You use an execution control list (ECL) to configure workstation data security. An ECL protects user workstations against active content from unknown or suspect sources, and can be configured to limit the action of any active content that does run on workstations.

About this task

The ECL determines whether the signer of the code is allowed to run the code on a given workstation, and defines the access that the code has to various workstation functions. For example, an ECL can prevent another person's code from running on a computer and damaging or erasing data.

"Active content" includes anything that can be run on a user workstation, including formulas; scripts; agents; design elements in databases and templates; documents with stored forms, actions, buttons, hot spots; as well as malicious code (such as viruses and so-called "Trojan horses").

There are two kinds of ECLs: the Administration ECL, which resides in the Domino® Directory (NAMES.NSF), and the workstation ECL, which is stored in the user's Contacts (NAMES.NSF). The Administration ECL is the template for all workstation ECLs. The workstation ECL is created when the Notes® client is first installed. The Setup program copies the administration ECL from the Domino Directory to the Notes client to create the workstation ECL.

ECL security access options
There are three categories of access options for ECLs.

Administration ECLs
When you set up the first server in a domain, HCL Domino creates a default administration ECL, which you can then customize to create other named administration ECLs.

Deploying and updating workstation ECLs
If you create an Admin ECL prior to registering users, that Admin ECL is deployed automatically to user workstations when users run the Notes setup during install. You can also deploy and maintain ECLs through the use of policies, which allow you to deploy create and deploy ECLs on a group or organizational basis, as well as define the frequency and extent to which workstation ECLs are updated.

The workstation ECL

About this task

A workstation ECL lists the signatures of trusted authors of active content. "Trust" implies that the signature comes from a known and safe source. For example, every system and application template shipped with Domino or Notes contains the signature Notes Template Development. Likewise, every template and database that your organization designs should contain the signature of either the application developer or the administrator.

For each signature, the ECL contains settings that control the actions that active content signed with that signature can perform and the workstation system resources it can access.

Procedure

1. Choose File -> Security -> User Security.Macintosh OS X users: Notes -> Security -> User Security.

2. Click What Others Do, and select either Using Workstation, Using Applets, or Using JavaScript.

Note: You need to be in the appropriate ECL pane to see the effective access for that ECL. For example, to see who has access in the JavaScript™ ECL, you would need to select the JavaScript ECL.

• The listbox shows the users and groups who have access to this ECL for the duration of this session.
• Select a name to see the user or group access rights. The check boxes indicate the access rights for the selected name.

About this task

When active content runs on a user workstation and attempts a potentially harmful action -- for example, programmatically sending mail -- the following occurs:

Procedure

1. Notes verifies that the active content is signed and looks up the signer of the code in the workstation ECL.

2. Notes checks the signer's ECL settings to determine whether the action is allowed.

3. One of the following occurs:

a. If the signer of the code is listed in the workstation ECL and the appropriate setting is enabled, the active content runs.

b. If the active content attempts an action that is not enabled for the signer, or if the signer is not listed in the ECL, Notes generates an Execution Security Alert (ESA), which specifies the attempted action, the signer's name, and the ECL setting that is not enabled.

The ESA gives the user four options:

• Do not execute the action -- to deny the signer access to perform the specified action.
• Execute the action this one time -- to allow the signer access to perform the action only once. The ESA appears again if the same action is attempted in the future. This option does not modify the ECL.
• Trust the signer to execute this action for this Notes session -- to allow the signer access to perform the action for the duration of the user's Notes session, until the user logs out or Notes or switches to another Notes ID. This option does not modify the ECL.
• Start trusting the signer to execute this action -- to allow the action to be performed and modify the ECL configuration to add the signature of the active content to the ECL. This grants permission for the signer to execute the specific action any time on that workstation.
• More Info -- to display a dialog box that provides information about the design type, design name, Notes ID, signature status, and parent database of the code that caused the ESA.

  For example, locally scheduled agents, as well as manual agents, can generate ESAs. Click More Info to get information about the agent that generated the alert.


Note: The administration ECL has a setting that prevents users from changing their workstation ECLs. If this setting is enabled, then the user's option to trust the signer is disabled.

About this task

Users can also determine the "effective access" that a person or a group has to the workstation ECL by clicking the Effective Access button on an ECL. Effective access is not always apparent, especially if users enable ECL access for a Notes session. For example, a user may grant temporary access to a group that designed a database application in which the user is working. This access is valid for the duration of a session, but a session might last all day.

Note: If you restrict users' abilities to change their ECL, the Effective Session ECL button will be grayed out.

Related concepts
Administration ECLs

Related tasks
Defining default settings for Notes user registration
Customizing user registration

Related reference
ECL security access options
Default ECL settings

Help on Help

All Help Contents

Help on Help