SECURING


Default ACL entries
The default access control list includes a set of default entries.

A new database, by default, includes these entries in the ACL:


Of the default ACL entries, the database creator's user name is the only entry that is automatically defined as a Person in the ACL.

The -Default- entry is the only entry that is specific to a database, and not related to an entry in the Domino® Directory. For example, LocalDomainServers is created automatically in the Domino Directory, and added to the ACL when a database is created. -Default- is created as an ACL entry only when the database is created.

-Default-

Users and servers receive the access assigned to the -Default- entry if they have not specifically been assigned another access level, either individually or as a member of a group, or from a wildcard entry. In addition, if the database ACL does not contain an entry for Anonymous, then users accessing the database anonymously get the -Default- level of access. The default access for -Default- depends on the design of the database template and varies among the different templates.

The access level you assign to the -Default- entry depends on how secure you want the database to be. Select No Access if you want a database available to a limited number of users. Select Author or Reader access to make a database available for general use. The -Default- entry should have a user type of "Unspecified".

You cannot delete the -Default- entry from an ACL.

Database creator user name

The database creator user name is the hierarchical user name of the person who created the database. The default access for the user who creates the database is Manager. Typically, this person retains Manager access or is granted Designer access to the database.

LocalDomainServers

The LocalDomainServers group lists the servers in the same domain as the server on which the database is stored, and is provided by default with every Domino Directory. When you create a new database, the default access for LocalDomainServers is Manager. The group should have at least Designer access to allow replication of database design changes across the domain. The LocalDomainServers group is typically given higher access than the OtherDomainServers group.

OtherDomainServers

The OtherDomainServers group lists the servers outside the domain of the server on which the database is stored, and is provided by default with every Domino Directory. When you create a new database, the default access for OtherDomainServers is No Access.

Related concepts
Setting up a database ACL for server-to-server replication

Related tasks
Configuring a database ACL
Creating and modifying groups

Related reference
Acceptable entries in the ACL