Having been in this same boat a number of times, what I usually try to do when Hide-Whens don’t work the way I want them to, is to re-write the logic using @If, so that the result is @True or @False - something like:
If your group of test people have ‘author’ access to the database then they will be able to see all views by default. This is because ‘author’ is a higher level of access than ‘reader’, and all views by default have ‘who can use this view’ (key tab in view properties) set to ‘readers and above’.To fix this you will need to restrict access to the other views in the database to roles that your test group are not members of. e.g. create a role called [admin], don’t put your test users in that role, and restrict the view access of other views to only that role (and localdomainservers etc. as necessary).
Note that outline entries are not a secure method of restricting access. An outline is ‘a hole in a wall through which you can look’, and unless what you’re looking at has security in it there is nothing stopping your users from climbing over the top and looking at the view from above! Restrict access to the view itself, as described above, not the outline entry.
When using hide/when formulae, I find it easier to use @IsMember rather than @Contains, since ‘test’, ‘testview’, and ‘ontest’ would all return true for @Contains. @IsNotMember(“[Test]”; @Userroles) should do the trick. (N.B. case sensitive!)
It’s worth pointing out, too, that in the Notes client, “view security” isn’t, since users can create private views. (The permissions in the ACL only control the ability to store their private views and folders on the server; without that permission, they’re stored locally.) Hiding the database design and prohibiting copying can help, but it’s creating a big inconvenience, not putting actual security in place.
If there are documents your users are not supposed to see, you’ll need to control that with Readers-type fields (never forgetting that being listed in an Authors-type field also grants read access). When users have no access to documents, they can’t include them in private views/folders. If there are data on the documents you don’t want users to see, then you either have to encrypt that data so you can show the rest safely, or hide the documents from those users and create expurgated/summary documents that the users can see safely. In any case, once the data/documents are hidden, it doesn’t much matter if they can see other views (except from a usability perspective - they’re likely to wonder why there are empty views, or complain about lookup views that are often ugly or confusing by design).