Jump to main content
HCL Logo Product Documentation
Customer Support Software Academy Community Forums
HCL Notes 11.0.1 Help
  • HCL Notes® 11.0.1 documentation
  • Translated documentation
  • What's new in HCL Notes® 11?
  • About HCL Notes
  • Elements of Notes®
  • Using the Discover page
  • Using the Notes workspace
  • Using bookmarks
  • Notes views and folders
  • Printing
  • Getting Started - Advanced
  • Tasks
  • Mail
  • Calendar
  • To Do
  • Contacts
  • Notes applications
  • Blogs (web logs)
  • Locations and accounts
  • Automating tasks using simple agents
  • Sharing information with other applications
  • Notes roaming user
  • Replication
  • Search
  • Securing your data
  • Widgets and Live Text
  • Error messages
  • Notices
  1. Home
  2. Securing your data

    HCL Notes® security enables you to protect your workspace and data at all times, so only you and the people you designate have access to your data.

  3. The Access Control List

    Every database includes an access control list (ACL), which HCL Notes® uses to determine the level of access users and servers have to a database. Levels assigned to users determine the tasks that users can perform on a database. Levels assigned to servers determine what information within the database the servers can replicate.

  4. Adding or renaming ACL or ECL entries
 Go to Feedback
  • Securing your data

    HCL Notes® security enables you to protect your workspace and data at all times, so only you and the people you designate have access to your data.

    • Your Notes User ID and how to store it
    • Changing passwords

      Passwords prevent others from using your User ID. When your administrator creates your User ID, he or she decides whether it needs a password, and what type of password is required. Once you access HCL Notes® for the first time, you should change your password to something that you can remember but is hard for others to guess.

    • Using Notes shared login to eliminate Notes password prompts

      Notes® shared login (hereafter shared login) allows you to start HCL Notes and use your User ID without having to provide a Notes password. You only need to log in to Microsoft® Windows® using your Windows password. Your administrator controls whether you can use shared login.

    • Locking the Notes ID

      Locking your HCL Notes® ID prevents others from using Notes when you are away from your computer. Locking your ID clears your Notes credentials and drops all connections to Notes servers. You must log in again in order to take any new action using Notes.

    • Enabling Smartcards for Notes® login

      Smartcards resemble credit cards, but instead of containing a magnetic strip they contain a microprocessor and memory. You can use a Smartcard with your User ID to login to HCL Notes®, provided you have a Smartcard reader installed on your computer. Once your User ID is enabled for Smartcard login, you are prompted for your Smartcard Personal Identification Number (PIN) in place of your Notes password.

    • Requesting a new user name

      If you want to request a new User Name - for example, if you got married and you want to change your name - you must contact your administrator.

    • Your Notes® and Internet names

      You can view all the names that identify you in Notes®.

    • Sending mail to your administrator
    • Accessing servers using certificates

      A certificate is an electronic stamp, like a stamp on a passport, which verifies to a server that you are who you say you are. Certificates are stored in your User ID. When you first receive your User ID from your administrator, it contains a Notes® certificate. You may decide to use Internet certificates as well. (You may see Internet certificates being referred to as X.509 certificates.)

    • The Access Control List

      Every database includes an access control list (ACL), which HCL Notes® uses to determine the level of access users and servers have to a database. Levels assigned to users determine the tasks that users can perform on a database. Levels assigned to servers determine what information within the database the servers can replicate.

      • Access levels for a database

        To change an access level for a user, you must have Manager access to the database.

      • Additional privileges in the access control list

        A person with Manager access to a database can select an access level for each person, group, and server and can then enhance or restrict this level as needed by selecting or deselecting the additional privileges within the access level.

      • To add a user to the access control list and set the access level

        To add a user from the access control list, you must have Manager access to the database.

      • To rename a user in the access control list

        You can rename a user in your access control list when you want to substitute one user name for another.

      • To remove a user from the access control list

        To remove a user from the access control list, you must have Manager access to the database.

