Default ACL settings for the Domino® Change Control database

When the Change Control database (DOMCHANGE.NSF) is created, these default access levels and roles are assigned.

Table 1. Access levels and roles


Access level


Full Access Administrator


(Listed in the Server document of the current server.)


Change Admin

System Admin

Plan Creator


No access

No roles



Plan Reader


No access

No roles


No access

No roles

Recommended ACL settings

Assign the roles of Change Administrator and System Administrator only to administrators who require them. Administrators who have these roles have the ability to alter the basic system documents of a plan. The recommended access level is Editor for most Change Administrators and System Administrators. However, you can assign the Author access level, but add restrictions on editing existing system documents such as Interface or Function definitions. The System Admin role should be especially restricted.

Assign the Plan Creator role only to those people or groups in an organization that can create plans. Plan Creators only create plans, they cannot commit them.

Assign the Plan Reader role to people and groups that will be allowed to read plans only. This role assumes that the people and groups reading the plans are not Authors or Requesters.

Make sure that the Change Administrators and servers in the LocalDomainServers group have Create Replica access rights.