First of all apologies in case my previous comment guided somebody into some dead end lane. I discovered today that I missed a tiny little but very important detail and I am kind of ashamed myself that I forgot the simple basics of reader and author fields.
The important bit of working with reader or author fields is that they are restricting the access to the document as soon as one of them had been added to a document. This is going to be especially important with reader fields.
Looking into my previous post all documents would automatically be logged down to the LocalDomainServers group, nobody else would be able to see these documents any more. This is of course far away from the original notion and therefore completely rubbish. Yet nobody told that working with reader fields would by easy.
However, since IBM provided the user with a Ã¢â‚¬ËœgreatÃ¢â‚¬â„¢ tool to lock down each individual document in our databases this is something we do need to consider, especially in environments where databases are hold on various servers – and wasn’t this one of the intentions of bringing Lotus Notes/Domino into the location?
So, what else needs to be considered beneath the things described last time?
To prevent the user from locking down any document in the database the easiest and most convenient way will probably be to add a new role like [StdAccess] to the ACL of the database and append this group as second entry to the same reader field as the LocalDomainServers. Note that this will not prevent the user from adding individual users to the $Readers field using the golden key to lock down documents but this added reader field will not lock down the document at all.
However if, for security or confidentiality purposes, the requirement exists to give users the ability to lock down documents for individual readers or groups you should consider adding an additional ‘restrict this document to’ names field to the user interface which allows the user to limit the readers themselves in adding the required names. The content of this field will then be combined with the LocalDomainServers and all other entities requiring access to all documents. In this case the [StdAccess] role named in the example above must not be a member of any readers field any more.
Puzzled? Just drop me a line or send a comment either if I missed another detail or you have any further questions.