You are on page 1of 24

Lotus Notes ACL Security in an application

ACL Security

IBM Lotus Domino offers a multi-layered approach to security. Server administrators can secure databases, servers, and domains. Database designers and managers control the following: Application Security Use the database access control list (ACL) to restrict access that specific users and servers have to an application. You can also use the Advanced section of the ACL to further restrict application access for Web users. Design element security Use the database access control list in conjunction with access control fields to restrict access that specific users and servers have to an application. You can also use access lists and special fields to restrict access to specific design elements within an application. Encryption and database signing You can further ensure data privacy by encrypting a database with an ID so unauthorized users cannot access a locally stored copy of the database. You can also sign or encrypt mail messages users send and receive, and you can sign the database or template to protect design elements from manipulation from outside formulas. The database access control list Every database has an access control list (ACL) that specifies the level of access that users and servers have to a database. Although the names of access levels are the same for users and servers, those assigned to users determine the tasks that users can perform in a database, while those assigned to servers determine what information within the database the servers can replicate. You must have Manager access to create or modify an ACL. Then, for each user name, server name, or group name in an ACL, you can specify: An access level Access level privileges A user type Roles

Note You can further restrict access to specific documents and fields within those databases using the Extended ACL, which is used in the IBM Lotus Domino Directory, the Extended Directory Catalog, and the Administration Requests database. Work with your server administrator to apply these security measures. For more information on server access levels and replication, see Administering the Domino System. Setting up a database ACL Plan the database access for the application before you add users, groups, or servers to a database ACL. After you set up a database ACL, users can click the Effective Access button on the ACL dialog box in the Notes client to view their level of access to a database. Note You can make changes to multiple ACLs on a server through the Multi-ACL Management dialog box in the Administrator Client. You can also edit an ACL for a single database using the File - Database - ACL dialog box in the Notes client. To set up a database ACL 1. Make sure that you have: o o Manager access in the database ACL Created the roles and groups that you want to use in the ACL

2. Select the database icon from your Bookmark pane. 3. Choose File - Database - Access Control. 4. Add entries for IBM Lotus Notes users, servers, groups, and authenticated Internet users.

Krishna

Lotus Notes
5. Set the access level for each entry.

ACL Security

For information on assigning anonymous access for Web users, see Administering the Domino System. 1. (Optional) For additional security, select a user type for the each entry. 2. (Optional) Refine the entries by restricting or allowing additional access level privileges. 3. (Optional) Assign roles to ACL entries. The role displays a check mark when selected. If no role exists in the database, the role option is not displayed. 4. (Optional) Enforce a consistent ACL across all replicas of the database. 5. (Optional) Click Advanced and accept or change the Web access level in the "Maximum Internet name & password access" list. 6. Click OK to save your changes. Access levels in the ACL Access levels assigned to users in a database ACL control which tasks users can perform in the database. Access level privileges enhance or restrict the access level assigned to each name in the ACL. For each user, group, or server listed in the ACL, you select the basic access level and user type. To further refine the access, you select a series of access privileges. Note If you are designing a template (an .NTF file) for others to use to create applications, make sure the default access is at least Reader so that users and/or servers can successfully read from the template when creating or refreshing .NSF files based on that template. Access levels assigned to servers in a database ACL control what information within a database the servers can replicate. To access a database on a particular server, a IBM Lotus Notes user must have both the appropriate database access specified in the ACL as well as the appropriate access specified in the Server document in the IBM Lotus Domino Directory. For more information on server access levels, see Administering the Domino System. For more information on database access for Internet users, see Maximum Internet name-and-password access. Caution Administrators who are listed in the Full Access Administrators, Administrators, and Database Administrators fields in the Server document are allowed to delete any database on the server, even if they are not listed as managers in the database ACL. This table shows the user access levels, listed from highest to lowest. Access level Manager Allows users to Modify the database ACL. Encrypt the database. Modify replication settings. Delete the database. Perform all tasks allowed by lower access levels. Designer Modify all database design elements. Create a full-text search index. Perform all tasks allowed by lower access levels. Editor Create documents. Edit all documents, including those created by others. Read all documents unless there is a Any user allowed to create and edit documents in a database. A database designer and/or the person responsible for design updates. Assign to Two people who are responsible for the database.

Krishna

Lotus Notes
Readers field in the form. If there is a Readers field, the Editor must be listed to be able to read or edit the document. Author Create documents if the user or server also has the Create documents access level privilege. When you assign Author access to a user or server, you must also specify the Create documents access level privilege. Edit the documents where there is an Authors field in the document and the user is specified in the Authors field. Read all documents unless there is a Readers field in the form. If there is a Readers field, the Author must be listed to be able to read documents. Reader Read documents where there is a Readers field in the form and the user name is specified in the field. Create documents. Users who only need to read documents in a database but not create or edit documents.

ACL Security

Users who contribute documents to a database.

Depositor

Users who contribute documents but who do not need to read or edit their own or other users' documents. For example, use Depositor access for a ballot box application. Terminated users, users who do not need access to the database, or users who have access on a special basis. Note You may want to specifically assign No Access to individuals who should not have access to a database, but who may be members of a group that does.

No Access

Have no access, with the exception of options to "Read public documents" and "Write public documents." These are privileges that designers may choose to grant.

To view ACL entries by access level You can view ACL entries by access level to see which users, server, or groups are assigned to a specific access level. 1. Make sure that you have Manager access in the database ACL. 2. Select the database icon from your Bookmarks pane. 3. Choose File - Database - Access Control. 4. Click the arrow next to "People, Servers, Groups" and select an access level. The ACL displays only those names with the selected access level. 5. Click OK. Access level privileges in the ACL You can expand or restrict the access level for each user, group, and server by adding optional privileges or removing default privileges within an access level. This table lists the user access level privileges from highest to lowest. Access level Default privileges Optional privileges

Krishna

Lotus Notes

ACL Security

Manager

Create documents Create private agents Create personal folders/views Create shared folders/views Create LotusScript/Java agents Read public documents Write public documents

Delete documents Replicate or copy documents

Designer

Create documents Create private agents Create personal folders/views Create shared folders/views Read public documents Write public documents

Delete documents Create LotusScript/Java agents Replicate or copy documents

Editor

Create documents Read public documents Write public document

Delete documents Create private agents Create personal folders/views Create shared folders/views Create LotusScript/Java agents Replicate or copy documents

Author

Read public documents

Create documents Delete documents Create private agents Create personal folders/views Create LotusScript/Java agents Write public documents Replicate or copy documents

Reader

Read public documents

Create private agents Create personal folders/views Create LotusScript/Java agents Write public documents Replicate or copy documents

Depositor

Create documents

Read public documents Write public documents Replicate or copy documents (only if "Read public documents" has been granted)

