TexasSwede
texasswede@gmail.com
  • About this blog
  • My Website
  • My Resume
  • XML Export Tool
  • Photos

Free Tool: Analyze ACL in Notes Application/Database

Posted on November 16, 2011 by Karl-Henry Martinsson Posted in Lotusscript, Notes/Domino 3 Comments

Yesterday my network admin asked me if I could write a simple tool that could provide him with with a spreadsheet of what users had access to a certain database, and through what groups and roles. A couple of hours later I had created an agent that analyze the ACL and identify the users who can access it. The result is presented as a CSV file.

I am sharing the code below. It is pretty straight forward. As you can see, I am using lists to hold the data for easy export later to CSV. Run the code with the Lotusscript debugger turned on, and put a breakpoint before the CSV export starts, and you can see how the data is stored in the lists.

The function ExpandGroups() is called recursively to drill down, if the group contains additional groups. This function also use a lookup into a custom view, (LookupPeople), that we have in our corporate NAB, I am sure you can modify this code with something that works for you.

Enjoy! As always, use the code on your own risk, no warranties, etc.

%REM
    Agent Export ACL Info to CSV
    Created Nov 14, 2011 by Karl-Henry Martinsson/Deep-South
    Description: Read ACl for specified database and create a
    CSV file with info about each user's access (roles, groups,
    delete access, access level).
%END REM

Option Public
Option Declare

Dim nab As NotesDatabase

Type RowData
    role As String
    group As String
    username As String
    deletedoc As String
    level As String
    levelno As Integer
End Type


Class GroupData   
    Public roles List As String
   
    Public Sub New()
       
    End Sub
End Class


Class PersonData
    Public accesslevel As Integer
    Public roles List As String
    Public deletedoc As boolean
    Public accessthrough List As String
   
    Public Sub New()
        me.deletedoc = False
    End Sub
   
    Public Sub SetAccessLevel(level As Integer)
        If me.Accesslevel<level Then
            me.AccessLevel = level
        End If
    End Sub

    Public Function GetAccessLevelText()
        Select Case me.AccessLevel
            Case 0 : GetAccessLevelText = "No Access"
            Case 1 : GetAccessLevelText = "Depositor"               
            Case 2 : GetAccessLevelText = "Reader"
            Case 3 : GetAccessLevelText = "Author"
            Case 4 : GetAccessLevelText = "Editor"
            Case 5 : GetAccessLevelText = "Designer"
            Case 6 : GetAccessLevelText = "Manager"
        End Select
    End Function
End Class


Class RoleData
    Public groups List As String
   
    Public Sub New()
       
    End Sub
End Class


Sub Initialize
    Dim ws As New NotesUIWorkspace
    Dim session As New NotesSession
    Dim db As NotesDatabase
    Dim pview As NotesView
    Dim pdoc As NotesDocument
    Dim acl As NotesACL
    Dim entry As NotesACLEntry
    Dim person List As PersonData
    Dim group List As GroupData
    Dim role List As RoleData
    Dim users As Variant
    Dim row List As RowData
    Dim cnt As Long
    Dim groupname As String
    Dim filename As String
    Dim rowstr As String
    Dim dbname As String
    Dim servername As String

