Execution Security Alerts (ESAs) occur when a user has not authorized an action for a particular signature in their Execution Control List (ECL). This was supposed to be a security feature, causing users to pause and consider if a certain signature should have access to take a certain action, and then clicking "trust signer" for that action. Unfortunately, it can become a support nightmare when a new signature is introduced, such as when a new server, developer or third-party application is deployed.
Lotus provided a way to push an initial ECL to clients via the administration ECL (admin client, people and groups, actions menu, edit administration ECL). This works great for installs, but when a new signature is deployed, existing clients aren't updated.
To update existing client ECLs, provide the following code. You can put it in a button which is emailed to users, store it in a database, or (our choice) place it in the postopen of the database script in the mail template.
*The code below assumes a local replica of the PAB with filename "srvnames.nsf" for remote users. Replace with the filename you use, or with "" to take no action when on local.*
server := @Name([CN]; @Subset (@DbName; 1)); @If(@Implode(server)=""; @RefreshECL("":"srvnames.nsf";""); @RefreshECL("Milo/Arnold Industries": "names.nsf";"")); @Command([ToolsRunMacro];" (check mail quota)")
This tip talks about remote users, but does not mention server-based users. The @RefreshECL function can take parameters for server and file name. The example in this tip is for local users, but remote users in R5 and D6 don't usually have complete replicas of the Domino Directory. They have lightweight versions called Directory Catalogs, which don't contain the admin ECL. So it would be better to have one button sending everyone to the server version of the admin ECL, and simply tell your remote users to be connected to the network when they press the button.
Do you have comments of your own? Let us know.