Hiding Individual Fields on public (?) records

[Kactus]

Hello there,
Judging by the quality of answer on this forum I have a feeling this is going to be a very basic question but here goes:

I have a database of user information which is becoming tedious to update.
I would like the users to update their own information and read SOME of the information on other user's records.
Eg.
Name (public, anyone can read)
Job (public, anyone can read)
Home Phone (private, only the person in [Name] can read)

Is it possible to lock records at a field level and if so just how does one do it?

Thanks for your help,
Dave

 

[pmonett]

Are you talking about the server Names.nsf file ?
If so, I would strongly counsel you not to change anything.

If you are talking about another database, then you should know of the Hide/When functionality.

Check your Designer Help database, go to the Index, type Hide. You should find the category Hide-when conditions in first place. Open the category, open "field settings" and click on "To hide a field".

That document will give you information on selectively displaying content in a form.

A word of caution :
You will be using the Designer to implement your Hide-when formulas. A Hide-when only works for the logical line on which it is. That means that changing cells in a table, or chaging lines will reset the Hide-when value. In other words, you have to reimplement the Hide-when formula for each table cell or for each line it is to be used.
That also means that, if you have two values on the same line and you only want to hide one, you'll have to divide your line with a table, or otherwise modify the data placement.

Pascal

 

[Kactus]

Hey there, Pascal.

No, the file is not the Names.nsf but a small database we have for collecting contact information for our Business Continuity Plan.

Thanks for the pointer; I'll have a look at Hide-when right now!

Cheers,
Dave

 

[Kactus]

Hey there again - This is a follow on from the earlier question.

I've managed to restrict the display of the fields as Pascal suggested using the hide formula:
@If(editor_name="";@False;@Name([CN];@UserName)!=@Name([CN];editor_name);@True;@False)
Where editor_name is a field that looks up the main address book

Next step:

How do I restrict access to the view that displays the personal information?
I have created a view that I will be exporting as a CSV file for addition in the BCP but only people involved with the BCP should see this information.

Should I create a role? If so how do I reference the role by code?

Thanks again,
Dave

 

[pmonett]

Views can also be access-restricted. Go to the view properties and click on the right-most tab (the one with the key). You will then see the permissions, and you can uncheck the public option to have access to the ACL entries in the list. Check which entries are entitled, and save.
Of course, creating a role is a good thing, because you can use it as access control and not the names of the people.
However, restricting access to a view is meaningless if the documents can display elsewhere. In all the developer courses I have given, I've always told all the participants that view access is not a security measure - document access is.
Therefor, you might wish to think about leaving the view public, and putting the role in a reader field on the documents themselves. That way, whatever the view where those docs display, they will only be visible for those who have the role.
To assign a role, you need to create it in the ACL, then create a reader field on a form and give it the role name as value. If you create a role Admin, you will need to assign the value "[Admin]". Also, note that role names cannot exceed 15 characters.

Be very cautious when you start assigning reader access on documents. Read the help database carefully on this subject, and come back here if you have any questions. Remind yourself that Notes is the only data management system that can hide documents from everyone - including the Administrator and even the server itself ! So be extra careful when assigning reader access and always ensure that you are not painting yourself into a corner. One good way to paint oneself into a corner is to let users assign reader access themselves, without any other control. You can be sure that someone will make a mistake so big that nobody will be able to access that doc anymore.
The right thing to do is to give users a controlled environment for creating restricted access, and if a restriction is created, have another reader field where code will automatically enter a special role name. That way, if ever a doc is "lost" because of a users' mistake, the person with the special role will be able to find it back and correct the situation.

Have fun !

Pascal.

 

[Kactus]

Excellent! Thanks again for your help, Pascal.
I'll get back to that database this afternoon and let you know how I go!

Thanks,
Dave