Multiple Teams accessing the same form but seeing differnt data

Jaziar used Ask the Experts™
I have a database that multiple teams use.  Each team conatins multiple users.  The teams each use the same form to create and submit information to the database.  The problem - the teams can not be allowed to see each other or even know they exist.  Even though they use the same form, team a should only see team a information.  I dont want to have to set up views for each team and hide them from each other.  I would like one view that sees the team the logged in user in on and then gets the approimate teams information.  That has to be a way to do this.  Please Help
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

No problem.  

- Just create a field on the form and make it hidden.  
- Make it a READERS type field.  
- Make it automatically compute to the author or another field on the form containing an editable list of team members.

It's a good idea to include a role in the reader field so you don't accidentally lock yourself out.  It's like a back door into the documents:

Examples of computed reader names fields:

This example would allow the author of the document, anybody with the KnowItAllRole assigned to them or Joe Blow to access the document;

@Author : "[KnowItAllRole]" : "Joe Blow"

This example would allow you to reference a field called TeamMembers that is on the form and perhaps contains a list of available team members:

TeamMembers : "[KnowItAllRole]"

Note: If you do decide to reference another field remember to make the TeamMembers (or whatever you name it) field a 'allow multiple values' field.  Otherwise it will lump all your names together as one big name and nobody will have access.  (Another good reason to have the role in there as a backup)
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

Make sure if you use reader names and have views that are categorized, you select the option in the view not to show empty categories (R5 and later) other wise teams will see EMPTY categories for documents they don't have.

Also you will want to set the actual readers field to 'allow multiple values' too... the colon (:) is the multivalue separator.
Since you are dealing here with teams/groups, you should setup your readers list little different.

To enable this, you might have to modify the form with these changes.

Create a Names field (multivalued) Called ACL as computedfordisplay. With ACL as the default value

Second, create a Readers field (multivalued) called DocReaders as computed with following formula in it,

"Administrators" :
@Keywords( @Name([abbreviate];@UserNamesList) ; @Name([abbreviate];ACL); " " )

In the postopen insert this script.

     Dim ws As New NotesUIWorkspace
     Dim note As NotesDocument
     Dim s As New NotesSession
     Dim db As NotesDatabase
     Dim acl As NotesACL
     Dim entry As NotesACLEntry
     Set db = s.CurrentDatabase
     Set acl = db.ACL
     Set note = ws.CurrentDocument.Document
     Set entry = acl.GetFirstEntry
     While Not entry Is Nothing
          note.ACL = note.ACL(0) + "," + entry.Name
          Set entry = acl.GetNextEntry(entry)

Now as Andy mentioned create view with option of hiding zero category documents, which is a R5 specific feature.

May I suggest the use of groups and/or roles instead of a list of usernames (with or without intermediate field)?

If people are added to/removed from any team-groups, their accessrights to documents are automatically dealt with by notes itself! If you would add a list of usernames to EVERY teams' documents, you'd have to update all those (or accept the fact that new team members will NEVER gain access to old documents)!!!

I recommend you create groups with a similar (unique!) pre- or suffix, like "Team_01", "Team_02" etc. Let's skip userroles for those groups (that would make it just another bit more difficult).

Assuming you're using Notes R5, you could use @UserNamesList to obtain a complete list, containing the (editing) user's name, all groups he/she's in and all userroles he/she's got. All we need to do is filter the right "Team_##"-one out!
@Keywords is VERY suitable for that purpose, but can't cope with a certain set of characters. We need to convert those to a certain code first:

Lst := @UserNamesList;
ReplaceOriginals := @Explode("\"@,@?@!@;@:@[@]@(@)@{@}@<@>@.@ "; "@");
ReplaceSubstitutes := @Explode("&a@&b@&c@&d@&e@&f@&g@&h@&i@&j@&k@&l@&m@&n@&o@&p"; "@");
LstCode := @ReplaceSubstring(Lst; ReplaceOriginals; ReplaceSubstitutes);

Since we know all groups start with "Team_" (even after encoding) we can easily remove that bit of string and reattach it without harming the groupname. All other elements in the list are suppose to change in this step!

LstModified := "Team_" + @ReplaceSubstring(LstCode; "Team_"; "");

We can now use the powerfil @Keywords-function to retrieve the elements existing in both lists (the unmodified ones!):

LstIdentical := @Keywords(LstCode; LstModified);

Then we have to decode to get any of our "funny" characters back (I expect none present; but we've go to do this right!):

LstTeam := @ReplaceSubstring(LstIdentical; ReplaceSubstitutes; ReplaceOriginals);

That value, along with an additional role for backup access (and perhaps the user him-/herself) should be written to the (multivalue) readernames field, as Snocross indicated.

