In addition, the service provider configuration uses extended ACLs in the Domino Directory to protect the data of each hosted organization from access by users in other hosted organizations. The extended ACLs required to support the xSP security model are automatically established when new hosted organizations are created. Plan and test carefully if you want to modify ACLs and extended ACLs in an xSP environment -- security is extremely important.

The authentication controls in Site documents control only who can authenticate and use the Internet protocols. After authentication, ACLs and extended ACLs control the data that can be read from and written to the Domino Directory.

A user in a hosted organization cannot directly access databases in any subdirectories other than the hosted organization's directory. Exceptions are the "help" and "common" subdirectories of the Domino data directory which contains databases accessible to users in all hosted organizations.

To provide users with access to databases outside that of the hosted organization's subdirectory, create a directory link within the hosted organization's directory.

Related topics

Roles in the ACL
Validation and authentication for Notes and Domino
Server access for Notes users, Internet users, and Domino servers
Elements of an extended ACL
The database access control list
Configuring a database ACL
Creating, updating, and deleting directory and database links

Glossary