Create a Lotus Notes ACL analyzer using LotusScript


My company has a different area that handles any administration functionality related to Lotus Notes databases. As a developer, I don't have administration tools readily available. Often, I need to check a production database access control list (ACL) to make sure roles are set up correctly, see if groups and people have the correct permissions, etc.

When looking at an ACL in Lotus Notes, you can only view information for one ACL entry at a time. So I created a LotusScript agent that compiles all of the ACL info for a selected Lotus Notes database and displays it in a Microsoft Excel file with auto-filtered column headings. The report really helps analyze an ACL. You can filter on the different roles or attributes -- such as "Can delete documents."

Simply copy my code and paste it into a LotusScript agent that can be run from the action menu. Be sure to update the server variable -- strDirectoryServer, which holds the location of your Lotus Notes database directory. The code has more comments explaining what the LotusScript is actually doing.


Why not use catalog.nsf? Using catalog.nsf, there is a document for every database on the server. The "Access Control List" tab in that document has all the ACL information you need.
—Goran L.


Some companies limit access to view the ACL tab data in the catalog.nsf entries, so it is not always available to everyone.

This Microsoft Excel version has AutoFiltered column headings that allow you to view data in different ways. For example, you can show all members of a particular role -- or multiple roles. This is especially helpful when an ACL has a lot of entries and the roles span different access levels. It is interactive; you can display the data in different ways, find users in a particular role very quickly, etc. This is not possible in the ACL tab of catalog.nsf entries. Sometimes management may request a list of names with a particular set of roles and -- because of the filtering that Microsoft Excel provides -- it is much easier to run this agent and find those users.

You should note that ACL databases can grow large over time. Occasionally I will use this to determine if a groupname can be used in place of a bunch of individually added names. I can add notes to cells, highlight names, etc., and then save the file and continue to analyze it later.

It all depends on what your needs are. If you don't have large ACLs and don't need to do very much ACL analysis, then the ACL tab of catalog.nsf entries will work just fine. This agent just gives you a different way to view, sort, and filter ACL data for those who find it useful.
—Joe Steblay, tip author


Could you please explain in detail where I should place this script, as well as how to execute it in QuickPlace or Admin Tool?
—Selvaraj S.


For this example, I put the code into a LotusScript agent in a Lotus Notes database. You can create a new LotusScript agent, then just paste the code into the code window.

For example, create a LotusScript agent, select the Objects tab and then select the "Options" object from the info list. Then, paste the code into the script pane on the right side. The agent can be placed into any Lotus Notes database. It doesn't really matter which Lotus Notes database, because you will select the database that you want to run the analyzer on.

Sorry, unfortunately I am not familiar with QuickPlace or Admin Tool, but I hope this helps.
—Joe Steblay, tip author

Do you have comments on this tip? Let us know.

Related information from SearchDomino.com:

  • Tip: Meet the Extended ACL
  • Tip: Controlling Domino administration with Extended ACL
  • Tip: Creating ACL spreadsheets with Microsoft Excel
  • Learning Center: ACL administration tips
  • Learning Guide: LotusScript development
  • FAQ: LotusScript advice
  • Reference Center: LotusScript tips and resources

    This tip was submitted to the SearchDomino.com tip library by member Joe Steblay. Please let others know how useful it is via the rating scale below. Do you have a useful Lotus Notes, Domino, Workplace or WebSphere tip or code snippet to share? Submit it to our monthly tip contest and you could win a prize.

    This was first published in October 2006

  • There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.