aclentry (Domino DTD)
Represents an acl entry in a Domino database. An aclentry can consist of a person, server, or server group that is assigned an access level to perform specific tasks in a database. The attributes of this element define the access and editing privileges a user has for a database.
Containment Hierarchy
Contained by: <acl>
Contains: <role>
Syntax
<!ELEMENT aclentry ( role* )>Content
role*May contain any number of <role> elements.
Attributes
<!ATTLIST aclentry| name |
%string; |
#REQUIRED |
|---|---|---|
| level |
#REQUIRED |
|
| default |
%boolean; |
"false" |
| type |
(%aclentry.types;) |
"unspecified" |
| createdocs |
%boolean; |
#IMPLIED |
| deletedocs |
%boolean; |
#IMPLIED |
| createpersonalagents |
%boolean; |
#IMPLIED |
| createpersonalviews |
%boolean; |
#IMPLIED |
| createsharedviews |
%boolean; |
#IMPLIED |
| createlsjavaagents |
%boolean; |
#IMPLIED |
| readpublicdocs |
%boolean; |
#IMPLIED |
| writepublicdocs |
%boolean; |
#IMPLIED |
>createdocs
If true, can create documents.*
createlsjavaagents
If true, can create LotusScript or Java agents.*
createpersonalagents
If true, can create private agents.*
createpersonalviews
If true, can create personal folders or views.*
createsharedviews
If true, can create shared folders or views.*
default
If true, this entry is the default entry for the acl. Default is false.
deletedocs
If true, can delete documents.*
level
The access level of the aclentry. Specified in the %acl.levels entity. The level implies a specific combination of the attributes mentioned here. For details, see the Usage section.
name
Name of the user/aclentry. This could include an empty string.
readpublicdocs
If true, can read public documents.*
type
The type of aclentry. Specified in the %aclentry.types entity. Default is Unspecified.
writepublicdocs
If true, can write public documents.*
*The access level of the entry determines the default value for these attributes.
Usage
For each level of an aclentry, only a certain combination of tasks can be performed by a user. These tasks are represented by permitted attributes being set to true. For example, if the level specified is noaccess, only the readpublicdocs and writepublicdocs attributes default to true; the rest default to false. If the level specified is manager, the default value for all the attributes is true and cannot be set to false, except deletedocs, which can be set to false at the manager level. You override attribute values by selecting or deselecting editable access privileges in the ACL dialog box. To view all the combinations for each level, refer to the Access Control List Properties box in the Notes client.
For more information, see Access level privileges in the ACL.
The DXL output for a database often contains more than one aclentry tag. This happens because there is often more than one level of ACL access assigned to the users of a database.
Defined entity for <aclentry> element
The %aclentry.types; entity lists the types of users allowed in an ACL entry in a Domino database.
For more information, see User types in the ACL.
Syntax:
<!ENTITY % aclentry.types "unspecified | person | server | mixedgroup | persongroup | servergroup ">