Notes provides several security mechanisms to prevent unauthorized users from creating documents. First and foremost, we have the database ACL, which controls access at the file level. If all forms in the database have the same security requirements, then security is simple - just assign the ACL level and privileges for each user.
But what if we have several forms in a database that have different security requirements? Lets say that we have a database where some users can create and edit some documents, but only read other documents. Well, we have several ways to accomplish this. We can hide our forms from the "Create" menu then hide our "Compose" buttons from unauthorized users. We can limit who can create documents by setting the "Who can create documents with this form" form property. We can use AUTHORS and READERS fields to lock documents down tight. We can even prevent users from pasting documents into a view by using the ViewQueryPaste event. If you use all of these methods together, you can control who creates, edits, and reads any document in the database...almost!
Even with all of these security precautions in place, users can still import any document using "File - Import" or any other back-end data loader. Since the Import function is a back-end process, it bypasses all of our security precautions. Just because a user has CreateDocuments enabled in the database ACL does not mean that the user should be able to create any document type. I assume that is why Lotus provides roles, AUTHORS and READERS fields, the ability to hide forms from the "Create" menu and the "Who can create documents with this form" form property. Obviously, Lotus has put some effort into allowing this kind of application design, but they missed one very important thing...
We need a method to be able to validate any document created by any means.
Here are two ideas for accomplishing this:
Idea 1: Add database events for QueryDocumentCreate and PostDocumentCreate. This could function similarly to the existing QueryDocumentDelete and PostDocumentDelete, but would need to work for any documents that are created by any means including back-end processes like "File - Import", COM, C API, Web, Java, etc. In other words, a document should not be able to be created in the database without first being processed by QueryDocumentCreate. An exception to this might be documents that are added via replication.
Idea 2: As a document is created in a database, if the document has a Form item, the form's "Who can create documents with this form" property should be checked and enforced. There should be a database property to enable or disable this validation so we can adjust our applications for performance vs security. The current "Allow use of stored forms in this database" database property could be used to indicate whether documents with no Form item should be allowed to be created (documents with no Form item could not be validated anyway).