Properties and methods with ECL security
The following tables list the properties and methods affected by an Execution Control List (ECL). These properties cannot be accessed or set, and these methods do not execute on the workstation, unless the marked ECL privileges are granted to the signer of the formula.
The ECL flags listed in the following tables below are:
- Access to current file system (file)
- Access to current database (cur)
- Access to environment variables (env)
- Access to external programs (prog)
- Ability to send mail (mail)
- Ability to read other databases (read)
- Ability to modify other databases (mod)
NotesACL |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
CreateACLEntry |
x |
x |
|||||
DeleteRole |
x |
x |
|||||
GetEntry |
x |
x |
|||||
GetFirstEntry |
x |
x |
|||||
GetNextEntry |
x |
||||||
RenameRole |
x |
x |
|||||
Save |
x |
x |
x |
NotesACLEntry |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
DisableRole |
x |
x |
|||||
EnableRole |
x |
x |
|||||
IsRoleEnabled |
x |
x |
|||||
New |
x |
x |
|||||
Remove |
x |
x |
NotesAgent |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
New |
x |
||||||
Remove |
x |
x |
|||||
Run |
x |
x |
|||||
RunOnServer |
x |
NotesDatabase |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
Categories (set) |
x |
x |
|||||
Close |
x |
||||||
Create |
x |
||||||
CreateCopy |
x |
||||||
CreateDocument |
x |
||||||
CreateFromTemplate |
x |
||||||
CreateReplica |
x |
||||||
DelayUpdates (set) |
x |
x |
|||||
FTSearch |
x |
||||||
GetAgent |
x |
||||||
GetDocumentByID |
x |
||||||
GetDocumentByUNID |
x |
||||||
GetDocumentByURL |
x |
||||||
GetForm |
x |
||||||
GetProfileDocument |
x |
||||||
GetURLHeader |
x |
||||||
GetView |
x |
||||||
GrantAccess |
x |
||||||
OpenByReplicaID |
x |
||||||
OpenURLDb |
x |
||||||
OpenWithFailover |
x |
||||||
QueryAccess |
x |
||||||
Remove |
x |
x |
|||||
Replicate |
x |
||||||
RevokeAccess |
x |
||||||
Search |
x |
||||||
SizeQuota (set) |
x |
x |
|||||
Title (set) |
x |
x |
|||||
UnprocessedFTSearch |
x |
||||||
UpdateFTIndex |
x |
NotesDocument |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
AppendItemValue |
x |
x |
|||||
ComputeWithForm |
x |
x |
|||||
ConvertToMIME |
x |
||||||
CopyAllItems |
x |
x |
|||||
CopyItem |
x |
x |
|||||
CopyToDatabase |
x |
x |
|||||
CreateReplyMessage |
x |
x |
x |
||||
CreateRTItem |
x |
x |
|||||
Encrypt |
x |
x |
|||||
EncryptionKeys (set) |
x |
x |
|||||
MakeResponse |
x |
x |
|||||
New (if new note is created) |
x |
x |
|||||
PutInFolder |
x |
x |
|||||
Remove |
x |
x |
|||||
RemoveFromFolder |
x |
x |
|||||
RemoveItem |
x |
x |
|||||
RenderToRTItem |
x |
x |
|||||
ReplaceItemValue |
x |
x |
|||||
Save |
x |
x |
|||||
Send |
x |
x |
x |
||||
Sign |
x |
x |
|||||
UniversalID (set) |
x |
x |
NotesDocumentCollection |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
FTSearch |
x* |
||||||
GetFirstDocument |
x* |
||||||
GetLastDocument |
x* |
||||||
GetNextDocument |
x* |
||||||
GetNthDocument |
x* |
||||||
GetPrevDocument |
x* |
||||||
PutAllInFolder |
x |
x |
|||||
RemoveAll |
x |
x |
|||||
RemoveAllFromFolder |
x |
x |
|||||
StampAll |
x |
x |
|||||
UpdateAll |
x |
* For the previously specified methods in the NotesDocumentCollection class, once you give access to read a database, it implies access to elements within the database. It does not explicitly check for ECL privileges.
