Design Element Access
The Domino security model is one of the most robust and flexible available today, and its use of design element access control to restrict access to certain design elements is one reason why. This section explores the use of design element security to secure your Domino data.
Form Access
Forms are design elements that enable you to collect, manipulate, and display information stored in documents in a Domino application. It is often necessary to restrict the use of particular forms to certain people, groups, or roles. Domino accommodates this requirement through the use of Form Read Access and Form Compose Access lists.
Using Form Read Access Lists
Domino uses Form Read Access lists to provide control over how individuals can use forms to read the contents of documents. A Form Read Access list specifies users, groups, servers, and roles that can use a particular form to open a document.
 | Remember that when you use this feature, it adds a $Readers field to each document. |
To add a Form Read Access list to a form, follow these steps:
1. | In the Designer client, open the database that contains the form. |
2. | Select and open the form you want to secure. |
3. | Choose Design, Form Properties to open the Form properties box. |
4. | Select the Security tab (the tab with the key on it). |
5. | Uncheck the All Readers and Above box in the Default Read Access for Documents Created with This Form area. |
6. | Select each user, group, and role that should be able to read documents composed with this form. |
7. | Save and close the form. |
 | Be aware that this is not a true security feature because users may still be able to view the contents of a document by using a different form, or by viewing the document properties. Use Reader and Author fields to ensure the confidentiality of a document. |
Using Form Create Access Lists
You can control who can create documents with a particular form in Domino through the use of Form Create lists. Form Create lists specify users, groups, servers, and roles that can use a particular form to create a new document.
Follow these steps to configure a Form Create List:
1. | In the Designer client, open the database that contains the form whose use you want to limit to a specific list of users. |
2. | Select and open the form you want to secure. |
3. | Choose Design, Form Properties to open the Form properties box. |
4. | Select the Security tab (the tab with the key on it). |
5. | Uncheck the All Readers and Above box in the Who Can Create Documents with This Form area. |
6. | Select each user, group, server, and role that should be able to create documents composed with this form. |
7. | Save and close the form. |
 | Be aware that this is not a true security feature because users may be able to use another form in the database to create a document. |
Section Access
In the Notes client, access to the contents of a section in a form can be restricted through the use of a Controlled Access section, which enables you to restrict who can edit or sign that part of a document.
After a Controlled Access section has been created, users who are not listed as Editors of that section can read, but cannot edit, the contents of the section. It is very important to note that having Editor access to a section is not the same as having Editor access to the database. A Controlled Access section further refines the ACL, and having Editor access in the ACL does not give you Editor access in a Controlled Access section. You can sign the section only if you are listed explicitly by name or implicitly through a group or role.
To add a Controlled Access section to a form, follow these steps:
1. | In the Designer client, open the database containing the form to which you want to add a Controlled Access section. |
2. | Open the form and select the fields that should be added to the section. |
3. | Choose Create, Section, Controlled Access from the menu. |
4. | Optionally enter a title for the section. |
5. | Click the Formula tab of the Section properties box. |
6. | Choose Editable to allow the document's author to manually specify the section's editors. Choose Computed and enter a formula if you want to programmatically set the editors of the section. |
7. | Save the form. |
If you elect to use the Controlled Access section, keep the following issues in mind:
Each section in a form can have a signature attached. This is good for workflow-type applications.
Controlled Access sections are not enforced locally.
Users can read the fields even though they cannot edit them.
Users may be able to edit the fields through a different form.