Extended ACL guidelines

Plan an extended ACL on paper before you implement it. After you have planned the extended ACL on paper, test it in a nonproduction environment before deploying it.

When planning an extended ACL use a sparse access control model that minimizes the number of extended ACL subjects you specify:

  • Use categories as targets -- / (root) or subcategories contained by / (root) -- rather than individual documents. To subcategorize documents within / (root), you may have to give some documents (for example Group documents) hierarchical names manually.
  • As a general rule use the default target scope This container and all descendants as the target scope to extend subjects' access to target subcategories.
  • Use names that represent groups of users -- Self, groups, wildcard subjects, -Default- -- as subjects rather than the names of individuals.

When you use a sparse access control model Domino® can check extended ACL access settings quickly and you can manage extended ACL access settings easily.