    servername = InputBox$("Enter server for database:","Select Server")
    If servername = "" Then
        Exit Sub
    End If
    dbname = InputBox$("Enter full path of database:","Select Database")
    If dbname = "" Then
        Exit Sub
    End If
    set nab = New NotesDatabase(servername,"names.nsf")
    Set db = New NotesDatabase(servername,dbname)
    Set acl = db.ACL
    Set entry = acl.GetFirstEntry()
    Do While Not entry Is Nothing
        If entry.Isgroup Then
            If IsElement(group(entry.Name))=False Then
                Set group(entry.Name) = New GroupData()
                ForAll r In entry.Roles
                    group(entry.Name).roles(r) = r
                End ForAll
            End If
            users =    ExpandGroup(entry.Name)
            If IsList(users) then
                ForAll u In users
                    If IsElement(person(u))=False Then
                        Set person(u) = New PersonData()
                    End If
                    Call person(u).SetAccessLevel(entry.level)
                    If entry.Candeletedocuments Then
                        person(u).deletedoc = True
                    End If
                    person(u).accessthrough(entry.Name) = entry.Name
                    ForAll r In entry.Roles
                        If FullTrim(r)<>"" then
                            person(u).roles(r) = r   
                        End if
                    End ForAll
                End ForAll
            End If
        ElseIf entry.IsPerson Then
            If IsElement(person(entry.Name))=False Then
                Set person(entry.Name) = New PersonData()
            End If
            Call person(entry.Name).SetAccessLevel(entry.level)
            If entry.Candeletedocuments Then
                person(entry.Name).deletedoc = True
            End If
            person(entry.Name).accessthrough("ACL") = "ACL"
            ForAll r In entry.Roles
                If FullTrim(r)<>"" Then
                    person(entry.Name).roles(r) = r
                End if   
            End ForAll
        End If
        Set entry = acl.GetNextEntry(entry)   
    Loop   
    ForAll g In group
        ForAll rr In g.roles
            If IsElement(role(rr)) = False Then
                Set role(rr) = New RoleData
            End If
            role(rr).groups(CStr(ListTag(g))) = ListTag(g)
        End Forall
    End ForAll
    ' *** Time to export the data
    cnt = 0
    Set pview = nab.GetView("(LookupPeople)")
    ForAll p In person
        ForAll gg In p.accessthrough
            groupname = gg
            If IsElement(group(groupname)) And groupname<>"ACL" Then
                ForAll r2 In group(groupname).roles
                    cnt = cnt + 1
                    row(cnt).username = ListTag(p)
                    row(cnt).group = groupname
                    If p.deletedoc then
                        row(cnt).deletedoc = "Y"
                    Else
                        row(cnt).deletedoc = "N"
                    End If   
                    row(cnt).levelno = p.accesslevel
                    row(cnt).level = p.GetAccessLevelText()
                    row(cnt).role = ListTag(r2)
                End ForAll
            End If
        End ForAll
    End ForAll
    filename = "c:\ACL_"
    filename = filename & Replace(Replace(dbname,"/","-"),"\","-")
    filename = filename & ".csv"
    Open filename For Output As #1
    rowstr = |"UserRole","Group","User Name","Del","Level","Access"|
    Print #1, rowstr
    ForAll x In row
        rowstr = |"| & x.role & |",|
        rowstr = rowstr & |"| & x.group & |",|
        rowstr = rowstr & |"| & x.username & |",|
        rowstr = rowstr & |"| & x.deletedoc & |",|
        rowstr = rowstr & || & x.levelno & |,|
        rowstr = rowstr & |"| & x.level & |"|
        Print #1, rowstr
    End ForAll
    Close #1
    MsgBox "ACL exported to " & filename,,"Finished"
End Sub


%REM
    Function ExpandGroup
    Created Nov 14, 2011 by Karl-Henry Martinsson/Deep-South
    Description: Returns a list of users in specified group in NAB
%END REM
Function ExpandGroup(entryName As string) As Variant
    Dim nabview As NotesView
    Dim nabdoc As NotesDocument
    Dim pview As NotesView
    Dim pdoc As NotesDocument
    Dim uname As NotesName
    Dim tmplist As variant
    Dim userlist List As String
   
    If FullTrim(entryName) = "" Then
        ExpandGroup = ""
        Exit Function
    End If
    Set nabview = nab.GetView("Groups")
    Set nabdoc = nabview.GetDocumentByKey(entryname)
    If nabdoc Is Nothing Then
        ExpandGroup = ""
        Exit function
    End If
    ForAll n In nabdoc.GetItemValue("Members")
        If Left$(n,3)= "CN=" Then
            Set uname = New NotesName(n)
            userlist(uname.Common) = uname.Common
        Else
            Set pview = nab.GetView("(LookupPeople)")
            Set pdoc = pview.GetDocumentByKey(CStr(n))
            If Not pdoc Is Nothing Then
                userlist(CStr(n)) = CStr(n)
            else
                tmplist = ExpandGroup(CStr(n))
                If IsList(tmplist) Then
                    ForAll t In tmplist
                        userlist(t) = t
                    End ForAll
                End If
            End If   
        End If
    End ForAll
    ExpandGroup = userlist
End Function

 

« The DRM graveyard: A brief history of digital rights management in music
Trend Micro: Google is most insecure »

3 thoughts on “Free Tool: Analyze ACL in Notes Application/Database”

  1. Matt S says:
    February 14, 2018 at 11:06

    Hi, Thank you for this. If I can get it working this will help me tremendously. Do you know what I would need to type as far as input if I am running this agent against Domino running on IBM i? I have tried a few things but I haven’t had any success with it running. Can you give an example of what type of input is required for each box?

    Reply
    • Karl-Henry Martinsson says:
      February 15, 2018 at 22:02

      Matt, I am not an expert on IBM i-series, so I can’t really tell you how the paths are defined there. You may want to reach out to Steve McDonagh, he is a IBM i-series expert if i remember correctly.

      Reply
      • Matt S says:
        February 20, 2018 at 10:30

        I figured it out. Thank you again for the great tool!!

        Reply

Leave a comment Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stack Exchange

profile for Karl-Henry Martinsson on Stack Exchange, a network of free, community-driven Q&A sites

Recent Posts

  • Domino 14 is now available
  • Domino 14 Early Access Program
  • Announced: Engage 2024
  • Integrate Node-RED with Notes and Domino
  • Notes and Domino v12 is here!

Recent Comments

  • Theo Heselmans on Announced: Engage 2024
  • Lotus Script Multi-thread Message Box [SOLVED] – Wanted Solution on ProgressBar class for Lotusscript
  • Viet Nguyen on Keep up with COVID-19 though Domino!
  • Viet Nguyen on Keep up with COVID-19 though Domino!
  • Mark Sullivan on Looking for a HP calculator? Look no further!

My Pages

  • How to write better code in Notes

Archives

  • December 2023 (1)
  • October 2023 (2)
  • September 2023 (1)
  • June 2021 (1)
  • April 2021 (2)
  • March 2021 (1)
  • August 2020 (3)
  • July 2020 (2)
  • April 2020 (2)
  • March 2020 (1)
  • December 2019 (2)
  • September 2019 (1)
  • August 2019 (2)
  • July 2019 (2)
  • June 2019 (3)
  • April 2019 (2)
  • December 2018 (1)
  • November 2018 (1)
  • October 2018 (5)
  • August 2018 (2)
  • July 2018 (3)
  • June 2018 (2)
  • May 2018 (1)
  • April 2018 (2)
  • March 2018 (1)
  • February 2018 (2)
  • January 2018 (4)
  • December 2017 (3)
  • November 2017 (2)
  • October 2017 (2)
  • September 2017 (1)
  • August 2017 (2)
  • July 2017 (6)
  • May 2017 (4)
  • February 2017 (1)
  • January 2017 (2)
  • December 2016 (2)
  • October 2016 (3)
  • September 2016 (4)
  • August 2016 (1)
  • July 2016 (2)
  • June 2016 (2)
  • May 2016 (3)
  • April 2016 (1)
  • March 2016 (4)
  • February 2016 (2)
  • January 2016 (4)
  • December 2015 (3)
  • November 2015 (2)
  • October 2015 (1)
  • September 2015 (2)
  • August 2015 (1)
  • July 2015 (5)
  • June 2015 (2)
  • April 2015 (2)
  • March 2015 (3)
  • February 2015 (2)
  • January 2015 (10)
  • December 2014 (1)
  • November 2014 (3)
  • October 2014 (3)
  • September 2014 (13)
  • August 2014 (6)
  • July 2014 (5)
  • May 2014 (3)
  • March 2014 (2)
  • January 2014 (10)
  • December 2013 (5)
  • November 2013 (2)
  • October 2013 (5)
  • September 2013 (4)
  • August 2013 (7)
  • July 2013 (3)
  • June 2013 (1)
  • May 2013 (4)
  • April 2013 (7)
  • March 2013 (8)
  • February 2013 (9)
  • January 2013 (5)
  • December 2012 (7)
  • November 2012 (13)
  • October 2012 (10)
  • September 2012 (2)
  • August 2012 (1)
  • July 2012 (1)
  • June 2012 (3)
  • May 2012 (11)
  • April 2012 (3)
  • March 2012 (2)
  • February 2012 (5)
  • January 2012 (14)
  • December 2011 (4)
  • November 2011 (7)
  • October 2011 (8)
  • August 2011 (4)
  • July 2011 (1)
  • June 2011 (2)
  • May 2011 (4)
  • April 2011 (4)
  • March 2011 (7)
  • February 2011 (5)
  • January 2011 (17)
  • December 2010 (9)
  • November 2010 (21)
  • October 2010 (4)
  • September 2010 (2)
  • July 2010 (3)
  • June 2010 (2)
  • May 2010 (3)
  • April 2010 (8)
  • March 2010 (3)
  • January 2010 (5)
  • November 2009 (4)
  • October 2009 (7)
  • September 2009 (1)
  • August 2009 (7)
  • July 2009 (1)
  • June 2009 (4)
  • May 2009 (1)
  • April 2009 (1)
  • February 2009 (1)
  • January 2009 (3)
  • December 2008 (1)
  • November 2008 (1)
  • October 2008 (7)
  • September 2008 (7)
  • August 2008 (6)
  • July 2008 (5)
  • June 2008 (2)
  • May 2008 (5)
  • April 2008 (4)
  • March 2008 (11)
  • February 2008 (10)
  • January 2008 (8)

