jforget1
asked on
Security Options at the field level
Have a DB that is used to process requests for various types of IDs within the company. For a couple types of requests we are asking for the full social security # for a user. Currently there is a hide/when on the field because this entry is only needed for a couple types of requests. Is there a way to add some security to this field so it is visible to the user when needed and then only visible to users that have the proper role that requires to see that data. Right now it is open to anyone with rights to the overall document.
ASKER
Do you know if the list of users who can edit can be tied to an address book group instead of each individual user. To try and maintain that list would be a challenge, but there is an address book that the people who could edit are always a part of for ACL usage.
Of course you can.
You create encryption keys and send them to groups of users.
Here's how you create and distribute encryption keys:
To create a secret encryption key
1. Choose File - Security - User Security.
2. Click the Notes Data tab, then Documents.
3. Click New Secret Key.
4. Enter a name for the new key.
5. (Optional) Write a comment to explain the key's use -- for example, the databases to use it with, the people who have copies of it, and so on.
6. Click OK, then click Done.
To attach a secret encryption key to a document
1. Open the document you are encrypting.
2. Choose File - Document Properties.
3. Click the Security tab.
4. Choose one or more secret encryption keys that you created, or choose the people who can use their public key to access the document (click the person icon next to the "Public Encryption key" field) under "Encryption Keys".
5. Send or close the document.
Considerations
Before you distribute secret keys, consider the following:
* Allow only users who have Manager access in the database ACL to send a key to users. Distribute the key to other managers of the database in an e-mail that allows them to send the key to other users. Distribute the key to users in a separate e-mail that prevents them from sending the key to others.
* If you distribute an encryption key to users who have Author access in the database ACL, they can remove encryption from any documents they create.
* If you distribute the key to users who have Editor or higher access in the database ACL, they can remove encryption from documents that other users create.
To encrypt field on document create a field that maintains a list of secret encryption keys. Here is the procedure:
http://www-12.lotus.com/ldd/doc/domino_notes/6.5.1/help65_designer.nsf/f4b82fbb75e942a6852566ac0037f284/9a47621ea044dd3885256e000049444b?OpenDocument
Read more about encryption in designer help to make yourself acquainted with the subject...
You create encryption keys and send them to groups of users.
Here's how you create and distribute encryption keys:
To create a secret encryption key
1. Choose File - Security - User Security.
2. Click the Notes Data tab, then Documents.
3. Click New Secret Key.
4. Enter a name for the new key.
5. (Optional) Write a comment to explain the key's use -- for example, the databases to use it with, the people who have copies of it, and so on.
6. Click OK, then click Done.
To attach a secret encryption key to a document
1. Open the document you are encrypting.
2. Choose File - Document Properties.
3. Click the Security tab.
4. Choose one or more secret encryption keys that you created, or choose the people who can use their public key to access the document (click the person icon next to the "Public Encryption key" field) under "Encryption Keys".
5. Send or close the document.
Considerations
Before you distribute secret keys, consider the following:
* Allow only users who have Manager access in the database ACL to send a key to users. Distribute the key to other managers of the database in an e-mail that allows them to send the key to other users. Distribute the key to users in a separate e-mail that prevents them from sending the key to others.
* If you distribute an encryption key to users who have Author access in the database ACL, they can remove encryption from any documents they create.
* If you distribute the key to users who have Editor or higher access in the database ACL, they can remove encryption from documents that other users create.
To encrypt field on document create a field that maintains a list of secret encryption keys. Here is the procedure:
http://www-12.lotus.com/ldd/doc/domino_notes/6.5.1/help65_designer.nsf/f4b82fbb75e942a6852566ac0037f284/9a47621ea044dd3885256e000049444b?OpenDocument
Read more about encryption in designer help to make yourself acquainted with the subject...
ASKER
Will using the encryption keys leave the field open as something the initial user can enter data. They would not be sent the key, but I need them to be able to enter, then subsequent users would need a key to view the data.
I am not sure how the key is tied to that individual field as well.
I am not sure how the key is tied to that individual field as well.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Appreciate the info
Examples of encrypting documents
The Salary History form in an Employee Information database has a create access list that allows only members of the Financials group to create Salary History documents. You want to apply security measures so that only four people in the Financials group can see salary information and can edit Salary History documents.
There are several ways to accomplish this goal. You can:
* Create a secret encryption key, associate it with the data you want to secure, and distribute it to the members of the Financials group.
* Identify the four members of the Financials group and use each member's public key to encrypt the information.
Using secret key encryption, you create an encryption key called Salary and send it to the four members of the Financials group. You then enable encryption for the CurrentSalary field and associate the Salary encryption key with the form. Then, the four people in the Financials group who have the Salary encryption key can create, read, and edit encrypted salary history documents, including the data in the CurrentSalary field.
Using public key encryption, you specify the names of the four members in the Public Encryption key list associated with the CurrentSalary field. Then the people named in the list can create, read, and edit encrypted Salary History documents, including the data in the CurrentSalary field.
Users who don't have the Salary encryption key and are not in the Public Encryption key list can read everything in the Salary History documents, except the data in the CurrentSalary field, but they can't edit and save existing encrypted documents.