Use the database ACL to control the general access that users and HCL Domino® servers have to the Domino Directory. Optionally, use an extended ACL to refine the general database ACL and further restrict access to specific portions of the directory. An extended ACL is available for only a Domino Directory and an extended directory catalog.

Some of the questions to ask when planning directory access control include:

Do you want to assign administrators to specific administration roles in the Domino Directory?

If administrators in your company have specialized administrative duties, consider assigning the administrators only to the administration roles in the ACL that correspond to their duties. If your company administrators do all administrative tasks, assign them to all of the roles.

One of the reasons to use an extended ACL is to limit cross-organizational access to a directory that contains information for multiple organizations or organizational units.

By default, you use the domain configuration settings document in the Domino Directory to control anonymous LDAP search access. By default, anonymous LDAP users have Read access to a specific list of attributes.

The Anonymous entry in the directory database ACL by default is set to No Access and controls anonymous access for all users other than LDAP users. If you use an extended ACL, then the Anonymous entry in database ACL, and the extended ACL, then also control anonymous LDAP access. Typically you give the Anonymous entry no more than Reader access.

Related concepts
Extended ACL
Planning directory services
Directory services terms

Related tasks
Controlling access to the Domino Directory

Help on Help

All Help Contents

Help on Help