• All documents with hierarchical names at a particular location in the directory name hierarchy, -- for example all documents whose names end in OU=West/O=Acme.
• All documents of a specific type, -- for example all Person documents
• A specific field within a specific type of document
• A specific document

• Delegate your Domino administration, for example, allow a group of administrators to manage only documents named under a particular organizational unit.
• Set access to precise portions of the directory contents.
• Set access to documents and fields easily and globally at one source, rather than requiring you to control access through features such as multiple Readers and Authors fields.
• Control the access of users who access the directory through any supported protocol: Notes (NRPC), Web (HTTP), LDAP, POP3, and IMAP.
• Limit access to Internet passwords stored in the Domino Directory to protect against attacks by malicious sources trying to guess passwords.

Note Server processes such as the Router task do not enforce extended ACL restrictions. However, in the case of the Router task specifically, you can prevent some users from sending mail to a group by editing the Readers field for the group and including only the names of users you want to allow to send mail to the group. When users omitted from the Readers field attempt to send mail to the group, the Router won't deliver the mail.

Related topics

Securing Internet passwords
Restricting users from sending mail to groups listed in the Domino Directory
Using an extended administration server
Setting overall access levels in the Domino Directory ACL
Configuring a database ACL
Elements of an extended ACL
Extended ACL examples
Extended ACL guidelines
Enabling extended access
Setting up and managing an extended ACL

Glossary