In designing forms in Lotus Notes I’ve always been under the assumption that if the user does not have designer (or manager) access they can only interact with the documents via the forms I provide.
This means for example I can have a non-editable field for the status and know that only through interacting with the form (ie. following the workflow) can the status change and also know the steps that must be followed and all actions recorded in the audit trail (list of modifications/actions)
However this toolbar script has turned my thinking upsidedown.
- What are the consequences of a non-designer/non-manager being able to change any field in a document (hidden or not)?
- If this is an issue how would I go about preserving the status field or similar to ensure it doesn’t get short circuited to “approved”? Similarly how do I stop the user from just editing the action history manually?
Access-controlled forms and documents
This works very well:
To prevent editing of existing documents
You can prevent users with Author access in the database ACL from editing a field in existing documents. This restriction doesn’t apply to new documents.
Open the form.
Create a field, or click an existing field.
In the Field Properties box, click the Advanced tab.
Select “Security options: Must have at least Editor access to use” and click the check mark.