Managing access rights with single option without modifying Database ACL setting.

Hi

Thank you for reply.

I don't think the Group access will work for individual user. if individual user account is already available in DB ACL with higher access.

The requirement is to not to Modify existing ACL settings and granting restricted access.

This can be implemented to Reader access and not more than that higher access.

There can be alternative to this requirement.

1) Instead providing centralize option, is it possible to give a option / Setting in DB ACL which will allow user to restrict access to all users / Group available in DB ACL with restricted access (reader) without changing ACL settings.
2) Additionally is it is possible to define DB names so this reader access will be applied to respective DB only. Whereas the DB ACL will not be changed.


The goal is for this requirement is to have a option with which the access can be restricted without changing ACL settings. so it will not be difficult for the Administrator to revert the Changes.

Hi

Thank you for reply.

I don't think the Group access will work for individual user. if individual user account is already available in DB ACL with higher access.

The requirement is to not to Modify ACL.

This can be implemented to Reader access and not more than that.

Additionally is it is possible to define DB names so this reader access will be applied to respective DB only. Whereas the DB ACL will not be changed.

Rejecting this idea because
1. you can do this today by adding the same group to all ACLs. Modifying the group members will immediatly grant access to all databases then
2. we have no plans to weaken the security model of Domino

But that's how Notes security works and I, and I suspect many others, wouldn't want this to be implemented. There would come a time when someone creates a DB with confidential information which is inadvertently shared.

Can you not use a group and add that group to all your databases?