Netware OES SP1, Secure iPrint printers, Windows XP SP2

We have set up some secure iPrint printer agents and to control who has
access to them via IPP we added a specified group to the 'user role'
section in 'Access Control' in the Printer Agent in iManager. This
indeed correctly has the desired effect of limiting the users who can
access the printer agents to that group via the IPP route (iPrint client).

We are testing pure NDPS access to these secure printer agents (with the
NDPS bit on the Novell Client) and noticed that once logged into the
tree and after adding an NDPS printer with 'add printer' wizard, the
ACL's set in the Printer Agent Access control User Role section have no
effect. It seems that basic authentication to the tree with any old
userid is enough to print to a printer agent via NDPS. The userid does
not have to be in the specified user role.

Surely this is a security flaw as there is no point in limiting one
method off access to the printer agent (IPP) via user roles but not
another one ( pure NDPS)?

Is this behaviour intended, and if so can it be fixed so that the Access
Control User Roles apply to pure NDPS printing too?