This forum is closed to new posts and responses. New discussions are now taking place in the IBM Developer Answers forum.

Jun 14, 2016, 1:13 PM
64 Posts

Is there a way to deny a user access to a local replica they have?

  • Category: Notes Client
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 4

I've been asked this over the years by my manager and HR and I've yet to find a way to do this.

We have a number of users who work remotely and are never in the office.

They all have local replicas of their required databases.

Some of them own their laptops so when terminated we don't get them back, so have to coordinate to connect to them and uninstall corporate software, include Notes and their local replicas.

I've been asked if there is a way to do this from the server?

We've just terminated a remote user who will be returning his hardware, however, not immediately.  So they asked if he was removed from the ACL of databases, and we allowed his system to replicate would it removed the data so he saw nothing?

I didn't think so because if he has no access to a database, he wouldn't be able to replicate with it.

Any thoughts?



Jun 14, 2016, 6:40 PM
40 Posts
It depends
If the db in question uses reader fields, and you could make it so the user is no longer in the reader fields, the local replica would become empty upon replication.
Note this would require the user to NOT be in the readr fields with name to begin with, but with a Role.

Another possibility might be to recertify them, and do it with a really short timespan.  You'd need to check to see if this blocks them if they are accessing the db locally. (i.e. ceate a user , furnish a laptop with local replica, recertify, have the remote user access the server so the certificate is pickd                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    
Jun 14, 2016, 9:56 PM
212 Posts

If the user has a local replica, you can use the option "Enforce consistent ACL" in the Advanced Section of the ACL.  Once this option is enabled, you can replicate a chane of he ACL to the local replica removing the local user.  Since the "Enforce a consistent ACL" is in force, the local user should not be able to modify t e ACL locally.  The problem is that you must do this prior to removing the user from the database.

Jun 15, 2016, 7:10 PM
362 Posts
Would the ACL allow replication if you granted public-doc access?

I don't know, but then maybe it'll take care of itself.

(I thought I'd written a response to this earlier, so ... I might be answering twice.)

Jun 16, 2016, 12:31 PM
64 Posts

Thanks for the suggestions.

This forum is closed to new posts and responses. New discussions are now taking place in the IBM Developer Answers forum.