To display a name's effective access in the access control list
The "effective access" a person, server, or a group has to documents in a database is not always apparent. For example, if there are two groups with different levels of access to documents, and someone is a member of both groups, you may wonder what access the person actually has.
About this task
With one click, you can determine a person's effective access to the documents.
Note: The Effective Access
list on a local replica of a database may differ from the Effective
Access list on a server replica. You my not have the same access to
the HCL Domino® Directory to read groups when working
in local replicas.
Procedure
- Open the database that you want to check.
- Click File > Application > Access Control.
- Click Basics and then click the "Effective Access" button.
-
Select the person, server, or group whose effective access
you want to determine and then press Enter or click the "Calculate
Access" button.
- Access in the top left of the dialog box shows the selected name's effective database access as determined by the database ACL.
- The checked boxes on the left side of the dialog box indicate the access rights for the selected name.
- The "Groups" and "Roles" boxes on the right of the dialog box show all the individual and group name entries and roles that could potentially control the selected name's access to the documents in the database.
- "Full Access Administrator" is checked if the person, server, or group has full administrator rights to the database. For example, if a person has this privilege, that person can delete the database even if he or she does not have Manager access to the database.
Results
Note: A user may still have access to a database
by running an agent with the "Unrestricted with Full Access" privilege,
even if his or her name is not listed in the database's ACL. This
privilege exists, but is not reflected in Effective Access because
this privilege bypasses the ACL and reader lists. For example, an
administrator may want to run this type of agent on a database he
or she does not have access to in order to update a full-text index
on that database.