A number of different methods can be used to restrict access to a single field or group of fields on a form. One method is to restrict access based on a role created in the ACL. After the role is created, it can be integrated into the design of the database and used to manage access to a field or group of fields. In other words, you can selectively permit access to the design element based on the users name or, more importantly, the role assigned to the user.
One way to manage the display of or ability to edit content at an individual field level is through the use of "Hide When" formulas. Using this approach, you can set "Hide When" formulas for each field to determine if the field is visible or editable.
Select the File > Database > Access Control menu options. Add the user or user group to the ACL.
With the ACL window still open, select the Roles tab. Click Add to create one or more roles.
Return to the Basics tab and assign the role to the user and user groups. First, highlight the users name or group and then select the role located in the lower-right corner of the dialog to enable the role. Select OK to save the ACL settings.
Create the form and associated fields.
Use a table if multiple fields are stored on a single line in the form. Create a separate cell for each field or text label. This will enable you to set a unique display formula for each field on the form without affecting the other fields on the same line.
Select or highlight the field that should be hidden (or non-editable) and select the Design > Field Properties menu options. With the properties dialog displayed, select tab 6 to set the display formula. Select the Hide paragraph if formula is true option and insert the following formula (see Figure 19.15). Be sure to replace the role with a valid role name in the ACL. The role must be enclosed in brackets .
@Contains (@UserRoles; "[ROLENAME]");
Figure 19.15. Using roles to hide a specific field
This is an optional step. At this point, the field settings are in place and will hide the field from users that do not have the associated role (see Figure 19.16). However, you may want the field to be displayed but not editable. This can be achieved by creating a secondary "Computed for Display" field and by adding a logical "not" to Hide paragraph if formula is true. Using this approach, the field will be editable for those people assigned the role and display-only for all other users.
! @Contains (@UserRoles; "[ROLENAME]");
Figure 19.16. Using roles to hide and display multiple fields
Hiding a field should not be considered a "security" feature. A proficient Lotus Notes user will still be able to view the field value by using the document properties dialog. He or she may also be able to modify the content via a local database or by using agents depending on the ACL settings or if Enforce a consistent ACL across all replicas is disabled. If you are looking for a more secure implementation, consider a controlled section or the inclusion of an Authors field.
The following illustrates how to create a controlled section on a form. With controlled sections, only select IDs, groups, or roles can edit or access content in the section.
Update the ACL. Select the File > Database > Access Control menu options. Add the user (or group) and the associated roles to the ACL. Refer to earlier material in this chapter for more detailed information.
Manage the form layout. Open the database in the Domino Designer client and edit a form. Next, group all related fields in the same general proximity on the form. Move fields that you do not want included in the controlled section either above or below these fields.
Create the controlled section. Using your mouse, highlight all text and design elements to be included in the controlled section. Now select the Create > Section > Controlled Access menu options. This creates the controlled section and displays the Section properties dialog.
Set the access permissions for the section. With the controlled section created, next define who can edit the fields in the section. This is accomplished by inserting a formula or role into the controlled access section.
Figure 19.17. Using roles to control access to a section
Next, add the following formula in the Access Formula window of the properties dialog (or replace the formula with any valid role as defined in the ACL). Be sure that the role includes opening and closing brackets .
Alternatively, the controlled section formula could be dynamically set based on a field on the form. Lets say the form has a Status field. Different sets of people can be permitted to change the section dynamically based on the document status.
@If (Status = "Draft"; @UserName; Status = "Submitted"; "[TeamLead]"; Status = "Approved"; "[Procurement]"; Status = "In Process"; "[Admin]"; "")
In this example, the people authorized to edit the fields in the section are managed in the following sequence.
The document author can edit the initial document when the status is "Draft".
The team lead can edit it when the document is "Submitted".
The procurement person can edit it when the document is "Approved".
The administrator can edit it when the document is "In Process".
No one is allowed to edit the document after the document is complete.
An Introduction to the Lotus Domino Tool Suite
Getting Started with Designer
Navigating the Domino Designer Workspace
Domino Design Elements
An Introduction to Formula Language
An Introduction to LotusScript
Fundamentals of a Notes Application
Reference Library Applications
Design Enhancements Using LotusScript
Design Enhancements Using Formula Language
Miscellaneous Enhancements and Tips for Domino Databases
Application Deployment and Maintenance
Appendix A. Online Project Files and Sample Applications
Appendix B. IBM® Lotus® Notes® and Domino®Whats Next?
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Authors: Mark Elliott