Manage Learn to apply best practices and optimize your operations.

Eliminate execution security alerts

How to eliminate Execution Security Alerts (ESAs), which occur when a user has not authorized an action for a particular signature in their Execution Control List (ECL).

View expert feedback to this tip.

Execution Security Alerts (ESAs) occur when a user has not authorized an action for a particular signature in their Execution Control List (ECL). This was supposed to be a security feature, causing users to pause and consider if a certain signature should have access to take a certain action, and then clicking "trust signer" for that action. Unfortunately, it can become a support nightmare when a new signature is introduced, such as when a new server, developer or third-party application is deployed.

Lotus provided a way to push an initial ECL to clients via the administration ECL (admin client, people and groups, actions menu, edit administration ECL). This works great for installs, but when a new signature is deployed, existing clients aren't updated.
To update existing client ECLs, provide the following code. You can put it in a button which is emailed to users, store it in a database, or (our choice) place it in the postopen of the database script in the mail template.

*The code below assumes a local replica of the PAB with filename "srvnames.nsf" for remote users. Replace with the filename you use, or with "" to take no action when on local.*

server := @Name([CN]; @Subset
(@DbName; 1));
@If(@Implode(server)=""; 
@RefreshECL("":"srvnames.nsf";"");
@RefreshECL("Milo/Arnold Industries":
"names.nsf";""));
@Command([ToolsRunMacro];"
(check mail quota)")


EXPERT FEEDBACK TO THIS TIP

This tip talks about remote users, but does not mention server-based users. The @RefreshECL function can take parameters for server and file name. The example in this tip is for local users, but remote users in R5 and D6 don't usually have complete replicas of the Domino Directory. They have lightweight versions called Directory Catalogs, which don't contain the admin ECL. So it would be better to have one button sending everyone to the server version of the admin ECL, and simply tell your remote users to be connected to the network when they press the button.


Do you have comments of your own? Let us know.

This was last published in July 2003

Dig Deeper on Lotus Notes Domino Access, Permissions and Authentication

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchWindowsServer

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchDataCenter

SearchExchange

SearchContentManagement

Close