SECURITY

The database access control list
Every .NSF database has an access control list (ACL) that specifies the level of access that users and servers have to that database. Although the names of access levels are the same for users and servers, those assigned to users determine the tasks that they can perform in a database, while those assigned to servers determine what information within the database the servers can replicate. Only someone with Manager access can create or modify the ACL.

To control the access rights of IBM® Lotus® Notes® users, select the access level, user type, and access level privileges for each user or group in a database. You can set default entries in the ACL when you create the database. You may also assign roles if the database designer determines this level of access refinement is needed by the application. Work with the designer and user representatives of the application to plan the correct access level before you put a database into production.

For each user name, server name, or group name in an ACL, you can specify:


Caution IBM® Lotus® Domino™ administrators with full access administration rights, as well as users who are allowed to run agents with unrestricted access, can access databases without being explicitly listed in the database ACLs.

For more information on full access administration rights, see Restricting administrator access.

For more information on running agents with unrestricted access, see Controlling agents that run on a server.

Note The database ACL should not be confused with other types of ACLs used by Domino administrators. One such ACL is the extended ACL, which is used only in the Domino Directory and the Extended Directory Catalog to restrict access to specific documents and fields within those databases. You must enable extended access to use this feature. The other type of access control list is the .ACL file, which is used by administrators to restrict user access to server directories.

See also