SECURING
About this task
User types provide additional security for a database. For example, assigning the Person user type to a name other than unspecified prevents an unauthorized user from creating a Group document with the same person name, adding his or her name to the group, and then accessing the database through the group name.
Designating a name as a Server or Server Group prevents a user from using the server ID at a workstation to access a database on the server. Be aware, though, that designating a name as a Server or Server Group is not a foolproof security method. It is possible for a user to create an add-in program that acts like a server and uses a server ID to access the server database from a workstation.
Instead of assigning a user type to each name, you can automatically assign a user type to all unassigned names in the ACL. The user type assigned to each name is determined by the Domino® Directory entry for that name. Using this method, a group is always designated as Mixed Group, and not as a Person Group or a Server Group. To assign a Person Group or a Server Group to a name, you must select the name and manually assign that user type.
You can assign user types to entries in multiple database ACLs, or you can have the server automatically assign user types to unspecified entries in a single database ACL.
To automatically assign user types to ACL entries
Use this method when you have just added a large number of entries to a database ACL.
Procedure
1. Make sure that you have Manager access in the database ACL.
2. From the Domino Administrator Server pane, select the server that stores the databases.
3. Click Files, and select a database from the Domino data directory.
4. Click Tools -> Database -> Manage ACL.
5. Click Advanced.
6. On the Advanced panel of the ACL dialog, click Lookup User Types for 'Unspecified' Users.
Results
The server uses the Domino Directory to look up each entry in the ACL and assign a user type of Person, Server, or Mixed Group. If it cannot find a match in the Directory, then the entry in the ACL will remain as unspecified.
Related concepts Access levels in the ACL Access level privileges in the ACL Setting up a database ACL for server-to-server replication
Related tasks Editing entries in multiple ACLs Configuring a database ACL Roles in the ACL