sdsdsd

Access Control List Close Tool

In Notes application migration projects we observe many Notes databases that are not used and need to be deleted or archived. For this purpose, the Access Control List Close Tool was built. It allows Domino administrators to change the Access Control List for regular users of many Notes databases to ‘Reader’ or ‘No Access’. While doing so the Domino admin and server group rights are not changed. The Notes databases for which the ACL change needs to be processed can be loaded from an XLS file. Reverting back the access can be done by pressing one button. Feel free to use the code of this tool in your Notes migration management databases at no charges.

DOWNLOAD SOFTWARE

Demo Movie

Instructions

When you archive Lotus Notes databases and want to deny changes or deny access to these databases afterwards, you can easily close these databases with the Access Control List Close Tool.

The Access Control List Close Tool provides 2 options:

  • Set access to ‘No Access’: this option will allow no-one (except for Administrators and white-listed users) to access the database.
  • Set access to ‘Read Only’: this option will allow read access to anyone, except for Administrators and white-listed users that will have Manager access.

You also have the option to revert the database of Access Control List, for instance when you closed a database that wasn’t supposed to be closed.

First, you import the databases you want to close. You can do this by letting the tool import all databases on the server, or by specifying databases in an Excel workbook. Each imported database is represented by a database document that contains basic information about the database, the status (Closed, Reverted or Skipped) and the logging.

Database information
Database title : Domain Catalog
Database path : catalog.nsf
Replica Id : C125730007669AE5
Status : Closed
Log:
——————–
INFO: Adjusting ACL of database on server App1e/Lialis
-Default- set to reader
CN=App2e/O=Lialis set to reader
$CPYAdministrators retained accesslevel manager
LocalDomainServers set to reader
LocalDomainCatalogServers set to reader
LocalDomainAdmins set to reader
=============
Adding user: CN=Administrator/O=Lialis

When the databases are imported, you can select the documents that you want to close and hit the corresponding action (‘Remove Access’ or ‘Make Read-Only’). For each selected database you will be asked if you want to continue with it or skip the database. The ‘Revert Changes’ action will undo the database closure by reverting the ACL to its original state.

 

Database Status

The Access Control List status of the database is displayed by an icon in the view:

 

  • You cannot close a database that has been closed already. If you want to close a database to ‘Read-Only’ that has been closed to ‘No Access’, you first need to revert the database Access Control List. If you try to close an already closed database, the log reads ‘Database already closed’.
  •  You can only revert databases with Closed status. If you try to revert a database with another status, the log reads ‘Unable to revert, database not closed’.

1. Configure

In the configuration you can:

  • Specify Access Control List entries that you want to add as Manager when you close the ACL of a database. Make sure to at least enter the ID of the user closing the database, and one or more Domino Administrator ID’s;
  • Specify the Access Control List entries that should remain intact when you close the ACL of a database.

 

 

You can, of course, enter multiple entries.

2. Create Excel workbook

If you have a list of specific databases that you want to close, you can do so by entering the file paths in an Excel workbook. You need to enter the data in a specified format as depicted below (The ‘Create Excel Workbook’ action creates an Excel workbook with some sample data).

 

 

You can just fill in (copy/paste) the file paths by using the format displayed in the Excel. Note that the database path is mandatory. Title and UniversalID (Replica ID) are optional.

 

 

3. Import Excel workbook

If you have created an Excel workbook with databases to be closed, you can import this file into the ‘Import Excel Workbook’ action. This will create database documents for each Excel entry. It is assumed that the database is located on the same server where the tool is installed.

4. Import all databases

If you want to close all databases on a server, you can use the ‘Import all databases’ action to import all databases from the current server.

 

 

5. Remove access

This action will set each Access Control List entry in the database to ‘No Access’, except for the entries mentioned in the Configuration.

For each database, the following dialog will be displayed. If you have selected many databases to be closed, and you don’t want this message to be displayed for each database, please select the ‘Suppress this dialog for other databases’ checkbox before clicking the ‘Yes’ button.

 

 

  • When you click the ‘Yes’ button, the database will be closed (no access), and the status of the document is set to ‘Closed’.
  • When you click the ‘No’ button, nothing will happen to the Access Control List of the database, and the status of the document is set to ‘Skipped’.

Logging example:

INFO: Adjusting ACL of database on server App1e/Lialis
-Default- set to no access
Anonymous set to no access
CN=Noel Hofman/O=Lialis set to no access
LocalDomainAdmins set to no access
LocalDomainServers set to no access
CN=Marten Vosmer/O=Lialis set to no access
=============
Adding user: CN=Administrator/O=Lialis

6. Make read-only

This works the same as the ‘Remove Access’ action, including the entries mentioned in the Configuration. The only difference is that each Access Control List setting is now set to Reader instead of ‘No Access’. ACL entries with access below Reader will not be updated. The same dialog box is displayed as in ‘Remove access’.

Logging example:

INFO: Adjusting ACL of database on server App1e/Lialis
-Default- set to reader
CN=App2e/O=Lialis set to reader
CN=Noel Hofman/O=Lialis set to reader
$CPYAdministrators retained accesslevel manager
LocalDomainServers set to reader
LocalDomainCatalogServers set to reader
LocalDomainAdmins set to reader
=============
Making user CN=Administrator/O=Lialis Manager

7. Revert changes

Before a database is closed, the actual Access Control List is saved in the tool. So if you have closed a database and you want to revert it to the old state, you can do so by clicking the ‘Revert changes’ action. Only closed databases can be reverted.

Users that were added from the Configuration during the database closure, remain in the Access Control List with manager access during the reversion.

Logging example:

Reverting database: Domain Catalog
Reverted -Default- to level author
Reverted OtherDomainServers to level reader
Reverted CN=App2e/O=Lialis to level manager
Reverted Anonymous to level no access
Ignored $CPYAdministrators
Reverted LocalDomainServers to level editor
Reverted LocalDomainCatalogServers to level editor
Reverted LocalDomainAdmins to level manager

8. TEST – Remove access

This action doesn’t close the database, but only logs. What would happen if you close this database? The logging starts with the text ‘TEST Run’.

Logging example:

TEST Run
INFO: Adjusting ACL of database on server App1e/Lialis
-Default- set to no access
Anonymous set to no access
CN=Noel Hofman/O=Lialis set to no access
LocalDomainAdmins set to no access
LocalDomainServers set to no access
CN=Marten Vosmer/O=Lialis set to no access

9. TEST – Make read-only

The same as described in ‘TEST – Remove access’

10. TEST – Revert changes

The same as described in ‘TEST – Remove access’

Error messages/warnings

 

Error Messages Cause
Unable to open this database The database does not exist on the server.
You are not a manager of this database Since you are not a manager, you cannot adjust the ACL (close or revert the database). Make sure that the ID you are using to log in, has Manager access to the database, or enable the Full Access Admin option in the Administration client.
Unable to revert, database not closed You can only revert databases that have been closed.
Database already closed You cannot close a database that is already closed, e.g. if you want to close a no-access database to read-only, you first need to revert the database to the original Access Control List.
Other Errors to the log with an error number. If you encounter such an error, please send us a mail with the error information. Errors may occur in the following situations:

  • When the Access Control List of a closed database is adjusted manually, and then reverted.

General warning

You have to be aware that documents of databases that were closed, should always remain in the tool. If you remove these documents, you will not be able to revert the Access Control List of these databases.