The database access control list

Every .NSF database has an access control list (ACL) that specifies the level of access that users and servers have to that database. Although the names of access levels are the same for users and servers, those assigned to users determine the tasks that they can perform in a database, while those assigned to servers determine what information within the database the servers can replicate. Only someone with Manager access can create or modify the ACL.

To control the access rights of Notes® users, select the access level, user type, and access level privileges for each user or group in a database. You can set default entries in the ACL when you create the database. You may also assign roles if the database designer determines this level of access refinement is needed by the application. Work with the designer and user representatives of the application to plan the correct access level before you put a database into production.

For each user name, server name, or group name in an ACL, you can specify:

  • An access level
  • Access level privileges
  • A user type
  • Roles
CAUTION: Domino® administrators with full access administration rights, as well as users who are allowed to run agents with unrestricted access, can access databases without being explicitly listed in the database ACLs.
Note: The database ACL should not be confused with other types of ACLs used by Domino® administrators. One such ACL is the extended ACL, which is used only in the Domino® Directory and the Extended Directory Catalog to restrict access to specific documents and fields within those databases. You must enable extended access to use this feature. The other type of access control list is the .ACL file, which is used by administrators to restrict user access to server directories.