Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.
For more information and upcoming events around #dominoforever, please visit our Destination Domino Page
The HCL Notes tool below will generate a report to view all the apps in which the user has ACL access. However, there is an extra cost, but it is loaded with features you can use in the future...
ACL Dominator for Notes - Administration reporting and management security tool
• Report, manage, analyze, audit, export, update all Access Control Lists (ACLs) on an IBM Domino server
• Fix security holes, optimize servers, prepare for a message migration. Report on DB properties, mailbox preferences, user activity
• Reports include mailbox owner, delegation, out of office status, full-text index details, DAOS size, etc.
• Nested groups report - explore & expand groups. Mailbox Rules (send) report. Primary, alias and forwarding address report
You could use "Domino Explorer" from OpenNTF. It requires the ODA installed on your server to run, but it does exactly what you want: crawling all ACL entries and you can exam everything via a web interface. It's not a fiinal version though but it does the main job. You can also find empty or unused groups which sometimes is helpful to maintain. https://www.openntf.org/main.nsf/project.xsp?r=project/Domino%20Explorer
Customer email@example.com also requesting this feature
Of course this is not a bug... its a missing feature ;)
I have had this demand several times now (not very often). We implemented that ourselves with a small agent going recursively through all groups and databases.
But I would think that this should be an option for the cataloger - knowing that this will demand a lot of resources and run a long time.
This is not a bug - the catalog is supposed to display all ACL entries, but not supposed to resolve all members. in order to display this information, the catalog would have to reverse lookup all groups, nested groups, etc. and import it to the catalog.nsf. Especially for groups that are changed frequently, or groups that are not part of the Domino directory this would be an overhead