The Ten Commandments of IBM Lotus Notes ACL Management?

No, Moses has not made a recent trip of Mount Sinai to get the latest and greatest commandments as they might apply to the management of IBM Lotus Notes database access control lists (ACLs). But over the past year, I have repeatedly come across problems that have arisen for one simple reason: poor management of Notes database ACLs. This is not a trivial matter, because if organizations are truly going to leverage the solid security model of IBM Lotus Notes and Domino, they had better do it right. If not, they risk driving up their support costs and making users proclaim that "Notes sucks". More importantly, they risk their network security posture. This will make two categories of people truly gleeful: the bad guys and the security auditors.

So starting tomorrow, I will post a "commandment" a day (really a recommendatuon, because no one likes edicts, unless it is from their bosses). It may be ten. It may be more. It may be less. Send your suggestions. Send your comments. Perhaps as a community we can put together a best practices document. Meanwhile, I am going to read some Domino Web Access mail files that have anonymous access as "Manager". OK, I am not really going to read them. But I do know what company has them outside their firewall (and they are not one of my customers).