AdminP Can Delete Readers Fields,

Making Documents Visible To All

Technote (FAQ)

Problem
Deleting a user with the Administration Process (AdminP) can lead to
restricted documents being made visible to all Notes users with ACL
access to the database. When AdminP processes a 'Delete in
Reader/Author fields' request, it will delete the user specified fromany
Readers fields in any databases that have the ACL property 'Modify all
Reader and Author fields' selected on the Advanced tab. If a Readers field
only contains a single entry (the user name being deleted), then the Readers
field itself will be removed, making the document visible to all.

Solution
AdminP is functioning as designed. If the Readers field was not deleted, the
document would not be accessible to anyone, including administrators with
Manager access to the database.
The workaround for this situation is to eliminate the potential for this
condition to exist. Do not add a single user to a Readers field. A group
entry in a Readers field will prevent this. Even if all of the group members
are deleted, the group entry is not, and the Readers field will be maintained.
If it is acceptable that documents be made inaccessible to all and there is a
business need to have a single user in a Readers field, then any second
entry, even a dummy entry, added to the field will prevent the Readers field
frombeing deleted by AdminP.
Note: Readers fields are not enforced when a database is opened locally.

Related information
Readers Fields Versus $Readers Fields and How to Popula


Historical Number
192484


IBM - AdminP Can Delete Readers Fields, Making Documents Visible To All http://www-01.ibm.com/support/docview.wss?rs=727&uid=swg21092787
1 of 1 9/23/2008 12:31 PM