Click here to jump to Nash!Com Solutions Homepage - Click here to request a test version.
Group & Access Reporting Tool
Version: 1.0c
Shortname: nshgroup
Category: Command-Line Tool
This program enables you to display group membership and access to databases on specified server.
A report can be copied to file or send via Mail. This tool uses the same internal technology like Notes authentication and may be used for security auditing for users and for building a complete list of access for specific users.
- show all groups a User belongs to
- show access to databases for specific User
01.02.2001 12:00:00 NshGroups - Notes Show Groups & Access Tool
01.02.2001 12:00:00 (c)1999-2001 NashCom - Daniel Nashed Communication Systems
01.02.2001 12:00:00 -u : username
01.02.2001 12:00:00 -x : do not show no access
01.02.2001 12:00:00 -y : do not show access
01.02.2001 12:00:00 -s : servername
01.02.2001 12:00:00 -r : process directories recursively
01.02.2001 12:00:00 -o : output file
01.02.2001 12:00:00 -m : mail report to <username>
Nash!Com Group Access Reporting enables you to show the comple group membership for persons and can help to determine the access rights to databases on all databases on the selected server. This program does only work on servers, because the security context that is used is build from the local names.nsf of the server. It shows a complete list of group membership including membership in nested groups. A uses can see the same list clicking on the access symbol in the right corner of your screen next to the location selection box. In addition you can create a list of databases a specify user has access to or all databases a user has no access to.
Example:
load nshgroup -u"John Doe" -m"LocalDomainAdmins" *.nsf
Group List for 'John Doe' based on Public Address Book
______________________________________________________________________
CN=John Doe/O=Acme/C=DE
John Doe
*
*/O=Acme/C=DE
*/C=DE
CN=AdminGroup/O=Acme/C=DE
LocalDomainPeople
LocalDomainAdmins
CN=PassthruGroup/O=Acme/C=DE
Access List of Databases on nsh-acme-01/Acme/DE
______________________________________________________________________
admin4.nsf (Manager)
decsdoc.nsf (Author)
disk.nsf (NoAccess)
domcfg.nsf (Manager)
help4.nsf (Reader)
smtptbls.nsf (Author)
statrep.nsf (Manager)
...
-- Action to perform --
The following actions are currently supported
( -u ) Create a group list for specified user
Show a group list for a person based on the Domino Directory of the current server.
Specify the username with the -u option and make sure to enclose user names that contain blanks with quotes.
There are two special usernames that can be used to determine the default access for authenticated users ("-Default-" ) and for anonymous users ("Anonymous").
Example: load nshgroup -u"John Doe" -m"LocalDomainAdmins"
sends a mail to LocalDomainAdmins containing the usernames list for "John Doe".
The user name is located in the directory before group expansion is done.
Create a database access list for specifiy user ( e.g. *.nsf )
this option creates a comple access list for all selected database the specified user has on that server.
You may want to use "-Default-" to show default access for authenticated users or "Anonymous" to show access for not authenticated users.
Example: load nshgroup -u"John Doe" -m"LocalDomainAdmins" *.nsf
sends a mail to LocalDomainAdmins containing the usernames list for "John Doe"
and creates a comple access report for all matching databases.
Example: load nshgroup -u"-Default-" -m"LocalDomainAdmins" *.nsf
sends a mail to LocalDomainAdmins containing the usernames list for "-Default-" (is almost empty)
and creates a comple access report for all matching databases showing default access to databases.
( -x ) Show only databases where the selected user has Access
this option does prevent databases with NoAccess for the current user to be listed.
Example: load nshgroup -u"Anonyous" -m"LocalDomainAdmins" *.nsf -x
sends a mail to LocalDomainAdmins containing the usernames list for unauthenticated users.
and creates a comple access report for all matching databases.
Only databases that are accessible by the specified users are listed.
( -y ) Show only databases where the selected user has NoAccess
this option does only list databases where the specified user has NoAccess.
Example: load nshgroup -u"Anonyous" -m"LocalDomainAdmins" *.nsf -x
sends a mail to LocalDomainAdmins containing the usernames list for unauthenticated users.
and creates a comple access report for all matching databases.
Only databases that are NOT accessible by the specified users are listed.
What happens if no flags are used?
If you do not use one of the action flags, the databases are only listed.
You could use this feature to check if your selection is OK or to create a file that you can modify and use via -f option
-- Ways to select databases --
1. specify a database name in the command line
2. specify a list of databases listed in a file via option -f
3. use wildcards (* and ?) for specifying databases and templates including subdirectories if using the ( -r ) option
4. specify a remote server name ( -s ) where to search for databases
you can combine any listed ways
Some examples:
1. specify a database name in the command line
Example:
load nshgroup mydb.nsf
runs on mydb.nsf
2. specify a list of databases in a file via option -f
Example:
load nshgroup whatever.nsf -fdb.txt
runs on whatever.nsf and all databases listed in db.txt
db.txt should contain databases including full path like
names.nsf
mail/jdoe.nsf
info/acme.nsf
3. use wildcards for specifying databases and templates including subdirectories if using the ( -r ) option
Example:
load nshgroup mail/*test*.nsf
runs on all databases that meet the selection within the mail subdirectory
e.g. mail/dus-test.nsf but not mail/dus/old/test.nsf
If you want to include subdiretories use the -r switch.
As soon you have multiple wildcards in different directories you need to use the recurse subdirectory switch
Example:
load nshgroup mail/test?/*.nsf -r
this does match e.g. mail/test1/jdoe.nsf
but also matches mail/test2/hilden/jdoe.nsf because this does also match the pattern.
4. specify a remote server name ( -s ) where to search for databases
-s Option defines the server where databases are searched
Example:
load nshgroup -snotes-acme-01 mail/*.nsf
runs on databases (.nsf files) in directory mail on notes-acme-01
load nshgroup mail/test??xxx*.nsf
runs on databases (.nsf files) that match the pattern "/mail/test??xxx*.nsf"
-- Output options --
In case you want to redirect output you have the following options
( -o ) Redirect output to file
Writes output to a the file specified.
Example: load nshgroup -u"John Doe" -ooutfile.txt
writes output to outfile.txt
Comment: this option might help to create a list of databases that can be modified and uses as input for "-f" option.
( -m ) Send output via mail
Sends output to the specified user.
Example: load nshgroup -u"John Doe" -m"John Doe"
sends output to John Doe
Installation Instructions
- copy into Notes exe directory
- run from command line or server console
and make sure notes.ini can be found in the directory or is in the path
