Francois Koutchouk
asked on
Lotus Notes view shows different data in Design as in user mode?!
- Lotus Notes 8.5.3 on Win7 x64
- Local copy of a Notes database. It is not encrypted. All design elements were signed by my id. I have Manager access under my name and all the roles enabled.
- Create a view in Designer. The view displays in the first column the Form (categorized), then in the next column the Unique ID. Nothing strange. Selection is SELECT @All.
- Refresh the view in Designer. It does NOT show a category called ASRD as shown in the image below:
- On the same machine, open the view in regular Notes client. It shows a category called "ASRD" with 569 documents. When I try to expand the category, nothing shows: see image below
I am thoroughly puzzled. Either you see it, or you don't... why would Designer shows something different from the Notes client?
- Local copy of a Notes database. It is not encrypted. All design elements were signed by my id. I have Manager access under my name and all the roles enabled.
- Create a view in Designer. The view displays in the first column the Form (categorized), then in the next column the Unique ID. Nothing strange. Selection is SELECT @All.
- Refresh the view in Designer. It does NOT show a category called ASRD as shown in the image below:
- On the same machine, open the view in regular Notes client. It shows a category called "ASRD" with 569 documents. When I try to expand the category, nothing shows: see image below
I am thoroughly puzzled. Either you see it, or you don't... why would Designer shows something different from the Notes client?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I wonder if it works when the option to maintain a Consistent ACL is enabled. When that's the case, Roles work and so should Reader fields. I'm not quite sure, but Reader fields also play their part during replication: when your name is absent in the Reader field, you cannot even replicate the document to your local database. So what could be done is:
- verify that you can see the documents in the database on the server
- enable Consistent ACL
- replicate (maybe delete the Replication History and then replicate)
- then verify if the documents are there, in the local database
- verify that you can see the documents in the database on the server
- enable Consistent ACL
- replicate (maybe delete the Replication History and then replicate)
- then verify if the documents are there, in the local database
ASKER
Thanks Sjef. Assuming Manager access, a Copy, rather than a Replica, will pull down the documents to the local workstation. So the count is right, even though some of the documents cannot be open.
IMO it is a dangerous feature, because all one needs to do is: create a Domino server, cross certify manager id, create a group of that name (visible in the Designer) and voila, security circumvented.
I will close this issue now. Thank you all for your help.
IMO it is a dangerous feature, because all one needs to do is: create a Domino server, cross certify manager id, create a group of that name (visible in the Designer) and voila, security circumvented.
I will close this issue now. Thank you all for your help.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for FKoutchouk's comment #a40228179
for the following reason:
spot on.
Accepted answer: 0 points for FKoutchouk's comment #a40228179
for the following reason:
spot on.
ASKER
Issue closed with workaround.
ASKER
Spot on
Of course, security can be circumvented, any direct access to the database and server should be prohibited. But that's where encryption comes in: even a stolen database is useless when encryption is activated on the database.
Thanks!
Thanks!
ASKER
By copy, I meant a regular Lotus Notes client copy, not a file system copy. Encryption key associated to specific documents -- and not available to my Manager id, would have been the answer, yes.
ASKER
- Figure out in the form the default group value for the Readers field (not obvious, but feasible) e.g. SecretAdminGroup
- Copy NSF as-is to any Domino server
- Create group "SecretAdminGroup" on that Domino server, add your Notes name in it
- Done. All documents composed with that Form are now visible.
Now of course you have to repeat for every form.
Unless you can think of a better way, of course.