CLUSTERS
Setting up database ACLs in a cluster
One way to be sure that the access control lists are synchronized across all replicas is to use the following procedure for each database:
1. In the Server pane of the IBM® Lotus® Domino® Administrator or the Web Administrator, expand All Servers or expand Clusters.
2. Select a server that contains a replica of the database you want and has Manager access in the ACLs of the other replicas in the cluster.
3. Click the Files tab.
4. Do one of the following:
6. In the Tools pane, expand Database, and then click Manage ACL.
7. Click the Advanced icon.
8. Choose "Enforce a consistent Access Control List across all replicas of this database," and then click OK.
This setting ensures that ACLs are consistent across replicas and also enforces the ACL when replicas are accessed locally on either a server or a client.
Another way to keep ACLs consistent across replicas is to give all servers in a cluster Manager access to all databases in the cluster. This ensures that every server can update the ACL of every database.
To give the cluster servers Manager access to all databases, you can create a Group document in the Domino Directory that includes all the servers in the cluster. Then add this group to the ACL of each database, select the user type "Server group," and give the group Manager access.
It is important that cluster servers have adequate access so they can replicate all data from one replica to another. If there are any restrictions in one replica that are not in another replica, some information will not be available to users when failover occurs. Therefore, be sure that servers not only have Manager access, but that they can all replicate the same data without restrictions.
Private folders replicate differently in a cluster than outside a cluster. When outside a cluster, private folders and their contents do not replicate during server-to-server replication but do replicate during client-to-server replication. In a cluster, however, private folders replicate from server to server so that users are able to access their private folders if they fail over to a different replica. To ensure that private folders replicate between servers in a cluster, be sure to set the user type of the servers in the ACL to "Server" or "Server group."
Controlling other settings that restrict database access
There are methods of restricting database access in addition to the ACL. It is important that these settings are consistent across databases so that complete replication occurs and failover works transparently to the user. These methods include the following:
If a document in a database includes a Readers field, the cluster servers must be listed in the Readers field or the servers will not have access to that document and will not be able to replicate the document. The same is true if a folder or view includes a Readers field. Because Readers fields are often maintained by a database designer rather than a network administrator, network administrators need to communicate with database designers about this issue.