Using the Administration Process to update ACLs

To maintain maximum database security, you must be vigilant about keeping the ACL up to date. You can use the server administration process to do this. The Administration Process is a server program that automatically renames or deletes groups, servers, users, personal views, personal folders, and private agents, and then updates the Domino® Directory and any database ACLs that have named the server running the Administration Process as their administration server. This program also updates the Readers and Authors fields for all documents in a database.

You can select an administration server for the Administration Process in the Access Control List dialog box for single databases or in the Multi-ACL Management dialog box for multiple databases.

A user leaves the organization

When a user leaves the organization, you can use the Domino Administrator to request that the user be deleted from the system. The Administration Process responds to this request and deletes the user's Person document from the Domino Directory, as well as the user's name from all Group documents, ACLs, roles, Readers and Authors fields, personal folders and views, and private agents.

A user needs access to the database

If possible, add new names to existing groups in the ACL rather than listing names individually. Consider whether to include new names in any roles associated with the database. If the database does not use roles, check whether there are access lists associated with forms, views, fields, or sections, and if so, consider whether to include new names in these lists.

For more information on the use of public access lists with database design elements, see IBM® Domino Designer 9.0.1 Social Edition Help.

A user name changes or you move the user in the hierarchy

Edit the user's Person document in the Domino Directory. The Administration Process carries out all related renaming tasks in database ACLs and in personal folders and views and private agents.