Change Default or Web Anonymous Access (ACL) in Multiple DBs

Author: Tripp W Black

Created: 09/11/2000 at 05:59 PM


Notes Developer Tips

Default access

This tip comes to us by way of THE VIEW ( It
was submitted by Brent Challis, VIEW author and Senior
Technical Instructor, Com Tech Education Services,
Australia. It describes a way of granting access, should
you desire to, to Web clients other than Notes clients.

I opened up a server to web clients and while the default
access I had set up was fine for notes clients it wasn't
for the anonymous access I needed to leave for the web
users. Here is code that runs through databases adding an
entry to the ACL and giving it the same access as the
default allocation.

The code sets all databases to which Manager access is
available with an entry that duplicates the -Default-
access. It can also set the -Default- access to 'No
Access' if desired. The rationale for this is that in the
initial roll out of Domino the default levels work well,
however when you open the server up to web clients the
level of access to unauthenticated users can create a
security breach. The other scenario was one where a client
employed a group of contractors who needed an id on the
system, but who were not really part of the company in the
sense that the default access to the databases was


Sub Click(Source As Button)
' This code processes all the databases that the server knows about. It places an entity on the ACL and
assigns it the
' same access rights as Default. If the entity name already exists on the ACL the database is skipped.
' This code has been designed to provide for the opening of the server to web clients where it is
desirable to lock
' out the anonymous user from having the same access as has been assigned to default. The code can
be made to change the default access to
' No Access by uncommenting one line.

' create Notes objects
Dim session As New NotesSession
Dim db As NotesDatabase
Set db = session.CurrentDatabase
Dim ws As New NotesUIWorkspace
Dim directory As New NotesDBDirectory(db.server)
Dim ACL As NotesACL
Dim MimicACLEntry As NotesACLEntry
Dim DefaultACLEntry As NotesACLEntry
Dim LoggedInUserName As NotesName

' create primitive data type variables
Dim ErrorFlag As Integer ' Used to determine if there was a problem accessing a database as a result of
No Access for the id running the code
Dim defaultmimic As String ' The name of the entity for the ACL to be a mimic of the -Default- entry
Dim InitialDefaultMimicName As String ' A suggested value for the defaultmimic which will be based
on the organisation component of the id running the code
Dim DatabasesProcessed As Integer ' a running counter used to indicate that progress is being made
Dim DatabasesSkippedEntryExists As Integer ' a running count of how many databases already have
the entry in the ACL
Dim DatabasesSkippedNotManager As Integer ' a running count of how many databases were skipped
as no Manager access

' Get the full name of the id runnung the code and base the suggested defaultmimic on the organisation
Set LoggedInUserName = New NotesName(session.EffectiveUserName)
InitialDefaultMimicName = "*/" + LoggedInUserName.Organization

' get the name of the entity to be used to mimic the default access
defaultmimic = Inputbox("What entity name do you want to use to mimic the default entry?","Set
Mimic Entry",InitialDefaultMimicName)

' Set up error handling so that problems are simply skipped over
On Error Goto ErrorHandler
' Set up error handling to detect that there was no access to the database and process accordingly
On Error 4060 Goto NoDBAccess

DatabasesProcessed = 0
DatabasesSkippedEntryExists = 0
DatabasesSkippedNotManager = 0

Set db = directory.GetFirstDatabase(DATABASE)
Do Until db Is Nothing
ErrorFlag = False
If Not ErrorFlag Then
' Check to see if manager access so the ACL can be changed
If db.CurrentAccessLevel = 6 Then
DatabasesProcessed = DatabasesProcessed + 1
Set ACL = db.ACL
Set DefaultACLEntry = ACL.GetEntry("-Default-")
Set MimicACLEntry = ACL.GetEntry(defaultmimic)
If MimicACLEntry Is Nothing Then
' if the entry does not exist add it and make it the same as -Default-, otherwise skip
Set MimicACLEntry = New NotesACLEntry ( ACL,
defaultmimic, DefaultACLEntry.Level )

' set all paramters of ACL

' Release 4 Settings
MimicACLEntry.CanCreateDocuments =
MimicACLEntry.CanCreatePersonalAgent =
MimicACLEntry.CanCreatePersonalFolder =
MimicACLEntry.CanDeleteDocuments =
MimicACLEntry.IsPublicReader =
MimicACLEntry.IsPublicWriter =

' Release 5 Settings
MimicACLEntry.CanCreateLSOrJavaAgent =
MimicACLEntry.CanCreateSharedFolder =
MimicACLEntry.IsAdminReaderAuthor =
MimicACLEntry.IsAdminServer =
MimicACLEntry.IsGroup = DefaultACLEntry.IsGroup
MimicACLEntry.IsPerson = DefaultACLEntry.IsPerson
MimicACLEntry.IsServer = DefaultACLEntry.IsServer

' set roles
Forall AccessRole In ACL.Roles
If DefaultACLEntry.IsRoleEnabled(AccessRole) Then

End If
End Forall

'//// WARNING: Changing the following line inadvertently can have drastic repercussions.
'//// The global changes can be done with the Admin client
' DefaultACLEntry.Level = 0 ' If this line is uncommented then the -Default- access will
be set to 'No Access''


' Save the changes
Call ACL.Save
DatabasesSkippedEntryExists =
DatabasesSkippedEntryExists + 1
End If
DatabasesSkippedNotManager = DatabasesSkippedNotManager + 1
End If
End If
Print db.Title
Set db = directory.GetNextDatabase
Print "Finished, processed " + Cstr(DatabasesProcessed) + ", skipped " +
Cstr(DatabasesSkippedEntryExists) + _
" Entry Exists, " + Cstr(DatabasesSkippedNotManager) + " not manager"
Exit Sub

ErrorFlag = True
Resume Next
Resume Next
End Sub

previous page