In our applicationn we set the ACL for the default user to prevent the creation of personal views and folders. However, the user can still create private views and folders copying an existing view or folder. Is there any way to prevent the user from creating private views? If not, is there any way to prevent the user from copying one of the existing views or folders?
Anyone with Reader access (or higher) can create personal views and folders. The ACL option "create personal folders/views" just refers to where the personal folders/views are stored. If you select this option, personal folders/views are stored on the server (in the database). If you deselect this option, personal folders/views are stored in the user's desktop. The option is poorly worded and is a source of much confusion.
So, I don't believe that there is any way to prevent users from creating personal folders/views. (If anyone knows how, please let me know.)
This leads to a question though... Why do you want this restriction? Are you using views as a security method, by storing certain documents in certain views, and trying to prevent users from seeing these documents? If this is your reason, you should re-examine your security model. Restricting access to certain views (or forms) is not a security method. It is too easy to get around, in several ways.
This was first published in October 2001