No Access

None

Read public documents Write public documents

Krishna

Lotus Notes

ACL Security

Replicate or copy documents (only if "Read public documents" has been granted) Create documents Select this privilege for all users with Author access. If you deselect this privilege to prevent Authors from adding any more documents, they can continue to read and edit documents they've already created. Delete documents Authors can delete only documents they create. If this privilege is deselected, a user can't delete documents, no matter what the access level. If a form contains an Authors field, Authors can delete documents only if their name, a group that contains their name, or a role that contains their name appears in the Authors field. Create private agents A user can run private agents that perform tasks allowed by the user's assigned access level in the ACL. Since private agents on server databases take up disk space and processing time on the server, you may want to deselect this privilege if performance is a concern. A server administrator can further restrict a user's right to run agents in the Agent Restrictions section of the Server document in the IBM Lotus Domino Directory. Therefore, even if you grant a user the "Create LotusScript /Java agents" access level in a database ACL, the Server document controls whether or not the user can run an agent on a particular server. Create personal folders/views Personal folders and views created on a server are more secure than those created locally, and they can be made available on multiple servers. Also, administrative agents can operate only on folders and views stored on a server. If server space is a concern, deselect the "Create personal folders/views" option. Users will still be able to create personal folders and views on their local workstation. Create shared folders/views Deselect this privilege to maintain tighter control over database design and to prevent users from creating folders and views that are visible to others. A user assigned this privilege can create folders and views that are visible to others. Note Users who have this privilege can modify or delete any shared folder, view, or navigator in the database, regardless of whether they created it. Use caution when granting this privilege. Create LotusScript/Java agents Since LotusScript and Java agents on server databases can take up significant server processing time, you may want to restrict which users can run them. Whether or not a user can run agents depends on the access set by the Domino administrator in the Agent Restrictions section of the Server document in the Domino Directory. Even if you select "Create LotusScript/Java agents" for a name in the ACL, the Server document still controls whether or not the user can run the agent on the server. Work with your server administrator to set access rights for users to run agents on a server. Read public documents Select this privilege to allow users who have No Access or Depositor access to read documents and to see views and folders with the property "Available to Public Access users." A form must contain a text field named "$PublicAccess" with an assigned field value of one. Documents created from that form are public document. Write public documents Select this privilege to allow users to create/edit specific documents that are controlled by forms having the property "Available to Public Access users." Replicate or copy documents Select this privilege to allow users to: create a new local replica or local copy of a database;

Krishna

Lotus Notes
copy, print, or forward documents in the database, or parts of these documents; and select all text in a document opened in read mode.

ACL Security

Note Deselecting this option is not a true security measure because users can still print using Ctrl+Print Screen or they can open a document and copy data to the clipboard. The IBM Lotus Notes -generated field $KeepPrivate captures whether the current user has replicate or copy privileges for the document. This setting applies only to Notes clients. Roles in the ACL A database designer can assign special access to database design elements and database functions by creating roles. A role defines a set of users and/or servers. Roles are similar to groups that you can set up in the IBM Lotus Domino Directory. However, unlike groups, roles are specific to the database in which they are created. Once you create a role, you can use it in database design elements or functions to restrict access to those elements or functions. For example, you may want to allow only a certain group of users to edit certain documents in a database. You could create a role named "DocEditors". That role would then be added to the Authors fields of those documents, and assigned to those users who are allowed to edit those documents. You must have Manager access to create roles in the database ACL. You must create a role before you assign it to a name or group in the ACL. Once you have created roles in an ACL , they are listed in the 'Roles' list box on the Basics panel of the ACL dialog box. Role names appear in brackets -- for example, [Sales]. When you add an entry to a database ACL, you can assign them to a role by selecting a role from the Roles list box. Caution If you create a role that restricts access to part of an application and you do not assign it to yourself, you will be restricted from accessing that part of the application in both the IBM Lotus Notes client and in IBM Lotus Domino Designer. Make sure you assign each role to yourself as you create it to avoid this problem. This table describes the design elements to which the database designer can restrict access by using roles. To restrict who can Edit specific documents Edit specific portions of a document Read specific documents The designer uses An Authors field Sections A Readers field or a Read access list on the Security tab of the Document Properties dialog box View properties Folder properties Form properties Form properties

View and read documents in a specific view View and read documents in a specific folder Read documents created with a specific form Create documents with a specific form

Caution Using roles to restrict access to database elements is not a foolproof security measure. For example, if a designer restricts access to certain documents in a database, the database manager or Domino administrator must remember that documents inherit their Read access list from the Read access option that is set in the Form Properties box for the form used to create the document. Therefore, anyone with Editor access or above in the database ACL can change a document's Read access list. To create or edit roles You must create a role before you can assign it to a name in the ACL. 1. Make sure that you have Manager access in the database ACL. 2. Select the database icon from your bookmarks page. 3. Choose File - Database - Access Control.

Krishna

Lotus Notes
4. Click Roles. 5. Do one of the following: o o o To create a role, click Add, and type a name for the role.

ACL Security

To rename a role, click Rename. In the Rename Role box, type a new name for the role. To delete a role, click Remove, and type the name of the role that you want to delete.

6. Click OK twice. Notes You do not need to include any brackets in the role name when adding or removing a role. However, when you rename a role, you must type the role name exactly as it appears in the ACL, including the brackets and case-sensitive characters. To display a role assigned to a person, group, or server, select an entry in the ACL. If a check mark appears next to a role in the Roles box, the selected person, group, or server is assigned to the role.

Editing the database ACL You can edit, delete, and rename entries in an ACL, as well as change the access assigned to entries. To edit entries in the ACL 1. Make sure that you have Manager access in the database ACL. 2. Select the database icon from your Bookmark pane. 3. Select File - Database - Access Control. 4. Select a name. 5. Do one of the following and then click OK: o o o Click Remove. Click Rename, then type the new name. Change the assigned user type, access level, access level privilege, and roles, as necessary.

Tip To display entries by access level, click the arrow next to "People, Servers, and Groups," and then select a specific access level. To add entries to the ACL by access level 1. Make sure that you have Manager access in the database ACL. 2. Select the database icon from your Bookmarks pane. 3. Select File - Database - Access Control. 4. Click Add. 5. Do one of the following to add a name to the ACL: o o Select the person icon and continue to Step 6. Type the name of a user, group, or server and continue to Step 8.

6. Click the arrow and select an IBM Lotus Domino Directory or Personal Address Book. Using the name picker in the dialog box, you can select from the directories and address books available to you to find the name you seek. 7. Click Add. 8. (Optional) Select a user type from the list in the User Type box. 9. Select an access level from the list in the Access box. 10. (Optional) Refine the access level by selecting or deselecting additional access level privileges, if available. 11. (Optional) Select a role from the Roles box. The role displays a check mark when selected.

