This two-part Q&A article offers a plethora of access control list (ACL) advice from our resident security and administration expert Chuck Connell. From customizing private and public views to managing database access levels, you asked and Connell answered.
SearchDomino.com member: Whenever staff members click on a button to display a view, I only want that view to display their level of access. For instance, I'd like an executive user to only see the documents or data that are at the executive level access.
However, for management level, I want users to be able to view the management AND executive level access. How can I do that? Do I need to create it on a different form for each access level?
Chuck Connell: There are various ways to do this, but here's one suggestion:
- Create several roles in the database ACL, such as [highmanage], [manage], [exec], etc.
- Then add names/groups to the ACL and assign various roles to them. So one group of people can have the roles [manage] and [exec], while another group of people will only have the role [exec].
- Then, set the view security so that only people with the proper role can see the view.
For more security, add a Reader field to every form (hence, document) and use the same roles in the Reader fields. This is more secure, because a clever user can get around view security.
SearchDomino.com member: In our application, we set the ACL for the default user to prevent the creation of personal views and folders. However, the user can still create private views and folders by copying an existing view or folder. Is there any way to prevent the user from creating private views? If not, is there any way to prevent the user from copying existing views or folders?
Connell: Anyone with Reader access (or higher) can create personal views and folders. The ACL option "create personal folders/views" just refers to where the personal folders/views are stored. If you select this option, personal folders/views are stored on the server (in the database). If you deselect this option, personal folders/views are stored in the user's desktop.
The option is poorly worded and is a source of much confusion. So, I don't believe that there is any way to prevent users from creating personal folders/views. (If anyone knows how, please let me know.)
This leads to a question though ... why do you want this restriction? Are you using views as a security method, by storing certain documents in certain views, and trying to prevent users from seeing these documents? If this is your reason, you should re-examine your security model. Restricting access to certain views (or forms) is not a security method. It is too easy to get around, in several ways.
SearchDomino.com member: I have set the default level in the ACL so that users cannot create shared or personal views or folders within the database. Everything is running local on the user's station. For the present, we are not using the server. However, we find that users have full access to do anything they want with the database. Our goal is to stop users from deleting/creating/renaming views and folders of any kind within the application.
Connell: If I understand this correctly, here is what you are doing: You have created a Notes application. You gave each person a separate physical copy of the application, and put it on each person's computer. Then you adjusted the ACL of each copy to control what that person can do in the application.
Assuming I have this correct, the problem is that it won't work. Lotus Notes enforces most of its security settings by working with the Domino server. Notes basically assumes that you are using a Domino server to hold the databases. Most security features are simply turned off when you have your own local copy of a database.