Restricting access to a server's data directory

By default, any Notes® user who can access a server can access the server's entire data directory. You can restrict Notes user access to a server's data directory or a subdirectory of the data directory by defining an access list, or ACL file, for it. ACL files are an option for protecting server directories, and contain the names of users authorized to access those directories.

About this task

In order to use ACL files, you need to set the NOTES.INI variable Enable_ACL_Files=1.

Note: ACL files are different than the access control list (ACLs) used to manage Notes databases, although both serve the same function of restricting access to the directory or database, respectively, they protect.

Creating a data directory access list

Procedure

  1. Make sure you have at least database administrators access to the server.
  2. In the Domino® Administrator, click the Files tab.
  3. Select the directory to which you are restricting access.
    Note: The access restrictions apply to any subdirectories of the directory as well.
  4. In the Tools pane, select Folder > Manage ACL. The Manage Directory ACL dialog box opens.
  5. For Who should be able to access this directory? click the person icon. Do the following for each name that you want to allow to access the directory:
    • Select the name from a Domino Directory, or type the name in the Add name not in list field. You can specify the name of a user, server, group or a wildcard, for example, */Sales/Renovations.
    • Click Add.
  6. When you are finished defining the access list, click OK.
  7. Click OK again. The directory icon now appears with a padlock.

Changing or deleting a data directory access list

Procedure

  1. Make sure you have at least database administrators access to the server.
  2. In the Domino Administrator, click the Files tab.
  3. Select the directory with the ACL that you want to change. The directory icon has a padlock.
  4. In the Tools pane, select Folder > Manage ACL. The Manage Directory ACL dialog box opens.
  5. Do one of the following:
    • To remove a name from the access list, select the name and then click the red X. To delete the access list entirely, remove each name from the list.
    • To add a name to the access list, for Who should be able to access this directory? click the person icon, select or type the name, click Add, then click OK.
  6. Click OK to save your changes.