Krishna

Lotus Notes
12. Click OK to save your changes. Default ACL entries A new database, by default, contains these entries in the ACL: -DefaultDatabase creator user name LocalDomainServers OtherDomainServers

ACL Security

All of these entries, except for the database creator's user name, are group names. The -Default- group is the only group that is specific to a database and not related to a group in the IBM Lotus Domino Directory. For more information on creating groups, see Lotus Domino Administrator Help. -DefaultUsers and servers receive the access assigned to the -Default- group if they have not specifically been assigned another access level, either individually or as a member of a group, or from a wildcard entry. You cannot delete the -Default- group from an ACL. The default access for -Default- depends on the design of the database template and varies among the different templates. The access level you assign to the -Default- group depends on how secure you want the database to be. Select No Access if you want a database available to a limited number of users. Select Author or Reader access to make a database available for general use. The User Type field for -Default- should be set to "unspecified." Database creator user name The database creator user name is the hierarchical user name of the person who created the database. The default access for the user who creates the database is Manager. Typically, this person retains Manager access or is granted Designer access to the database. LocalDomainServers The LocalDomainServers group lists the servers in the same domain as the server on which the database is stored. This group is created by default with every Domino Directory. When you create a new database, the default access for the LocalDomainServers group is Manager. The group should have at least Designer access to allow replication of database design changes across the domain. The LocalDomainServers group is typically given higher access than the OtherDomainServers group. OtherDomainServers The OtherDomainServers group lists the servers outside the domain of the server on which the database is stored. This group is created by default with every Domino Directory. When you create a new database, the default access for the OtherDomainServers group is No Access to prevent a database from replicating outside the local domain. Acceptable entries in the ACL Acceptable entries in the ACL include: Wildcard entries User, server, and group names (including user and group names of Internet clients) Alternate names LDAP users Anonymous, which can be used for anonymous Internet user access and anonymous Notes user access Database replica IDs

Each entry can have a maximum of 255 characters. Add names to the ACL in the hierarchical format assigned by the IBM Lotus Domino server administrator. For example:

Krishna

Lotus Notes
Sandra E Smith/West/Acme/US

ACL Security

For more information on creating hierarchical name schemes, see Lotus Domino Administrator Help. Wildcard entries To allow general access to a database, you can enter hierarchical names with a wildcard character (*) in the ACL. You can use wildcards in the common name and organizational unit components. Users and/or servers who do not already have a specific user or group name entry in the ACL, and whose hierarchical names include the components that contain a wildcard, are given the highest level of access specified by every one of the wildcard entries that match. Here is an ACL entry in wildcard format: */Illustration/Production/Acme/US This entry grants the chosen access level to: Mary Tsen/Illustration/Production/Acme/US Michael Bowling/Illustration/Production/Acme/US This entry does not grant the chosen access level to: Sandy Braun/Documentation/Production/Acme/US Alan Nelson/Acme/US You can use a wildcard only at the leftmost portion of the ACL entry. When you use a wildcard ACL entry, set the user type in the ACL as Unspecified, Mixed Group, or Person Group. User names You can add to an ACL the names of any individuals with certified IBM Lotus Notes user IDs or Internet users who authenticate using name-and-password or SSL client authentication. For Notes users, enter the full hierarchical name for each user -- for example, John Smith/Sales/Acme -regardless of whether the user is in the same hierarchical organization as the server that stores the database. For Internet users, enter the name that appears as the first entry in the User name field of the Person document. You can enter multiple alias names in the User name field, but the first entry is used to perform the security authorization check so it is the first entry that should be used on all Domino ACLs -that is, server file and database ACLs.

For more information on database access for anonymous Internet users, see Anonymous access. For more information on setting a maximum level of access for Internet users, see Maximum Internet name-andpassword access. Server names You can add server names to an ACL to control the changes a database receives from a database replica. To ensure tighter security, use the full hierarchical name of the server -- for example, Server1/Sales/Acme -regardless of whether the name of the server being added is in a different hierarchical organization than that of the server that stores the database. Group names You can add a group name -- for example, Training -- to the ACL to represent multiple users or servers that require the same access. Users must be listed in groups with a primary hierarchical name or an alternate name. Groups can also have wildcard entries as members. Before you can use a group name in an ACL, you must create the group in the Domino Directory or in an LDAP directory that has been configured for group expansion in the Directory Assistance database. Tip Use individual names rather than group names for the managers of a database. Then when users choose Create - Other - Memo to Database Manager, they'll know whom they are addressing. Groups provide a convenient way to administer a database ACL. Using a group in the ACL offers the following advantages:

Krishna

Lotus Notes

ACL Security

10

You can add one group name instead of adding a long list of individual names to an ACL,. If a group is listed in more than one ACL, modify the group document in the Domino Directory or the LDAP Directory, rather than add and delete individual names in multiple databases. You can change the access level for several users or servers at the same time. You can use group names to reflect the responsibilities of group members or the organization of a department or company.

Tip You can also use groups to let certain users control access to the database without giving them Manager or Designer access. For example, you can create groups in the Domino Directory for each level of database access needed, add the groups to the ACL, and allow specific users to own the groups. These users can then modify the groups, but they can't modify the database design. Terminations group When employees leave an organization, the Domino administrator should remove their names from all groups in the Domino Directory and add them a terminations group, which is denied access to servers. Work with your server administrator to make sure that the names of terminated employees are removed from the ACLs of all databases in your organization. Make sure that the terminations group is added to the ACLs and that the group is assigned No Access. You can also use the Deny Access group for this purpose. The Deny Access group contains the names of Notes users who no longer have access to Domino servers. When you delete a person from the Domino Directory, you have the option to "Add deleted user to deny access group," if such a group has been created. (If no such group exists, the dialog box displays "No Deny Access group selected or available.") For more information on the Deny Access group, see Lotus Domino Administrator Help. Alternate names An alternate name is an optional alias name that an administrator assigns to a registered Notes user, often to publish a name in two different character sets, such as English and Kanji. You can add alternate names to an ACL. An alternate name provides the same level of security as the user's primary hierarchical name. An example of a user name in alternate name format is Sandy Smith/ANWest/ANSales/ANAcme, where AN is an alternate name. LDAP users You can use a secondary LDAP directory to authenticate Web users. You can then add the names of these Internet users to database ACLs to control user access to databases. You can also create groups in the secondary LDAP directory that include the Internet user names and then add the groups as entries in Notes database ACLs. For example, an Internet user may try to access a database on a Domino Web server. If the Web server authenticates the user, and if the ACL contains a group named "Web," the server can look up the Web user's name in the group "Web" located in the foreign LDAP directory, in addition to searching for the entry in the primary Domino Directory. Note that for this scenario to work, the Directory Assistance database on the Web server must include an LDAP Directory Assistance document for the LDAP directory with the Group Expansion option enabled. You can also use this feature to look up the names of Notes users stored in foreign LDAP directory groups for database ACL checking. When you add the name of an LDAP directory user or group to a database ACL, use the LDAP format for the name, but use a forward slash (/), rather than a comma (,), as a delimiter. For example, if the name of a user in the LDAP directory is: uid=Sandra Smith,o=Acme,c=US enter the following in the database ACL: uid=Sandra Smith/o=Acme/c=US To enter the name of a non-hierarchical LDAP directory group in an ACL, enter only the attribute value, not the attribute name. For example, if the non-hierarchical name of the LDAP group is: cn=managers in the ACL enter only: managers

