SECURING
Access levels assigned to users in a database ACL control which tasks users can perform in the database. Access level privileges enhance or restrict the access level assigned to each name in the ACL. For each user, group, or server listed in the ACL, you select the basic access level and user type. To further refine the access, you select a series of access privileges. If the application designer created roles, assign them to the appropriate users, groups, or servers.
Access levels assigned to servers in a database ACL control what information within a database the server can replicate.
To access a database on a particular server, HCL Notes® users must have both the appropriate database access, as well as the appropriate server access specified in the Server document in the HCL Domino® Directory.
To view a database ACL, users must have Reader access or higher.
Caution: Special ACL access
There are some cases in which users can have significant access to a database that is not defined in the database ACL. This access is granted through rights set up in other areas of Domino, or by having access to the server itself. As an administrator, you need to understand these other kinds of access in order to be able to fully protect server databases.
Note: If a user has full administrator access to a database, the database ACL indicates that by enabling the Full Access Administrator check box that appears in the Effective Access dialog box.
Encrypt the database.
Modify replication settings.
Delete the database.
Perform all tasks allowed by lesser access levels.
Create a full-text search index.
Edit all documents, including those created by others.
Read all documents unless there is a Readers field in the form. If an editor is not listed in the Readers field, the user with Editor ACL access cannot read or edit the document.
Edit the documents where there is an Authors field in the document and the user is specified in the Authors field.
Read all documents unless there is a Readers field in the form.
Note: You may want to specifically assign No Access to individuals who should not have access to a database, but who may be members of a group that does.
Related concepts Access level privileges in the ACL Setting up a database ACL for server-to-server replication
Related tasks Maximum Internet name-and-password access Restricting administrator access Configuring a database ACL User types in the ACL Roles in the ACL Editing entries in multiple ACLs