Is it possible to restrict or disable the ability of an end-user using Notes SQL from accessing specific Notes databases?
We are talking about people that have access via the client and are allowed users on the ACL. How do we ensure they access via the client and not via ODBC?
Subject: Restrict use of Notes SQL ODBC?
To the best of my knowledge, the answer is No. Access to a database (via ACL) gives the user the ability to use both the UI elements of the front-end of the database, as well as accessing the database directly, either through ODBC, by writing LotusScript in a 2nd database that reads your DB, by using the API, or a host of other access methods.
As far as Notes is concerned, access is access.
If you have data that must only be accessed via the UI, then you need to separate it from the database (or at least the records) that the user has access to.
e.g. Create a database with stub documents and the views and forms the user needs.
When a stub document is opened, trusted (signed) code is run to get data from a data-source that the signer has access to, but the user does not. (Back end database, a 2nd Notes database, or records protected by Reader fields.)
When a document is “saved”, trusted code is run to update the external source.
All sensitive data is removed from the stub document prior to saving it.