DIRECTORY SERVICES

How other database security features restrict extended ACL access settings
The access set for a user in an extended ACL can never exceed the access the database ACL, including the database ACL privileges and roles, allows the user. For example, if the database ACL allows a user only Reader access, you can't use the extended ACL to allow Write access. Or if a user is omitted from the database ACL User Creator role, you can't use the extended ACL to allow the user Create access to Person documents.

Access set through a security feature in the database design also restricts the access you can specify in an extended ACL. For example, if a Readers field on a particular form prevents a user from reading fields in documents created with that form, giving a user Browse access to the form in the extended ACL does not override the access specified in the Readers field.

See also