Using Lotus Notes ACL Roles rather than Groups Names in our ACL

Why should you use Role names to define functionality? Because : it’s easier to check if someone belongs to a role than a group, and I can’t control what a client (or the Notes Administrator) is going to call a given group.

ACL settings for a pseudo Role-Group need to be documented perhaps in the “Using” document for a given db.

Having a Group for each Role in the ACL ( “DbName_Reader”; DbName_Editor_withoutDelete”; “DbName_Admin” ) is another good idea worth the work of setting up rather that just reusing existing group names. (and it helps avoiding deleting a group, then finding out is was used in another apllication – six days later, when the vp of X calls your boss. Then could set up general departmental user groups “Controler_BAs”, or some such, which you then use to you populate the application level groups.

Mapping between Groups and Roles can also be done via a profile document Once done you can send emails out to a Group, or be able to edit a Groups member directly from the database application. See : Avoiding Hard Coding of Group Names.

One Reply to “Using Lotus Notes ACL Roles rather than Groups Names in our ACL”

  1. I’ll give you yet another good reason to use roles. You can define roles in templates and have them automatically populate when a new database is created based on that template.


Leave a Reply