The execution control list
You use an execution control list (ECL) to configure workstation data security. An ECL protects user workstations against active content from unknown or suspect sources, and can be configured to limit the action of any active content that does run on workstations.
About this task
The ECL determines whether the signer of the code is allowed to run the code on a given workstation, and defines the access that the code has to various workstation functions. For example, an ECL can prevent another person's code from running on a computer and damaging or erasing data.
"Active content" includes anything that can be run on a user workstation, including formulas; scripts; agents; design elements in databases and templates; documents with stored forms, actions, buttons, hot spots; as well as malicious code (such as viruses and so-called "Trojan horses").
There are two kinds of ECLs: the Administration ECL, which resides in the Domino® Directory (NAMES.NSF), and the workstation ECL, which is stored in the user's Contacts (NAMES.NSF). The Administration ECL is the template for all workstation ECLs. The workstation ECL is created when the Notes® client is first installed. The Setup program copies the administration ECL from the Domino Directory to the Notes client to create the workstation ECL.
The workstation ECL
About this task
A workstation ECL lists the signatures of trusted authors of active content. "Trust" implies that the signature comes from a known and safe source. For example, every system and application template shipped with Domino or Notes contains the signature Notes Template Development. Likewise, every template and database that your organization designs should contain the signature of either the application developer or the administrator.
For each signature, the ECL contains settings that control the actions that active content signed with that signature can perform and the workstation system resources it can access.
Procedure
How the workstation ECL works
About this task
When active content runs on a user workstation and attempts a potentially harmful action -- for example, programmatically sending mail -- the following occurs:
Procedure
Determining effective access
About this task
Users can also determine the "effective access" that a person or a group has to the workstation ECL by clicking the Effective Access button on an ECL. Effective access is not always apparent, especially if users enable ECL access for a Notes session. For example, a user may grant temporary access to a group that designed a database application in which the user is working. This access is valid for the duration of a session, but a session might last all day.