How to create a restricted, secondary address book for only a certain group of users which does not resolve and allow mail from the restricted names for all users.
In creating a secondary address book , readers fields are frequently used to prevent "unauthorized" users from selecting a name and sending an email. However, since the server must have access to all names in each name and address book, any user who types in an ambiguous name will be presented a list of email addresses which includes the restricted name. The server's access is the access that is used when presenting the ambiguous names, not the access of the user. So the idea of a restricted directory is lost.
The solution: My client was experiencing the same problems with an address book that contained a listing of their clients and which was restricted to a small percentage of their users. My solution was to alter the ($Users) view in the restricted address book. The addresses in our restricted book contain RFC822 addresses which have the client first name, middle initial, last name, and the client number in parenthesis followed by the real email address -- in our situation, the mailin database name (our mail to clients is sent first to a mail in database for processing and pick-up by another application). So the address looks like this: 'Joe B Customer (123456789)'<email@example.com> . I changed the ($User) view to only use the first part of the address - 'Joe B Customer (123456789)' - and removed all other variations of the name from that view. Now, when our users type in an ambiguous name, the list of names does not contain any of the names from the restricted book. F9 and type-ahead do not resolve any names from the restricted book (The variation of the name is too long). However, when those who have rights to the restricted book select the name from the address book, mail is sent without any problems. If , however, a user does manage to guess the name and client number PLUS the entire email formatting, then the name will resolve. Simply typing in 'Joe B Customer (123456789)' will NOT resolve to an address. The entire RFC822 address is needed for the name to resolve. The only "inconvenience" is to the users of the restricted book. They must select the names directly from that directory; no type-ahead even for the users who have access.