Subject: security with Copy as a Link
I assigned Reader role to one person on the ACL and asked her to pull up the database.
What do you mean, “Pull up the database” ?
Is she accessing it on the server?
Is she replicating a local replica of it and accessing it on her local hard disk?
If so, did you activate the “Enforce consistant access in the ACL” tick on the advanced option of the ACL?
When she goes to Edit, Copy, she may not Copy but she may Copy as a Link - Database.
Yes, it is one of Notes prime feature; you can always reference a database object (document, view, or database) as a link in an email. That link will work as long as the email is sent internally in the company through a Notes mail system (if it goes over the SMTP and outside the company on the internet, the link won’t work anymore)
However, a link is exactly this: a link.
When clicked, it attempts to open the target of the link with the access of the actual Notes user.
Instead of asking you “What is the access of the user?” try thinking “What is the access of a given piece of information?”
Then she goes to her mail and opens a new memo, pastes the link in, and can send it to anyone she likes.
Yes, but that doesn’t mean they could open it…
I had her send it to another person in the company who is not even on the ACL and it went through to him. He not only could open it, but he could copy it onto his local hard drive, too. This won’t work!
Do you use reader fields?
Every single document should have a reader-access type field, which compute to your roles.
Then, make sure the ACL is also set correctly: No Access to “Anonymous” and “Default” and proper roles only assigned to the proper people.
Notes is an amazingly secure environment, but you have to code the security for it to work!
Good luck, and let me know if you need specific help on security.
Nicolas Abesdris
Quintessence e-solutions Inc.