Risk of users editing any field in Lotus Notes document

1
votes

In designing forms in Lotus Notes I've always been under the assumption that if the user does not have designer (or manager) access they can only interact with the documents via the forms I provide.

This means for example I can have a non-editable field for the status and know that only through interacting with the form (ie. following the workflow) can the status change and also know the steps that must be followed and all actions recorded in the audit trail (list of modifications/actions)

However this toolbar script has turned my thinking upsidedown.

  • What are the consequences of a non-designer/non-manager being able to change any field in a document (hidden or not)?
  • If this is an issue how would I go about preserving the status field or similar to ensure it doesn't get short circuited to "approved"? Similarly how do I stop the user from just editing the action history manually?
2
lotus-notes

2 Answers

1
votes

Access-controlled forms and documents

This works very well: To prevent editing of existing documents

You can prevent users with Author access in the database ACL from editing a field in existing documents. This restriction doesn't apply to new documents.

Open the form. Create a field, or click an existing field. In the Field Properties box, click the Advanced tab. Select "Security options: Must have at least Editor access to use" and click the check mark.

0
votes

Any ordinary user can, with the help of tools such as the one that you linked, read and change fields that are hidden or uneditable in your form design. That's because those features are not intended as security features. You can, however, hide the design of your database, and that makes it far more difficult for someone to use a little bits of Notes programming to access your application's fields. The downside is that hidden design makes maintaining your application a lot harder.

Or you can use the real security features of Notes and Domino - ACL, ReaderNames and Authornames. These allow you to segregate your data fields into separate documents or even separate databases, where only specific people have rights to set, modofy or delete documents. You can have a non-editable master document pull in the values from these separately controlled documents, and separate edit buttons that launch dialogues to edit the secured portions.