Solved

How to Prevent users from opening dox to read

Posted on 2003-11-21
10
289 Views
Last Modified: 2013-12-18
Hi Guys


Well

I know how to prevent editing a doc etc. also quite familar with reader and author fields

What I would like to be able to accomplish is:
In a view Any one can open the view and see the docs that are in Processing or Approved. However they cannot open the dox to read further than what is shown in the view.

Only the Requester and people listed in the authors field can see all the dox, in any Status.


James
0
Comment
Question by:adspmo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 24

Assisted Solution

by:HemanthaKumar
HemanthaKumar earned 100 total points
ID: 9798546
In the view, use form formula which will open different form for users not listed in Requester and Author fields

eg:

@If( @IsNotMember( @Name([CN]; @UserName); @Name([CN]; AuthorField : Requester) ); "Show Error Form"; Form);

~Hemanth
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 9798551
But anyway without using security fields like Reader/Author or encryption.. the doc and its content are not secured. User can still look into the doc using doc properties
0
 

Author Comment

by:adspmo
ID: 9798687
The form does make use of reader and authors fields as well as an editrights field to control who can do what when

Thanx for the info

James
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 9798704
Form properties, last tab with key: change default readers
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 9799347
Not sure what you mean.  Are there documents that certain people shoudl not see at all all -- not even in a view?  Or can everyone see all documents in the view, just not be able to open them to see the fields that are not displayed in the view?

If you want the ability to just restrict what fields are available to certain users, here are the options:

1) Use encryption keys.  Encrypted fields are completely invisible to users who do not have the key.  Note that key management can be a very major issue.

2) Put code in the form's QueyOpen that checks if user has access, and sets CONTINUE=FALSE if not.  This prevents openining the form.  However, it is not secure, because users can still get acces to the fields, or disable the script.  You should probably use a hidden design in this setup, but it will still not be truly secure.

3) Use a combination of standard documents and shadow documents.  The shadow documents will contains the "public" fields. Only the shadow document will be visible in public views.  The full document will be in hidden views, and have reader fields so only particular people can see them.  Put in code for the shadow form so that if a full document is available (i.e., you have reader acess), it immediately closes the shadow document and loads the full document. If the full document does not exist (i.e., it exists, but readers fields prevents user from seeing that it exists), then just display the shadow.  This is about as secure as #1, a little more complex to program, but avoids issus of key management.
0
 

Author Comment

by:adspmo
ID: 9799617

The form formula is causing a few problems
Could be that there are multiple forms used within the view
So when I click LSF it opens with the wrong form



0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 9799764
To quickly check that create a view action button , and prompt out the form formula by selecting a document.

@Prompt([ok]; ""; @If( @IsNotMember( @Name([CN]; @UserName); @Name([CN]; AuthorField : Requester) ); "Show Error Form"; Form) );
0
 

Author Comment

by:adspmo
ID: 9799948
Not quite right yet


Now it does not present my ErrorMessage form

@Prompt([OK]; ""; @If( @IsNotMember( @Name([CN]; @UserName); @Name([CN]; WhoCanSee : RequesterName) ); "BlaBla"; Form) )

When I am authorized to enter it presents the form name;
When I should be not authorized it gives me the BlaBla and then open the document
0
 
LVL 19

Expert Comment

by:madheeswar
ID: 9801261

@If( @IsNotMember( (@Name([CN]; @UserName); @Name([CN]; AuthorField : Requester) ); @Return(@Prompt([OK];"Not authorized";"You are not authorized to open this document."));"")

Try the above code.

And what is the error messages u r getting?
0
 
LVL 13

Accepted Solution

by:
CRAK earned 150 total points
ID: 9803760
Do note that "others" can always use the property box to view what's in the rest of the document!
Qwaletee's suggestion to use encryption as the way to avoid that. The script solution to set contunue=talse (conditionally) would not be my advice. Using the debugger, clicking "stop" would bypass that code and open the document to everyone. Hemantha's solution does not have that advantage.

Are you perhaps having trouble creating new doc's in that view? Or does the author or requester field NOT contain the common username, but groups, userroles, abbreviated names, canonicalized names etc.? I suggest following modification to Hemantha's formula:

@If(
      @IsNewDoc;
            @Unavailable;
      @UserNamesList *= AuthorField : Requester;
            Form;
            "Show Error Form")
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You’ve got a lotus Domino web server, and you have been told that “leverage browser caching” is a must do. This means that we have to tell the browser everywhere in the web to use cache. In other words, we set (and send) an expiration date in the HT…
  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question