Solved

Running a script as a different userid

Posted on 2000-03-28
6
178 Views
Last Modified: 2013-12-18
I have a database where only people with a certain role have access to a view.  However, I want all users to do a behind the scenes lookup on this status view using the getdocumentbykey method.  It works great for me, but when users who are not assigned to the role run the script, it doesn't work because it can't find the view.  Is there anyway to have the script run for users as though I had clicked the button?  Thanks.
0
Comment
Question by:mphel
6 Comments
 
LVL 5

Expert Comment

by:snocross
ID: 2665349
Perhaps you could create a stripped down version of the view containing just the data that you don't mind them seeing (the data that you are looking up).  Then neatly tuck the view away somewhere... I have a directory called system so my lookup views are arranged like (system\customerLookup, system\personLookup etc) but I also use document level security so they can only perform a lookup on the docs they are allowed to see.
0
 

Author Comment

by:mphel
ID: 2667557
I would rather that the people don't even have a stripped down view because they can still click on the document and see the value of fields using the document properties dialog.  I don't think it will be a big problem, but it was just something I wanted to avoid.

I'm guessing that there's no way to do what I originally wanted.
0
 

Expert Comment

by:srandrews
ID: 2668516
If you only want users to see certain information in the document why don't you encrypt the fields and send the encryption key to the users that you do want to see the info?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 2668898
Hi

Create views for the lookup and hide them, by using bracket notation, i.e. any view surrounded by brackets are hidden from the user ( not always ), if the user is a savvy user he can view the design and scroll through the document in the hidden views.

eg: tempView is always shown, but (tempView) is hidden, but can be looked up.

If u control the hiding by access, then you may have to give the user that access for lookup.

Good luck
~Hemanth
0
 
LVL 1

Expert Comment

by:sk5t
ID: 2671206
Remember, "view" security is no security at all.  If you're trying to keep users from viewing documents purely by placing those documents in a view they cannot access, you really have accomplished nothing.  Protect entire documents with Readers fields, and parts of documents with encryption.
0
 
LVL 3

Accepted Solution

by:
Simon_Hendry earned 100 total points
ID: 2671343
You could hide the view a HemanthaKumar says using the () brackets around the name... This does not stop people opening the view by holding down CTRL+Shift while opening the database...

The best solution for this is to create a bit of code in the QueryOpen event of the view that check whether the person is a member of a role or a group and if they are not sets Continue to false.... That way the user can still use DBLookup or use documentbykey etc to get information from the view , but they cannot open it from the UI  to see all of the documents. ( obviously you remove the other security on the view so they )


Code Example::: Put this is the Query Open Event of the View , checks to see if the user is in the Admin role.. If they aren't it wont let them open the view ... This doesn't effect backend code because is only runs when the view is opened via the UI...


     Const NotesMacro$ = "@IsMember(@UserRoles;""[Admin]"")"
     Dim Ret As Variant
     
     Ret = Evaluate(NotesMacro$)
     If Cstr(Ret(0)) = "0" Then
          Msgbox "You cannot Access this view"
          Continue = False
          Exit Sub
     End If


Have Fun
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
Lack of Storage capacity is a common problem that exists in every field of life. Here we are taking the case of Lotus Notes Emails, as we all know that we are totally depend on e-communication i.e. Emails. This article is fully dedicated to resolvin…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now