NotesEmbeddedObject |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
ExtractFile |
x |
||||||
New |
x |
||||||
Remove |
x |
NotesForm |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
FormUsers (set) |
x |
||||||
ProtectReaders (set) |
x |
||||||
ProtectUsers (set) |
x |
||||||
Readers (set) |
x |
||||||
Remove |
x |
NotesItem |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
Abstract |
x* |
||||||
AppendToTextList |
x |
x |
|||||
Contains |
x* |
||||||
CopyToDocument |
x |
x |
|||||
DateTimeValue (set) |
x |
x |
|||||
IsAuthors (set) |
x |
x |
|||||
IsEncrypted (set) |
x |
x |
|||||
IsNames (set) |
x |
x |
|||||
IsProtected (set) |
x |
x |
|||||
IsReaders (set) |
x |
x |
|||||
IsSigned (set) |
x |
x |
|||||
IsSummary (set) |
x |
x |
|||||
New |
x |
x |
|||||
Remove |
x |
x |
|||||
SaveToDisk (set) |
x |
x |
|||||
Values (set) |
x |
x |
* For the Abstract and Contains methods in the NotesItem class, once you give access to read a database, it implies access to elements within the database. It does not explicitly check for ECL privileges.
NotesLog |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
Close |
x |
||||||
LogAction (to database) |
x |
||||||
LogAction (to file) |
x |
||||||
LogAction (to mail message) |
x |
x |
|||||
LogAction (to agent) |
x |
||||||
LogError (to database) |
x |
||||||
LogError (to file) |
x |
||||||
LogError (to mail message) |
x |
x |
|||||
LogError (to agent) |
x |
||||||
OpenFileLog |
x |
NotesNewsletter |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
FmtMsgWithDoclinks |
x |
||||||
FormatDocument |
x |
NotesRichTextItem |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
AddNewLine |
x |
x |
|||||
AddTab |
x |
x |
|||||
AppendDocLink |
x |
x |
|||||
AppendRTItem |
x |
x |
|||||
AppendText |
x |
x |
|||||
EmbedObject (file) |
x |
x |
x |
||||
EmbedObject (OLE) |
x |
x |
x |
x |
|||
GetEmbeddedObject(OLE) |
x |
||||||
New |
x |
x |
NotesSession |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
FreeTimeSearch |
x |
||||||
GetDatabase |
x |
||||||
GetEnvironmentString |
x |
||||||
GetEnvironmentValue |
x |
||||||
SetEnvironmentVar |
x |
||||||
UpdateProcessedDoc |
x |
NotesUIDocument |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
Categorize |
x |
||||||
Clear |
x |
||||||
CreateObject |
x |
||||||
Cut |
x |
||||||
DeleteDocument |
x |
||||||
FieldAppendText |
x |
||||||
FieldClear |
x |
||||||
FieldSetText |
x |
||||||
GetObject |
x |
||||||
Paste |
x |
||||||
Save |
x |
||||||
SaveNewVersion |
x |
||||||
Send |
x |
NotesUIWorkspace |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
OpenDatabase |
x |
NotesView |
file |
cur |
env |
prog |
|
read |
mod |
---|---|---|---|---|---|---|---|
Aliases |
x* |
||||||
AutoUpdate |
x |
x* |
x |
||||
Columns |
x* |
||||||
Created |
x* |
||||||
FTSearch |
x* |
||||||
GetAllDocumentsByKey |
x* |
||||||
GetChild |
x* |
||||||
GetDocumentByKey |
x* |
||||||
GetFirstDocument |
x* |
||||||
GetLastDocument |
x* |
||||||
GetNextDocument |
x* |
||||||
GetNextSibling |
x* |
||||||
GetNthDocument |
x* |
||||||
GetParentDocument |
x* |
||||||
GetPrevDocument |
x* |
||||||
GetPrevSibling |
x* |
||||||
IsCalendar |
x* |
||||||
IsDefaultView |
x* |
||||||
IsFolder |
x* |
||||||
LastModified |
x* |
||||||
Name |
x* |
||||||
Parent |
x* |
||||||
ProtectReaders |
x |
x* |
x |
||||
Readers |
x* |
x |
|||||
Refresh |
x* |
||||||
Remove |
x |
x* |
x |
||||
UniversalID |
x* |
* For all the properties and methods in the NotesView class, once you give access to read a database, it implies access to elements within the database. It does not explicitly check for ECL privileges.