I'm trying to find a way to save the complete user list access privileges for a specific lotus notes document.
I know I can get database-level ACL's from catalog.nsf, but not document-level access. Also the Author field of the document -I believe- won't list read-only access users.
Does anyone know how to obtain the complete ACL of every user for a specific document?
Any help is appreciated, thanks!
Edit: spelling.
Simon is correct. It is non-trivial. Even though I would skip his suggestion of reading the Forms, it is still non-trivial. Even for checking just a single document as per your question, it is non-trivial. I know auditors sometimes want exactly this type of information, but Domino's security system wasn't designed with that in mind, and there's no built-in API to get the info.
In Java, you need to use the Document.getItems() method to retrieve a vector of all Items. Then you have to look through the Items. You need to check Item.getType() to determine if it is a Item.READERS or Item.AUTHORS. If it is, then you need to do Item.getValues() to retrieve the vector of values, and you have to loop through the vector check to see if each value is a role. If it is a role, you have to use Database.getACL() and iterate through the ACLEntries to determine which ones have the role and whether they are Person entries or Group entries. And if they are group entries you have to look up the group members in the Domino Directory -- which might require expanding nested groups. For any values in the Item that are not roles, you have check that value against the Domino Directory to see if it is a valid Person or Group -- and again expand the group until you finally get to the People. For the lookups in the Domino Directory you have to worry about the fact that Directory Assistance may be configured in which case there can be multiple Domino Directory databases to check, but this is somewhat easier if you can use Notes/Domino 8 because there is a Directory class that takes care of that for you.