Once you create a role, you can use it in database design elements or functions to restrict access to those elements or functions. For example, you may want to allow only a certain group of users to edit certain documents in a database. You could create a role named "DocEditors". That role would then be added to the Authors fields of those documents, and assigned to those users who are allowed to edit those documents.

You must have Manager access to create roles in the database ACL. You must create a role before you assign it to a name or group in the ACL. Once you have created roles in an ACL , they are listed in the 'Roles' list box on the Basics panel of the ACL dialog box. Role names appear in brackets -- for example, [Sales]. When you add an entry to a database ACL, you can assign them to a role by selecting a role from the Roles list box.

Caution If you create a role that restricts access to part of an application and you do not assign it to yourself, you will be restricted from accessing that part of the application in both the IBM® Lotus® Notes® client and in IBM® Lotus® Domino(TM) Designer. Make sure you assign each role to yourself as you create it to avoid this problem.

This table describes the design elements to which the database designer can restrict access by using roles.

To restrict who can	The designer uses
Edit specific documents	An Authors field
Edit specific portions of a document	Sections
Read specific documents	A Readers field or a Read access list on the Security tab of the Document Properties dialog box
View and read documents in a specific view	View properties
View and read documents in a specific folder	Folder properties
Read documents created with a specific form	Form properties
Create documents with a specific form	Form properties

Caution Using roles to restrict access to database elements is not a foolproof security measure. For example, if a designer restricts access to certain documents in a database, the database manager or Domino administrator must remember that documents inherit their Read access list from the Read access option that is set in the Form Properties box for the form used to create the document. Therefore, anyone with Editor access or above in the database ACL can change a document's Read access list.

To create or edit roles

You must create a role before you can assign it to a name in the ACL.

1. Make sure that you have Manager access in the database ACL.

2. Select the database icon from your bookmarks page.

3. Choose File - Database - Access Control.

4. Click Roles.

5. Do one of the following:

• To create a role, click Add, and type a name for the role.
• To rename a role, click Rename. In the Rename Role box, type a new name for the role.
• To delete a role, click Remove, and type the name of the role that you want to delete.

Notes

• You do not need to include any brackets in the role name when adding or removing a role. However, when you rename a role, you must type the role name exactly as it appears in the ACL, including the brackets and case-sensitive characters.
• To display a role assigned to a person, group, or server, select an entry in the ACL. If a check mark appears next to a role in the Roles box, the selected person, group, or server is assigned to the role.

Setting up a database ACL
Access levels in the ACL
Access level privileges in the ACL
User types in the ACL

Glossary