aclentry (Domino DTD)

Represents an acl entry in a Domino database. An aclentry can consist of a person, server, or server group that is assigned an access level to perform specific tasks in a database. The attributes of this element define the access and editing privileges a user has for a database.

Containment Hierarchy

Contained by: <acl>

Contains: <role>

Syntax

<!ELEMENT aclentry ( role* )>

Content

role*

May contain any number of <role> elements.

Attributes

<!ATTLIST aclentry

name

%string;

#REQUIRED

level

(%acl.levels;)

#REQUIRED

default

%boolean;

"false"

type

(%aclentry.types;)

"unspecified"

createdocs

%boolean;

#IMPLIED

deletedocs

%boolean;

#IMPLIED

createpersonalagents

%boolean;

#IMPLIED

createpersonalviews

%boolean;

#IMPLIED

createsharedviews

%boolean;

#IMPLIED

createlsjavaagents

%boolean;

#IMPLIED

readpublicdocs

%boolean;

#IMPLIED

writepublicdocs

%boolean;

#IMPLIED

>

createdocs

If true, can create documents.*

createlsjavaagents

If true, can create LotusScript or Java agents.*

createpersonalagents

If true, can create private agents.*

createpersonalviews

If true, can create personal folders or views.*

createsharedviews

If true, can create shared folders or views.*

default

If true, this entry is the default entry for the acl. Default is false.

deletedocs

If true, can delete documents.*

level

The access level of the aclentry. Specified in the %acl.levels entity. The level implies a specific combination of the attributes mentioned here. For details, see the Usage section.

name

Name of the user/aclentry. This could include an empty string.

readpublicdocs

If true, can read public documents.*

type

The type of aclentry. Specified in the %aclentry.types entity. Default is Unspecified.

writepublicdocs

If true, can write public documents.*

*The access level of the entry determines the default value for these attributes.

Usage

For each level of an aclentry, only a certain combination of tasks can be performed by a user. These tasks are represented by permitted attributes being set to true. For example, if the level specified is noaccess, only the readpublicdocs and writepublicdocs attributes default to true; the rest default to false. If the level specified is manager, the default value for all the attributes is true and cannot be set to false, except deletedocs, which can be set to false at the manager level. You override attribute values by selecting or deselecting editable access privileges in the ACL dialog box. To view all the combinations for each level, refer to the Access Control List Properties box in the Notes client.

For more information, see Access level privileges in the ACL.

The DXL output for a database often contains more than one aclentry tag. This happens because there is often more than one level of ACL access assigned to the users of a database.

Defined entity for <aclentry> element

The %aclentry.types; entity lists the types of users allowed in an ACL entry in a Domino database.

For more information, see User types in the ACL.

Syntax:

<!ENTITY % aclentry.types "unspecified | person | server | mixedgroup | persongroup | servergroup ">

Example