Using a Readers field to restrict access to specific documents

To limit access to specific documents created from a form, include a Readers field on the form. A Readers field explicitly lists the users who can read documents created from the form. Without Reader access to a document, a user cannot see the document in a view. For example, to limit access to an employee's personnel file to members of the Human Resources department, the employee, and the employee's manager, list those people in a Readers field.

If a form has a read access list, names from the Readers field are added to the access list. Otherwise, the Readers field controls access to documents created from the form. Persons listed in an Authors field also have read access to a document.

Entries in a Readers field cannot give a user more access than what is specified in the database access control list (ACL); they can only further restrict access. Users who have been assigned "No Access" to a database in the ACL can never read a document, even if you list them in a Readers field. On the other hand, users with Editor access or higher in the ACL can be restricted from reading documents if they aren't included in a Readers field.

Any users who have Editor (or higher) access to the database can read and edit a document if one of the following is true:

  • They are listed in the form's Read access list or Readers field, or in an Authors field.
  • They are listed in an author's field.
  • The form has no Read access list restrictions or no Readers field.

A Readers field may contain Notes® usernames, groups defined in the Domino® Directory provided those groups are of the "Access control list" or "Multipurpose" type, or roles defined in the database Access Control List. If usernames are used, they should always be in canonical form. If the field is multi-valued and computed, be certain your formula returns a multiple value, not a single string separated with commas. For example, to give reader access to the Human Resources group, the [ReqApprovers] role, and Brad Hooper, the formula might be: 

Resources" : "[ReqApprovers]" : "CN=Brad Hooper/O=OurCo"

NOT:

Resources, [ReqApprovers], Brad Hooper/OurCo"

The second formula will give access to nobody, making the document appear to vanish. For any form that contains a Readers field, add a "computed when composed" Authors field that lists an administrative role or group. This guarantees that database administrators will always be able to view the document even if there is an error in assigning the Readers field.

See also

To create Readers and Authors fields

Roles in the ACL

For information on updating Readers fields, see Updating Readers and Authors Fields if you have installed Domino® Administrator Help. Or, go to http://www.lotus.com/ldd/doc to download or view Domino® Administrator Help.