However, IF anyone with the role [KnowItAllRole] (or whatever you name it), NOT belonging to a team, would edit the document, no team-group will be added in the readernames-field.

That's why we need to add this last bit:


WOW CRAK !  *Smile*

Man why are you guys making this so complicated...

The basis of the answer is reader names fields with some added details tossed in.  How to calculate them is another matter --

The "Most cost effective" solution, on a long term is to create an automated group management system.  See for more information on THAT one.  

The key is a solid, automated solution to keep the right people, in the right groups, at a decent level of granularity -- if you have that in place, solutions like what Jaziar is looking for become much easier to manage, and much lower cost to support.


All of these are very good ideas, but I still have some problems.  First problem is the teams are created and maintained by one person that has the role of "Key User", but he does not have manager access to the database.  Most the time the Key User will have no access to the ACL.  I was hoping to stay away from the ACL as much as possible. I would like a user to log into the database and create a document on the form.  The form matches the user with the team they are on and sets some sort of flag.  Then when I create a view in the select statement, I can parse out all other teams somehow by that flag.  This is the most complex I  have tried to program lotus notes.  One last thing my company is still on 4.67 So bare with me - Thanks

Ok let me see if I have this straight:

Ideally you would like "Joe Blow" to create a document and then Notes automatically goes out and discovers Joe Blow is a member of the XYZ Team.  Notes then goes out and finds the XYZ Team member listing and adds all those names into the document readers field.


This is acheivable but if you are maintaining team names in an address book it could be tricky because any one person could be a member of many groups in the address book and it wouldn't know which group to pull from.  I think you will probably have to have some sort of configuration document in your database that contains a list of team members.  A database administrator can be the only user who can add/remove names from this configuration document.  Then when a document is created Notes could do a @DbLookup to the configuration document, find out which team he is on, and then pull in the other team members.
Jeez, I think I may know which one.

You have a number of issues to deal with that complicate things:

a) The solution is not secure if you don't use reader names fields.  Period.  You can HIDE things, but you cannot make them secure.  You would be obscurity, but not security.   Any other solution would leave you open to lots of potential breaches -- private views, web url hacks, script agent hacks, lots of things.

b) You don't have a function that lists that groups a user is in.  You have @UserRoles, so you can list the roles, but not the groups.

You need to provide the "Team Manager" two things:

1) A way to manage who is in what group.  Groups as defined in the address book.

2) You need a way to assign those groups onto documents base on a user's membership in them.

Solve these problems distinctly.  

Proper NAB admistration would allow you create a series of group documents in the nab based on AUTHOR access, and let the team administrator put people in those groups.  I still advocate an automated process for this, per the url I gave you.

Now, all that's left is putting the right group names on each document as it is created in your database.  You can do that with script code that gets a list of what groups a user is in --- (since in 4.67 you don't have that function).  The code to do this (recusively look at all the groups) is in the presentation I pointed you to.   Once you have that list, its just a question of putting that list of groups in the reader names fields.  Get fancy by putting only the relavent groups on the reader names field, or just use the function and put the whole list there.

Andrew we must have been typing madly at the same time!  Anyway, I like your idea with roles though.
My Confusing Comment:

What if I am in a group called "GroupA" and this GroupA is a member of "GroupB"  Which has to get access to the application ?

Quite possible ain't ?

if he uses the code on my website, a simple call to the function getallgroupsforuser() will return ALL the groups a user is in, recursively, to a depth of whatever you want (e.g. 6 deep, or 20 deep, or whatever) and will handle the user being in groups within groups, it will also handle all the variants of a user's name, including wildcards.

I am sorry Drew! I overlooked few of your comments.  We here in DCX also have a similar kind of code to find what all groups a person belong to recursive.  But will you be stamping all the group names just to avoid more confusion later ?  Jaziar does not want to play around with ACL anyways....



Is the code you are referring to in the demo database or in the presentation?
he has to either stamp the document with all the groups, or just run through the list and only stamp the ones that matter.  Either way.
of course, both of us now have great code rendered un necessary by D5 & D6 which have @UserAccess  :-)
In this case, both.  Its in the demo, but its also in txt files stored as ole objects within the presentation itself.
@UserAccess ! Damn... we do a lot of digging and then find the stuff right on the surface.  Good Catch Buddy.

Bag these points.



Is the code you are referring to in the demo database or in the presentation?
Won't work for Jaziar, he stuck on 4.67.  I don't that that's in there.  Maybe it is, can't remember.


I am trully starting to see my lack of knowledge of Lotus notes programming starting to show its ugly self.  I am sorry for keeping this thread open so long and not awarding the points.  I am also sorry for restating a question that may have already been answered.

