Solved

Hiding a Rich Text field, with attachments, from all but a select group of users.

Posted on 2002-03-18
57
533 Views
Last Modified: 2013-12-18
I have read the scripts that assist with hiding a rich text field due to the fact that notes hide when features do not work on rich text fields.  I cannot seem to find a script that works for my particular application.  I have a group of users that I have established within a formula to allow access to a body field that is rich text and contains MS word attachment.  I am searching for a formula or script that would allow me to restrict access to this field to everyone except the select group based upon a different fields value.  The situation is a team status form vs team member status form which uses the same form with a status level field for team of member.  Then the individuals attach to the body field.  The team leaders need to hide the team level status attachment field from all individuals except a select group.  Please help !!
Thank You !!
0
Comment
Question by:pratigan
  • 33
  • 21
  • 3
57 Comments
 
LVL 10

Expert Comment

by:zvonko
ID: 6876579
your question contains the answer :-)

Make two subforms: one with this RT field contained other without.
On your main form do this:
InsertSubform->InsertSubformBasedOnFormula

In this formula now you have the freedom to decide to whom to give the RT field subform and to whom not.

That's all.


Regards,
zvonko
0
 
LVL 4

Author Comment

by:pratigan
ID: 6876617
Hello Zvonko,
So your saying to build 2 sub forms based upon level, 1 for member and 1 for team.  Then based upon the slection value for level,(team), show the team level subform ???
How will this look in the views ???
I haven't worked with subforms very much !
Thanks !
Paul
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6876624
Use Hide When formula ,

Create a role called Executive in the acl and assign the privileged group which will have most control over the form and then include that role in the hide-when formula for the status/body field like this,

@isNotmember("[Executive]"; @UserRoles)

~Hemanth
0
 
LVL 4

Author Comment

by:pratigan
ID: 6876646
Hello Hemantha,
The problem with this is that the form needs to be used by all users to input their team member status.  There is a field on the form that shows team status or member status.  The problem is to hide the team status reports from all others except the group of individuals as team leaders.  The same form is used for both selections.
Thanks !
Paul
0
 
LVL 4

Author Comment

by:pratigan
ID: 6876660
Hello Hemantha,
Are you maybe saying after creating this role, I can have the formula restrict that field to only the group of users identified, as well as only hide that field when the status level field is team ??? That way I would be able to restrict the field for team status reports but allow access to all for the member status' ?!?!?!
0
 
LVL 4

Author Comment

by:pratigan
ID: 6876714
Hello Zvonko,
I have created 2 subforms, 1 with the attachment field the other without.  If I estblish a formula to display a different subform based upon team of member, then I would be restrictin all users from entering their member status.?!?!  How do I allow all users to enter member status, but restrict the team status reports from being viewed by all.  I have already restricted the use of team as a status level to te slect group, but the problem is I need to restrict the viewing of the team status attachments, by all, once created. !??!?!?!
Thanks !
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6877000
According to your comment "The problem is to hide the team
status reports from all others except the group of individuals as team leaders", means that you want to hide the whole document is it ??? Then use Readers field to do that, in Readers field include the role executive and the whole doc is hidden from other except for the group whose roles is set to executive.

For second comment, yes you can manipulate like that. I assume you have two fields , one teamstatus and other memberstatus

So for teamstatus/body the hidewhen would be,
@isNotmember("[Executive]"; @UserRoles)

And for MemberStatus the hidewhen would be,
@ismember("[Executive]"; @UserRoles)

Does this work for you ???

~Hemanth



0
 
LVL 4

Author Comment

by:pratigan
ID: 6877070
Hello Hemanth,
I want to hide the attachment in the body field from everyone but the select group.  However, the member status reports using the same form will not hide the field.  The body field is open to all for attaching their status reports, but when the level = team, then hide the attachments.  I have secured the field usage of team from everyone but a group.  The problem is when the document is launched from a view, anyone can view the document with the attachment being able to be launched from view mode.  I want to hide the field, for team status reports, when anyone views the document.  Only the selected group can view,the attachments.  The attachment is hidden from all others.  
Meantime I will work with what you have stated, I'm not very familiar with working in the ACL, but I will try what you have stated, menanwhile, have I given you the understanding of what I am trying to do ???
Tanks !
Paul
0
 