Krishna

Lotus Notes

ACL Security

11

To enter the name of a hierarchical group name, include LDAP attribute names in ACL entries. For example, if the hierarchical name of the group is: cn=managers,o=acme in the ACL enter: cn=managers/o=acme Note that if the attribute names you specify correspond exactly to those used in Notes -- cn, ou, o, c -- the ACL won't display the attributes. For example, if you enter this name in an ACL: cn=Sandra Smith/ou=West/o=Acme/c=US because the attributes correspond exactly to those used by Notes, the name appears in the ACL as: Sandra Smith/West/Acme/US Anonymous access Anonymous database access is given to Internet users and to Notes users who have not authenticated with the server. You can control the level of database access granted to an anonymous user or server by entering the name Anonymous in the access control list, and assigning an appropriate level of access. Typically you assign Anonymous users Reader access to a database. The table below describes different ways that an anonymous user can access a database: Access specified Anonymous access enabled for Internet protocol Users access the database with the Anonymous entry's access level. For example, if Anonymous access is set to Reader, anonymous users who access the database have Reader access. Anonymous users access the database with the -Defaultentry's access level. For example, if -Default- access is set to Reader, and there is no Anonymous entry in the ACL, anonymous users who access the database have Reader access. Users will be prompted to authenticate when they attempt to access this database. When authenticated they will be granted the appropriate access level assigned in the ACL. Anonymous access not enabled for Internet protocol

Anonymous access enabled in database ACL

Anonymous not listed in database ACL

Users are prompted to authenticate when they attempt to access any resource on the server. If the user is not listed in the database (through a group entry, a wildcard entry, or if the user name is explicitly listed), then the user accesses the database with the -Defaultentry's access level.

Anonymous assigned "No Access" in database ACL Note "Read and write public documents" privileges should be disabled

Anonymous users (both those who are given access to a database through the Anonymous entry and those who have access through the -Default- entry) who try to do something that is not allowed for their access level will be prompted to authenticate. For example, if Anonymous is set to Reader, and an anonymous user tries to create a new document, that user is prompted to authenticate with a name and password.

Krishna

Lotus Notes

ACL Security

12

Tip If you want all users to authenticate with a database, make sure that Anonymous is in the database ACL with an access level of No Access, and add the Internet user's name to the ACL with the level of access you want the user to have. You should also be sure that the Read Public Documents and Write Public Documents privileges are not enabled in the database ACL. The Domino server uses the group name Anonymous solely for access control checks. For example, if Anonymous has Author access in the database ACL, the true name of the user appears in the Authors field of documents the user creates in the database. The Domino server can display only the true name of anonymous Notes users, but not of anonymous Web users, in the Authors field of the document. Authors fields are never a security feature, regardless if anonymous access is used; if the validity of the author's name is needed for security, then the document should be signed. Replica IDs To allow an agent in one database to use @DbColumn or @DbLookup to retrieve data from another database, enter the replica ID of the database containing the agent in the ACL of the database containing the data to be retrieved. The database containing the agent must have at least Reader access to the database containing the data to be retrieved. Both databases must be on the same server. An example of a replica ID in a database ACL is 85255B42:005A8fA4. If you do not add the replica ID to the access control list, the other database can still retrieve data if the -Defaultaccess level of your database is Reader or higher. To determine the replica ID of a database, choose File - Database - Properties, and click the Info (i) tab. Or choose File - Database - Design Synopsis, and select Replication. To add a replica ID to the ACL Type or copy and paste the replica ID from the Design Synopsis dialog box into the ACL or type the replica ID you get from the info (i) tab of the Database properties box. You can type the replica ID in uppercase or lowercase characters, but do not enclose it in quotation marks. Order of evaluation for ACL entries ACL entries are evaluated in a specific order to determine the access level that will be granted to an authenticated Notes user trying to access the database. The ACL first checks the user name to see if it matches any of the ACL entries. The ACL checks all matching user names. For example, Sandra E Smith/West/Acme would match the entries Sandra E Smith/West/Acme/US and Sandra E Smith. In the event that two different entries for an individual have different access levels (for example, applied at different times by different administrators), the user trying to access the database would be granted the highest access level, as well as the union the access privileges of the two entries for that user in the ACL. This can also happen if the user has alternate names. Note If you enter only the common name in the ACL (for example, Sandra E Smith), then that entry matches only if the user's name and the database server are in the same domain hierarchy. For example, if the user is Sandra E Smith, whose hierarchical name is Sandra E Smith/West/Acme, and the database server is Manufacturing/FactoryCo, then the entry Sandra E Smith will not get the correct level of access for ACLs on the server Manufacturing/FactoryCo. The name must be entered in full hierarchical format in order for the user to obtain the correct level of access to ACLs on servers in other domains. If no match is made on the user name, the ACL then checks to see if there is a group name entry that can be matched. If an individual trying to access the database happens to match more than one group entry -- for example, if the person is a member of Sales and the two group entries for Sales are Sales/West/Acme and Sales/Acme -- then the individual is granted the highest access level, as well as the union of the access privileges of the two entries for that group in the ACL. Note If the user matches an explicit entry in the ACL, and is a member of a group that is also listed in the ACL, then the user always gets the level of access assigned to the explicit entry, even if the group access level is higher. If no match is made on the group name, the ACL then checks to see if there is a wildcard entry that can be matched. If the individual trying to access the database happens to match more than one wildcard

Krishna

Lotus Notes

ACL Security

13

entry, the individual is granted the highest access level, as well as the union of the access privileges of all the wildcard entries that match. If a group entry and a wildcard entry both apply to a user attempting to access the database, then the user has the access assigned to the group entry. For example, if the group Sales has Reader access and the wildcard entry */west/Acme has Manager access, and both entries apply to a user, then the user has Reader access to the database. If no match can be made from among the database ACL entries, the individual is granted the level of access defined for the -Default- entry.