I have the role of Key User, I am not a manager of the database and can not touch the ACL.  In a form I create "TEAM A" and put "Joe Blow" and "Chuck Roast" in the team.  I then create "TEAM B" and put "Bud Wiser" and "Bobby Sock" in the team.  I have a form in place that all the users will access.  Joe logs in and enters "Yellow" in a field.  Bud logs in and enters "Blue" in the field.  When Joe clicks the Favorite Color View, I want him to see "Yellow" and nothing else unless Chuck as accessed the form as well.  Being they belong to the same team, Joe should see both his and team mates but not "TEAM B" stuff.

I am a little confussed so some sample code would be nice with the explanation.  You guys are amazing and I appreicate the help very much.
Need not worry for keeping this open. All you have to do is increase the points from time to time so that experts will be interested in participating and providing a solution.

You can't really do what you want without the reader names fields in v4.x.   In version 5.x you could design a view with "show single category" and categorize on color.  Then, use a calculation to determine which color based on which user.
I think I'll have to leave this one to Sno and Arun now.  On a free web forum I'll provide some how-to knowledge, but what you really need is someone with experience to build a solution or map with with a solid architecture.

Personally, its hard for me on this site to find a balance of what to give away and how much time to put into a solution for someone.  What you need is what I sell for a living, so its a line I have to figure out.

Jaziar, all the key parts are here for you, I hope you understand why this is where I have to stop.
How about shared personal on first use views based on userNames ?

Adding more confusion to the topic.

I am going to leave this one to Drew and Sno as they are closeliving buddies.

Single category is not a security option!
Lets start a case by opening a hidden view.....
or by creating a private view.....

A readers field is the ONLY way to make sure that things will ALWAYS work as intended!

And don't give up leaving points to us vultures! I've seen some of your ideas the last few days: you've got the potention to get in the top 15 with us; as long as you don't look up to us! We're (nearly) all designers learning and theaching others!

Give my code above a try: It'll do just what you expected with that yellow and blue expamle! Explanations are there too and I'll be around to answer additional questions.

If you need a feature included that allows a user to select a team for a document (in case multiple or no teams were found), just let me know.

There's no need to get every team in the ACL. Some generic access level for the database will do. All you need is the administrator to create those groups. He/she can assign others to add the correct team members (if he/she is to lazy to so it him-/herself).

Sno, why you call that complicated? The code may not be the easiest to comprehed, but that's a general problem I see when putting @Keywords to use. Used it to crack (with "CK"!) harder ones too!

Why is no one leaving this one to me???
All yours, Crak.
Oops... Take it buddy. I just picked a biggie a 200 pointer.  I dont want 75...

Please note that I had just begged a 30 from a wine master.

Dont you guys check out new questions ?

I don't get the fascination with points or top 15.  I suspect I could make top 15, but can't reconicile that with going beyond the question and writing whole applications for people.  I charge my customers for that level of support at close to $1500/day.  !!

... especially given that so far of the questions I've asked (2 -- the third was just feedback) I'm 50/50 on results.   I put one up to 300 points, but so far not a single attempt at an answer.   The sad thing, is that the more expertise you have, the harder the questions you're likely to ask I guess.
Good Point...

I agree with you Andrew and I've raised that point many times to my EE friends who are obsessed with points and top 15.  I hang around mostly because it's fun... I too will leave this to CRAK to solve!!  Ha ha.
So that's settled then?!

Andrew, I work for an outsourcement company; so I'm in the same kind of business, except that I don't have the fuzz of running a company and finding customers myself.
You're right that -out here- you sometimes provide tips and bits of code that -in real life- companies would have to pay for. As long as the question offers a good challenge, I don't mind doing that. I like having some competition!
Sure, I like having enough points collected to be in top 15, but half or the entries there are no longer active! The arguing and nagging over points is sometimes just as much fun as solving somebodies problem.

Yeah except at CRAK's company in the Netherlands they charge $15 per day instead of $1500 and they offer 'crak' coccaine and prostitites as kickback incentives.  ROTFL!  Ah, I kill myself.  Just kidding crak!
Geez, Crak.  I did a talk in Amsterdam less than a month ago at eView's notes conference there.  A shame we couldn't hook up for a beer.
Sno, those $15 were the additional expenses.... just the coffee! Next time you're around, pay better attention! And as for those incentives: you're drooling! Don't be so jealous!  <GRIN>

Andrew, I wasn't there... I'm not subscribes to the View. If you come here more often, perhaps we could meet? Beer sounds good!
Its weekend already...I wanna go home...

You're almost there Arun... probably should start walking about now.
Watch yourself when you cross a street Arun! One may get involved in an accident quite easily I hear!
Grrr... but the irony is, I am depending on my room-mate for driving me.  

