Create a Lotus Notes ACL analyzer using LotusScript

My company has a different area that handles any administration functionality related to Lotus Notes databases. As a developer, I don't have administration tools readily available. Often, I need to check a production database access control list (ACL) to make sure roles are set up correctly, see if groups and people have the correct permissions, etc.

When looking at an ACL in Lotus Notes, you can only view information for one ACL entry at a time. So I created a LotusScript agent that compiles all of the ACL info for a selected Lotus Notes database and displays it in a Microsoft Excel file with auto-filtered column headings. The report really helps analyze an ACL. You can filter on the different roles or attributes -- such as "Can delete documents."

Simply copy my code and paste it into a LotusScript agent that can be run from the action menu. Be sure to update the server variable -- strDirectoryServer, which holds the location of your Lotus Notes database directory. The code has more comments explaining what the LotusScript is actually doing.

MEMBER FEEDBACK TO THIS TIP

Why not use catalog.nsf? Using catalog.nsf, there is a document for every database on the server. The "Access Control List" tab in that document has all the ACL information you need.
—Goran L.

******************************************

Some companies limit access to view the ACL tab data in the catalog.nsf entries, so it is not always available to everyone.

This Microsoft Excel version has AutoFiltered column headings that allow you to view data in different ways. For example, you can show all members of a particular role -- or multiple roles. This is especially helpful when an ACL has a lot of entries and the roles span different access levels. It is interactive; you can display the data in different ways, find users in a particular role very quickly, etc. This is not possible in the ACL tab of catalog.nsf entries. Sometimes management may request a list of names with a particular set of roles and -- because of the filtering that Microsoft Excel provides -- it is much easier to run this agent and find those users.

You should note that ACL databases can grow large over time. Occasionally I will use this to determine if a groupname can be used in place of a bunch of individually added names. I can add notes to cells, highlight names, etc., and then save the file and continue to analyze it later.

It all depends on what your needs are. If you don't have large ACLs and don't need to do very much ACL analysis, then the ACL tab of catalog.nsf entries will work just fine. This agent just gives you a different way to view, sort, and filter ACL data for those who find it useful.
—Joe Steblay, tip author

******************************************

Could you please explain in detail where I should place this script, as well as how to execute it in QuickPlace or Admin Tool?
—Selvaraj S.

******************************************

For this example, I put the code into a LotusScript agent in a Lotus Notes database. You can create a new LotusScript agent, then just paste the code into the code window.

For example, create a LotusScript agent, select the Objects tab and then select the "Options" object from the info list. Then, paste the code into the script pane on the right side. The agent can be placed into any Lotus Notes database. It doesn't really matter which Lotus Notes database, because you will select the database that you want to run the analyzer on.

Sorry, unfortunately I am not familiar with QuickPlace or Admin Tool, but I hope this helps.
—Joe Steblay, tip author

Do you have comments on this tip? Let us know.

Related information from SearchDomino.com: