Duffbert's Random Musings

Document Number:  1084294

Problem
A customer wants to know how the advanced Access Control List (ACL) option of "Enforce a Consistent Access Control List Across All Replicas of This Database" affects local replica copies of databases.

Content
This advanced ACL option affects a local replica copy in a couple of ways, depending upon which replication options are selected, and which ID a user used when creating the replica.

For example, if a user that has Author access to a database creates a local replica on their workstation, their access credentials will be "cached" in the replica copy.  These credentials include all of the user's groups, roles or privileges, even if nested.  When the user accesses the local replica, the user will be able to retrieve their credentials from the local replica and then open the database using that set of credentials which simulates the access the user had when accessing the server's copy of the same database.  If, however, the user switches to an ID different from the one used to create the local replica, the database grants access a bit differently.

When a user ID (other than the one that created the replica copy) is used to access the local replica of the database, the user must be explicitly listed in the ACL, or the default ACL must be set to Reader or above.  Relying on group membership to gain access does not work unless you are accessing a server based database, in which case you have direct access to the Public Address Book where the group is defined.

A user may try to promote their access level on the local replica by creating a group in their Personal Address Book with the same name of a group defined in the ACL with a high level of access, such as Manager.  This attempt to bypass the ACL security does not work.  The "cached" credentials, explicit ACL listings, or the Default access settings control local replica access when the "Enforce a Consistent Access Control List... " option is enabled.  Furthermore, this advanced ACL option prevents users from bypassing ACL security by creating a local replica and disabling the option to "Copy Access Control List" (enabled by default).  Under these conditions, the advanced option does not allow a replica to fully initialize, preventing any access to the local replica.

Supporting Information:

Enforcing a consistent ACL option is not a security feature. Data in the local replica is not secure unless the workstation or laptop is physically secure or the database is encrypted using the local security feature. A motivated developer could create an add-in program to bypass an access control list that is enforced locally.