Represents an acl entry in a Domino database. An aclentry can consist of a person, server, or server group that is assigned an access level to perform specific tasks in a database. The attributes of this element define the access and editing privileges a user has for a database.

Containment Hierarchy

Contained by: <acl>

Contains: <role>

Syntax

<!ELEMENT aclentry ( role* )>

Content

role*

May contain any number of <role> elements.

<!ATTLIST aclentry

name	%string;	#REQUIRED
level	(%acl.levels;)	#REQUIRED
default	%boolean;	"false"
type	(%aclentry.types;)	"unspecified"
createdocs	%boolean;	#IMPLIED
deletedocs	%boolean;	#IMPLIED
createpersonalagents	%boolean;	#IMPLIED
createpersonalviews	%boolean;	#IMPLIED
createsharedviews	%boolean;	#IMPLIED
createlsjavaagents	%boolean;	#IMPLIED
readpublicdocs	%boolean;	#IMPLIED
writepublicdocs	%boolean;	#IMPLIED

>

createdocs

If true, can create documents.*

If true, can create LotusScript or Java agents.*

If true, can create private agents.*

If true, can create personal folders or views.*

If true, can create shared folders or views.*

If true, this entry is the default entry for the acl. Default is false.

If true, can delete documents.*

The access level of the aclentry. Specified in the %acl.levels entity. The level implies a specific combination of the attributes mentioned here. For details, see the Usage section below.

Name of the user/aclentry. This could include an empty string.

If true, can read public documents.*

The type of aclentry. Specified in the %aclentry.types entity. Default is Unspecified.

If true, can write public documents.*

Usage

For each level of an aclentry, only a certain combination of tasks can be performed by a user. These tasks are represented by permitted attributes being set to true. For example, if the level specified is noaccess, only the readpublicdocs and writepublicdocs attributes default to true; the rest default to false. If the level specified is manager, the default value for all the attributes is true and cannot be set to false, except deletedocs, which can be set to false at the manager level. You override attribute values by selecting or deselecting editable access privileges in the ACL dialog box. To view all the combinations for each level, refer to the Access Control List Properties box in the Lotus Notes client.

For more information, see Access level privileges in the ACL.

The DXL output for a database often contains more than one aclentry tag. This happens because there is often more than one level of ACL access assigned to the users of a database.

Defined entity for <aclentry> element

The %aclentry.types; entity lists the types of users allowed in an ACL entry in a Domino database.

For more information, see User types in the ACL.

Syntax:

<!ENTITY % aclentry.types "unspecified | person | server | mixedgroup | persongroup | servergroup ">

Example
See Also

The Domino DTD

Glossary