SECURITY
Select the "Enforce a consistent Access Control List" setting on a replica whose server has Manager access to other replicas to keep the access control list the same across all server replicas of a database. If you select a replica whose server does not have Manager access to other replicas, replication fails because the server has inadequate access to replicate the ACL.
If a user replicates a database locally, the database ACL recognizes that user's access as it is known to the server. This happens automatically for local replication, regardless of whether "Enforce a consistent Access Control List" is enabled.
It should be noted that local replicas with "Enforce a consistent access control list" enabled attempt to honor the information in the ACL and determine who can do what accordingly. However, they have some limitations. One limitation is that group information is generated on the server, not at the local replica. When a database is replicated locally, information about the group membership of the person doing the replication is stored in the database for use in ACL checking. If a person/identity other than the one doing the replication accesses the local replica, there will be no group membership information available for that person, and the ACL can use only the person's identity, not group membership, to check access.
Additionally, enforcing a consistent access control list does not provide additional security for local replicas. To keep data in local replicas secure, encrypt the database.
Note If a user changes a local or remote server database replica's ACL when the "Enforce a consistent Access Control List" option is selected, the database stops replicating. The log (LOG.NSF) records a message indicating that replication could not proceed because the program could not maintain a uniform ACL on replicas.
To enforce or disable a consistent access control list for multiple databases
1. Make sure that you have Manager access in all the database ACLs you select.
2. From the IBM® Lotus® Domino™ Administrator Server pane, select a server that has Manager access to the databases on which you want to enforce a consistent ACL.
3. Click Files, and select one or more databases from the Domino data directory.
4. Click Tools - Database - Manage ACL.
5. Click Advanced.
6. Select the option "Modify Consistent ACL setting."
See also