User types in the ACL A user type identifies whether a name in the ACL is for a person, server, or group. When you assign a user type to a name, you specify the type of ID required for accessing the database with that name. The user types are Person, Server, Mixed Group, Person Group, Server Group, and Unspecified. The -Default- group in the ACL is always assigned Unspecified as the user type. User types provide additional security for a database. For example, assigning the Person user type to a name other than '"unspecified" prevents an unauthorized user from creating a Group document with the same person name, adding his or her name to the group, and then accessing the database through the group name. Designating a name as a Server or Server Group prevents a user from using the server ID at a workstation to access a database on the server. Be aware, though, that designating a name as a Server or Server Group is not a foolproof security method. It is possible for a user to create an add-in program that acts like a server and uses a server ID to access the server database from a workstation. Instead of manually assigning a user type to each name, you can automatically assign a user type to all unassigned names in the ACL. The user type assigned to each name is determined by the IBM Lotus Domino Directory entry for that name. Using this method, a group is always designated as Mixed Group, and not as a Person Group or a Server Group. To assign a Person Group or Server Group to a name, you must select the name and manually assign that user type. To manually assign a user type to a name 1. Make sure that you have Manager access in the database ACL. 2. Select the database icon from your Bookmarks pane. 3. Choose File - Database - Access Control. 4. Select a name to which you want to assign a user type. 5. Select a user type and click OK. To automatically assign user types to unspecified users 1. Make sure that you have Manager access in the database ACL. 2. Select the database icon from your Bookmarks pane. 3. Choose File - Database - Access Control. 4. Click the Advanced icon. 5. Click "Look Up User Types for 'Unspecified' Users." 6. Click OK. Enforcing a consistent access control list You can ensure that an ACL remains identical on all database replicas on servers, as well as on all local replicas that users make on workstations or laptops. Select the "Enforce a consistent Access Control List" setting on a replica whose server has Manager access to other replicas to keep the access control list the same across all server replicas of a database. If you select a replica whose server does not have Manager access to other replicas, replication fails because the server has inadequate access to replicate the ACL.

Krishna

Lotus Notes

ACL Security

14

If a user replicates a database locally, the database ACL recognizes that user's access as it is known to the server. This happens automatically for local replication, regardless of whether "Enforce a consistent Access Control List" is enabled. Note Local replicas with "Enforce a consistent Access Control List" enabled attempt to honor the information in the ACL and determine who can do what accordingly. However, they have some limitations. One limitation is that group information is generated on the server, not at the local replica. When a database is replicated locally, information about the group membership of the person doing the replication is stored in the database for use in ACL checking. If a person/identity other than the one doing the replication accesses the local replica, there will be no group membership information available for that person, and the ACL can use only the person's identity, not group membership, to check access. Additionally, enforcing a consistent access control list does not provide security for local replicas. To keep data in local replicas secure, encrypt the database on the Database Basics tab of the Database properties box. Note If a user changes a local or remote server database replica's ACL when the "Enforce a consistent Access Control List" option is selected, the database stops replicating. The log (LOG.NSF) records a message indicating that replication could not proceed because the program could not maintain a uniform ACL on replicas. To enforce or disable a consistent access control list Use this method to enforce or disable a consistent ACL for a single database. 1. Make sure that you have Manager access in the database ACL. 2. Select the database icon from your Bookmarks pane. If the database has multiple replicas, select the database icon from a server that has Manager access in the database ACL of the other replicas. 3. Choose File - Database - Access Control. 4. Click Advanced. 5. Do one of the following: o o To enforce a consistent ACL, select "Enforce a consistent Access Control List across all replicas of this database." To disable a consistent ACL, deselect "Enforce a consistent Access Control List across all replicas of this database."

6. Click OK. Displaying the ACL history You can display a chronological history of changes made to a database ACL. Each entry in the list shows when the change occurred, who made the change, and what changed. The history stores only 20 lines of changes, not the complete history. 1. Select the database icon from your Bookmarks pane. 2. Choose File - Database - Access Control. 3. Click Log. 4. Select a line of log history. To see the complete text of the log history, look in the field at the bottom of the dialog box. 5. (Optional) Click Copy to copy the ACL history to the clipboard so that you can paste it in a document. To display a name's effective access The "effective" access a person, server, or a group has to documents in a database is not always apparent. For example, if there are two groups with different levels of access to documents, and someone is a member of both groups, you may wonder what access the person actually has. You can determine a person's effective access to the documents from the ACL. 1. Select a database and choose File - Database - Access Control. 2. Click "Effective Access." 3. From the Effective Access dialog box, select the name of the person, server, or and press Enter or click "Calculate Access."

Krishna

Lotus Notes

ACL Security

15

"Database Access is derived from" in the top left of the dialog box shows the selected name's effective database access as determined by the database ACL. The checked boxes on the lower left of the dialog box indicate the access rights for the selected name. The "Groups" and "Roles" boxes on the right of the dialog box show all the individual and group name entries and roles that could potentially control the selected name's access to the selected document. If the person, server, or group is not in the ACL, the "Groups" box displays the group used to determine the effective access. 4. After you review the effective access for the selected name, click Done. It's possible to assign users or servers more than one level of access to a database. The following table describes the order of precedence for competing access levels. Access level conflict A name is listed in an ACL individually and as a member of a group Resolution The access level assigned to the individual name takes precedence over the access level for the group, even if the individual access level is lower than the group level. The name receives the access of the group with the highest access. The ACL controls database access; design element access lists refine this access to a lower level. For example, if a user has Author access to a database but is not listed in the access list for a form in the database, the user cannot use the form to create a document.

A name is included in two or more groups

A name appears in an ACL and in access lists associated with forms, views, or sections

Application design element security An application developer can restrict access to design elements within an application. Application design security takes effect when users gain access to an application. For information on restricting agents, see Security for agents on servers. Controlling access to a database during design Every database has an access control list (ACL) that defines who has access to the database and describes the activities they can perform. While you are designing the database, strictly limit access so that only you and other designers have access to the database. When the database is ready to be released, you can adjust access control settings to provide general access to the application. When you create a database, you are assigned as the Manager of that database by default. This gives you complete access rights. You can then designate others as designers so they can contribute to the design. To keep a database private during development 1. Select the database and choose File - Replication - Settings. 2. Click Other and select "Temporarily disable replication." 3. Click OK. 4. Choose File - Database - Properties and click the Design tab. 5. Deselect "List in Database Catalog." 6. Deselect "Show in 'Open Database' Dialog." For more information on access control, see The database access control list. Restricting who can read or edit documents

