Deleting a user with the Administration Process (AdminP) can lead to restricted documents being made visible to all Notes users with ACL access to the database. When AdminP processes a ‘Delete in Reader/Author fields’ request, it will delete the user specified from any Readers fields in any databases that have the ACL property ‘Modify all Reader and Author fields’ selected on the Advanced tab. If a Readers field only contains a single entry (the user name being deleted), then the Readers field itself will be removed, making the document visible to all.
AdminP is functioning as designed. If the Readers field was not deleted, the document would not be accessible to anyone, including administrators with Manager access to the database.
The workaround for this situation is to eliminate the potential for this condition to exist. Do not add a single user to a Readers field. A group entry in a Readers field will prevent this. Even if all of the group members are deleted, the group entry is not, and the Readers field will be maintained. If it is acceptable that documents be made inaccessible to all and there is a business need to have a single user in a Readers field, then any second entry, even a dummy entry, added to the field will prevent the Readers field from being deleted by AdminP.
via Lotus Software KnowledgeBase Document# 1092787