target" dialog box, expand target categories as necessary and select the target.

Tip

Below the Target box, deselect "Show only containers" to show the documents under each target category. Select the option to show only the target categories. You can choose a single document as a target, but doing so is discouraged.

8. Next to "People, Servers, Groups" below the Access List box, select one:

Show Modified -- to show only subjects whose access to the selected target is set at the target.
Show All -- (default) to show subjects whose access to the selected target is set at a higher target using the "This container and all descendants" scope, as well as to show subjects whose access to the selected target is set at the target.

9. To add the subject for which you are setting access to the selected target, do one:

Click Add - Name and type or select a subject name, then click OK. If the subject is a user, server, or group that is not in the directory for which you are controlling access, this prompt appears: "Subject can not be found in the directory. To continue, please specify the subject's type: Person, Server, Group." Select one of the options presented, then click OK.
Click Add - Default to add the subject -Default-.
Click Add - Self to add the subject Self.
Click Add - Anonymous to add the subject Anonymous.

If a subject's access to the selected target is set at a higher target through the scope "This container and all descendants" and you add the subject to the selected target with new access settings, the new access settings then control the subject's access to the selected target.

10. Below the Scope of Target box at the top, right of the "Extended Access at target" box, select one of the following to specify the scope of the subject's access at the selected target.

This container and all descendants (default) -- to apply the subject's access to the selected target and to all targets subcategorized below it.
This container only -- to apply the subject's access to the selected target only and not to targets subcategorized below it.

Note

If you selected a single document as a target in Step 7, the "This container and all descendants" option is not available.

11. Below the Attributes section at the right of the "Extended Access at target" box, for each of the following select Allow or Deny to set the selected subject's default access to the selected target.

Browse
Create
Delete
Read
Write
Administer

12. (Optional) Set form-specific access to make exceptions to the default access.

13. Click OK to save the extended ACL changes and close the "Extended Access at target" box.

See also

Setting up and managing an extended ACL

Extended ACL guidelines

Extended ACL

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary