Click here to jump to Nash!Com Solutions Homepage - Click here to request a test version.
ACL Administration
Version: 1.1c
Shortname: nshacl
Category: Command-Line Tool
Nash!Com ACL Administration a command line tool for modifying ACL and other security settings of databases.
This program can be used on clients or servers (server console).
- add or modify ACL entries
- copy complete ACL of a database
- set Maximum Internet Access
- modify Uniform Access settings
- Admin Modify Read/Writer files enable/disable
- enable all roles for database managers
* | NshACL 1.1a - Notes Database ACL Tool
|\| (c)1999-2001 NashCom - Daniel Nashed Communication Systems
| * mailto:info@nashcom.de - http://www.nashcom.de
Syntax: nshacl <database> [-f<filename>]
Database Selection Options:
-r : process directories recursively
-s<servername> : server name
Output Options:
-o<outfile> : output file
-m<mailuser> : send report to
-k[0,1] : override client/sever: k1=client, k0=server
Actions:
-w0|1 : modify read/writer fields 0=disable; 1=enable
-h : only update acl if new right is higher
-n : do also update system databases
-u0|1 : uniform access 0=disable; 1=enable -u list
-z<database> : template database for copying acl
-t : keep original roles when copying acl from tmpl
-p : set all roles for managers
-x<u>,<l>,<t> : set access <u> username; <l> acl level:m=manager,d=designer,
e=editor,a=author,r=reader,p=depositor,n=noaccess, k=remove
<t> user type: p=person,s=server,g=group,pg=person group, ...
or set a=admin server
-i<l> : set max (internet) password access; <l> acl level:m=manager,
d=designer,e=editor,a=author,r=reader,p=depositor,n=noaccess
This command line program is intended to modify ACL and other security settings of databases or copy ACL from one database to another database or list of databases. It can be invoked from client or on server e.g. via remote console to modify database ACL.
You should use this program very carefully! The ACL of the destination database will be replaced including ACL change history in case of ACL copy!!!
-- Action to perform --
The following actions are currently supported
( -x ) Change, create or remove ACL entry
adds modifies or removes ACL entry.
the first part of the setting determines the username you want to modify.
if you omit a name -Default- is assumed as the name to modify
the second part determines the ACL level of the entry.
m = Manager
d = Designer
e = Editor
a = Author
p = Depositior
n = NoAccess
k = remove entry (kill entry)
the third part determines the user type you want to specify
if you omit this parameter unspecified names are uses.
p = Person
s = Server
a = Admin Server
g = Group (mixed without any additional parameters)
pg = Person Group
sg = Server Group
Note that all parameters are specified without blanks and ensure always to enclosed blanks with quotes.
Examples:
nshacl mydb.nsf -xLocalDomainServers,m,pg
sets Server Group "LocalDomainServers" to Manager
nshacl mydb.nsf -x"John Doe",r,p
sets Person "John Doe" to Reader access
nshacl mydb.nsf -x,,n
sets -Default- to no access
Changing the Administration Server
This option can also be used to specify the administration server of a dabase.
The "a" in the third part of the -x option specifies the admin server.
Example:
nshacl mydb.nsf -xnotes-acme-01,a
sets notes-acme-01 as the admin server for this database
( -i ) Set Maximum Internet Access
Sets the Maximum Internet Access for a database.
m = Manager
d = Designer
e = Editor
a = Author
p = Depositior
n = NoAccess
Example:
nshacl mydb.nsf -ie
sets maximum internet access to Editor
(-z ) Uses a database as a template for copying ACL
If you setup new infrastructures or if you need to modify complete ACLs it makes sense to use an ACL of a database as a template to copy all entries.
This option does copy the whole ACL note including the ACL history of this entry.
Example:
nshacl -zacltemplate.nsf *.ntf -xnsh-notes-dus-01,a
copies ACL from acltempate.nsf into all ntf files and sets nsh-notes-due-01 as the administration server.
( -t ) Keep current roles when copying from ACL template
Specially for templates like the Domino Directory or your own applications it makes sense to keep the current roles that are already specified in the database.
This flag keeps roles when copying from an ACL template.
Example:
nshacl -zacltemplate.nsf *.ntf -t
copies ACL from acltempate.nsf into all ntf files and sets nsh-notes-due-01 as the administration server and keeps current roles.
( -p ) Enable all roles for Managers
In some cases it makes sense to enable all roles for managers of the database.
This option enables you to enable all roles for Managers of the database.
Example:
nshacl *.nsf -p
enables all roles for all Managers in databases
( -h ) Only update ACL entry if new right is higher
In some cases it makes sense to update ACL entries only if the new rights are higher than the old settings.
Just specify -h to ensure no higher rights are overwritten.
( -n ) Also update system databases
Domino Addressbook/Directory is a extremely important database.
Therefore you need to add -n to your command line to enable modification of ACL for this database.
( -u ) Enable/Disable Consistent ACL
This option enables or disables Consistent ACL for databases.
use -u1 to enable and -u0 to disable this option. if you use only -u the actual settings are only reported.
Example:
nshacl *.nsf -u1
enables Consistant ACL for selected databases
( -w ) Enable/Disable "Modify Read/Writer Fields"
This option enables or disables the database property "Modify Read/Writer Fields" in a database.
It is used by Adminp to determine if Read/Writers fields in databases should be changed when person and groups are renamed.
Use -w1 to enable and -w0 to disable this option.
Example:
nshacl *.nsf -w1
enables "Modify Read/Writer Fields" for selected databases
What happens if no flags are used?
If you do not use one of the action flags, the databases are only listed.
You could use this feature to check if your selection is OK or to create a file that you can modify and use via -f option
-- Ways to select databases --
1. specify a database name in the command line
2. specify a list of databases listed in a file via option -f
3. use wildcards (* and ?) for specifying databases and templates including subdirectories if using the ( -r ) option
4. specify a remote server name ( -s ) where to search for databases
you can combine any listed ways
Some examples:
1. specify a database name in the command line
Example:
nshacl mydb.nsf
runs on mydb.nsf
2. specify a list of databases in a file via option -f
Example:
nshacl mydb.nsf -fdb.txt
runs on whatever.nsf and all databases listed in db.txt
db.txt should contain databases including full path like
names.nsf
mail/jdoe.nsf
info/acme.nsf
3. use wildcards for specifying databases and templates including subdirectories if using the ( -r ) option
Example:
nshacl mail/*test*.nsf
runs on all databases that meet the selection within the mail subdirectory
e.g. mail/dus-test.nsf but not mail/dus/old/test.nsf
If you want to include subdiretories use the -r switch.
As soon you have multiple wildcards in different directories you need to use the recurse subdirectory switch
Example:
nshacl mail/test?/*.nsf -r
this does match e.g. mail/test1/dnashed.nsf
but also matches mail/test2/hilden/nashcom.nsf because this does also match the pattern.
4. specify a remote server name ( -s ) where to search for databases
-s Option defines the server where databases are searched
Example:
nshacl -snotes-acme-01 mail/*.nsf
runs on databases (.nsf files) in directory mail on notes-acme-01
nshacl mail/test??xxx*.nsf
runs on databases (.nsf files) that match the pattern "/mail/test??xxx*.nsf"
-- Output options --
In case you want to redirect output you have the following options
( -o ) Redirect output to file
Writes output to a the file specified.
Example: nshacl mydb.nsf -ooutfile.txt
writes output to outfile.txt
Comment: this option might help to create a list of databases that can be modified and uses as input for "-f" option.
( -m ) Send output via mail
Sends output to the specified user.
Example: nshacl mydb.nsf -m"John Doe"
sends output to John Doe
( -k ) Overwriting Client/Server Settings
Nash!Com Command Line Tools run on Servers or Clients.
However in some cases and environments it can not determine if running on server or as client program using server environment.
Therefore you can override the default settings using this option.
Server and Client functionality does only differ in the way output is logged.
Installation Instructions
- copy into Notes exe directory
- run from command line or server console
and make sure notes.ini can be found in the directory or is in the path
