Configure Access Control List
You must create the IDIPWSync group in the Domino® Directory and update the Access Control List (ACL) of theidipwsync.nsf database. Only members of the IDIPWSync group can access the idipwsync.nsf database.
Procedure
- Create IDIPWSync group in the Domino Directory:
- From the Lotus® Domino Administrator, click the People & Groups tab.
- In the left navigation panel, select Domino Directories/your_domain'sDirectory/Groups where your_domain is the name of the Lotus Domino domain.
- Click Add Group.
- Type IDIPWSync in the Group name field.
- In the Members field, add all administrators or users who can change passwords by editing the Person documents.
- In the Members field, add the signer who signs the agents of the Password Synchronizer.
- Update Access Control List of the idipwsync.nsf database:
- From the Lotus Domino Administrator, click the Files tab.
- Select the idipwsync.nsf database.
- Select Database/Manage ACL from the right panel.
- Click Add and select the IDIPWSync group.
- Select Editor from the Access list.
- Set the following options under Attributes:
- Select the Delete documents check box. You must also select the Create documents, Read public documents, and Write public documents check boxes. This selection is done automatically when the Editor access is selected.
- Clear the Create private agents, Create personal folders/views, Create shared folders/views, Create LotusScript/Java agents, Replicate or copy documents check boxes.
- Select Default from Access Control List.
- Set Access to No Access.
- Click OK. Note: After the idipwsync.nsf database ACL is changed, we cannot change the ACL from the Domino Server. For security reasons, the most restrictive settings are used. If a change of the ACL is necessary, the database must be opened locally and you must change the ACL as per the requirements.
What to do next
Deleting pwsync_install_r8.nsf database
Parent topic:
Deployment on a single Domino Server