Hi all :-)I thought assigning the user type of “Server group” or “Server” to an ID prevents it from being used to access a database from a workstation…However, that’s not what I see in my environment…
In my environment, all users’ mailboxes list ServerA as Manager in their ACLs, and the serverA is set for “Server” as the user type. However, I can go to the server A, start the Notes client on the server (nlnotes.exe), and be able to open any users mailboxes…
Is it because I’m using the nlnotes.exe (which is not quite a complete Notes Client, right?) on the server? OR am I simply missing some configurations?
Btw, I understand that assigning the “user type” is not a foolproof security method…We have too many people who have access to the serverA and just would like to eliminate the easy access to users mailboxes on the server…
Subject: User Type in ACL is set for “Server”, but I can still open the DB locally with the Server ID
local databases don’t have security, never have.
if you want them to have it then you need to enforce a consistent acl (advanced acl settings)
Subject: RE: User Type in ACL is set for “Server”, but I can still open the DB locally with the Server ID
Thank you both, Stan & Raymond!I see…As Raymond suggested, I set to “enforce consistent ACL” on my mailbox, and now I can’t open it from the server, great! 
Thank you again both for helping me to understand it and providing me a solution to it.
Subject: User Type in ACL is set for “Server”, but I can still open the DB locally with the Server ID
Setting the type to “Server” will prevent a user at a workstation from accessing a database on the server, yes. But when you run nlnotes on the server machine, the user is accessing databases LOCALLY, not “on a server”.