Configuring a database ACL

Plan the database access for the application before adding users, groups, or servers to a database ACL. After you add a name to the ACL, assign an access level to the name. Although assigning a user type is optional, it provides an additional level of security. Add access level privileges and roles if the application requires them.

Before you begin

Make sure that you have Manager access in the database ACL in order to edit, delete, and rename entries, and that you have created the roles and groups that you want to use in the ACL.

About this task

After you configure a database ACL, users can click the Effective Access button on the ACL dialog in the IBM® Notes® client to view their level of access to a database.

You can make changes to multiple ACLs on a server through the Multi-ACL Management dialog box in the Administration Client. For information about using the Access Control List dialog box in the Notes® client to edit an ACL for a single database, see the Notes® help.

Procedure

  1. From the IBM® Domino® Administrator Server pane, select the server that stores the databases.
  2. Click Files, and select one or more databases from the Domino® data directory.
    Note: You can add the same entry to more than one database. You can also edit and remove entries from multiple databases. See the related topics.
  3. From the Tools pane, select Database > Manage ACL.
    Tip: See the related topics for details on each task in the following steps.
  4. Do any of the following:
    • Click Add and enter a person, server, or group name, or click the person button to browse and add a name from a Domino® Directory.
    • Select an entry and click Rename. Enter the old and new person, server, or group names, or click the person buttons to browse and use a name from a Domino® Directory.
    • Select an entry and click Remove.
  5. Set the access level for each entry.
  6. Optional: For additional security, select a user type for each entry.
  7. Optional: Refine the entries by restricting or allowing additional access level privileges.
  8. Optional: Click the Roles icon to assign roles to ACL entries.
  9. Optional: Enforce a consistent ACL across all replicas of the database.
  10. Optional: Assign an administration server to enable the Administration Process to automatically update ACL entries.
  11. Optional: To prevent users whose access levels are Depositor or No Access from using the operating system to copy the database, encrypt the database with the server ID through the local Encryption option. This ensures that the database, even when copied, is illegible to anyone who doesn't have access to the server ID.
  12. Click OK to save your changes.