I'm trying to set a standard for our ALC defaults. We recently started allowing a few people from outside our organization access to our notes server by issuing them an .id file and notes client in order to update a database. I noticed that some of our databases ACL were opened up more then they should be, this could pose a security risk so I’m doing an audit of all databases.
What is a good standard for setting the default ACL lists? I think I’ll set this on all databases then open them up according to who needs specific access.
How does this look for a starting point, am I missing anything?
Default - No access
Anonymous - No access
LocalDomainServers - Manager
AdminTeam - Manager
OtherDomainServers - No access
Also Uniform Access is set to False on most of the databases, it is good practice to set this to true and what are the implications?