Now that Hans-Peter has looked into agentEZ I wanted to see what the new beta of Ytria's aclEZ has to offer.
The UI is very similar to agentEZ and quite intuitive to use (most of it anyway). Select a server, select one or several databases and after all information has been collected the ACL information of the selected databases is displayed in a grid similar to a pivot table. The grid lists all ACL entries and displays data like access level, access rights and so on. Group entries can be expanded and are displayed in a popup window where you can even display the whole group hierarchy (the expanded view is also available in the grid itself). You can select the server and directory to resolve the groups in but even though all directories in the directory assistance are displayed the lookup only seems to work in the primary directory (error: entry not found in index (1028)) - but hey, this is beta software.
The columns to display in the view can be selected. The entries can either be sorted by clicking on a column head or you can drag a column head to the area above the grid to group the entries. Dragging another column head there will create nested groupings. This is quite handy to discover security holes in your server. I grouped all ACL entries by name and access level and discovered two databases where -Default- was manager.
To ungroup the entries again you can either drag the column head back where you want it to be in the column heads or you can right-click it and deselect the "group by" menu entry. What I find a bit unfortunate is that when you do the latter the column is not displayed where it was before but is appended as the rightmost column. Also, when you drag a column head down into the grid the entries are ungrouped and the column is removed from the grid. So if I don't drag the columns back in place myself I have to re-order the columns manually again every time after I have grouped them.
What I was missing at first look in the grid were the roles. Then I discovered the lower grid. It has several tabs where it displays erros (e.g. databases you have no access to), allows to make modifications to multiple entries at once, displays the databases a user or group selected in the upper grid is present in and it also displays the roles in all databases in the grid the selected user or group has been assigned. I am a bit ambivalent regarding this display since I would have expected the roles to be displayed as columns in the upper grid as well. While this may be what I had expected it may not be the optimal solution since the grid can be quite wide just displaying the data it currently does. Maybe the column heads of columns containing just checkboxes could be icons instead of text to save some horizontal space for the roles.
aclEZ features a quite powerful seach option using regular expressions. The search works well but I wish that when searching for subsequent matches after doing a find first it would not only highlight the matching row but it would also display it in the visible area of the grid.
The current grid can be exported either to HTML or to a text file for further processing in Excel for example.
For some more screenshots see Chris Brandlehner's review of aclEZ.
When I had seen the Ytria tools for the first time I suggested to Eric Houvenaghel to create agentEZ but he had already though of that and it is great to see not only agentEZ but also aclEZ becoming reality. As I have been with all the other Ytria tools I am impressed with aclEZ. It is a powerful product to check your servers for security holes in the access control lists and it can also be used to maintain standard ACL formats within an organization. Things that are very hard to do just with the Domino Admin client. While this beta version still has some gotchas it looks very promising. Since Ytria constantly releases updates and bug fixes and responds very quickly to bug reports and even feature requests I have no doubt that agentEZ and aclEZ will become must have tools for the Domino administrator.