Interestingly he wanted to be at the office by 6:30 AM and i woke up at 4:15AM for it.  Now, I have no business at 6:30 to be here.  He will leave at 3:00 PM now and I cannot leave at that time (atleast for today).

I endup staying late here at the office until he comes back and pick me up sometime around 6.

Well, almost 3 and half hours more i have to be here.

You poor bastard.  Do what I do... lock your office door and climb into the ceiling ducts and escape through the roof.  Come back in 3 hours and go out the door.
That would be interesting if i had a separate office.  In my suite there are atleast 300 people... I am happy that atleast i have a cubicle.

ah, a cube farm!  I did my time in one of those.  ack.
Since my IT career began I am working only in this kind of environment. I dont want a separate office.

It's funny when there is a loud noise in a cube farm... all these heads pop up like prairie dogs...
Yeah... when one sneezes and you call from a distance "...will you clean that please?". Best thing is when power drops though! That silence all of a sudden! No more PC fans etc! Love it!
Oh yea. Especially the one next to me is noisy. And when a tall blonde walks I can see lots of old heads pop-up right from their cubes. Its funny to look at them though while my head is one amongst them.

By the way i smiled on your prairie dog comment !
So Jaziar, have you tried it?
What happened?


I have been away from the office for most the afternoon CRAK.  I have read over the code from above and I am going to try and put it in place.  I am assuming each team will get their own reader field on the form.  I am little confussed on the location to put the above code.
It's the code for the (the only!) readernames field (computed) on the form.

A summary:

In the public addressbook, a number of group documents are te be created for the different teams. In my example I named them "Team_##", wher ## is a number.

On the form that is to be shared by these groups you'll need a readers-type field (computed) with following code (Notes R5 required!):

Lst := @UserNamesList;
ReplaceOriginals := @Explode("\"@,@?@!@;@:@[@]@(@)@{@}@<@>@.@ "; "@");
ReplaceSubstitutes := @Explode("&a@&b@&c@&d@&e@&f@&g@&h@&i@&j@&k@&l@&m@&n@&o@&p"; "@");
LstCode := @ReplaceSubstring(Lst; ReplaceOriginals; ReplaceSubstitutes);
LstModified := "Team_" + @ReplaceSubstring(LstCode; "Team_"; "");
LstIdentical := @Keywords(LstCode; LstModified);
LstTeam := @ReplaceSubstring(LstIdentical; ReplaceSubstitutes; ReplaceOriginals);

Do fill out the correct name for "<ReadersField>" (without quotes or brackets)!
If you define a different prefix for the groups' teamnames, please do so in the line of LstModified as well. If you use a suffix instead, I'm willing to modify the code for you!

Don't apologize for not being in the office: I haven't even been in today!

Enjoy the weekend!
only 75 poor CRAK !
LOL.  Something about diminishing returns, Arun?

No offence to you, Jaziar; we were all new at this once.


What is the sense of having the knowledge, if you are indeed reluctant to share the knowledge due to the lack of points awarded.  I would have easily given much more, but that was all I was alloted to start with and my company will not grant me access to payroll to gain more points.  I truly appreciate each of your attempts at helping me with my problem and a special thanks to CRAK for his continued help for only the 75 points.



CRAK did a excellent job and was very timely with responses and suggestions.


My mistake I see now I could have gotten additional free points for taking a survey - oops.  I would have gotten more points if I have known at the time.  I know it was a tough problem and deserved more points.
   For what its worth -- and no offense is intended -- I didn't stop where I was based on points.  We joke a lot about points, but most of us here are here because we like to help.  We all have our limits on how far we'll go.  In your case, I think Crak really went above and beyond.


I also meant no offense to anyone- I now, after the last post understand more of how the boards work.  I now see each of you giving up your time to help people with problems such as mine.  It is my fault for posting the question before I fully understood the system. So I hope no offense was taken by anyone.  I feel as this is a great board with a lot of very knowledgable experts giving advice.  I honestly got a little upset with myself for not being able to figure out the problem myself.  I am fairly new at notes programming and never used reader fields before - so this all was kinda new and confussing.

A big thanks to everyone that posted and tried to help me and to CRAK for going beyond the call of duty.

Don't let them wind you up! Andrew is right about it: we joke about the points!
The code a presented may not be the easiest to come up with and there may be other ways, but I had bits and pieces of it either already in a database (ReplaceOriginals, ReplaceSubstitutes, @Keywords) or in my head. A higher number of points is meant for harder questions, but what if the answer was as easy to provide as this one?
Once more I snatched points from right under my buddies noses. Arun is only showing his discomfort about that, but we all know that he'll get his change to get even!

Thanks for the points and good luck with that application!
C U around!  ;-)

Never spend ALL your points in one question! Who knows, you might need some tomorrow!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial