Set Field Access
Notes/Domino has long provided the capability to secure data at the document level through a variety of constructs such as Readers fields and encryption. The following sections explain setting field access as a means of securing data at the document level.
Authors Field
An Authors field is a special type of text field that can be added to a document to further refine the ACL and restrict who can edit the document. A user, group, or role that has been granted Author access in a database is likely to be able to create new documents and read existing documents (not secured with Readers fields). However, they cannot edit documents (even ones that they have created), unless they are also named in the Authors field.
For example, if John Galt has been granted Author access in the ACL with the Create Documents privilege, he can create new documents. But he cannot edit any existing documents (including the ones he has authored) unless he is named explicitly or implicitly (through group membership), or has been assigned a role that has been named in an Authors field in the document.
 | For the exam, remember that being named in an Authors field does not give a user authority to edit a document if a user is already restricted through a lower access level in the database ACL. |
Encryption of Fields
Encryption is the process of scrambling data so that only authorized users can unscramble the data. Notes/Domino supports secret key encryption (public key is used to encrypt data and private key can decode data). From early in its history, Notes has supported encryption through the capability to encrypt fields in documents, ensuring that data is secure from prying eyes.
Any field(s) in a Notes document can be encrypted, and after it has been, only users who possess the proper key can decrypt and read the field contents. Users without the proper key(s) see what appears to be a blank field in the document, and any attempts to use the Document Properties box to view the fields is stymied, as well.
Using Groups to Secure Domino Elements
As was mentioned earlier in this chapter, groups can be used to grant or deny access to Domino data and can ease the administrative burden substantially. This section covers using groups to secure various Domino elements, namely fields, forms, views, and sections.
 | If a user is listed both explicitly and implicitly (through a group) in an ACL, the rights granted to the explicit name take precedence. For example, if Brooke has Author access to a database but is named in a group with Designer access, Brooke is granted Author access. Similarly, if a user is listed in multiple groups (and not explicitly listed), the user is granted the highest level available within the respective groups. |
As you know from previous chapters in this book, Domino provides special Readers and Authors fields that enable you to refine the database ACL and restrict access to data stored in Domino.
To use a group or groups in an Authors field to limit which users with Author access can edit a document, follow these steps:
1. | In the Designer client, open the database containing the Authors field. |
2. | Open the form that contains the Authors field. |
3. | |
4. | Save the form. |
Any users, servers, or groups (remember that you can nest groups) named in the group(s) stored in the Authors field can edit the documents.
Readers Field
Much like an Authors field, a Readers field is a special type of text field that refines the ACL and provides additional document-level security. However, Readers fields are slightly less convoluted than some other fields and easier to understand. If a document contains a Readers field that has any users, groups, or roles specified, then only those users, groups, and roles can access the document.
The Readers field is a very powerful and useful security feature. Using groups in a Readers field is very similar to using them in an Authors field. Follow these steps:
1. | In the Designer client, open the database containing the Readers field. |
2. | Open the form that contains the Readers field. |
3. | Enter a formula that returns the name of the group(s) to include, or enable the user to enter/select the group(s) in an editable field. |
4. | Save the form. |
Only users, servers, or groups (remember that you can nest groups) named in the group(s) stored in the Authors field are granted permission to read the documents.
Signing
Digital signatures are rapidly becoming an accepted means for legally transacting business in today's world. In fact, Congress recently passed a bill allowing digital signatures to be used to consummate a contract. Although this recent press has brought digital signatures into the lexicon of everyday people, they are nothing new to Notes/Domino users. Notes/Domino users have long been able to use digital signatures to sign fields when they save or mail sensitive data, which authenticates the identity of the sender and ensures the integrity of the data.
When a field is signed, Notes uses the private key of the author's ID and the value of the field being signed (using a hashing algorithm) to create a unique value that serves as the digital signature. When the recipient views the document, the same hashing algorithm is used to ensure that the data has not been altered and to test the public key of the sender to verify the user's identity.
Notes makes it very easy to use digital signatures to ensure the validity of a document. Any form that contains at least one field that has the Sign If Mailed or Saved in Section attribute enabled can be signed.