NSF_ENABLE_LARGE_ACL – Large ACLs (HCL Notes & Domino)

Parameter: NSF_ENABLE_LARGE_ACL

Short description: Raises the ACL size limit of an ODS 55 database from the classic ~950 to up to 65535 entries. Per HCL, must be set on both servers and clients that edit such ACLs. Only takes effect once the database has been raised to ODS 55 (Domino 12+).

Profile

Parameter	`NSF_ENABLE_LARGE_ACL`
Component	Domino server and Notes client (set on both sides)
Available since	Domino 12.0 (with ODS 55)
Values	`1` = allow large ACLs (up to 65535 entries), `0` / not set = classic limit (~950 entries, ACL ≤ 32 KB)
GUI equivalent	none — only `notes.ini`

Description

With Domino 12, the on-disk-structure format ODS 55 was introduced. It raises several hard database limits, including the ACL limit: previously, ACL entries were collectively limited to ≤ 32 KB / approx. 950 names. ODS 55 allows up to 65535 entries.

For the additional possible entries to actually be used and stored, NSF_ENABLE_LARGE_ACL=1 is mandatory:

on every Domino server that hosts or replicates such a database,

on every Notes client / Domino Administrator that edits the ACL.

If the setting is missing, the ACL remains limited to the classic 32 KB limit — even if the database is raised to ODS 55. Pre-R12 clients show an "ACL corrupt" message when opening an ACL > 32 KB.

Example configuration


NSF_ENABLE_LARGE_ACL=1

In the configuration document under NOTES.INI Settings:


NSF_ENABLE_LARGE_ACL=1

Important: Notes clients and Domino Administrator clients that edit the ACL also need the same entry.

Notes & pitfalls

Prerequisite ODS 55: the database must first be raised to ODS 55 (e.g., via compact -c with Create_R12_Databases=1). Without ODS 55, the parameter has no effect.

Pre-R12 clients: see the error message "ACL corrupt" with ACLs > 32 KB. In mixed operation, only release large ACL expansion when all relevant clients are on 12+.

Downgrade trap: anyone wanting to downgrade a database to an older ODS must first reduce the ACL to < 32 KB. Only then run compact -r — otherwise the ACL becomes corrupt and Domino creates a new default ACL.

No server restart needed to set the parameter; the effect kicks in on the next ACL edit.

Replication: the ACL replicates as usual; servers without NSF_ENABLE_LARGE_ACL=1 only pass it through but cannot edit it.

Monitoring: with "ACL corrupt" symptoms, check whether all involved clients/servers have the parameter.

Sources

HCL Domino 12.0.2 Administrator Documentation — Enhancements introduced in ODS 55 in Domino 12

HCL Support Knowledge Base — Behavior of the Notes database with ODS 55 in Notes client 9.0.x and Notes client 12.0.x (KB0109170)

Mindwatering — Upgrading to ODS 55:0 for HCL Domino 12.0.x