Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 654
  • Last Modified:

@Userroles is not working

I am using @UserRoles. It works fine in client. But it is not working in web. It only shows $$WebClient not any roles assigned. What may be wrong?
0
small_doubts
Asked:
small_doubts
  • 10
  • 10
  • 3
  • +2
2 Solutions
 
Sjef BosmanGroupware ConsultantCommented:
Are you using Preview in a web browser on a local database? Probably not. I never had any problems with @userroles. What versions are you using, in what environment?
0
 
Sjef BosmanGroupware ConsultantCommented:
Some code to review would be nice :)
0
 
CRAKCommented:
Did you login or are you "anonymous" user (without roles)?
To make sure append "&login" to your url, some place after "?open...".
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
madheeswarCommented:
very quick guys
0
 
small_doubtsAuthor Commented:
Thank you for your suggestiongs. Truely quick. But I solved it.

It is for web. My nsf is on the server. There are a few roles. I was just trying to extract the available roles for a user. My ID has manager access and a few roles enabled. I did some research and found that it was showing me "Anonymous" and the role was "$$Webclient". So, I felt it was an authentication problem. I added "Anonymous" with "No Access" and as of now it is working fine.

I think I have a different question now. It must have been due to authentication. Because, earlier it was not asking for username/pwd. After adding anonymous it asked for a password and it is working fine. Is this ok? If I close the window and reopen it is not asking for password. It is more secure than earlier but is it really secure. Can you help me?

I think is is not required but this simple line was the problem.

@If(@implode(@UserRoles) = ""; "NO Access";@Implode(@UserRoles))
0
 
madheeswarCommented:
What u have done is correct.

And for authnticatoin, u have to change Server document. Change session based authentication to Multiserver
0
 
small_doubtsAuthor Commented:
I did not get it. What should I do? I want to make it it ask for password everytime it opens the form? It should either ask everytime, or it should not ask at all.
0
 
madheeswarCommented:
it should ask everytime. Inorder to implement this, you need to enable session based authentication in your server document.
0
 
small_doubtsAuthor Commented:
Can I put this code in a .js file and include it with script tag before using?
0
 
small_doubtsAuthor Commented:
Sorry. Wrong place.
0
 
Sjef BosmanGroupware ConsultantCommented:
1. You're asking two questions for the price of one
2. The browser stores the current user's info, so when you load or refresh a page on the same site you won't be asked for name/password unless the database you're trying to gain access to is not accessible by you; with session-based authentication you will have to login once, and as long as the session lasts you won't be asked to login again
0
 
small_doubtsAuthor Commented:
sjef, actually I solved my problem myself. But I wanted to give points anyway than request for a refund. Thanks for your explanation. But my problem remains there. Can you tell me how to make the browser either ask for password all the time or never.
0
 
Sjef BosmanGroupware ConsultantCommented:
Re 1: CRAK was on the dot, wasn't he? ;)
Re 2: what do you mean with "never"? Maybe SSL could be the solution for you, if you need proper authentication
0
 
small_doubtsAuthor Commented:
CRAK was heading in the right direction, although not a solution to my problem. That's why I thought of accepting his comment as a B but I thought It would be nice to see if i could do better.

Is it possible to use @Userroles or some alternative mechanism without authenticating the user?
0
 
Sjef BosmanGroupware ConsultantCommented:
Let me answer with another question: Without knowing me, would you trust me with your credit card?

If you don't authenticate users, they are all the same: unknown human beings, who might be honest in telling you who they are but you'll never be sure. Even with authenication you cannot be absolutely sure, for passwords can be stolen, codes can be cracked, even fingerprints and retinas are copied.

Why do you want to authenicate your user? Are there different user-types? With different privileges?
0
 
HemanthaKumarCommented:
"Without knowing me, would you trust me with your credit card?"

Nice arguement sjef ...

I would trust you for my visiting card ;-)

0
 
small_doubtsAuthor Commented:
Nice jokes :) I can also trust sjef with my visiting card :-)

I know what you mean. But I need to have different user goups. User groups can be flexible. Flexible in the sense physical entities and user goups may map one to one or one to many or many to one. And these relationships are likely to change often. Thats what the user group called admin is for.

What were you suggesting about SSL? I am not sure what you meant.
0
 
Sjef BosmanGroupware ConsultantCommented:
SSL (secure socket layer) is a means of identification, with personal and public keys. Most Internet security is based on SSL, although I put more faith in Notes' security. If you intend to use SSL, you have to set up a Secure Key generation, using a database supplied with Domino. Or you have to be able to import Internet-keys they send you. In this way you could have thorough authentication.

Are you thinking of giving the users separate names? Or how are you going to differentiate them?? Are all your users known to your organization?
0
 
small_doubtsAuthor Commented:
I think SSL is not something we would prefer immediately. This might conflict with the way existing applications work.

All users are known, but no coding is to be done using person name/ids. Only roles. Users use individual ids. Sometimes, they will act on the group's behalf, but individual identity still needs to be maintained for the sake of ownership of actions.

May be some kind of OS integration? Fetch the domain and username from OS in order to authenticate automatically? Otherwise, i have to go with authentication.

I think I should ask a seperate question about authentication.
0
 
Sjef BosmanGroupware ConsultantCommented:
If they all have a Notes-id, you could use a Java-based application. Is it your private Intranet or is it an Internet application, that even I could reach if I had name/password? By the way, it seems that theft happens more often inside companies than by people from outside... Beware of the reliable user myth!
0
 
small_doubtsAuthor Commented:
This is an Extranet application and probably will be used on Internet too. We can and are supposed to work on making it unbreakable against common/obvious threats only. Aftreall, who knows when do crackers sleep?
0
 
Sjef BosmanGroupware ConsultantCommented:
Then you most definitely need some good form of authentication. There's a good book on this subject, an IBM RedBook "Lotus Security Handbook", http://www.redbooks.ibm.com/abstracts/sg245341.html

I'm not sleeping ;)
0
 
Sjef BosmanGroupware ConsultantCommented:
Actually, the link above refers to a book "Lotus Notes and Domino R5.0 Security Infrastructure Revealed". The book mentioned above can be found at http://publib-b.boulder.ibm.com/redbooks.nsf/redbookabstracts/sg247017.html?Open
0
 
CRAKCommented:
Thanks for the points small_doubts.
I knew that was causing the problem, but before I'd make you change the ACL, I felt that I had to make sure first. The "&Login" can be used as a (temporary) workaround.

Quite a discussion guys! Nice comment Sjef.... I might quote you one day (the credit-card thing)!
0
 
Sjef BosmanGroupware ConsultantCommented:
If you want me to send you all some business cards? Guaranteed mine... Bwahahahah!

Sjef ;)
0
 
CRAKCommented:
Feel free, and don't forget to include your credit-card..... you know me, don't you?
Don't need your whole wallet; you may not know me that well.... <GRIN>

(Sigh..... so I finally get to buy this home cinema set after all!)
0
 
small_doubtsAuthor Commented:
Thanks sjef, I will download and see the book you referred me to. Very helpful tips from all of you, thanks for them.

CRAK, to get to sjef's credit card you will have to work in the help desk of sjef's bank ;) BTW, am I invited to watch a movie on your new cinema set :)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 10
  • 10
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now