Categories

  • AppDev (10)
  • Blogging (11)
    • WordPress (5)
  • Design (5)
    • Graphics (1)
    • UI/UX (2)
  • Featured (5)
  • Financial (2)
  • Food (5)
    • Baking (3)
    • Cooking (3)
  • Generic (11)
  • History (5)
  • Hobbies (10)
    • LEGO (4)
    • Photography (4)
  • Humor (1)
  • IBM/Lotus (178)
    • #Domino2025 (14)
    • #DominoForever (8)
    • #IBMChampion (46)
    • Administration (7)
    • Cloud (7)
    • CollabSphere (9)
    • Community (49)
    • Connect (33)
    • ConnectED (12)
    • Connections (3)
    • HCL (15)
    • HCL Master (1)
    • IBM Think (1)
    • Lotusphere (46)
    • MWLUG (25)
    • Notes/Domino (99)
      • Domino 11 (7)
    • Sametime (8)
    • Verse (14)
    • Volt (3)
    • Watson (6)
  • Life (8)
  • Microsoft (7)
    • .NET (2)
    • C# (1)
    • Visual Studio (1)
  • Movies (3)
  • Old Blog Post (259)
  • Personal (23)
  • Programming (84)
    • App Modernization (11)
    • Formula (4)
    • Lotusscript (47)
    • NetSuite (4)
      • SuiteScript (3)
    • node.js (4)
    • XPages (4)
  • Reviews (9)
  • Sci-Fi (4)
  • Software (24)
    • Flight Simulator (2)
    • Games (4)
    • Open Source (2)
    • Utilities (6)
  • Technology (37)
    • Aviation (3)
    • Calculators (2)
    • Computers (6)
    • Gadgets (7)
    • Mobile Phones (7)
    • Science (3)
    • Tablets (2)
  • Travel (7)
    • Europe (1)
    • Texas (2)
    • United States (1)
  • Uncategorized (16)
  • Web Development (50)
    • Frameworks (23)
      • Bootstrap (14)
    • HTML/CSS (12)
    • Javascript (32)
      • jQuery (23)

Administration

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Tracking

Creeper
MediaCreeper
  • Family Pictures
© TexasSwede 2008-2014