Issues with ACL

Recently we had upgraded our domino servers from 8.0.1 to 8.5.1 . Earlier we had given author access with user modifier role to some helpdesk people on names.nsf so that they can reset the internet password of other users. We had hidden the person documents of administrator by unchecking the who can read this document

in security tab of document properties and given access to only the admin group. Earlier it was working fine as helpdesk people were not able to see the

person documents of administartor.

But after the upgrade they are able to see the person documents of admin and change the password as well.

According to my understanding if we have restricted the access on some documnts from security tab in document properties then all the other users who have

any level of access and role on that database wonot be able to see those documnsts if there name is not present in the group which we have selected by

unchecking the who can read this document in security tab of document properties and given access to some particular group only.

Please let me know if my understanding is not correct or in Domino 8.5.1 it is not working as designed??

Subject: yes, call support

Your logic is sound. I don’t see any problem with what you describe. It should work.

To double check your work, take a name of a person who is able to see what they shouldn’t be able to see. Do a search against the Groups view and list ALL the groups they are in. Double-check the ACL and the document security to see which of these groups are allowed access.

After confirming that there isn’t some explanation for this, I would recommend you put in a ticket with IBM. They will probably want a copy of your names.nsf to examine.