Where is the Execution Control List (ECL) stored and configured?
The ECL is stored for each user in their desktop.dsk/desktop5.dsk file. Users can access their ECL from File\Preferences\User Preferences\Security Options. Administrators can configure domain wide settings in the Public Address Book/Domino Directory by selecting Actions\Edit Administration ECL. Workstation ECLs are inherited from the Administration ECL during workstation setup. In R5.0.5 or higher, these settings can be refreshed from the Administration ECL by clicking the “Refresh” button on the Workstation Security Options dialog. The use of the @RefreshECL command can also be used in formulas to update a user’s settings. How do ECLs protect workstations? ECLs rely on the use of digital signatures. When a design element is created and saved, it is signed with the user’s private key from their ID file. When executable code is activated, Notes checks the signature and verifies what level of access the signer is allowed for that user’s workstation. Notes relies on the use of certificate
