Skip to main content
Skip table of contents

Security implications when using Ytria tools

Some users wonder if our tools circumvent Notes security in any way, and the answer is: absolutely not! Never.
All our tools follow the actual Notes security rules for any database.

See definitions below:

Local Database

Whenever you are dealing with a local database, you will have full access to the database.

In this case it does not matter what the Access Control List says; ACLs do not apply to local databases.


Enforcing a consistent Access Control List across all replicas:

The 'Enforce a consistent Access Control List across all replicas' option ensures that an ACL remains identical on local or server database replicas, and it enforces the ACL when the database is opened locally.
So if this option is not set, then a database opened locally in a Notes client will not enforce the ACL, and you will have full manager access, with NO roles active (as if the roles didn't exist).
Additionally you will see any documents with 'reader' restrictions, including those on which the current user is not a 'reader'.

In the Notes API, the 'Enforce a consistent Access Control List across all replicas' option is never enabled on a local database.

Therefore, all Ytria tools will not have this option enabled. This explains why you have full manager-level access on a local database.


When it's time to replicate, the server will only allow replication of what the ACL says you can do. The server will therefore refuse any/all modifications that were made if they were not authorized by the ACL.

Also note that during a copy or a replication from a server, the server will only provide documents you have 'reader' access to, in the case of 'reader' restrictions.


Server Database

Whenever you are dealing with a database on the server, your access depends on the permissions allowed by the ACL All our tools are restricted by the "true security" server definitions.


Reminder for ACLs

When considering what you are allowed to do on a given database, all checkboxes of the ACL will have to be taken into account.

Create DocumentsAllows a user to create documents
Delete DocumentsAllows a user to delete documents (NB: If this is checked, the user is allowed to delete documents, regardless of his or her access level)
Create Private AgentsGives a user full read/write access to his or her agents
Create Personal Folders/ViewsGives a user full read/write access to his or her views/folders
Create Shared Folders/ViewsGives a user full read/write access to any views or folders (even if this user is not a Designer)
Create LotusScripts/Java AgentsGives a user full read/write access to any agents (even if the user is not a Designer)
Read public documentsAllows a user to open a database, even if he is not a Reader (even if the user is set to 'No Access')
Write public documentsAllows a user to delete public documents


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.