An extended access control list (ACL) is an optional directory access-control feature available for a directory created from the PUBNAMES.NTF template -- a Domino® Directory or an extended directory catalog. An extended ACL is tied to the database ACL, and you access it through the Access Control List dialog box using a Notes® or Domino Administrator client.

You use an extended ACL to apply restrictions to the overall access the database ACL allows a user -- you cannot use it to increase the access the database ACL allows. Use an extended ACL to set access to:

• All documents with hierarchical names at a particular location in the directory name hierarchy, -- for example, all documents whose names end in OU=West/O=Renovations.
• All documents of a specific type, -- for example all Person documents
• A specific field within a specific type of document
• A specific document

• Delegate your Domino administration, for example, allow a group of administrators to manage only documents named under a particular organizational unit.
• Set access to precise portions of the directory contents.
• Set access to documents and fields easily and globally at one source, rather than requiring you to control access through features such as multiple Readers and Authors fields.
• Control the access of users who access the directory through any supported protocol: Notes (NRPC), Web (HTTP), LDAP, POP3, and IMAP.
• Limit access to Internet passwords stored in the Domino Directory to protect against attacks by malicious sources trying to guess passwords.

Note: Server processes such as the Router task do not enforce extended ACL restrictions. However, in the case of the Router task specifically, you can prevent some users from sending mail to a group by editing the Readers field for the group and including only the names of users you want to allow to send mail to the group. When users omitted from the Readers field attempt to send mail to the group, the Router will not deliver the mail.

Related concepts
Elements of an extended ACL
Extended ACL guidelines
Enabling extended access
Setting up and managing an extended ACL

Related tasks
Securing Internet passwords
Restricting users from sending mail to groups in the Domino Directory
Using an extended administration server
Setting overall access levels in the Domino Directory ACL
Configuring a database ACL
Extended ACL examples

Help on Help

All Help Contents

Help on Help