      • Adding or renaming ACL or ECL entries
      • Creating and managing roles

        Roles provide a way to define a group within a database. You can assign users and groups to roles to reflect access to particular views, forms, documents, or sections.

      • To view the history of changes made to an access control list

        If you have Manager access to a database, you can view a chronological list of changes made to the access control list (ACL) on any replica.

      • Advanced settings in the access control list

        You can define an Administration Process server for a database, choose to enforce a consistent access control list (ACL) across all replicas of the database, look up user types for unspecified users in the ACL, and set a maximum name and password for Internet users.

      • To define an administration server for a database

        If you define an administration server for your database, the server, through its Administration Process, updates names in the ACL (and Readers and Authors fields) as those names are updated in the HCL Domino® Directory of the server.

      • Enforcing a consistent access control list

        You can ensure that an ACL remains identical on all database replicas on servers, as well as on all local replicas that users make on workstations or laptops.

      • Maximum Internet name and password in the ACL

        Users who access an HCL Notes® database using a Web browser are not identified by a HCL Domino® server in the same way Notes client users are identified. Use the "Maximum Internet name & password" setting to control the maximum type of access that Internet or intranet browser users have to a database.

      • To display a name's effective access in the access control list

        The "effective access" a person, server, or a group has to documents in a database is not always apparent. For example, if there are two groups with different levels of access to documents, and someone is a member of both groups, you may wonder what access the person actually has.

      • To look up the user type for an unspecified user

        If you have a name in your ACL that is not assigned to a specific user type, it is listed as Unspecified. If you are not sure whether the name is a user, a server, or a group, you can have HCL Notes® look up the name for you.

      • Groups and Roles

        The "Groups and Roles" dialog box can be found by clicking the Security button on the right side of the status bar, just left of the Location button.

    • Restricting access to local databases

      When you enable encryption for a local database, HCL Notes® encrypts the database using your public key from your User ID. You are the only one who can then decrypt the database because you have the corresponding private key in your User ID. Nobody else's User ID can open the database.

    • Notes data

      You can restrict access to applications you have stored locally or encrypt a document in an application.

    • Preventing others from reading or viewing specific documents

      You can protect your documents, so that only you and the people you designate can read them, even if others have access to the database your documents are in.

    • Encrypting documents using secret keys

      Using a secret encryption key that is stored in your User ID, you can encrypt a document that you are posting in a public database, provided the document contains fields that are encryptable.

    • How Notes® uses public and private keys for encrypting and signing mail

      HCL Notes® uses a public and private key set to encrypt and decrypt data, as well as to validate digital signatures. The public and private key in a set are mathematically related to each other and are unique to your User ID. Your public key is stored in your Notes certificate. Your certificate is stored in your User ID and the HCL Domino® Directory. Your private key is stored only in your User ID.

    • Restricting execution access with the Execution Control List

      You can protect your workstation by specifying different types of execution access for different people or organizational certifiers who run HCL Notes® scripts and formulas. For example, you may give all types of execution access to your HCL Domino® administrator, but allow no execution access to unsigned scripts or formulas.

    • Securing your POP3, IMAP, or LDAP accounts

      HCL Notes® supports Secure Sockets Layer (SSL), which makes communication secure for your POP3, IMAP, or LDAP accounts. SSL encrypts the data that is sent between your Notes client and the server you specify for your account. Notes supports SSL versions 2.0 and 3.0. By default, Notes negotiates the best SSL version to use with a particular server.

    • Signed plug-ins

      Your administrator may have selected plug-ins to be installed automatically with your client software. These plug-ins are signed with a certificate that is trusted by your client, and verified that the data they contain is not corrupted. Plug-ins signed in this way can then be installed without having to prompt you to accept them.

Adding or renaming ACL or ECL entries

About this task

Click any of these topics for information:

  • To add a user to the access control list and set the access level
  • To rename a user in the access control list
  • Restricting execution access with the Execution Control List

Results

Related information
  • The Access Control List
  • Restricting execution access with the Execution Control List
  • Share: Email
  • Twitter
  • Disclaimer
  • Privacy
  • Terms of use
  • Cookie Preferences