LVL 4

Author Comment

by:pratigan
ID: 6877109
Hello Memanth,
Another potential problem is that all of the members that are to be able to review these documents are not within a particular group in the ACL, This means that I will have to create a group in the acl and include these members ???  What will happen to their other group assignments ??? I wish there was a way to do this without using the acl ?!@?
Thanks !
Paul
0
 
LVL 10

Expert Comment

by:zvonko
ID: 6877424
Hello Paul,

to allow Heman and me to provide you solutions as exact as possible, we need some details...
1.) Domino server and Notes client version
2.) Is this application ever used on web?
3.) Field names of this two RichText fields for entering status.
4.) Name of the field where team leader CommonName is stored
5.) Name or names of the fields where team members are stored.
6.) Main Form name
7.) This two Subform names and usage if not readable from their names.
8.) Role names, if you decided to use Hemans path without Subforms

When providing this info, please state again the information already given, because it is absolutely confusing for me. For example, I understood, that you like to have a field team member should be able to enter new status but not able to read old status. This is possible but absolutely confusing...

Let us see the details.

So long,
zvonko


0
 
LVL 4

Author Comment

by:pratigan
ID: 6877488
Hello Zvonko,
Here are the details:
1.) not sure of server version, but notes version 5.0.4a
2.) Primarily notes client usage only.
3.) Only 1 field for entering status.  called:"Body" users attach a word document for either member status or team status.  A second field just indicates whether the attachment is team member status or Team stats.  This field is "StatType".  1 form, 1 attachment field, 1 stattype field.
4.) not sure what your looking for team leader commonname field.  The common field is Stattype, drop down selection can be team member status or team status.
5.) field where team members are stored is not in the form.  Simple form that user selects whether team member status or team status.  The team leads are responsible for entering the team status, all users enter team member status.
6.) main form name:  Project Status Reports  Alias: status
7.) subform names:   "project status sub no attach" and  "project status sub with attach".
8.)  Roles names not yet established.
Background:
There is 1 form called alias: "status", in this form there are 2 fields one StatType, drop down team member status or team status.  The other field is attach status document here:  Body field as RTF.  The users attach a word document in this field.  There are other fields on the form, but not reletive to this situation.  Once a status document is created, the users are allowed to read member status documents but want to hide the team status report attachments from all users except the select group.
I hope this clarifies the situaiton.
Thank You !!
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6878107
The solution is simple, Create two rich text fields and Show one for Executives and other for rest of the world, with the same formula that I provided above.

Creating group is much easier to manage, so go with that.
0
 
LVL 4

Author Comment

by:pratigan
ID: 6879663
HEllo Hemanth,
This sounds like a straight forward approach that I am going to attempt.  I am not to familiar with modifications to the ACL.  Do I create the group in the main address book and then link the role of executive to that group ???
Please let me know.
I will try this.
Thanks !
Paul
0
 
LVL 4

Author Comment

by:pratigan
ID: 6879709
Hello Hemanth,
I have used the group editors as there currently s no one in there.  I setup a role called teamlead (executive).  I then added a second body field for team status attachments.  I added the following formula in the hide tab for the team status body: @IsNotMember("[teamlead]"; @UserRoles).  I then added the formula to the team member status: @IsNewDoc & @IsMember("[teamlead]"; @UserRoles).
I added myself to the list to attempt to create both types and I was able to.  I was able to view both.  When I removed myself from the list I was still able to view the attachments for the team status.
I already have a formula on the stattype field that prevents others from creating a team status report, therefore when the document is in edit mode no one can even get at the body field due to the formula.  The only problem is restricting the launhing of the attachments from the view mode, preview.  What did I do wrong above.
Thanks !
Paul
0
 
LVL 4

Author Comment

by:pratigan
ID: 6879743
Hello Hemanth,
Can I just use 1 field called body, use the acl formula that you mentioned like this:
StatType = "Team Status Report" & @IsNotMember("[teamleads]"; @UserRoles)
Then have the group of individuals that I want to read the attachments in the ACL roles of teamleads ?????
Also, will I have to re-edit all existing documents to re-initiate the formula.  Also, how do I test this if I have desiger authority ???
Thanks !
Paul

