SECURING


Default ECL settings

When you first edit the ECL, it includes the following signatures and access options. By default, the ECL does not allow access to protected operations for active content that is unsigned, or for active content that is signed by a signer who is not listed in the ECL.

Table 1. Default ECL settings
Signature Applies toDefault access options
-Default-Formulas and code that contain a signature that is verified by Domino®, but that does not match any entry in the ECL.

For example, if the signer is Dan Misawa/Renovations, but the ECL does not contain this signature, then the ECL uses the -Default- signature to assign access.

None
-No Signature-Formulas and code that contain an invalid or corrupted signature, are unsigned, or are signed by an identity or organization that cannot be verified by Domino.

For example, if the code is not signed, or is signed by a user unknown to the Domino server, the ECL matches -No Signature-.

None
BT Mail and Calendar Migration Tools/Lotus Notes® Companion ProductsEvery template related to Binary Tree Mail and Calendar Migration Tools.

If your organization is not using this tool, you can remove this entry from the ECL.

  • Access to file system
  • Access to current database
  • Access to environment variables
  • Access to external code
  • Ability to read other databases
  • Ability to modify other databases
Domino Unified Communications Services/Lotus Notes Companion ProductsEvery template related to Domino Unified Communications Services. If your organization isn't using this tool, you can remove this entry from the ECL.
  • Access to current database
  • Access to environment variables
  • Access to external code
  • Access to external programs
  • Ability to send mail
  • Ability to read other databases
  • Ability to modify other databases
Lotus® Fax Development/Lotus Notes Companion ProductsEvery template related to Lotus Fax for Domino.

If your organization isn't using this tool, you can remove this entry from the ECL.

  • Access to current database
  • Access to environment variables
  • Ability to read other databases
  • Ability to modify other databases
Lotus Notes® Template Development / Lotus NotesEvery template shipped with Domino and Notes.

For example, the signer matches this type only if it has the Lotus Notes Template Development/Lotus Notes signature.

All
Sametime® Development/Lotus Notes Companion ProductsEvery template related to HCL Sametime.

If your organization isn't using this tool, you can remove this entry from the ECL.

All except Access to workstation security ECL

You can also add additional users or signature types to the ECL. You could add the hierarchical names of specific users or groups -- for example, Dan Misawa/Sales/East/Renovations. If you create a special certifier to certify the IDs of a group of trusted signers, you could use a wildcard character to name all signers -- for example, */Trusted Signers/Renovations.

The following table describes the access that these users (or signature types) in an ECL would have:

Table 2. Access granted for specified signature types
Signature Applies to
*/Trusted Signers/RenovationsFormulas and code that have */Trusted Signers/Renovations signature.

For example, if the signer is anyname/Trusted Signers/Renovations -- such as Andy Brunner/Trusted Signers/Renovations or Dan Misawa/Sales/East/Trusted Signers/Renovations -- the ECL uses the */Trusted Signers/Renovations signature to match access.

Dan Misawa/Sales/East/RenovationsFormulas and code that have Dan Misawa/Sales/East/Renovations as the signature.

For example, the signer matches this type only if the ECL contains the Dan Misawa/Sales/East/Renovations signature.


Parent topic: Administration ECLs

Related concepts
Administration ECLs

Related tasks
Creating administration ECLs