Restricting execution access with the Execution Control List

You can protect your workstation by specifying different types of execution access for different people or organizational certifiers who run IBM® Notes® scripts and formulas. For example, you may give all types of execution access to your IBM® Domino® administrator, but allow no execution access to unsigned scripts or formulas.

About this task

By default, protected operations for scripts, code, and formulas not specified in the Execution Control List (ECL), whether signed or unsigned, cannot execute on your workstation without displaying the Execution security alert dialog box. However, scripts and formulas run from any database created from a template that ships with Notes® and signed by Notes® Template Development/Notes®. This signature has full execution access by default, but its entry in the ECL can be modified and restricted.

Note: To view a history or your Execution Security Alerts and ECL modifications that have been made, refer to the Miscellaneous view in the Notes® Log (log.nsf).

Click any of these topics:

  • To change your execution control list
  • To reset your execution control list back to your administrator's defaults

To change your execution control list

About this task

If your administrator has not restricted your access to change your ECL, you can modify your own ECL so that you can limit access to your workstation. You can restrict or expand access to signed LotusScript®, Java applets, and JavaScript applications. For more information on the access options that are available, see ECL security access options.

Note: The administrator's ability to update your ECL is controlled by the ECL itself. If you have Modify your Execution Control List deselected in the What Others Do > Using Workstation section of User Security, the administrator's dynamic update will cause an Execution Security Alert. If you do not accept this ECL update, the action the administrator is trying to change in the ECL will not be modified. See your administrator for details.

Procedure

  1. Click File > Security > User Security (Macintosh OS X users: Notes > Security > User Security).
  2. Click What Others Do and Using Workstation, Using Applets, or Using JavaScript.
  3. Optional: To add an item to the When n is signed by list, click Add, enter the name of the person or organizational certifier, for example /Acme. (Click the person icon to choose a name from your Contacts.) Then click OK. You can then decide access for that item.
  4. Optional: To edit an item in the When n is signed by list, select the item, click Rename to edit the item or enter a new name, or click Remove to delete an item from the list, then click OK.
  5. Select the person or organizational certifier whose access you want to specify.
  6. Enable the types of access you want this person or organizational certifier to have.

Results

Tip: A user who shares a computer with others can set up his or her own ECL. ECLs are unique to each person's User ID.

To reset your execution control list back to your administrator's defaults

About this task

You can reset your ECLs to the original settings your administrator provided for you.

Procedure

  1. Click File > Security > User Security (Macintosh OS X users: Notes > Security > User Security).
  2. Click What Others Do, and Using Workstation, Using Applets, or Using JavaScript.
  3. Click the Refresh All button.

Results

Note: If your administrator has restricted your ability to change your ECL, the Refresh All button will be greyed out.