Create a Lotus Notes ACL analyzer using LotusScript

When looking at an access control list (ACL) in a Lotus Notes database, you can only view information for one ACL entry at a time. For easier analysis, this LotusScript code from SearchDomino.com member Joe Steblay compiles all ACL information for a selected Lotus Notes database in a Microsoft Excel spreadsheet with auto-filtered column headings.

VIEW MEMBER FEEDACK TO THIS TIP

My company has a different area that handles any administration functionality related to Lotus Notes databases. As a developer, I don't have administration tools readily available. Often, I need to check a production database access control list (ACL) to make sure roles are set up correctly, see if groups and people have the correct permissions, etc.

When looking at an ACL in Lotus Notes, you can only view information for one ACL entry at a time. So I created a LotusScript agent that compiles all of the ACL info for a selected Lotus Notes database and displays it in a Microsoft Excel file with auto-filtered column headings. The report really helps analyze an ACL. You can filter on the different roles or attributes -- such as "Can delete documents."

Simply copy my code and paste it into a LotusScript agent that can be run from the action menu. Be sure to update the server variable -- strDirectoryServer, which holds the location of your Lotus Notes database directory. The code has more comments explaining what the LotusScript is actually doing.

MEMBER FEEDBACK TO THIS TIP

Why not use catalog.nsf? Using catalog.nsf, there is a document for every database on the server. The "Access Control List" tab in that document has all the ACL information you need.
—Goran L.

******************************************

Some companies limit access to view the ACL tab data in the catalog.nsf entries, so it is not always available to everyone.

This Microsoft Excel version has AutoFiltered column headings that allow you to view data in different ways. For example, you can show all members of a particular role -- or multiple roles. This is especially helpful when an ACL has a lot of entries and the roles span different access levels. It is interactive; you can display the data in different ways, find users in a particular role very quickly, etc. This is not possible in the ACL tab of catalog.nsf entries. Sometimes management may request a list of names with a particular set of roles and -- because of the filtering that Microsoft Excel provides -- it is much easier to run this agent and find those users.

You should note that ACL databases can grow large over time. Occasionally I will use this to determine if a groupname can be used in place of a bunch of individually added names. I can add notes to cells, highlight names, etc., and then save the file and continue to analyze it later.

It all depends on what your needs are. If you don't have large ACLs and don't need to do very much ACL analysis, then the ACL tab of catalog.nsf entries will work just fine. This agent just gives you a different way to view, sort, and filter ACL data for those who find it useful.
—Joe Steblay, tip author

******************************************

Could you please explain in detail where I should place this script, as well as how to execute it in QuickPlace or Admin Tool?
—Selvaraj S.

******************************************

For this example, I put the code into a LotusScript agent in a Lotus Notes database. You can create a new LotusScript agent, then just paste the code into the code window.

For example, create a LotusScript agent, select the Objects tab and then select the "Options" object from the info list. Then, paste the code into the script pane on the right side. The agent can be placed into any Lotus Notes database. It doesn't really matter which Lotus Notes database, because you will select the database that you want to run the analyzer on.

Sorry, unfortunately I am not familiar with QuickPlace or Admin Tool, but I hope this helps.
—Joe Steblay, tip author

Do you have comments on this tip? Let us know.

Related information from SearchDomino.com:

  • Tip: Meet the Extended ACL
  • Tip: Controlling Domino administration with Extended ACL
  • Tip: Creating ACL spreadsheets with Microsoft Excel
  • Learning Center: ACL administration tips
  • Learning Guide: LotusScript development
  • FAQ: LotusScript advice
  • Reference Center: LotusScript tips and resources

    This tip was submitted to the SearchDomino.com tip library by member Joe Steblay. Please let others know how useful it is via the rating scale below. Do you have a useful Lotus Notes, Domino, Workplace or WebSphere tip or code snippet to share? Submit it to our monthly tip contest and you could win a prize.

  • This was first published in October 2006

    Dig deeper on LotusScript

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchWinIT

    Search400

    • iSeries tutorials

      Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

    • V6R1 upgrade planning checklist

      When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

    • Connecting multiple iSeries systems through DDM

      Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

    SearchEnterpriseLinux

    SearchVirtualDataCentre.co.UK

    Close