About This Code
Brief Description:
Use Catalog.nsf to parse database ACLs instead of server agent
Contributor:
Jess Stratton
Notes Version:
R5.x, R6.x
Last Modified:
08 Jan 2006
OpenNTF Disclaimer
All of the program code and information presented in the OpenNTF.org Code Bin are provided "as-is", and should be used at your own risk. OpenNTF.org make no express or implied warranty about anything in the Code Bin, and OpenNTF.org will not be responsible or liable for any damage caused by the use or misuse of anything from this site. OpenNTF.org makes no guarantees about anything. Please thoroughly test all of the knowledge and code you find here before you attempt to use them in your production environment.
Code / Description
The Domain Catalog (catalog.nsf) contains all sorts of useful information on databases, including properties, replica IDs, full-text index properties, Access Control Lists, etc.
However, ALL databases are reported on, even those that don't have the "list in database property" field checked. They are all stored in a hidden view called "($ReplicaID)".
Assuming the server task "Catalog" runs every night and keeps the database list up to date, it's possible to take database ACL properties directly from the catalog, rather than having to create a scheduled server agent to get the ACL properties directly from the database itself if you don't have access to it. It's not possible to CHANGE an ACL entry via the catalog, but it's definately useful when you need to query access.
Usage / Example
'Assumptions:
'This code assumes you are looking for a particular entry... searchString. This is the full canonical name of the person or group, such as 'cn='.
'For brevity's sake, this code picks up in a function assuming the following:
'1. You have previously set your db object to catalog.nsf
'2. You have previously set your view in catalog.nsf to ($ReplicaID)
'3. You have set a first doc object in that view, and are looping through all docs, calling ExistsInACL on each doc
Function ExistsInACL(catalogdoc As NotesDocument, searchString As String) As Variant
Dim actualValueString As String
Dim itemList(1 To 6) As String
itemList(1) = "ManagerList"
itemList(2) = "DepositorList"
itemList(3) = "DesignerList"
itemList(4) = "EditorList"
itemList(5) = "ReaderList"
itemList(6) = "AuthorList"
Dim returnValue As Variant
'Assume it does not exist
returnValue = False
Forall i In itemList
Set aclItem = catalogdoc.GetFirstItem(i)
Forall v In aclItem.Values
'for all individual entries in each field, call GetDelimitedWord to get the actual entry value
actualValueString=GetDelimitedWord(Cstr(v), "$", 1)
If Strcompare(Lcase(searchString),Lcase(actualValueString),0) = 0 Then
'We have a match. The entry is in the acl.
returnValue= True
Goto finished
End If
End Forall
End Forall
finished:
ExistsInACL= returnValue
End Function
************
Function GetDelimitedWord(searchString As String, delimiter As String, startPosition As Integer) As String
If startPosition > Len(searchString) Then
GetDelimitedWord = ""
End If
Dim pos As Long
pos& = Instr(startPosition,searchString,delimiter)
'In the case that the delimiter is not found, we want to return everything
'that remains in the string. The +1 will allow us to compute the correct
'length of the rest of the string.
If pos = 0 Then pos = Len(searchString)+1
Dim returnString As String
'position startPosition after our current position so we could call
'this repeatedly from a loop.
returnString = Mid(searchString,startPosition,pos-startPosition)
startPosition = pos +1
GetDelimitedWord = returnString
End Function