one of the documented procedures in this installation of the ACS
im_bboard_restrict_access_to_group   args
What it does:
BBoard security hack Restricts access to a bboard if it has a group_id set for the specified topic_id or msg_id
Defined in: /web/philip/tcl/intranet-defs.tcl

Source code:

    if { ![im_enabled_p] || ![ad_parameter EnableIntranetBBoardSecurityFiltersP intranet 0] } {
	# no need to check anything in this case!
	return filter_ok

    set form [ns_getform]
    if { [empty_string_p $form] } {
	# The form is empty - presumably we're not accessing any 
	# bboard topic or message!
	return filter_ok
    # 3 ways to identify a message - see if we have any of them!
    set topic_id [ns_set get $form topic_id]
    set msg_id [ns_set get $form msg_id]
    set refers_to [ns_set get $form refers_to]

    if { ![regexp {^[0-9]+$} $topic_id] } {
        # topic_id is not an integer
        set topic_id ""
    if { [empty_string_p $topic_id] && [empty_string_p $msg_id]  && [empty_string_p $refers_to] } {
	# Don't have a msg_id or topic_id or refers_to - can't do anything... 
	# Grant access by default
	return filter_ok

    set db [ns_db gethandle subquery]
    if { [empty_string_p $topic_id] } {
	# Get the topic id from whatever identifier we have
	if { [empty_string_p $msg_id] } {
	    set msg_id $refers_to
	set topic_id [database_to_tcl_string $db  "select topic_id from bboard where msg_id='[DoubleApos $msg_id]'"]

    set user_id [ad_get_user_id]
    set has_access_p 0

    if { $user_id > 0 } {
	set has_access_p [database_to_tcl_string $db  "select decode(count(1),0,0,1)
	           from bboard_topics t
                  where t.topic_id = '$topic_id'
                  and (t.group_id is null
	               or ad_group_member_p($user_id, t.group_id) = 't')"]

	if { $has_access_p == 0 } {
	    # Check if this is an intranet authorized user - they
	    # get to see everything!
	    set has_access_p [im_user_is_authorized_p $db $user_id]
    } elseif {$user_id == 0} {
        # the user isnt loged in
	set has_access_p [database_to_tcl_string $db  "select decode(count(1),0,0,1)
	           from bboard_topics t
                  where t.topic_id = '$topic_id'
                    and t.group_id is null"]

    ns_db releasehandle $db
    if { $has_access_p } {
	return filter_ok
    ad_return_error "Access denied" "This section of the bboard is restricted. You must either be a member of the group who owns this topic or an authorized user of the [ad_parameter SystemName] intranet. You can <a href=/register/index.tcl?return_url=[ad_urlencode [ad_partner_url_with_query]]>login</a> as someone else if you like."
    return filter_return