0
 
LVL 4

Author Comment

by:pratigan
ID: 6879787
Hello Hemanth,
I have used the group editors as there currently s no one in there.  I setup a role called teamlead (executive).  I then added a second body field for team status attachments.  I added the following formula in the hide tab for the team status body: @IsNotMember("[teamlead]"; @UserRoles).  I then added the formula to the team member status: @IsNewDoc & @IsMember("[teamlead]"; @UserRoles).
I added myself to the list to attempt to create both types and I was able to.  I was able to view both.  When I removed myself from the list I was still able to view the attachments for the team status.
I already have a formula on the stattype field that prevents others from creating a team status report, therefore when the document is in edit mode no one can even get at the body field due to the formula.  The only problem is restricting the launhing of the attachments from the view mode, preview.  What did I do wrong above.
Thanks !
Paul
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6879790
First, the database should be on server for the access control to work properly. And did you check the hidewhen checkbox, probably you would have done it. If you are having it on local then move it to server for testing ACL.

Secondly, you can have one body field, but I have to tell you about 'Controlled Access Section' and how to manipulate it. It is more confusing than this solution.

Third, you don't have to re-edit the documents by incorporating the hide-whens. Designers of database has to have the roles to have proper access to the documents.

Setting up controlled access section.
=====================================
Create a controlled access section from the create menu.

Then goto formula tab and set to display, and set it to field called 'ROLE'

Then during the querysave set ROLE field to the "[TeamLead]"

Move your rich text field to the section.

So when users come in the body field will be editable and once they attach and save the document the section is locked down. And only operable by teamlead. Subsequent edits by team member will able to launch the attachment but not edit the body field, Is this OK ?


0
 
LVL 4

Author Comment

by:pratigan
ID: 6879846
Hello Hemanth,
I have created a controlled access section, I have set to computed for display and put "Role" in the formula window.  However I do not do a querysave, I do
@Command([FileSave]);
@Command([FileCloseWindow])
when the close save button is pushed.  I have moved the RTF to the section.
As long as the attachments connot be launched or viewed from read mode that fine because I ave locked out the edit mode review by formula on stattype.
Now I have to assign the group name in the ACL to the rols of teamleads....?!?!?!
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6880201
FileSave command will QuerySave event, So

Either set the field value in the button like this

FIELD ROLE := "[TeamLead]";
@True

or goto QuerySave, and make it as formula and use the above formula

Let me clarify one more time.

Team Leads can attach the doc, but not the member ???

Even if you lock down the edit for rich text, the attachment can be launched. If you don't want this then you have to go for hide whens only.

0
 
LVL 4

Author Comment

by:pratigan
ID: 6880254
Hello Hemanth,
I really appreciate all the time you are spnding on this.
I have been able to prevent edit and create from all but the list of team leads through the use of a formula on the StatType field which appears befroe the attachment field therefore no one can get past this field formula to get to the attachemnt field.  The problem is they can double click on the document from the view bringing it into preview read mode which they can launch the attachment from there.  This is what I want to prevent.  I want to hide the field from read view mode, edit and create are already locked.  Therefore I think we need to go for hides only, is there an easy way to do this ???
I'm willing to up the points to get this resolved.
Thank You !
Paul
0
 
LVL 4

Author Comment

by:pratigan
ID: 6880380
Hello Hemanth,
I really appreciate all the time you are spnding on this.
I have been able to prevent edit and create from all but the list of team leads through the use of a formula on the StatType field which appears befroe the attachment field therefore no one can get past this field formula to get to the attachemnt field.  The problem is they can double click on the document from the view bringing it into preview read mode which they can launch the attachment from there.  This is what I want to prevent.  I want to hide the field from read view mode, edit and create are already locked.  Therefore I think we need to go for hides only, is there an easy way to do this ???
I'm willing to up the points to get this resolved.
Thank You !
Paul
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6880772
There is option to hide in Preview for reading / editing

Check both of them ON.

