About this task

Access settings apply to existing documents at a selected target. If the selected target is a category of documents, access settings also apply to documents added to the category in the future.

An extended ACL cannot restrict the access of a user with Manager database access or an administrator who has Full Access administrators access to a server (controlled through the Server document in the Domino® Directory). An extended ACL also cannot prevent a user with Designer or Manager database access from modifying the directory design.

Note: For ease of reading, this topic uses the terms document, field, and form. If an extended ACL will control LDAP access, apply the LDAP-equivalent terms instead: entry, attribute, and object class.

The following tables show setting that control access to a document, or to a specific field within a document. When more than one type of document uses a particular field, you control access to the field separately for each type of document.

Table 1. Access control settings for documents

Access setting	Tasks allowed
Browse	Allows a user to access a document.
Create	Allows a user to create a document.
Delete	Allows a user to delete a document.

Table 2. Access control settings for a field within a document

Access setting	Tasks allowed
Read	Allows a user to read a field. The user must also have Browse access to the document.
Write	Allows a user to modify a field.

If you are controlling the access of Notes® and Web users, be aware of the following issues. These issues do not apply to access through other means, such as LDAP access or Notes application access, except where indicated.

• If you deny a Notes or Web user access to a field in a document, when the user opens the document, the document does not show the field and the text (TRUNCATED) shows in the tab of the document. In addition, the user is unable to edit the document, even if the user has write access to the fields in it.
• If you deny a Notes or Web user access to a field in a document that a view uses to sort the document, the name of the document is blank in the view. The user can still select the document to open it.
• To delete a document, a Notes or Web user must be able to see the document in a view. To see a document requires Browse access to the document.
• To create a document, a Notes or Web user or a Notes application must have Create access to the document as well as Write access to the fields to which the user/application will add values.

About this task

Grant Administer access to allow someone with Designer or Editor access in the database ACL to modify access settings at an extended ACL target. Someone with Manager access in the database ACL can modify an extended ACL without having Administer access. Grant Administer access to allow someone to manage access to documents under a target category without granting the person Manager access in the database ACL. A user with Editor or Designer access in the database ACL does not have the Administer access by default; you must grant the user that access explicitly. You grant someone Administer access to a target category and not to a specific document.

Note: You can give a Domino server Administer access to a selected target category. This access enables the server to be an extended administration server whose Administration Process manages documents within a selected target category.

Related concepts
Elements of an extended ACL
Extended ACL
Setting up and managing an extended ACL
Access levels in the ACL

Related tasks
How other database security features restrict extended ACL access settings
Precedence rules used to resolve access conflicts at a target
Using an extended administration server
Roles in the ACL

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Feedback on Help or Usability?

Help on Help