schon bekannt und vorneweg: schlechte Nachrichten leider
http://eknori.dyndns.org/knowledge/kbnv11.nsf/34ccb724696466a48525667500536b5e/228e51252b9cb0da85256839005bf599?OpenDocument&Highlight=0,*reader*,*view*
View Column Totals and Categories Appear Incorrectly when Documents have Reader Names
Problem:
In a shared, categorized view that displays documents with a Reader Name field, column totals reflect all documents, even though you might have read access to only subset of the documents.
Furthermore, in Notes 4.x, if you don't have read access to any documents in a specific category, the category still displays in the view.
For example, if you have read access to only one document in a category, but the database contains two documents that match that category, the column total will display two as the total. In addition, if you don't have read access to any documents in a specific category, the category will display in the view as a category that can't be expanded.
Why does this happen and is this a potential breach of security? Could a user create a categorized, private view and gain access to all the information which is supposed to be secure?
Solution:
When a shared view is created by the database Designer or Manager, the view index is stored on the server and all documents that the server has access to are included in the view index. Therefore, the column totals reflect the total number of documents on the server, not the total number of documents to which each end user has read access. This issue was reported to Lotus Software Quality Engineering;
however, it was determined that modifying this view behavior would result in huge performance degradation on the view and server. There are no plans to modify this behavior in Notes R5.When a private view is created, only the documents that the user has read access to will be included in the view index. Anyone with a minimum of Reader Access to a database can create a private view, but the view index for that view is stored in their local Desktop file.
Security Concerns
Any user who has access to a shared view will be able to see the categorized pieces of information for all documents in that view. Therefore:
1. Do not create shared views where documents are categorized by fields that may contain sensitive information without appropriately restricting access to those views.
2. Keep in mind that anyone with Designer or Manager access to your database will be able to create shared views where documents are categorized by fields that may contain sensitive information, and will then be able to view all of that categorized information.
3. Users with Editor Access or less to your database will not be able to build private views which will display data from documents restricted from them by Reader Names Security (even if their views are copies of your shared views).
4. These same guidelines apply to totals and averages you may use in a categorized view.
Supporting Information:
Related Documents:
Users Without the ACL Rights to "Create Personal Views/Folders" Can Paste in a Personal View
Document #: 157148
Grand Total Disappears When "Don't Show Categories Having Zero Documents" Option Selected
Document #: 192508