0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6880773
It is available on Hide tab of the paragraph/field
0
 
LVL 4

Author Comment

by:pratigan
ID: 6880810
Hello Hemanth,
Does tihs work with RTF....??
Please let me know what the procedure is again if we are going this route, using ACL etc.  
Thnak You !
Paul
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6880995
Yes it works.

The preview hiding works in conjunction with the hide-when formula. Just goto hide tab of rich text and enable preview hiding in both read and edit mode and you should be all set.
0
 
LVL 4

Author Comment

by:pratigan
ID: 6882372
Hello Hemanth,
I created a controlled section and added the body field to it.
When I use the hide when selections in th ehide tab the attachment is still visible on the bottom of the document under where the hidden fields would be.
I don't think the controlled section is going to work.
Any other approaches ?!?!?!
Thanks !
Paul
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6882429
Can you send the current database to this address with the status form and no documents, hemanthakumark@bigfoot.com

Let me take a look and correct and send it back to you
0
 
LVL 4

Author Comment

by:pratigan
ID: 6882555
Hello Hemanth,
I had attempted to send once, exceeded storage. I will try again.  Please let me know if you get it.
Thanks !
Paul
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 4

Author Comment

by:pratigan
ID: 6882581
exceeded storage again....
0
 
LVL 4

Author Comment

by:pratigan
ID: 6882678
exceeded storage again....
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6882696
Delete all other forms and leave only the form which we are after. Compact the db and zip it and send
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6882924
Ok I got the database

Let me repeat your requirements

1. The attachment will be attached by both during Team members Status and Team Status ... Right/Wrong

2. After saving the doc, the Rich text should be visible only to team leads, and so is the attachment not for the members ... Right/Wrong

Confirm
0
 
LVL 4

Author Comment

by:pratigan
ID: 6882981
Ok Hemanth,
The attachment will be by both team leads and team members adding team member status attachments and team status attachments.  THe field Stattype indicates whether the attachment is member or team status report.  For all team stats attachments, hide the field & attachment from all except the team leads.  If team member status, no need to hide.  I have the formula in stattype that prevents viewing the attachment from edit or create, need to hide it when previewed or read mode.
Does this clarify the requirements ??
Thanks !
Paul
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6883743
Here is the hide formula,

StatType = "Team Status Report" & !@IsNewDoc & @IsNotMember("[Teamleads]"; @UserRoles)

0
 
LVL 4

Author Comment

by:pratigan
ID: 6885215
Ok... I have added that formula to the body field, now I need to establish the a group in the main acl address book that has the role of Teamleads ?? Correct ???
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6885333
Yes that is correct.

You have to create the group in the Domino Directory, and include that into your ACL with proper roles, and you should be all set !
0
 
LVL 4

Author Comment

by:pratigan
ID: 6885572
Thank You !!
I will apply these changes and test on the server.  As soon as I have completed this I will respond with a review and points.
Thank You very Much.. I really appreciate it!
Paul
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6885621
Sure, let me know the results.
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6894388
@USERROLES, returns a list of roles that the current user has in the current database.

StatType = "Team Status Report" & !@IsNewDoc &
@IsNotMember("[Teamleads]"; @UserRoles)

What does this hideformula does?

When the stattype is of Team status and if it is a old doc and the user is not a member of teamleads then hide the Richtext Field.

When a new document is composed, the richtext field is visible, even when the status is set to Team Status.

When the user does have the roles Teamleads, he will be able to see the field in any instance.

If you happen to see the richtext, then you are assigned teamleads role in the acl. Uncheck it and try ...


0
 
LVL 4

Author Comment

by:pratigan
ID: 6894426
If a user is not in teamleads then he will still be able to see the field??? Will he be able to launch the attachment ???
This is what I am trying to hide.
0
 
LVL 4

Author Comment

by:pratigan
ID: 6894442
Hello Hemanth,
I do notice that everyone else having access with userroles are contained in the address book under Authors.  Is this a possible reason why the body (RTF) field is still visible. ??  I checked and authors do not have the role teamleads checked, so they should not be able to view or edit this field....
0
 
LVL 4

Author Comment

by:pratigan
ID: 6894526
Hello Hemanth,
I have looked into this further ad I believe the formula may indeed be working correctly.  However, fo all newly created documents, after the formula has been added.  All documents created with attachments prior to the formula are still abel to be seen.  Is this correct or is something else going on here ????
If so, is there a way to hide all priors as well ??
Thank You !
Paul
0
 
LVL 10

Expert Comment

by:zvonko
ID: 6894661
it is even worser Paul.
For all documents are all persons who are allowed to read this database also allowed to make local replicas of this database.

