Here's the beanstalk I wanted the magic beans to grow into. I wanted a system to provide "managers" of some databases with the ability to modify the access list for a database. The challenge: these managers didn't have, and never would have, manager access to the database or permission to modify any group documents in the Domino directory. I wanted to let them add and delete people from the access list without my having to lift a finger. And, when they were done adding or deleting people from the access list, I wanted them to leave it neat and tidy (i.e. sorted alphabetically). I mean, if my cat is careful enough to leave everything orderly in the cat box after she's done, then the least I can expect from my LotusScript agent is to leave my group member lists nicely sorted as well.

I also wanted everything to work on a Domino 4.5 server or better, and be faster than you can say "Ho, ho, ho. Green Giant."

Selling the cow (giving up the old way of doing things)
The way I used to manage the access lists for databases might be a lot like the way you are doing it now. I would get a request via email from somebody who I recognized as having the authority to add a person to the access list of a group. After receiving the email, I would then have to find and open up the Domino directory, navigate to the appropriate group document, and then enter the person into the Members field of the group document, usually at the end. This was just unnecessary tedium for me. It left me with an unsorted group document, and no way to automate notification to the appropriate people that an access list has changed.

The core concept to get your mind around when reading this article is the fact that the easiest way to control access to a database and have users help you maintain those access lists is with groups. In this sample application, which I am calling simply an Access List Management System, access to the database is controlled via three groups: one for editors, one for authors, and one for readers. To maintain the access list, agents will allow specially selected users to add and delete people from each of these three groups.

Three magic beans…er, agents
On top of all of my other requirements, I wanted the Access List Management System to be easy to maintain and easy to add to existing databases. That's why I decided to use agents to dynamically generate Web pages, rather than using a combination of forms, views, and subforms. This way, not only don't I have to worry about maintaining all of these individual elements, I provide myself with a lot more flexibility that I would not have by using forms. What I ended up with were three LotusScript agents supported by a single script library. Here is a short overview of the three agents: