Creating a Filter to Verify ACL Setting "Enforce Consistent ACL" Is Set
Concerned that some of your production databases do not have the correct ACL settings? Or that you have some elements with the property 'Prohibit design refresh or replace to modify' set?
If you are responsible for hundreds of databases, it can be very difficult to be sure that every database has the correct security settings. Perhaps you have taken over from somebody else - did they manage ACLs properly? Perhaps an inexperienced colleague set 'Enforce a consistent ACL' incorrectly.
The Audit feature of Teamstudio Analyzer allows you to create rules (we call them filters) that can be run over one or more databases. In this example I will show you how to create a filter which tests if the ACL setting Enforce Consistent ACL has been set.
This is a very simple example of just how Analyzer's Audit function can used to automate checks over multiple databases.
Assumptions
You do need to understand the Domino Designer user interface, but you do not need any knowledge of LotusScript.
I'm using R6, but these instructions should work with R5 also. If you're using R4, it's time to upgrade!
Summary
The steps you need to carry out are as follows:
- Create a filter database (from the template provided)
- Write the filter
- Customise the batch processing agent so that it inspects the database(s) in which you are interested
- Run the Audit
Detailed Instructions
1.Create a filter database
Create a new database based on the template Teamstudio Analyzer Filter Db (deanfltr.ntf) and give it a name e.g. MyFilters
The template was automatically created in your Notes data directory when you installed TS Analyzer
2.Write the filter
- Open MyFilters and from the Create menu select Filter Class.
- Call the class ACL Rules. Save & close this document.
- Still in MyFilters, go to the Create menu and select New Filter
- Create & save the rule - according to the screenshots below
Having created the filter you *could* just run it against one or two databases manually. But a more efficient way would be to process a range of databases. To do this you write a LotusScript agent . . . or rather use one that we wrote for you. This agent (and the associated script library is in your Teamstudio Reports database. Haven't got one? No problem. The template was installed in your Notes data directory; simply create a new database based on the template Teamstudio Reports (tmslogs.ntf).
3.Customise the batch agent
After you have customised the agent it will read all databases (not templates) in the server's data directory, including subdirectories. These databases will be analyzed & audited and the results saved to databases in your data directory.
- Inside your Teamstudio Reports database you will find sample agents already created. You could customise these, however I have already done this for you. The agent is in the database Agent Code available for download at the bottom of this page. Simply copy the agent 'Run ACL Rules' and paste it into the design of your Teamstudio Reports database
-
However, you still need to make 2 or 3 small changes to this agent. In the screenshot below you see 3 pieces of code highlighted. In the first circled area change the number from 5 to the actual number of databases you wish to process, e.g. 9999 for all. N.B. I would suggest that you keep the number of databases low until you have tested the agent. In the second circled area, change the server name to the name of your server :-) In the third circled area, specify the name of the Filter Class you used in 2ii)
-
Two final changes. Still in the Teamstudio Reports database, open the Analyzer script library. In the AnalyzeAndAudit function change the name of the Filter database as seen in the screenshot below. Also change the value in the second circled area form "" to "-*". This tells Analyser not to analyzer the entire database, just the database properties. This means that the Analysis and Audit will not take so long to run.
4.That's it!
Now, from your Teamstudio Reports database, run your Run ACL Rules agent. The analysis results will be written to a database called analysis.nsf and the audit results will be written to AuditOut.nsf. Open AuditOut.nsf and look at one of the Analyzer Auditor views to see the results.
