Access levels in the ACL

Access levels assigned to users in a database ACL control which tasks users can perform in the database. Access level privileges enhance or restrict the access level assigned to each name in the ACL. For each user, group, or server listed in the ACL, you select the basic access level and user type. To further refine the access, you select a series of access privileges. If the application designer created roles, assign them to the appropriate users, groups, or servers.

Access levels assigned to servers in a database ACL control what information within a database the server can replicate.

To access a database on a particular server, HCL Notes® users must have both the appropriate database access, as well as the appropriate server access specified in the Server document in the HCL Domino® Directory.

To view a database ACL, users must have Reader access or higher.

Caution: Special ACL access

There are some cases in which users can have significant access to a database that is not defined in the database ACL. This access is granted through rights set up in other areas of Domino®, or by having access to the server itself. As an administrator, you need to understand these other kinds of access in order to be able to fully protect server databases.

  • Administrators who are designated as full access administrators in the Server document have manager access to all databases, with all privileges enabled, on the server, regardless of whether they are listed in the database ACLs. However, roles must still be enabled manually for full access administrators.
    Note: If a user has full administrator access to a database, the database ACL indicates that by enabling the Full Access Administrator check box that appears in the Effective Access dialog box.
  • Administrators who are designated as administrators or database administrators in the Server document are allowed to modify (for example, designate an administration server or create a full-text index) or delete any database on the server, even if they are not listed as managers in the database ACL.
  • Administrators who can run arbitrary executables on the server, either through non-Domino access to the server or through the use of Unrestricted Agents that launch executables.
  • Administrators who run the Notes® client directly on the server machine or on a machine that has file level access to the server database files.
  • Users may still have access to a database by running agents with the Unrestricted with Full Access privilege, even if they are not listed in the database ACL. This privilege bypasses the ACL and reader lists.
Table 1. User Access Levels from Highest to Lowest

Access level

Allows users to

Assign to

Manager

Modify the database ACL.

Encrypt the database.

Modify replication settings.

Delete the database.

Perform all tasks allowed by lesser access levels.

Two people who are responsible for the database. Then if one person is absent, the other can manage the database.

Designer

Modify all database design elements.

Create a full-text search index.

Perform all tasks allowed by lesser access levels.

A database designer and/or the person responsible for future design updates.

Editor

Create documents.

Edit all documents, including those created by others.

Read all documents unless there is a Readers field in the form. If an editor is not listed in the Readers field, the user with Editor ACL access cannot read or edit the document.

Any user allowed to create and edit documents in a database.

Author

Create documents if the user or server also has the Create documents access level privilege. When you assign Author access to a user or server, you must also specify the Create documents access level privilege.

Edit the documents where there is an Authors field in the document and the user is specified in the Authors field.

Read all documents unless there is a Readers field in the form.

Users who need to contribute documents to a database.

Reader

Read documents where there is a Readers field in the form and the user name is specified in the field.

Users who only need to read documents in a database but not create or edit documents.

Depositor

Create documents, but otherwise has no access, with the exception of options to Read public documents and Write public documents. These are privileges that designers may choose to grant.

Users who only need to contribute documents but who do not need to read or edit their own or other users' documents. For example, use Depositor access for a ballot box application.

No Access

Has no access, with the exception of options to Read public documents and Write public documents. These are privileges that designers may choose to grant.

Terminated users, users who do not need access to the database, or users who have access on a special basis.

Note: You may want to specifically assign No Access to individuals who should not have access to a database, but who may be members of a group that does.