SECURITY


Default ECL settings
When you first edit the ECL, it includes the following signatures and access options. By default, the ECL does not allow access to protected operations for active content that is unsigned, or for active content that is signed by a signer who is not listed in the ECL.
Signature Applies toDefault access options
-Default-Formulas and code that contain a signature, and that signature is verified by IBM® Lotus® Domino™, but the signature does not match any entry in the ECL.

For example, if the signer is John Andrews/Atlas, but the ECL does not contain this signature, the ECL uses the -Default- signature to assign access.

None
-No Signature-Formulas and code that contain an invalid or corrupted signature, are unsigned, or are signed by an identity or organization that can't be verified by Domino.

For example, if the code is not signed, or is signed by a user unknown to the Domino server, the ECL matches -No Signature-.

None
BT Mail and Calendar Migration Tools/Lotus Notes Companion ProductsEvery template related to Binary Tree Mail and Calendar Migration Tools.

If your organization isn't using this tool, you can remove this entry from the ECL.

Access to file system, Access to current database, Access to environment variables, Access to external code, Ability to read other databases, Ability to modify other databases
Domino Unified Communications Services/Lotus Notes Companion ProductsEvery template related to Domino Unified Communications Services. If your organization isn't using this tool, you can remove this entry from the ECL.Access to current database, Access to environment variables, Access to external code, Access to external programs, Ability to send mail, Ability to read other databases, Ability to modify other databases
Lotus Fax Development/Lotus Notes Companion ProductsEvery template related to Lotus Fax for Domino.

If your organization isn't using this tool, you can remove this entry from the ECL.

Access to current database, Access to environment variables, Ability to read other databases, Ability to modify other databases
Lotus Notes Template Development / Lotus NotesEvery template shipped with Domino and IBM® Lotus® Notes®.

For example, the signer matches this type only if it has the Lotus Notes Template Development/Lotus Notes signature.

All
Sametime Development/Lotus Note Companion ProductsEvery template related to IBM® Lotus®Sametime®.

If your organization isn't using this tool, you can remove this entry from the ECL.

All except Access to workstation security ECL
You can also add additional users or signature types to the ECL. You could add the hierarchical names of specific users or groups -- for example, Phyllis Spera/Sales/East/Acme. If you create a special certifier to certify the IDs of a group of trusted signers, you could use a wildcard character to name all signers -- for example, */Trusted Signers/Acme.

The table below describes the access that these users (or signature types) in an ECL would have:
Signature Applies to
*/Trusted Signers/AcmeFormulas and code that have */Trusted Signers/Acme signature.

For example, if the signer is anyname/Trusted Signers/Acme -- such as Emily Marks/Trusted Signers/Acme or Alan Jones/Sales/East/Trusted Signers/Acme -- the ECL uses the */Trusted Signers/Acme signature to match access.

Phyllis Spera/Sales/East/AcmeFormulas and code that have Phyllis Spera/Sales/East/Acme as the signature.

For example, the signer matches this type only if the ECL contains the Phyllis Spera/Sales/East/Acme signature.

See also