Security implications when using Ytria tools
Some users wonder if our tools circumvent Notes security in any way, and the answer is: absolutely not! Never.
All our tools follow the actual Notes security rules for any database.
See definitions below:
Local Database
Whenever you are dealing with a local database, you will have full access to the database.
In this case it does not matter what the Access Control List says; ACLs do not apply to local databases.
Enforcing a consistent Access Control List across all replicas:
The 'Enforce a consistent Access Control List across all replicas' option ensures that an ACL remains identical on local or server database replicas, and it enforces the ACL when the database is opened locally.
So if this option is not set, then a database opened locally in a Notes client will not enforce the ACL, and you will have full manager access, with NO roles active (as if the roles didn't exist).
Additionally you will see any documents with 'reader' restrictions, including those on which the current user is not a 'reader'.
In the Notes API, the 'Enforce a consistent Access Control List across all replicas' option is never enabled on a local database.
Therefore, all Ytria tools will not have this option enabled. This explains why you have full manager-level access on a local database.
When it's time to replicate, the server will only allow replication of what the ACL says you can do. The server will therefore refuse any/all modifications that were made if they were not authorized by the ACL.
Also note that during a copy or a replication from a server, the server will only provide documents you have 'reader' access to, in the case of 'reader' restrictions.
Server Database
Whenever you are dealing with a database on the server, your access depends on the permissions allowed by the ACL All our tools are restricted by the "true security" server definitions.
Reminder for ACLs
When considering what you are allowed to do on a given database, all checkboxes of the ACL will have to be taken into account.
Create Documents | Allows a user to create documents |
Delete Documents | Allows a user to delete documents (NB: If this is checked, the user is allowed to delete documents, regardless of his or her access level) |
Create Private Agents | Gives a user full read/write access to his or her agents |
Create Personal Folders/Views | Gives a user full read/write access to his or her views/folders |
Create Shared Folders/Views | Gives a user full read/write access to any views or folders (even if this user is not a Designer) |
Create LotusScripts/Java Agents | Gives a user full read/write access to any agents (even if the user is not a Designer) |
Read public documents | Allows a user to open a database, even if he is not a Reader (even if the user is set to 'No Access') |
Write public documents | Allows a user to delete public documents |