|
|
|
|
|
|
|
|
|
|
|
|
|
|
NOTES AND DOMINO SECURITY
Who's on your ACL?
By Dan Velasco
What I'm about to show you almost got me killed. After I showed it to our intranet manager, she pretended she was holding a double-barreled shotgun and said "BAM!" She told me she would shoot me down like a three-legged deer if I divulged to others at our company (not to mention the outside world!) the information that the agent I created reveals.
"What I'm about to show you almost got me killed."
|
But after careful negotiation, I discovered what she really meant was that she was forbidding me from sharing the information my agent retrieved from our Notes databases, not the method I used to obtain it (which is one long yet straightforward LotusScript agent and a single form to capture the data). So, to protect my life, I've changed all of the names I use in the screen shots and examples in this article.
I could show you, but then I'd have to kill you
Here is what the agent I developed reveals: it retrieves the ACL of the database of your choice and creates a report that lists everyone who has access to the database, even if they are buried inside a group listed in the ACL. It then formats all of it nicely on a Notes form so you can print it out and examine it over a cup of coffee. Of course, you might spit out that coffee if you find somebody on your access list that you don't think should be there.
The information contained on the ACL Information Form is nothing that somebody couldn't gather themselves if they patiently went through all of the entries in the ACL and noted the access level of each entry, sorting them into one of the seven levels as they went along. Of course, they would then have to go to the Public Name and Address Book separately and manually look up all of the group names and note the members of each. I've gotten incredibly bored just writing about how you would do such a thing, and I can only imagine how boring it would be to actually do it.
Relax. You don't have to put on your Amish work clothes and do any of this by hand. I've already done it for you. You can get a copy of a sample database containing the ACL Information Retrieval agent as well as the ACL Information Form from http://dan.velasco.com. You can also find an online listing of all of the code there as well.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-- Advertisement --
Learn Notes and Domino 8 at your place and pace!
Learn Notes and Domino in your office and/or home! TLCC's highly acclaimed distance learning courses for users, developers, and admins will enhance your career and your resume.
The many included activities and demos will make you a pro! Expert instructor help is a click away.
Click here to try a FREE demo course!! |
-- Advertisement --
Want The Top Lotus Experts By Your Side Without Paying Hefty Consulting Fees? Look No Further.
Like having a team of consultants by your side -- ones who have all the answers and never make mistakes -- THE VIEW gives you immediate access to field-tested instruction, guidance, and best practices from the brightest Lotus professionals around.
Join your peers who realize their Lotus technology is too important to let people from blogs and forums tell them how they should implement it, run it, and use it. THE VIEW is where only the world's top Lotus experts provide validated support to you on a weekly basis to ensure you work more efficiently, get more out of your Lotus technology, and stay clear of costly mistakes.
Check out the new instruction, tips, and best practices added to THE VIEW this week. |
|
|
|
|
|
|
|
|
|
|
