Collecting information for a new administration ECL
Before you can create an Admin ECL to distribute, identify the individual people and/or organizations that you can trust to create and sign active content.
Before you begin
Identify a few users who use a broad range of typical IBM® Notes® applications, then ask them to complete these steps.
Procedure
Results
The resulting ECLs for these users should contain more signers than the ECL originally contained, unless your organization has managed the signing process up front and only uses objects signed by a small number of known trustworthy signers.
After the designated time period is complete, the administrator should combine the signatures in the users' ECLs to create an updated administration ECL.
The workstation ECL log
About this task
The Notes client logs ECL-related operations in the Client log (LOG.NSF) in Miscellaneous Events. This includes:
- Results of Execution Security Alert (ESA) dialogs, as well as additional ESA details. These details include information about the code that caused the ESA, such as the design type, design title, NotesID, database title, and path.
- Any ECL modifications. This includes information on which ECL
was modified; the ECL entries that were changed, added or deleted;
and the rights that were granted or revoked. It also includes all
ECL modifications resulting from such operations as dynamic ECL update,
programmatic ECL refresh (
@ECLRefresh
function), setup ECL refresh/creation and manual ECL changes made in the ECL Editor or through the User Security Panel.
It is possible to write an agent to run on Notes clients and parse the ECL logging data to provide administrators with specific information on how users are managing their workstation ECLs, as well as current information about applications or other code that should be added to Admin ECLs.