A number of different methods can be used to restrict access to a single field or group of fields on a form. One method is to restrict access based on a role created in the ACL. After the role is created, it can be integrated into the design of the database and used to manage access to a field or group of fields. In other words, you can selectively permit access to the design element based on the users name or, more importantly, the role assigned to the user.
Restricting Access to a Single Field
One way to manage the display of or ability to edit content at an individual field level is through the use of "Hide When" formulas. Using this approach, you can set "Hide When" formulas for each field to determine if the field is visible or editable.
A.19.3
Step 1.
Select the File > Database > Access Control menu options. Add the user or user group to the ACL.
Step 2.
With the ACL window still open, select the Roles tab. Click Add to create one or more roles.
Step 3.
Return to the Basics tab and assign the role to the user and user groups. First, highlight the users name or group and then select the role located in the lower-right corner of the dialog to enable the role. Select OK to save the ACL settings.
Step 4.
Create the form and associated fields.
Tip
Use a table if multiple fields are stored on a single line in the form. Create a separate cell for each field or text label. This will enable you to set a unique display formula for each field on the form without affecting the other fields on the same line.
Step 5.
Select or highlight the field that should be hidden (or non-editable) and select the Design > Field Properties menu options. With the properties dialog displayed, select tab 6 to set the display formula. Select the Hide paragraph if formula is true option and insert the following formula (see Figure 19.15). Be sure to replace the role with a valid role name in the ACL. The role must be enclosed in brackets [].
@Contains (@UserRoles; "[ROLENAME]");
Figure 19.15. Using roles to hide a specific field
Step 6.
This is an optional step. At this point, the field settings are in place and will hide the field from users that do not have the associated role (see Figure 19.16). However, you may want the field to be displayed but not editable. This can be achieved by creating a secondary "Computed for Display" field and by adding a logical "not" to Hide paragraph if formula is true. Using this approach, the field will be editable for those people assigned the role and display-only for all other users.
! @Contains (@UserRoles; "[ROLENAME]");
Figure 19.16. Using roles to hide and display multiple fields
Note
Hiding a field should not be considered a "security" feature. A proficient Lotus Notes user will still be able to view the field value by using the document properties dialog. He or she may also be able to modify the content via a local database or by using agents depending on the ACL settings or if Enforce a consistent ACL across all replicas is disabled. If you are looking for a more secure implementation, consider a controlled section or the inclusion of an Authors field.
Restricting Access to a Group of Fields
The following illustrates how to create a controlled section on a form. With controlled sections, only select IDs, groups, or roles can edit or access content in the section.
Step 1.
Update the ACL. Select the File > Database > Access Control menu options. Add the user (or group) and the associated roles to the ACL. Refer to earlier material in this chapter for more detailed information.
Step 2.
Manage the form layout. Open the database in the Domino Designer client and edit a form. Next, group all related fields in the same general proximity on the form. Move fields that you do not want included in the controlled section either above or below these fields.
Step 3.
Create the controlled section. Using your mouse, highlight all text and design elements to be included in the controlled section. Now select the Create > Section > Controlled Access menu options. This creates the controlled section and displays the Section properties dialog.
Step 4.
Set the access permissions for the section. With the controlled section created, next define who can edit the fields in the section. This is accomplished by inserting a formula or role into the controlled access section.
For example, lets say you created a role called "Admin". By adding this to the section access formula, only users with this role will be permitted to edit fields in this section. In the properties dialog, switch to tab 3 and set the access formula type to Computed (see Figure 19.17).
Figure 19.17. Using roles to control access to a section
Next, add the following formula in the Access Formula window of the properties dialog (or replace the formula with any valid role as defined in the ACL). Be sure that the role includes opening and closing brackets [].
Alternatively, the controlled section formula could be dynamically set based on a field on the form. Lets say the form has a Status field. Different sets of people can be permitted to change the section dynamically based on the document status.
@If (Status = "Draft"; @UserName;
Status = "Submitted"; "[TeamLead]";
Status = "Approved"; "[Procurement]";
Status = "In Process"; "[Admin]";
"")
In this example, the people authorized to edit the fields in the section are managed in the following sequence.
The document author can edit the initial document when the status is "Draft".
The team lead can edit it when the document is "Submitted".
The procurement person can edit it when the document is "Approved".
The administrator can edit it when the document is "In Process".
No one is allowed to edit the document after the document is complete.