Parameter:
Deny_AccessShort description: Local deny list: explicitly rejected users/groups for this server.
Profile
Parameter | Deny_Access |
Category | Security / TLS |
Component | Server |
Available since | R4 |
Supported versions | 9.0.1, 10.0, 11.0, 12.0, 14.0, 14.5 |
GUI equivalent | Server document (Security → Server Access) |
Possible values | Comma-separated hierarchical user/group names |
Description
Deny_Access is the counterpart to Allow_Access: the users and groups listed here are rejected directly at the server, regardless of the ACLs of individual databases. Classic use: quickly and globally lock out former employees, compromised Notes IDs, or disabled accounts.In production environments, the DenyAccessGroup group (or similar) should instead be maintained in the Server document – it is replicable and centrally manageable.
Deny_Access in notes.ini only takes effect on the local server.Example configuration
Deny_Access=Terminations/Domain,Compromised IDs/Domain
Notes & pitfalls
- Takes precedence over
Allow_Accessand over Server document access rules.
- Use hierarchical names – no short forms.
- Local to a single server – not replicated; with multiple servers, maintain groups in the directory.
- If your own admin user is accidentally entered, only local console access (
set configfrom console) helps.
- The change takes effect after a
set configreload or a server restart.