SnTT: Preventing Sametime Users from Accessing Hidden Groups

This SnTT is a Sametime related follow-up to an excellent SnTT posting a short while back, by Paul Mooney, entitled Preventing users from mailing specific groups.

It’s a great tip. However if you share your Domino Directory (and its hidden groups) with your Sametime Server, then I recently discovered a potentially nasty caveat in using this technique, which I think is important to share, particularly if the members of these groups are private and confidential, such as for example, client email addresses.

Basically, whilst these groups are effectively protected by Readers Names fields which prevents (unspecified) Notes users viewing or accessing them. Sametime totally disregards this and as a result, allows not only the names of these hidden groups to be browsed, but perhaps more importantly, for their members names to be easily viewed.

Without changing the method of providing this hidden group functionality, or perhaps even changing the design of the Domino Directory, the only workaround is to use a selective replication formula on your Sametime Servers’ Domino Directory, in order to prevent these specific documents from replicating across.

For example:

SELECT !(@UpperCase(ListName)=”HIDDEN_GROUP_NAME” & Form =”Group”)

If anyone has any alternative ways of dealing with this issue, then I’d love to hear them . . .

3 Responses to “SnTT: Preventing Sametime Users from Accessing Hidden Groups”

  1. Paul Mooney says:

    Nice tip… Good for admins to know.

  2. Thomas Bahn says:

    Since the information about the allowed readers of the group document is stored in an item called $Readers, you could filter the replication on this field: SELECT !($Readers!=”” & Form =”Group”)

    This would filter out ALL protected group documents…

  3. Paul Harrison says:


    Thanks for your feedback and for your excellent suggestion.