Created different R68 setups, each with different sites. Created and ran R68 reports logged in as different people, each associated with the correct site. When these users use the R68 process form to review their processes/reports they can see (not so much an issue) AND OPEN and thus view contents of all processes. We need this security.