Managing user access to databases
Users should have the same access rights in all replicas of a database in the cluster. Otherwise, if users fail over to a replica for which they have fewer access rights, they may be denied access, or they may not see the same documents or be able to perform the same functions as in the original database they were using.
Setting up database ACLs in a cluster
About this task
One way to be sure that the access control lists are synchronized across all replicas is to use the following procedure for each database:
Procedure
- In the Server pane of the Domino® Administrator or the Web Administrator, expand All Servers or expand Clusters.
- Select a server that contains a replica of the database you want and has Manager access in the ACLs of the other replicas in the cluster.
- Click the Files tab.
- Do one of the following:
- In the Task pane of the Domino® Administrator or the Web Administrator, select the folder or view that contains the database you want.
- In the Task pane of the Domino® Administrator only, expand Cluster Directory, and then select the view you want.
- In the Results pane, select the database you want.
- In the Tools pane, expand Database, and then click Manage ACL.
- Click the Advanced icon.
- Choose Enforce a consistent Access Control List across all replicas of this database, and then click OK.
Results
This setting ensures that ACLs are consistent across replicas and also enforces the ACL when replicas are accessed locally on either a server or a client.
Another way to keep ACLs consistent across replicas is to give all servers in a cluster Manager access to all databases in the cluster. This ensures that every server can update the ACL of every database.
To give the cluster servers Manager access to all databases, you can create a Group document in the Domino® Directory that includes all the servers in the cluster. Then add this group to the ACL of each database, select the user type Server group, and give the group Manager access.
It is important that cluster servers have adequate access so they can replicate all data from one replica to another. If there are any restrictions in one replica that are not in another replica, some information will not be available to users when failover occurs. Therefore, be sure that servers not only have Manager access, but that they can all replicate the same data without restrictions.
Private folders replicate differently in a cluster than outside a cluster. When outside a cluster, private folders and their contents do not replicate during server-to-server replication but do replicate during client-to-server replication. In a cluster, however, private folders replicate from server to server so that users are able to access their private folders if they fail over to a different replica. To ensure that private folders replicate between servers in a cluster, be sure to set the user type of the servers in the ACL to Server or Server group.
Controlling other settings that restrict database access
About this task
There are methods of restricting database access in addition to the ACL. It is important that these settings are consistent across databases so that complete replication occurs and failover works transparently to the user. These methods include the following:
- Server restrictions, such as Allow and Deny lists in the Domino® Directory
- Access lists in database and directory links
- Readers lists, such as those in documents, views, and folders
For example, if the servers in the cluster contain database or directory links that include access lists, be sure that the cluster servers are in the access lists. Otherwise, they will not have access to those databases or directories and will not be able to replicate with those databases, even if they have Manager access in the ACLs.
If a document in a database includes a Readers field, the cluster servers must be listed in the Readers field or the servers will not have access to that document and will not be able to replicate the document. The same is true if a folder or view includes a Readers field. Because Readers fields are often maintained by a database designer rather than a network administrator, network administrators need to communicate with database designers about this issue.