Restricting access to a server's data directory

By default, any Notes® user who can access a server can access the server's entire data directory. You can restrict Notes® user access to a server's data directory or a subdirectory of the data directory by defining an access list, or ACL file, for it. ACL files are an option for protecting server directories, and contain the names of users authorized to access those directories.

About this task

In Domino 11.0.1 and later, ACL files are enabled by default. To disable the use of ACL files, set the NOTES.INI setting Enable_ACL_Files=0.

Note: ACL files are different than the access control list (ACLs) used to manage Notes® databases, although both serve the same function of restricting access to the directory or database, respectively, they protect.

Creating a data directory access list

Procedure

  1. Make sure you have at least database administrators access to the server.
  2. In the Domino® Administrator, click the Files tab.
  3. Select the directory to which you are restricting access.
    Note: The access restrictions apply to any subdirectories of the directory as well.
  4. In the Tools pane, select Folder > Manage ACL. The Manage Directory ACL dialog box opens.
  5. For Who should be able to access this directory? click the person icon. Do the following for each name that you want to allow to access the directory:
    • Select the name from a Domino® Directory, or type the name in the Add name not in list field. You can specify the name of a user, server, group or a wildcard, for example, */Sales/Renovations.
    • Click Add.
  6. When you are finished defining the access list, click OK.
  7. Click OK again. The directory icon now appears with a padlock.

Changing or deleting a data directory access list

Procedure

  1. Make sure you have at least database administrators access to the server.
  2. In the Domino® Administrator, click the Files tab.
  3. Select the directory with the ACL that you want to change. The directory icon has a padlock.
  4. In the Tools pane, select Folder > Manage ACL. The Manage Directory ACL dialog box opens.
  5. Do one of the following:
    • To remove a name from the access list, select the name and then click the red X. To delete the access list entirely, remove each name from the list.
    • To add a name to the access list, for Who should be able to access this directory? click the person icon, select or type the name, click Add, then click OK.
  6. Click OK to save your changes.