Create a Lotus Notes ACL analyzer using LotusScript
When looking at an access control list (ACL) in a Lotus Notes database, you can only view information for one ACL entry at a time. For easier analysis, this LotusScript code from SearchDomino.com member Joe Steblay compiles all ACL information for a selected Lotus Notes database in a Microsoft Excel spreadsheet with auto-filtered column headings.
My company has a different area that handles any administration functionality related to Lotus Notes databases. As a developer, I don't have administration tools readily available. Often, I need to check a production database access control list (ACL) to make sure roles are set up correctly, see if groups and people have the correct permissions, etc.



Download: IT Certifications 101
Inside this exclusive essential guide, our independent experts break down which IT certifications are worth your time and effort, and how to get started obtaining them to further your career— including specific certifications that any cloud or desktop pro should seriously consider.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
When looking at an ACL in Lotus Notes, you can only view information for one ACL entry at a time. So I created a LotusScript agent that compiles all of the ACL info for a selected Lotus Notes database and displays it in a Microsoft Excel file with auto-filtered column headings. The report really helps analyze an ACL. You can filter on the different roles or attributes -- such as "Can delete documents."
Simply copy my code and paste it into a LotusScript agent that can be run from the action menu. Be sure to update the server variable -- strDirectoryServer, which holds the location of your Lotus Notes database directory. The code has more comments explaining what the LotusScript is actually doing.
Why not use catalog.nsf? Using catalog.nsf, there is a document for every database on the server. The "Access Control List" tab in that document has all the ACL information you need.
Goran L.
******************************************
Some companies limit access to view the ACL tab data in the catalog.nsf entries, so it is not always available to everyone.
This Microsoft Excel version has AutoFiltered column headings that allow you to view data in different ways. For example, you can show all members of a particular role -- or multiple roles. This is especially helpful when an ACL has a lot of entries and the roles span different access levels. It is interactive; you can display the data in different ways, find users in a particular role very quickly, etc. This is not possible in the ACL tab of catalog.nsf entries. Sometimes management may request a list of names with a particular set of roles and -- because of the filtering that Microsoft Excel provides -- it is much easier to run this agent and find those users.
You should note that ACL databases can grow large over time. Occasionally I will use this to determine if a groupname can be used in place of a bunch of individually added names. I can add notes to cells, highlight names, etc., and then save the file and continue to analyze it later.
It all depends on what your needs are. If you don't have large ACLs and don't need to do very much ACL analysis, then the ACL tab of catalog.nsf entries will work just fine. This agent just gives you a different way to view, sort, and filter ACL data for those who find it useful.
Joe Steblay, tip author
******************************************
Could you please explain in detail where I should place this script, as well as how to execute it in QuickPlace or Admin Tool?
Selvaraj S.
******************************************
For this example, I put the code into a LotusScript agent in a Lotus Notes database. You can create a new LotusScript agent, then just paste the code into the code window.
For example, create a LotusScript agent, select the Objects tab and then select the "Options" object from the info list. Then, paste the code into the script pane on the right side. The agent can be placed into any Lotus Notes database. It doesn't really matter which Lotus Notes database, because you will select the database that you want to run the analyzer on.
Sorry, unfortunately I am not familiar with QuickPlace or Admin Tool, but I hope this helps.
Joe Steblay, tip author
Do you have comments on this tip? Let us know.
Related information from SearchDomino.com:
This tip was submitted to the SearchDomino.com tip library by member Joe Steblay. Please let others know how useful it is via the rating scale below. Do you have a useful Lotus Notes, Domino, Workplace or WebSphere tip or code snippet to share? Submit it to our monthly tip contest and you could win a prize.
Join the conversation
1 comment