To display a name's effective access in the access control list

The "effective access" a person, server, or a group has to documents in a database is not always apparent. For example, if there are two groups with different levels of access to documents, and someone is a member of both groups, you may wonder what access the person actually has.

About this task

With one click, you can determine a person's effective access to the documents.

Note: The Effective Access list on a local replica of a database may differ from the Effective Access list on a server replica. You my not have the same access to the IBM® Domino® Directory to read groups when working in local replicas.

Procedure

  1. Open the database that you want to check.
  2. Click File > Application > Access Control.
  3. Click Basics and then click the "Effective Access" button.
  4. Select the person, server, or group whose effective access you want to determine and then press Enter or click the "Calculate Access" button.
    • Access in the top left of the dialog box shows the selected name's effective database access as determined by the database ACL.
    • The checked boxes on the left side of the dialog box indicate the access rights for the selected name.
    • The "Groups" and "Roles" boxes on the right of the dialog box show all the individual and group name entries and roles that could potentially control the selected name's access to the documents in the database.
    • "Full Access Administrator" is checked if the person, server, or group has full administrator rights to the database. For example, if a person has this privilege, that person can delete the database even if he or she does not have Manager access to the database.

Results

Note: A user may still have access to a database by running an agent with the "Unrestricted with Full Access" privilege, even if his or her name is not listed in the database's ACL. This privilege exists, but is not reflected in Effective Access because this privilege bypasses the ACL and reader lists. For example, an administrator may want to run this type of agent on a database he or she does not have access to in order to update a full-text index on that database.