API
@-Formulas
JavaScript
LotusScript
Reg Exp
Web Design
Notes Client
XPages
 
Deny Access vs Full Access Administrators
I always thought that "Deny Access" was the be-all, end-all. But apparently not. If someone is listed in both the "Full Access Administrators" list and the "Deny Access" list for the server, they will still be able to access the server. The "Full Access Administrators" trumps the "Deny Access" setting.

From the Administrator Help file, here's information on the Full Access Administrators field:

Full access administrators

Full access administrator is the highest level of administrative access to the server. The full access administrator feature replaces the need to run a Notes client locally on a server. It resolves access control problems -- for example, such as those caused when the only managers of a database ACL have left an organization.

Full access administrators have the following rights:

Obviously, you want to be careful with who is placed in that field. But when someone leaves the company, just putting them into Deny Access won't be sufficient. You have to pull them out of the Full Access Administrators field in addition to putting them in Deny Access.