Minimum Domino Access Control List permissions for the BlackBerry Enterprise Server

Article ID: KB01469

Type: Support Content

Last Modified: 12-15-2011


Product(s) Affected:

  • BlackBerry Enterprise Server for IBM Domino
  • BlackBerry® Enterprise Server 2.0 to 5.0 for IBM® Lotus® Domino®

Every IBM Lotus Domino messaging and collaboration server database, including databases used by the BlackBerry Enterprise Server, has an Access Control List (ACL) that specifies the levels of access that users and servers have to a database. Database access levels and privileges are assigned to the ACL and control which tasks can be performed in the database.

For each user, group, or server listed in the ACL, select the basic access level and user type, and refine the access level by selecting various access privileges. A role created by the database or application developer can further refine the permissions.


The minimum ACL permissions for Lotus Domino for the BlackBerry Enterprise Server are as described in the following table.

Component Permission Levels
BlackBerry profiles database The BlackBerryAdmins group and the BlackBerry Enterprise Server (the Lotus Domino messaging server that runs the BlackBerry Enterprise Server add-in task) require Manager access, as well as the DeleteDocuments privilege and the [Admin] role to the profiles database (BlackBerryProfiles.nsf).

The BlackBerry smartphone users are granted Author access to the profiles database. These are default permissions.


BlackBerry smartphone users' mail file The BlackBerry Enterprise Server requires Editor access, as well as the CreateDocuments and WritePublic privileges.

For Read/Unread marks synchronization in BlackBerry Enterprise Server 4.0 and later, the BlackBerry Enterprise Server must have Manager access to the mail files of BlackBerry smartphone users. Manager access is required because the unread table is a private view in the user's mail file database. Editor or Designer access does not allow access to private views.


BlackBerry state database Manager access (including all optional privileges) is required by the Server ID that runs the BlackBerry Enterprise Server add-in task. This is required for message redirection and for BlackBerry state database management. Manager access is the default setting.

Checking Permission Levels in the ACL

To check a database ACL for the permissions granted to the BlackBerry Enterprise Server, perform the following steps:

  1. In IBM® Lotus Notes®, open the database used by the BlackBerry Enterprise Server.
  2. Click File > Database > Access Control. The ACL appears.
  3. Select the BlackBerry Enterprise Server name. Or, if the BlackBerry Enterprise Server has been added to the LocalDomainServers group, select the LocalDomainServers group.
  4. Verify that the permissions described above are selected for the BlackBerry Enterprise Server. Check the Access drop-down list, the privileges check boxes (listed below the Access drop-down list), and the Roles list box.
CollapseAdditional Information

Refer to the IBM® Lotus® Domino® Administrator Help files for more information on Access Control Lists.


By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.

Visit the BlackBerry Technical Solution Center at