Bulk ACL fixer

These two LotusScript agents address two important issues regarding ACL management on servers.

These two LotusScript agents address a couple of important issues regarding ACL management on servers:

The first will grant Manager access to the Admin group or user in every database ACL on a given server.

The second sets maximum Anonymous access in every database ACL to a level you can specify. Databases with no Anonymous ACL entry will get one added, with 'No access' privilege. The sample agent below sets a maximum of 'Author'; if you want a lower level, then modify the indicated line.

The results of each agent execution are written to the Notes Log. Further details are in the code itself.


Sub Initialize 
%REM 
****************************************************** 
**********  Set Admin Access in ACLs  ********** 
**********  V1.0 - 08/01/02                  ********** 
**********  by Phil Chapman                 ********** 
****************************************************** 

Gives Manager access to the user or group whose 
name is stored in 'AdminName' for DBs on a server. 

Sign this agent with the server's ID before using. 

Place this agent in a database on a server (e.g. names.nsf) 
and schedule it to run periodically to keep all databases 
updated, or run once and then disable to allow manual 
setting of ACLs for DBs requiring restricted access. 
%END REM 
        
        Dim session As New Notessession 
        Dim directory As NotesDbDirectory 
        Dim db As NotesDatabase 
        Dim TotalCount As Integer 
        Dim ModCount As Integer 
        Dim SkipCount As Integer 
        Dim acl As NotesACL 
        Dim entry As NotesACLEntry 
        Dim AdminName As String 
        TotalCount = 0 
        ModCount = 0 
        SkipCount = 0 
        
        On Error Goto ErrorHandler 
        
        ' Set the name of your admin user or group here: 
        AdminName = "_Administrators" 
        
        Print "Starting scan of all databases..." 
        Set Directory = New Notesdbdirectory("") 
        Set db=directory.getfirstdatabase(TEMPLATE_CANDIDATE) 
        ' Get the next database 
        While Not (db Is Nothing) 
                Call db.Open( "","") 
                Set acl = db.ACL 
                ' Get the Admin entry from the ACL 
                Set entry = acl.GetEntry(AdminName) 
                ' If no Admin entry create one. 
                If (entry Is Nothing) Then 
                        Call db.GrantAccess(AdminName, ACLLEVEL_MANAGER) 
                        Print "Added ACL entry in " + db.filename 
                        ModCount = ModCount + 1 
                Else 
                ' If Admin access is lower than Manager fix it 
                        If (entry.Level < ACLLEVEL_MANAGER) Then 
                                Call db.GrantAccess(AdminName, ACLLEVEL_MANAGER) 
                                Print "Modified ACL entry in " + db.filename 
                                ModCount = ModCount + 1 
                        End If 
' UnComment the next two lines to write all skipped databases to the Notes Log 
'                Else 
'                        Print "ACL already set in " + db.filename + " - skipping" 
                End If 
PostError: 
                TotalCount = TotalCount + 1 
                Set db = directory.getnextdatabase 
        Wend 
        Print "Finished database scan." 
        Print "Databases checked: " + Str$(TotalCount) 
        Print "Databases skipped: " + Str$(SkipCount) 
        Print "ACLs updated: " + Str$(ModCount) 
        Exit Sub 
        
ErrorHandler: 
        Print "Can't modify " + db.filename 
        SkipCount = SkipCount + 1 
        Resume PostError 
End Sub 



Sub Initialize 
%REM 
************************************************************* 
**********  Set Anonymous Access in ACLs  ********** 
**********  V1.0 - 08/01/02                           ********** 
**********  by Phil Chapman                          ********** 
************************************************************* 

Sets Anonymous access to 'MaxAccess' 
(configurable), for all DBs on a server.  If Anonymous 
access not set, sets it to 'No access'. 

Sign this agent with the server's ID before using. 

Place this agent in a database on a server (e.g. names.nsf) 
and schedule it to run periodically to keep all databases 
protected, or run once and then disable to allow manual 
setting of ACLs for DBs allowing anonymous access. 
%END REM 
        
        Dim session As New Notessession 
        Dim directory As NotesDbDirectory 
        Dim db As NotesDatabase 
        Dim MaxAccess As Integer 
        Dim TotalCount As Integer 
        Dim ModCount As Integer 
        Dim SkipCount As Integer 
        Dim acl As NotesACL 
        Dim entry As NotesACLEntry 
        TotalCount = 0 
        ModCount = 0 
        SkipCount = 0 
        
        On Error Goto ErrorHandler 
        
        ' Set the maximum access level for Anonymous 
        MaxAccess = ACLLEVEL_AUTHOR 
        
        Print "Starting scan of all databases..." 
        Set Directory = New Notesdbdirectory("") 
        Set db=directory.getfirstdatabase(TEMPLATE_CANDIDATE) 
        ' Get the next database 
        While Not (db Is Nothing) 
                Call db.Open( "","") 
                Set acl = db.ACL 
                ' Get the Anonymous entry from the ACL 
                Set entry = acl.GetEntry("Anonymous") 
                ' If no Anonymous entry create one. 
                If (entry Is Nothing) Then 
                        Call db.GrantAccess("Anonymous", ACLLEVEL_NOACCESS) 
                        Print "Added ACL entry in " + db.filename 
                        ModCount = ModCount + 1 
                Else 
                ' If Anonymous access is enabled ensure it doesn't exceed MaxAccess 
                        If (entry.Level > MaxAccess) Then 
                                Call db.GrantAccess("Anonymous", MaxAccess) 
                                Print "Modified ACL entry in " + db.filename 
                                ModCount = ModCount + 1 
                        End If 
' UnComment the next two lines to write all skipped databases to the Notes Log 
'                Else 
'                        Print "ACL already set in " + db.filename + " - skipping" 
                End If 
PostError: 
                TotalCount = TotalCount + 1 
                Set db = directory.getnextdatabase 
        Wend 
        Print "Finished database scan." 
        Print "Databases checked: " + Str$(TotalCount) 
        Print "Databases skipped: " + Str$(SkipCount) 
        Print "ACLs updated: " + Str$(ModCount) 
        Exit Sub 
        
ErrorHandler: 
        Print "Can't modify " + db.filename 
        SkipCount = SkipCount + 1 
        Resume PostError 
End Sub 
This was first published in February 2002

Dig deeper on Lotus Notes Domino Administration Tools

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchWinIT

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchEnterpriseLinux

SearchVirtualDataCentre.co.UK

Close