ACL inconsistencies giving you headaches? Here’s how to find and fix missing ACL entries on a Domino server using aclEZ
Domino security is something of a mosaic, built upon, among other things, the many individual entries found in all the Notes database ACLs on a server. This system works great—it’s extremely flexible and it gives admins the control they need to make their servers impregnable fortresses. But there is one problem associated with this approach to security–things can get unmanageably complex over time. Before you know it, the total quantity of ACL entries for all the databases on a server can easily grow to number in the thousands.
Moreover, it’s impossible to get a bird’s-eye-view of this ACL security mesh with the native Domino toolkit. But if you use Ytria aclEZ, it includes a grid that gives you a spreadsheet-like view of all the ACL entries (and their attributes) for all the databases on a server. This grid makes it very easy to quickly check an entire server’s ACL security makeup.
A very practical application of this functionality would be to use aclEZ to find out if an important ACL entry (e.g. the Administrators group) that should be used server-wide is missing in any databases. If you do find an important ACL entry is not present where it ought to be, aclEZ also lets you copy-and-paste entries to fill in the ‘holes.’
Here’s how it works:
1) Launch aclEZ and choose the Domino server you’d like to look at.
2) Go to the Database panel and choose which databases you’d like to look at (or tick the top-level checkbox to select them all). You will also need to click the ‘Apply‘ button if you have the ‘Read databases only after ‘Apply’ button is clicked‘ option enabled.
3) As soon as the databases are loaded, the ACL Entries panel should be populated. Each line in the grid represents an ACL entry.
Now select an ACL entry from this panel (we’ll use the OtherDomainServers group for this example); right-click it and choose Copy Selected ACL Entries to… from the resulting contextual menu.
4) The Copy Elements dialog should be open. Now to quickly determine which databases have the selected ACL entry, simply drag the Presence column header to the ‘grouping areas’ as shown the images below:
5) Next you’ll want to expand the ‘Presence : Unchecked’ grouping by clicking the [+] icon. All of these databases where ‘Presence is unchecked’ are missing the selected ACL entry. If you’d like them to have this entry, simply tick the checkboxes under the Copy To column then click OK.
6) At this point we’ve already made the changes to the ACL grid but if you want to modification to go ‘live’ just choose Apply Changes in aclEZ’s File menu or click Ctrl + S. That’s it—the ACL entry is now available for all the databases on our server.