Krishna

Lotus Notes

ACL Security

16

To restrict who can read documents, add a Readers field to a form. To restrict who can edit a document, add an create, add an Authors field to a form, which allows only users who have Author access in the ACL to edit the documents they create. Note Readers and Authors fields take effect only when the database is on a server. If you develop a database locally, you can't test this feature until you copy the database to a server. Using a Readers field to restrict access to specific documents To limit access to specific documents created from a form, include a Readers field on the form. A Readers field explicitly lists the users who can read documents created from the form. Without Reader access to a document, a user cannot see the document in a view. For example, to limit access to an employee's personnel file to members of the Human Resources department, the employee, and the employee's manager, list those people in a Readers field. If a form has a read access list, names from the Readers field are added to the access list. Otherwise, the Readers field controls access to documents created from the form. Entries in a Readers field cannot give a user more access than what is specified in the database access control list (ACL); they can only further restrict access. Users who have been assigned "No Access" to a database in the ACL can never read a document, even if you list them in a Readers field. On the other hand, users with Editor access or above in the ACL can be restricted from reading documents if they aren't included in a Readers field. Any users who have Editor (or higher) access to the database can read and edit a document if one of the following is true: They are listed in the form's Read access list or Readers field. The form has no Read access list restrictions or no Readers field.

For information on updating Readers fields, see Updating Readers and Authors Fields if you have installed IBM Lotus Domino Administrator Help. Or, go to http://www.lotus.com/ldd/doc to download or view Lotus Domino Administrator Help. Using an Authors field to restrict who can edit specific documents

An Authors field works in conjunction with Author access in the database ACL. If you assign users Author access in the ACL, they can read documents in the database but cannot edit their own documents. If you list those users in an Authors field, they can edit documents in the database. Entries in an Authors field cannot override the database ACL; they can only refine it. Users who have been assigned No Access in an ACL can never edit a document, even if you list them in an Authors field. Users who already have Editor (or higher) access in the ACL are not affected by an Authors field. Authors fields affect only users who have Author access in the ACL. You must enter the user's full hierarchical name in the Authors field. If you manually enter a name in the Authors field, Domino expands and stores, for example, John Smith/ACME/West is stored as (CN=John Smith/OU=ACME/O=West) in its hierarchical form. The name displays in its abbreviated form. If you programmatically enter a name, you must use the full canonical form such as CN=John Smith/OU=ACME/O=West.

For information on creating Authors fields, see To create Readers and Authors fields . For information on updating Authors fields, see Updating Readers and Authors Fields if you have installed IBM Lotus Domino Administrator Help. Or, go to http://www.lotus.com/ldd/doc to download or view Lotus Domino Administrator Help. To create Readers and Authors fields Restrict Read access to documents by creating Readers and Authors fields as follows. 1. Open the form in IBM Lotus Domino Designer. 2. Create a field, or click an existing field. Then choose Design - Field Properties. 3. On the Field Info(i) tab, select Readers or Authors as the type, and then:

Krishna

Lotus Notes
o

ACL Security
Select Editable to allow authors and editors to modify the list. (Be sure to include yourself in the default value formulas, which you create in the Script area of the Programmer's pane -- so there is at least one value.) Select Computed to write a formula that computes the reader or author names. Writing formulas for Readers and Authors fields When you write a formula for a Readers or Authors field, enclose user names and group names in quotation marks. "Marketing" Select "Allow multi-values" for a field that stores a text list with multiple names. Concatenate the names in the formula with a colon. "Mary Sen":"Marketing":"Joyce O'Connor" Place quotation marks and square brackets around role names that qualify access levels. "[Scheduling Committee]"

17

4. To create editable or computed field values, click the Programmer's pane, select a formula type, and write the formula; click the green check mark to save the formula. Note Include server names in the formula if the database will replicate. 5. On the Control tab, choose one of the following options to generate a list of readers or authors from which users can select. Note Unless "None" is selected as the lookup option for a Readers or Authors field, users press either CTRL+ENTER or, if specified for the field, the entry helper button to see a list of possible entries. If the Readers field is located inside a layout region, leave "None" selected; other lookup options do not apply. o Use None to rely on a formula or on authors to create the list of names. Select "Look up names as each character is entered" to speed up typing in editable fields. IBM Lotus Domino fills in the first name that matches the characters the user types. Use Address dialog box for choices to display the Names dialog box so users can select names from a Personal Address Book or from the Domino Directory. Select "Look up names as each character is entered" to help users fill in a name quickly and Designer looks up a match. Use access control list for choices to display a list of people, servers, groups, and roles in the ACL. Use View dialog box for choices to display a dialog box containing entries from a column in a Designer database view. Select the database to look up, select a view, and select a column number.

o o

6. (Optional) On the Field Info tab, select "Allow multi-values" to allow more than one name to be stored in the field. 7. (Optional) On the Control tab, select "Allow values not in list" to let users enter additional names. This property is applicable only to Address and Access Control List choices. 8. Save and close the form. Note When you specify names for reader and author fields, use the full hierarchical name for each user if there is a chance this database will be copied or replicated to another domain. Within a domain, an abbreviated, or common name, is sufficient for user authentication, but between domains, you must supply the full hierarchical name or authentication will fail. Examples of restricting who can read or edit specific documents The following examples illustrate how to use Readers fields and Authors fields. Adding a Readers field to a form To ensure that employees can read only their own Employee Information documents. Create a computed-whencomposed Readers field named AuthorizedReader that uses this formula: @UserName

Krishna

Lotus Notes

ACL Security

18

To add additional authorized readers, create a read access list in the Document Properties box for individual documents. Adding an Authors field to a form To use an Authors field on a Slide Show form to let the Production group edit documents, and to save and display the original author's name for each, you create two fields. To display the creator's name, create a computed-when-composed field called CreatedBy and use the formula: @Name([CN];@UserName) To allow the Production group to edit Slide Show documents, create a computed Authors field and use the formula: "Production" Allowing authors to add other names To let authors and editors customize the Authors list, create an editable Authors field that uses "View access control list dialog" to present choices, and select "Allow multi-values" for the field. Tracking who edits a document If a document contains an Authors field, IBM Lotus Domino Designer automatically stores the names of the users who have edited that document in an internal field called $UpdatedBy. Servers involved in replication are not considered editors, so they're not tracked in this list. To display the contents of the $UpdatedBy field, users can click and hold the cursor on the Authors field in a document they're reading. Designer displays a pop-up list of everyone who has modified the document, including people who did so through agents. Adding pop-up text to the field label helps users understand the list. If a form is assigned the "Anonymous form" property, its documents do not contain an $UpdatedBy field; instead, the documents contain an $Anonymous field with a value of "1." Updating Readers and Authors fields By default, the Administration Process examines all documents in a database to find and update Readers and Authors fields and to update private views, folders, and agents. When the Administration Process performs a "Rename person" or a "Delete person" request, it edits or removes the name in all Readers and Authors fields and in private folders, views, and agents. To update Readers and Authors fields in only selected documents, you create a special view in the database and then update that view. You must select an administration server if you want to select the option to modify Readers and Authors fields. The default is to not modify Readers and Authors fields. To update Readers and Authors fields in all documents Use this method to modify Readers and Authors fields for a single database. 1. Make sure that you have: o o Manager access in the database ACL already specified an administration server for the database.

