OK, I’d love some feedback on my document security question to make sure I’m doing this right.
I have a database where I need to secure various fields of MyForm from different groups of users; lets say Admins, GroupA and Group2.
Background:
Admins can see and edit all fields, including ImportantField. Note that this may include using Agents to make selected mass updates.
UserA will be in an Author field and in the Readers field. UserA can see all the data (although most is hide-when), but should only ever be able to edit FieldA and FieldB (either in the UI, or via an agent or similar).
User2 can see all fields on the document, but can’t ever edit it; hence they’re in the Readers field. Note: they also need to be able to create a Response document to this one (using an action button).
Design:
ImportantField is in a controlled-access section that uses [Admin] as the access (precomputed), and is sign-enabled.
FieldA and FieldB are in a controlled-access section that uses [Admin] : UserA as the access (precomputed), and are sign-enabled.
When agents run, if they touch ImportantField, FieldA or FieldB, they will have to call doc.sign() and then doc.save(). (Side effect: this requires “Run unrestricted methods and operations” setting for the Agent signer if running on the server!)
Is there anything I’m missing? It’s very important that only the proper users can ever change those three fields, even if some of the users are technically minded (i.e. know how to create local agents, etc.)
If UserA runs an agent or other script that updates FieldA (i.e. not necessarily through the Notes client UI), and their script calls .sign/.save, what happens to any pre-existing signature on the ImportantField’s access control section?
Separate Question: if a field “requires editor access to use”, can a person whose Notes ID is an Author in the ACL and is an Authors field for the document edit it? I’m presuming no, since when they say “Editor access”, I presume they mean the actual Editors ACL setting, not the simple ability to edit a document…