Allowing one database to access another secure database
You have a database with lots of sensitive information called SecureDB. You do not want to allow users to access the database, so LocalDomainServers and an admin group have only read access to the database.
Users can access a different database, called UserDB, on the same server.
The problem is that you need the users, from UserDB to have the ability to run a manual agent to pull some information from SecureDB.
There is an undocumented ACL trick in Notes that can allow this access smoothly. You can add the replica ID of UserDB to the ACL of SecureDB (include all 32 characters and the colon in the middle). This allows an agent from UserDB, regardless of who triggers it, to have the ability to pull information from SecureDB.