2. Select the database icon from your Bookmark pane. 3. Choose File - Database - Access Control. 4. Click the Advanced icon. 5. Below "Administration Server," select Server. 6. Select an administration server, and then click OK. 7. Select "Modify all Reader and Author fields" from the list below "Administration Server." 8. Click OK. To update Readers and Authors fields in selected documents 1. Create a new view in the database and name the view $Adminp.

Krishna

Lotus Notes

ACL Security

19

2. Write a view selection formula that selects and displays only the documents containing the fields to update. 3. Select the database icon from your Bookmark pane. 4. Choose File - Database - Access Control. 5. Click the Advanced icon. 6. Below "Administration Server," select Server. 7. Select an administration server, and then click OK. 8. Select "Modify all Reader and Author fields" from the list below "Administration Server." 9. Click OK. For more information on the Administration Process (adminp), see Lotus Domino Administrator Help. For more information on creating views and writing view selection formulas, see Creating a standard view. Setting up the Administration Process for databases To use the Administration Process (adminp) to update and manage names in an ACL and in Readers and Authors fields, you must assign an administration server to the database. 1. Make sure that you have Manager access in the database ACL. 2. Select the database icon from your Bookmark pane. 3. Choose File - Database - Access Control. 4. Click the Advanced icon. 5. Below Administration Server, select Server. 6. Select an administration server from the list, and click OK. Note When IBM Lotus Notes users create databases, they can specify the administration server for their databases on the Advanced panel of the database ACL. The database ACL list is automatically updated when the adminp process is run on the specified administration server. For more information on the Administration Process (adminp), see Lotus Domino Administrator Help. Creating controlled-access sections of forms You can control access to parts of documents by creating access-controlled sections on forms that allow specified users to see restricted parts of documents. To create a controlled-access section 1. Highlight the text, fields, and other design elements on a form that make up the section. 2. Choose Create - Section - Controlled Access. 3. (Optional) In the Section Properties box on the Section Title and Border tab, edit the section title. 4. (Optional) Enter a Section Field Name. 5. (Optional) Choose a border style and border color for the section. You can insert fields and other design elements into the section after creating it. To append design elements to the bottom of the section, set the border style as a box. When you have finished appending design elements, set the border style to no border. To name the editors for a controlled-access section 1. Click the section title. 2. Choose Section - Section Properties. 3. Click the Formula tab. 4. Select Editable as the section type to allow the document creator to specify the section editors. 5. Select one of the Computed types to use a formula to define the section editors.

Krishna

Lotus Notes

ACL Security

20

6. (Optional for an editable field; Required for a computed field) In the Properties box, write a formula to define who can edit the field, and click the check mark. Note When you specify names for section editors, use the full hierarchical name for each user if there is a chance this database will be copied or replicated to another domain. Within a domain, an abbreviated, or common name, is sufficient for user authentication, but between domains, you must supply the full hierarchical name or authentication will fail. To make a controlled-access section collapsible 1. Click the section marker and choose Section - Section Properties. 2. Click the Expand/Collapse tab and select options for showing the section expanded or collapsed, depending on whether a document is being previewed, printed, or opened. 3. On the same tab, click the "For Editors" list and select "For Non-editors." A list of options appears for displaying the section to users who can read but not edit the section. 4. (Optional) Select "Hide title when expanded" if users who are non-editors don't need to see the section title when the fields are displayed. 5. Save and close the form. Examples of access-controlled sections The following examples illustrate different uses for access-controlled sections on forms. Computing an editors list from the access control list The status section of a Business Card Request form has a controlled-access section whose formula allows only administrators (an access role in the ACL) to change the status of a request. The formula for the computed field is: "[Business Card Administrators]" Allowing the author to name section editors An editable section of a Status Report form has a controlled-access section whose default value formula always allows the author to edit the status report. Users who have access to the document but are not the author can read the section but cannot edit it. "@Author" The author can choose Section - Define Editors to name additional editors for a particular status report. Limiting Editor access to sections of forms In workflow applications, use sections to restrict who can edit or sign parts of a document. If a document requires more than one approval signature, you create a section on the form for each signature or group. For example, you might create a section specifically for the Purchasing group. Edit access lists and the access control list To specify who can edit parts of a section, select the fields you want to restrict and create a section containing the fields. Then specify who can edit the fields in one of the following ways: Let the author of the document choose who can edit the section. Specify the users, groups, or roles who can edit the section.

For users who are not listed as editors of the section, the fields appear as read-only. Editor access of the section does not override Editor access in the database access control list (ACL); it only refines it. Privilege names cannot be used in the Edit access list. For more information about document access control, see Restricting who can access a section of a document and Using a Readers field to restrict access to specific documents . Tip If you use custom roles to refine standard access levels, consider creating a section that corresponds to each access role. Then create a field named RoleName at the top of the section.

Krishna

Lotus Notes
Using a computed field to define section editors

ACL Security

21

To define a list of section editors, write a formula that populates the list of allowed editors, by including the current user's name, using @DbColumn to retrieve a list of names, using the value of an approver field, or using a group name or role from the ACL. Use a computed-when-composed field to create a permanent list of editors when a document is created. You can use only formulas that result in a text list containing one or more names; you can then append the names to the section's edit access list. Enclose the names in quotation marks and concatenate them with a colon ( : ). "Mary Sen":"Marketing Group" Access role names must include square brackets and be enclosed in quotation marks: "[Scheduling Committee]" For information on using database lookups, see @DbColumn. Allowing the author to name section editors To let authors decide who can edit fields in a section, make the section editable. As a convenience to authors, write a default value formula to create an initial list of editors for the section; anyone editing the section can then update that list. If there are multiple authors, be sure to select "Allow multivalues" for the field. An editable section allows the author of each document to create a customized list of editors by double-clicking the section title when the document is in Edit mode or choosing Section - Define Editors. Any users already authorized to edit the fields within the section are displayed, and the author can add other editors to the list. Using a controlled-access section on multiple forms To use a controlled-access section on more than one form, place the section on a subform and include the subform in the forms. Creating read access lists to limit view and folder access To allow some users and not others to see a view or folder, create a read access list. Users who are excluded from the access list do not see the view or folder on the View menu. A view or folder read access list is not a true security measure. Unless the documents are otherwise protected, users can create private views and folders that display the documents shown in the restricted view. For greater security, use a read access list for a form. You can add users to the read access list for a view or folder as long as they already have at least Reader access in the database access control list. To create a read access list 1. Open the view or folder. 2. Choose Design - View Properties or Design - Folder Properties. 3. Click the Security tab. 4. Deselect "All readers and above." 5. Click each user, group, server, or access role you want to include. A check mark appears next to each selected name. 6. Click the Person icon to add person or group names from a Personal Address Book or from the Domino Directory. 7. To remove a name from the list, click the name again to remove the check mark. 8. (Optional) Check "Available to Public Access Users" if you want this view or folder available to users with public access read or write privileges in the access control list for this database. 9. Save the view or folder. Notes Do not create a read access list for the default view of a database.

