By Dan Velasco
What I'm about to show you almost got me killed. After I showed it to our intranet manager, she pretended she was holding a double-barreled shotgun and said "BAM!" She told me she would shoot me down like a three-legged deer if I divulged to others at our company (not to mention the outside world!) the information that the agent I created reveals.
"What I'm about to show you almost got me killed."
But after careful negotiation, I discovered what she really meant was that she was forbidding me from sharing the information my agent retrieved from our Notes databases, not the method I used to obtain it (which is one long yet straightforward LotusScript agent and a single form to capture the data). So, to protect my life, I've changed all of the names I use in the screen shots and examples in this article.
I could show you, but then I'd have to kill you
Here is what the agent I developed reveals: it retrieves the ACL of the database of your choice and creates a report that lists everyone who has access to the database, even if they are buried inside a group listed in the ACL. It then formats all of it nicely on a Notes form so you can print it out and examine it over a cup of coffee. Of course, you might spit out that coffee if you find somebody on your access list that you don't think should be there.
The information contained on the ACL Information Form is nothing that somebody couldn't gather themselves if they patiently went through all of the entries in the ACL and noted the access level of each entry, sorting them into one of the seven levels as they went along. Of course, they would then have to go to the Public Name and Address Book separately and manually look up all of the group names and note the members of each. I've gotten incredibly bored just writing about how you would do such a thing, and I can only imagine how boring it would be to actually do it.
Relax. You don't have to put on your Amish work clothes and do any of this by hand. I've already done it for you. You can get a copy of a sample database containing the ACL Information Retrieval agent as well as the ACL Information Form from http://dan.velasco.com. You can also find an online listing of all of the code there as well.