When once local, then there are always ways to circumvent all security settings.
EXCEPT encryption :-)

I would recomand field encryption with an application key for the team leaders.




0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6894910
The old documents should also pickup the change.

For your previous comment,

The person who doesn't have teamleads role will not be able to see the attachment at all.


The testing of this should be done on server, local doesn't have acl enforced unless u instruct it so.
0
 
LVL 4

Author Comment

by:pratigan
ID: 6896201
Hello ZVonko,
I had originally thought of encryption, but I didn't want to get into that extent of having to distribute and maintain encryption keys.  I do understand that the security is not 100%, however I feel the majority of the users would not think to go that route.
Hello Hemanth,
I have replicated the changes to the server and the formula is hiding the attachments for all newly created status reports.  It is working exactly how I want it to, except for the fact that all document attachments prior to the changes being replicated are still viewable.  Is there some form option that I should be addressing ???
We are so close to closure on this.  Please advise.
Thank You Both !!!
Paul
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6896280
The only field value being referenced in hidewhen is Stattype, check if the value is correctly set in previous documents. Rest of the formula will be evaluated instantly.

0
 
LVL 4

Author Comment

by:pratigan
ID: 6896291
That field is set correctly, I have created a view by Stattype and date, all of the previous and newly created documents appear by date.  The old ones attachments are viewable, the new ones the attachments are not viewable. ????
0
 
LVL 4

Author Comment

by:pratigan
ID: 6896333
Are there any options such as propagate or inherit options that need to be set to have this hide for past documents???
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6896529
Not exactly, but to refresh the document we use ToolsRefreshSelectedDocs in an agent and run on selected documents to refresh the field values. But for hide when ???  it doesn't seem logical. But give it a try.

Also try this, create a temporary computed for display field with this hidewhen formula and see what is the result it gives.

0
 
LVL 4

Author Comment

by:pratigan
ID: 6896621
Sub Exiting(Source As Field)
  Dim workspace As New NotesUIWorkspace
  Dim uidoc As NotesUIDocument
  Set uidoc = workspace.CurrentDocument
  Call uidoc.RefreshHideFormulas
End Sub

To run within the agent ??
0
 
LVL 4

Author Comment

by:pratigan
ID: 6896774
I setup the ToolsRefreshSelectedDocs using the @command.  I ran it from an agent within a view after check marking a select group of documents.  I received a message that the documents were being refreshed, I noticed that the documents then became red with the star (unread marks) I then removed myself from the teamleads ACL role and then went back into the database.   I was still able to view past documents.!?!??!!?!?
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6897269
send me the db again with few older documents and the form
0
 
LVL 24

Accepted Solution

by:
HemanthaKumar earned 80 total points
ID: 6897546
Ok here is the problem, remove the field body from table and keep it in a plain area n test.
0
 
LVL 4

Author Comment

by:pratigan
ID: 6902313
Hemanth,
I can move the field from the table to a plain area easy enough.
How do I move the field for the prior documents.  I will have to edit each one a save again , correct ??!!?!?
Thanks !
Paul
0
 
LVL 4

Author Comment

by:pratigan
ID: 6902354
Hello Hemanth,
It worked great.  I did not have to go back as I thought.
I thank you very much for all of your efforts.  I have increased the points to 80.  I wish I had more points to play with as I would have granted more.
Thank You very much !!
Paul
 
0
 
LVL 4

Author Comment

by:pratigan
ID: 6902361
Hemanth is an excellent resource and I appreciate the continued effort to resolve a problem.  He sticks with it until a resolution is reached.  Its been a pleasure working with him.
Thank You !!
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6902371
Thanks for the nice words.

Hope to hear from you in future.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
IBM Notes offer Encryption feature using which the user can secure its NSF emails or entire database easily. In this section we will discuss about the process to Encrypt Incoming and Outgoing Mails in depth.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now