Krishna

Lotus Notes

ACL Security

22

Servers that need to replicate a database need access to views that are read-restricted so that view design changes can replicate. Database designers need access to views that are read-restricted so that view design changes can be made in IBM Lotus Domino Designer.

Example of restricting access to a view To improve the performance of the Technical Services, Rajeev Jain designed a "Tech Services Review" form, which is included in the company's custom Mail template. Each quarter, Rajeev sends a company-wide memo asking people to complete a Tech Services Review form and mail it to a Service Request Tracking database. In that database, the reviews are displayed in the "Tech Service Performance" view. Rajeev wants only his technicians and his own managers to have access to this view. He defines a read access list for the "Tech Service Performance" view. Then, because there is no group in the IBM Lotus Domino Directory for the people he wants to include in the access list, Rajeev defines an access role called [TSMAnagers] in the database ACL, and adds that role to the view's read access list. The access role is stored within the Service Request Tracking database; it is not added to the Domino Directory. Creating write access lists to limit folder access To allow some users and not others to update the contents of a folder, create a write access list for the folder. You can add users to a write access list for a folder as long as the users already have at least Author access in the database access control list. Users specified in the write access list for the folder can move and copy documents into the folder and can remove documents from the folder. With only Author access, they cannot edit documents in the folder. 1. Select a database. 2. In the Design pane, click Folders. 3. Double-click the view or folder in the Work pane. 4. Choose Design - Folder Properties. 5. Click the Security tab. 6. In the "Contents can be updated by:" section, deselect "All Authors and above." 7. Do any of the following: o o o Click each user, group, server, or access role you want to include. A check mark appears next to each selected name. Click the Person icon to add person or group names from a Personal Address Book or from the IBM Lotus Domino Directory. To remove a name from the list, click the name again to remove the check mark.

8. Save the folder. Access-controlled forms and documents To restrict access to all or part of a form, and to all documents created from a form, you can create a form read access or a create access list. Create access list Use a create access list to limit who can access the form in order to create. Limiting who can create documents from a form also shortens the create menu by removing the restricted forms from the menu. Read access list Use a read access list to limit who can read documents created from a form. For example, you might use a read access list to restrict access containing personnel information. The following people can read a document that has restricted Read access: Users assigned Read access in the form access list Users listed in the form's Readers field

Krishna

Lotus Notes
Readers field names are added to a document's read access list. Users listed in the form's Author's field

ACL Security

23

Note When you use a form access list, you restrict access to all or part of a form by setting security parameters that work with the database ACL. The database ACL predominates -- only users with access to the database have access to forms within a database. Form security provides an additional measure of access control in conjunction with the database access control list. However, note that using access-controlled forms is not a true security measure because a user can create a copy of the form and remove the restriction. Replicating restricted documents Adding names to a read access list or to a Readers field limits access to the users, groups, and servers named in that list or field. Servers that need to replicate this database must be included in the list or field to have Read access. Otherwise, documents that are read-restricted won't replicate. To create access-controlled forms 1. Open the form. 2. Choose Design - Form Properties. 3. Click the Security tab. 4. Deselect "All authors and above" in the "Who can create documents with this form" section. 5. Click each user, group, server, and access role you want to include. 6. Deselect "All readers and above" in the "Default read access for documents created with this form" section. 7. Click each user, group, server, and access role you want to include. 8. (Optional) Check "Available to Public Access users" if you want documents in this view or folder available to users with public access read or write privileges in the access control list for this database. To prevent printing, forwarding, and copying of documents You can discourage users from printing, forwarding, or copying documents created with a form. This feature helps to prevent accidental distribution of confidential information, but it is not a true security feature because users can circumvent it by using screen capture programs. 1. Open the form. 2. Choose Design - Form Properties. 3. Click the Security tab. 4. Click "Disable printing/forwarding/copying to clipboard." To prevent editing of existing documents You can prevent users with Author access in the database ACL from editing a field in existing documents. This restriction doesn't apply to new documents. 1. Open the form. 2. Create a field, or click an existing field. 3. In the Field Properties box, click the Advanced tab. 4. Select "Security options: Must have at least Editor access to use" and click the check mark. Creating public access pages, forms, subforms, outlines, views, agents, and style sheets The database ACL controls access to specific design elements, such as pages, documents, forms, outlines, views, folders, and style sheets. Users with No Access or Depositor access in the ACL cannot access the design elements of a database. There are times, however, when you might want to make design elements accessible to all users, regardless of access level. To do so, you make the design elements available for Public Access. For example, public documents are necessary for calendar applications where one user lets another user read or create appointments on his or her behalf. To create the public documents for this application, you must first

Krishna

Lotus Notes

ACL Security

24

create a public access form containing a public access field. Then you create a public folder or view to display the document. Note that you can also make manually run agents available for public access. To designate a page, form, or subform for public access 1. Open the page, form, or subform. 2. Choose Design - <design element> Properties. 3. Click the Security tab. 4. Select "Available to Public Access Users." 5. On a form or subform, create a field. 6. In the Name field, enter $PublicAccess. 7. In the Type field, select Text and Computed when composed. 8. In the Programmer's pane at the bottom of the form, enter "1" as the default value for the field. 9. To hide this field from users, select the Field Hide When tab and specify hide-when conditions. To designate a view for public access 1. Open the view. 2. Choose Design - View Properties. 3. Click the Security tab. 4. Check "Available to public access users" if you want to make documents in this view or folder available to users with public access read or write privileges in the access control list for this database. To designate an outline for public access 1. Open the outline 2. Choose Design - Outline Properties. 3. Check "Available to public access users." To create a style sheet for public access 1. Click Resources - Style Sheets in the Design pane. 2. Highlight a style sheet and choose Resource - Resource Properties. The Style Sheet Resource Properties box appears. 3. Select the Security tab and check "Available to public access users." To create an agent for public access 1. Open the agent in Designer. 2. Click Options. 3. Select "Available to Public Access Users."

Krishna

You might also like