Document access rights are generally given on a group list or role basis. However we have frequent situations where a member of a group must be excluded (as an exception) to an individual document. The current design being assume no access unless listed, creates a real headache when you generally want to grant access but have exceptions. Breaking the group list down to individual members creates an extreme maintenance burden and loss of the dynamic membership provisions afforded by group lists.
There have been comments suggesting use of view formulas with an exceptions list to restrict access. It is worth mentioning that if a person generally has author or higher ACL in a database and is listed in the Readers field as a member of a listed group...there is little problem using backdoor processes to gain access. Such as private views, ODBC/Notes SQL, private actions/agents.
The requested feature is both to ease development efforts as well as effectively tighten security of sensitive information without significant impact on the design of Domino
The ACL model at the database level is great for general access rights. However the model breaks down on the individual document level, when there needs to be exceptions to the general rules.