Application needs 'non-Readers' field

I have an nsf with Default-ACL access set to Editor. My application needs a "non Readers" field, i.e., where all employees can view document A but User XXX cannot see document A.

[Roles] would not be a good solution because the app has a lot of doc with the same rule. Private View involves hard maintenance (the user can perform a search). Single Category will not work either. Settng all employees in a Readers field without the User XXX is not a good solution either, because I have more than 100,000 users (Default-ACL is not set to No Access). Work with Groups can work but the Domino Administrator will rate me. What is your recommendation?

First of all, there is no such thing as a "non-Readers" field. You'll have to find some other way to address this requirement. If absolute protection is important, Readers fields, encryption and database ACL are the only really secure ways.

Also, you say that the person isn't supposed to be able to see the document about them because it contains information about themselves that they aren't supposed to know, but everybody else in the whole company has access to? This seems odd to me, to say the least. What's to prevent people from making deals with each other? "I'll show you yours if you show me mine." They've got the whole company to choose from -- they don't have to try to talk their immediate co-workers into it when they have a friend in a different department.

Realistically, there are not 100,000 users who will require access to read a particular document. Nobody has time to read more than a small percentage. There are probably only a few who need to see it. The problem is identifying those few so you can put only them in the Readers field. Perhaps they could be self-identified, meaning they would fill out a request form asking for access to a particular user's information. An agent would then process the requests and add them to the Readers field of the corresponding document automatically. However, note that an application that contains 100,000 documents, all of which have different Readers fields, will be slow.

If you made it accessible only through a Web browser, you might have better luck hiding information securely. The user doesn't have access there to the normal tools they would use to bypass hide formulas, Queryopen code, and other measures that aren't true security.

Do you have comments on this Ask the Expert question and response? Let us know.

Dig Deeper on Development Security for Lotus Notes Domino

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.




  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...