FORUM PLAN UPDATE: Date revision: This forum will remain open to new posts and responses until December 1, 2018. (After that date, you will still be able to view and search the forum.) Also, we're taking a second look at the best place to host future conversation. For now, keep using this forum, and stay tuned for more news.
RE: AcL is not working on local user nsf file (Lotus domino 8.5.3) Mark Taylor 26.Jul.18 10:27 AM a Web browser Domino Server All ReleasesAll Platforms
First of all, nobody should be able to copy another user's mail file from the server, especially if, as you stated 'When mail file on server its ACL working fine.'
If a user has a local replica of his/her own mail file, it should be locally encrypted, which would prevent someone else from opening/reading even if they had access to open it, which they should not.
Personally, i always use "Enforce a consistent access control list" - which should assist in ensuring the ACL is correct across all replicas - but of course the 'copy' function has an option to copy (or not copy) the Access Control list. So, you'd want to make sure that the ACL is copied if you're creating local copies.
A tip from the Administrator help - 'Configuring a database ACL'
(Optional) To prevent users whose access levels are Depositor or No Access from using the operating system to copy the database, encrypt the database with the server ID through the local Encryption option. This ensures that the database, even when copied, is illegible to anyone who doesn't have access to the server ID.