An ACL management trick

First my disclaimer: You won't be getting into anything you don't already have too much access to.

Ever need to open up a database because you realized that the Notes database, by default, does not give you the appropriate access or someone has created a new database and not placed the proper administrative groups into the ACL? This will allow you to work around these problems without having to scramble to the server room to fire up the client on the server.

What will you need? Access to the file system on your Notes server. This is also a good tip for you if you are the administrator, if someone has access to your file system over the network then perhaps you need to evaluate security. Of course most places, people who can browse to a directory on the server can also physically access the server.

Bring up the "Open Database" dialog box. Enter the path to the file or browse to it if you've got the drive mapped. Typically the path will look something like this:

Click on Open to open that database. This will treat it as if it is a local database and give you manager access. If a consistent ACL is enforced you may not have as much luck, but that is a sign that it's a database with a well defined ACL already, typically ACLs that will need your attention will be those of new databases or default databases (log.nsf, catalog.nsf, etc.)

Now if you use this method and try to open the database while someone else (or the server) has it in use you will get the following error message:

The database is currently being used by someone else. In order to sare a Notes database, all users must use a Domino server instead of a File server.

This can be remedied by going to the server console (via the Admin client if you will, remember our goal is to do this without getting up from our desk) and entering "drop all" and "dbcache flush" into the console. Once these have been entered you can then try to open the database again. On a busy database, you may run into problems if you run your drop/cacheflush and wait to long to try opening the database, then chances are someone will have it in use again.

USER FEEDBACK TO THIS TIP

• You forgot to mention that this tip will not work if you have the database on an AIX box -- because there isn't a Notes client for AIX. —Mtrekaj
• Further to this:
  You're not out of luck if the database enforces consistent ACL. Just:
  check the ACL for a manager's name;
  create an O certifier (and any OU's also in his name);
  create an ID for that user's name;
  switch to the bogus ID, and access the database.

  Why does this work?
  When you access a database "locally", there is no authentication taking place. As long as your ID "name" matches the manager's name in the ACL, you're in. —Jim Foster

• I have found that this tip may be harmful to users. Just felt I should write back for this one. This management trick works but seems to increase the risk of incorrectable database corruption. —Tom Ditmer
• Today's tip about accessing databases locally will cause trouble if the server uses transaction logging -- it may corrupt the database. —Doug Jamieson
• This tip is fine for NT Domino Servers, but please note that this SHOULD NOT BE DONE when the Domino Server is an AS/400! IBM has documented problems with this, and will not support this. Because the AS/400 filesystem is in EBCDIC format, rather than ASCII, this method of administration will sometimes cause the databases to become corrupted!!! These corruptions are sometimes very obvious, in that nobody can subsequently open the database, however sometimes they are not as obvious, and functions like backups, and various Domino server tasks will fail. —Mike Eckert
• This can lead to a corrupted database as Notes databases are NOT designed to be shared via file browsing. You should not have file browsing enabled on a server. If you don't have the ACL correct then run nlnotes.exe on the server and fix it or if it's not NT then the choices are 1) use 3rd party tool, 2) write lotusscript agent to fix it or 3) move the database to a workstation where you can update the ACL.—Bruce Lill