Creating read access lists to limit view and folder access
About this task
To allow some users and not others to see a view or folder, create a read access list. Users who are excluded from the access list do not see the view or folder on the View menu. A view or folder read access list is not a true security measure. Unless the documents are otherwise protected, users can create private views and folders that display the documents shown in the restricted view. For greater security, use a read access list for a form.
You can add users to the read access list for a view or folder as long as they already have at least Reader access in the database access control list.
To create a read access list
Procedure
- Open the view or folder.
- Choose Design - View Properties or Design - Folder Properties.
- Click the Security tab.
- Deselect "All readers and above."
- Click each user, group, server, or access role you want to include. A check mark appears next to each selected name.
- Click the Person icon to add person or group names from a Personal Address Book or from the Domino® Directory.
- To remove a name from the list, click the name again to remove the check mark.
- Optional: Check "Available to Public Access Users" if you want this view or folder available to users with public access read or write privileges in the access control list for this database.
- Save the view or folder.
Notes®
About this task
- Do not create a read access list for the default view of a database.
- Servers that need to replicate a database need access to views that are read-restricted so that view design changes can replicate.
- Database designers need access to views that are read-restricted so that view design changes can be made in Domino® Designer.
Example of restricting access to a view
About this task
To improve the performance of the Technical Services, Rajeev Jain designed a "Tech Services Review" form, which is included in the company's custom Mail template. Each quarter, Rajeev sends a company-wide memo asking people to complete a Tech Services Review form and mail it to a Service Request Tracking database. In that database, the reviews are displayed in the "Tech Service Performance" view.
Rajeev wants only his technicians and his own managers to have access to this view. He defines a read access list for the "Tech Service Performance" view. Then, because there is no group in the Domino® Directory for the people he wants to include in the access list, Rajeev defines an access role called [TSMAnagers] in the database ACL, and adds that role to the view's read access list. The access role is stored within the Service Request Tracking database; it is not added to the Domino® Directory.