Consistent ACL

The Consistent Access Control List (ACL) feature of a database enables you to ensure that all replica copies of a database, whether on a server or workstation, maintain the same ACL.

Additionally, enforcing consistent ACLs on a database makes the Notes client enforce the ACL on local databases, meaning that users are restricted by the ACL. Users have Manager access to all local databases that do not enforce consistent ACLs.

One potential problem with enforcing the ACL locally is that Group information is stored in the Directory database on the server. To overcome the problem of not being able to confirm group membership locally, information about the group membership of the user replicating the database is stored in the database for ACL checks. If a different user attempts to access the local replica, no group information will be found for that user, so only that user's name can be used to grant/deny access.

Be sure to enable the Enforce a Consistent Access Control List setting only on a replica whose parent server has Manager access to other replicas; otherwise, replication fails because the server has inadequate access to replicate the access control list.

Follow these steps to enforce consistent ACL:

1.	Select the database to modify.
2.	Choose File, Database, Access Control, or right-click and choose Database, Access Control.
3.	Click the Advanced tab, as shown in Figure 10.2. Figure 10.2. The database encryption dialog box. [View full size image]
4.	Click Enforce a Consistent Access Control List Across All Replicas.
5.	Click OK.

A common problem that occurs when using the Enforce Consistent Access Control List Across All Replicas option is that it can cause the database to stop replicating. This can happen if a uniform access list is not maintained and its causes include: If a user changes the ACL of a local replica copy that has Enforce Consistent ACL enabled. If Enforce Consistent ACL is enabled on a server replica that does not have Manager access.