Home > Domino Tips > Administrator > ACL > Bulk ACL fixer
Domino Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

ACL

Bulk ACL fixer


Phil Chapman
02.08.2002
Rating: -4.70- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


These two LotusScript agents address a couple of important issues regarding ACL management on servers:

The first will grant Manager access to the Admin group or user in every database ACL on a given server.

The second sets maximum Anonymous access in every database ACL to a level you can specify. Databases with no Anonymous ACL entry will get one added, with 'No access' privilege. The sample agent below sets a maximum of 'Author'; if you want a lower level, then modify the indicated line.

The results of each agent execution are written to the Notes Log. Further details are in the code itself.



Code

Sub Initialize 
%REM 
****************************************************** 
**********  Set Admin Access in ACLs  ********** 
**********  V1.0 - 08/01/02                  ********** 
**********  by Phil Chapman                 ********** 
****************************************************** 

Gives Manager access to the user or group whose 
name is stored in 'AdminName' for DBs on a server. 

Sign this agent with the server's ID before using. 

Place this agent in a database on a server (e.g. names.nsf) 
and schedule it to run periodically to keep all databases 
updated, or run once and then disable to allow manual 
setting of ACLs for DBs requiring restricted access. 
%END REM 
        
        Dim session As New Notessession 
        Dim directory As NotesDbDirectory 
        Dim db As NotesDatabase 
        Dim TotalCount As Integer 
        Dim ModCount As Integer 
        Dim SkipCount As Integer 
        Dim acl As NotesACL 
        Dim entry As NotesACLEntry 
        Dim AdminName As String 
        TotalCount = 0 
        ModCount = 0 
        SkipCount = 0 
        
        On Error Goto ErrorHandler 
        
        ' Set the name of your admin user or group here: 
        AdminName = "_Administrators" 
        
        Print "Starting scan of all databases..." 
        Set Directory = New Notesdbdirectory("") 
        Set db=directory.getfirstdatabase(TEMPLATE_CANDIDATE) 
        ' Get the next database 
        While Not (db Is Nothing) 
                Call db.Open( "","") 
                Set acl = db.ACL 
                ' Get the Admin entry from the ACL 
                Set entry = acl.GetEntry(AdminName) 
                ' If no Admin entry create one. 
                If (entry Is Nothing) Then 
                        Call db.GrantAccess(AdminName, ACLLEVEL_MANAGER) 
                        Print "Added ACL entry in " + db.filename 
                        ModCount = ModCount + 1 
                Else 
                ' If Admin access is lower than Manager fix it 
                        If (entry.Level < ACLLEVEL_MANAGER) Then 
                                Call db.GrantAccess(AdminName, ACLLEVEL_MANAGER) 
                                Print "Modified ACL entry in " + db.filename 
                                ModCount = ModCount + 1 
                        End If 
' UnComment the next two lines to write all skipped databases to the Notes Log 
'                Else 
'                        Print "ACL already set in " + db.filename + " - skipping" 
                End If 
PostError: 
                TotalCount = TotalCount + 1 
                Set db = directory.getnextdatabase 
        Wend 
        Print "Finished database scan." 
        Print "Databases checked: " + Str$(TotalCount) 
        Print "Databases skipped: " + Str$(SkipCount) 
        Print "ACLs updated: " + Str$(ModCount) 
        Exit Sub 
        
ErrorHandler: 
        Print "Can't modify " + db.filename 
        SkipCount = SkipCount + 1 
        Resume PostError 
End Sub 



Sub Initialize 
%REM 
************************************************************* 
**********  Set Anonymous Access in ACLs  ********** 
**********  V1.0 - 08/01/02                           ********** 
**********  by Phil Chapman                          ********** 
************************************************************* 

Sets Anonymous access to 'MaxAccess' 
(configurable), for all DBs on a server.  If Anonymous 
access not set, sets it to 'No access'. 

Sign this agent with the server's ID before using. 

Place this agent in a database on a server (e.g. names.nsf) 
and schedule it to run periodically to keep all databases 
protected, or run once and then disable to allow manual 
setting of ACLs for DBs allowing anonymous access. 
%END REM 
        
        Dim session As New Notessession 
        Dim directory As NotesDbDirectory 
        Dim db As NotesDatabase 
        Dim MaxAccess As Integer 
        Dim TotalCount As Integer 
        Dim ModCount As Integer 
        Dim SkipCount As Integer 
        Dim acl As NotesACL 
        Dim entry As NotesACLEntry 
        TotalCount = 0 
        ModCount = 0 
        SkipCount = 0 
        
        On Error Goto ErrorHandler 
        
        ' Set the maximum access level for Anonymous 
        MaxAccess = ACLLEVEL_AUTHOR 
        
        Print "Starting scan of all databases..." 
        Set Directory = New Notesdbdirectory("") 
        Set db=directory.getfirstdatabase(TEMPLATE_CANDIDATE) 
        ' Get the next database 
        While Not (db Is Nothing) 
                Call db.Open( "","") 
                Set acl = db.ACL 
                ' Get the Anonymous entry from the ACL 
                Set entry = acl.GetEntry("Anonymous") 
                ' If no Anonymous entry create one. 
                If (entry Is Nothing) Then 
                        Call db.GrantAccess("Anonymous", ACLLEVEL_NOACCESS) 
                        Print "Added ACL entry in " + db.filename 
                        ModCount = ModCount + 1 
                Else 
                ' If Anonymous access is enabled ensure it doesn't exceed MaxAccess 
                        If (entry.Level > MaxAccess) Then 
                                Call db.GrantAccess("Anonymous", MaxAccess) 
                                Print "Modified ACL entry in " + db.filename 
                                ModCount = ModCount + 1 
                        End If 
' UnComment the next two lines to write all skipped databases to the Notes Log 
'                Else 
'                        Print "ACL already set in " + db.filename + " - skipping" 
                End If 
PostError: 
                TotalCount = TotalCount + 1 
                Set db = directory.getnextdatabase 
        Wend 
        Print "Finished database scan." 
        Print "Databases checked: " + Str$(TotalCount) 
        Print "Databases skipped: " + Str$(SkipCount) 
        Print "ACLs updated: " + Str$(ModCount) 
        Exit Sub 
        
ErrorHandler: 
        Print "Can't modify " + db.filename 
        SkipCount = SkipCount + 1 
        Resume PostError 
End Sub

Rate this Tip
To rate tips, you must be a member of SearchDomino.com.
Register now to start rating these tips. Log in if you are already a member.




Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
ACL
Display Lotus Notes user group membership details in a tree view
Update the ACL from the Roles view with LotusScript
Controlling access to the Domino Directory with Extended ACL
Security expert offers Notes/Domino downloads
Seven tips to strengthen your Domino e-mail security
Meet the Extended ACL
How to remove "Enforce uniform/consistent access" flag even without access to the database!
Managing groups entries in ACL
Retrieve documents from Notes database, which are locked by Readers field
Changing an ACL on a non-NT platform

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Domino & Lotus Notes Security Solutions: Authentication, Antispam, Encryption and Antivirus
HomeTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersDomino IT Downloads
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 1999 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts