small_doubts
asked on
@Userroles is not working
I am using @UserRoles. It works fine in client. But it is not working in web. It only shows $$WebClient not any roles assigned. What may be wrong?
Sjef Bosman
Are you using Preview in a web browser on a local database? Probably not. I never had any problems with @userroles. What versions are you using, in what environment?
Some code to review would be nice :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
very quick guys
ASKER
Thank you for your suggestiongs. Truely quick. But I solved it.
It is for web. My nsf is on the server. There are a few roles. I was just trying to extract the available roles for a user. My ID has manager access and a few roles enabled. I did some research and found that it was showing me "Anonymous" and the role was "$$Webclient". So, I felt it was an authentication problem. I added "Anonymous" with "No Access" and as of now it is working fine.
I think I have a different question now. It must have been due to authentication. Because, earlier it was not asking for username/pwd. After adding anonymous it asked for a password and it is working fine. Is this ok? If I close the window and reopen it is not asking for password. It is more secure than earlier but is it really secure. Can you help me?
I think is is not required but this simple line was the problem.
@If(@implode(@UserRoles) = ""; "NO Access";@Implode(@UserRole
It is for web. My nsf is on the server. There are a few roles. I was just trying to extract the available roles for a user. My ID has manager access and a few roles enabled. I did some research and found that it was showing me "Anonymous" and the role was "$$Webclient". So, I felt it was an authentication problem. I added "Anonymous" with "No Access" and as of now it is working fine.
I think I have a different question now. It must have been due to authentication. Because, earlier it was not asking for username/pwd. After adding anonymous it asked for a password and it is working fine. Is this ok? If I close the window and reopen it is not asking for password. It is more secure than earlier but is it really secure. Can you help me?
I think is is not required but this simple line was the problem.
@If(@implode(@UserRoles) = ""; "NO Access";@Implode(@UserRole
What u have done is correct.
And for authnticatoin, u have to change Server document. Change session based authentication to Multiserver
And for authnticatoin, u have to change Server document. Change session based authentication to Multiserver
ASKER
I did not get it. What should I do? I want to make it it ask for password everytime it opens the form? It should either ask everytime, or it should not ask at all.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Can I put this code in a .js file and include it with script tag before using?
ASKER
Sorry. Wrong place.
1. You're asking two questions for the price of one
2. The browser stores the current user's info, so when you load or refresh a page on the same site you won't be asked for name/password unless the database you're trying to gain access to is not accessible by you; with session-based authentication you will have to login once, and as long as the session lasts you won't be asked to login again
2. The browser stores the current user's info, so when you load or refresh a page on the same site you won't be asked for name/password unless the database you're trying to gain access to is not accessible by you; with session-based authentication you will have to login once, and as long as the session lasts you won't be asked to login again
ASKER
sjef, actually I solved my problem myself. But I wanted to give points anyway than request for a refund. Thanks for your explanation. But my problem remains there. Can you tell me how to make the browser either ask for password all the time or never.
Re 1: CRAK was on the dot, wasn't he? ;)
Re 2: what do you mean with "never"? Maybe SSL could be the solution for you, if you need proper authentication
Re 2: what do you mean with "never"? Maybe SSL could be the solution for you, if you need proper authentication
ASKER
CRAK was heading in the right direction, although not a solution to my problem. That's why I thought of accepting his comment as a B but I thought It would be nice to see if i could do better.
Is it possible to use @Userroles or some alternative mechanism without authenticating the user?
Is it possible to use @Userroles or some alternative mechanism without authenticating the user?
Let me answer with another question: Without knowing me, would you trust me with your credit card?
If you don't authenticate users, they are all the same: unknown human beings, who might be honest in telling you who they are but you'll never be sure. Even with authenication you cannot be absolutely sure, for passwords can be stolen, codes can be cracked, even fingerprints and retinas are copied.
Why do you want to authenicate your user? Are there different user-types? With different privileges?
If you don't authenticate users, they are all the same: unknown human beings, who might be honest in telling you who they are but you'll never be sure. Even with authenication you cannot be absolutely sure, for passwords can be stolen, codes can be cracked, even fingerprints and retinas are copied.
Why do you want to authenicate your user? Are there different user-types? With different privileges?
"Without knowing me, would you trust me with your credit card?"
Nice arguement sjef ...
I would trust you for my visiting card ;-)
Nice arguement sjef ...
I would trust you for my visiting card ;-)
ASKER
Nice jokes :) I can also trust sjef with my visiting card :-)
I know what you mean. But I need to have different user goups. User groups can be flexible. Flexible in the sense physical entities and user goups may map one to one or one to many or many to one. And these relationships are likely to change often. Thats what the user group called admin is for.
What were you suggesting about SSL? I am not sure what you meant.
I know what you mean. But I need to have different user goups. User groups can be flexible. Flexible in the sense physical entities and user goups may map one to one or one to many or many to one. And these relationships are likely to change often. Thats what the user group called admin is for.
What were you suggesting about SSL? I am not sure what you meant.
SSL (secure socket layer) is a means of identification, with personal and public keys. Most Internet security is based on SSL, although I put more faith in Notes' security. If you intend to use SSL, you have to set up a Secure Key generation, using a database supplied with Domino. Or you have to be able to import Internet-keys they send you. In this way you could have thorough authentication.
Are you thinking of giving the users separate names? Or how are you going to differentiate them?? Are all your users known to your organization?
Are you thinking of giving the users separate names? Or how are you going to differentiate them?? Are all your users known to your organization?
ASKER
I think SSL is not something we would prefer immediately. This might conflict with the way existing applications work.
All users are known, but no coding is to be done using person name/ids. Only roles. Users use individual ids. Sometimes, they will act on the group's behalf, but individual identity still needs to be maintained for the sake of ownership of actions.
May be some kind of OS integration? Fetch the domain and username from OS in order to authenticate automatically? Otherwise, i have to go with authentication.
I think I should ask a seperate question about authentication.
All users are known, but no coding is to be done using person name/ids. Only roles. Users use individual ids. Sometimes, they will act on the group's behalf, but individual identity still needs to be maintained for the sake of ownership of actions.
May be some kind of OS integration? Fetch the domain and username from OS in order to authenticate automatically? Otherwise, i have to go with authentication.
I think I should ask a seperate question about authentication.
If they all have a Notes-id, you could use a Java-based application. Is it your private Intranet or is it an Internet application, that even I could reach if I had name/password? By the way, it seems that theft happens more often inside companies than by people from outside... Beware of the reliable user myth!
ASKER
This is an Extranet application and probably will be used on Internet too. We can and are supposed to work on making it unbreakable against common/obvious threats only. Aftreall, who knows when do crackers sleep?
Then you most definitely need some good form of authentication. There's a good book on this subject, an IBM RedBook "Lotus Security Handbook", http://www.redbooks.ibm.com/abstracts/sg245341.html
I'm not sleeping ;)
I'm not sleeping ;)
Actually, the link above refers to a book "Lotus Notes and Domino R5.0 Security Infrastructure Revealed". The book mentioned above can be found at http://publib-b.boulder.ibm.com/redbooks.nsf/redbookabstracts/sg247017.html?Open
Thanks for the points small_doubts.
I knew that was causing the problem, but before I'd make you change the ACL, I felt that I had to make sure first. The "&Login" can be used as a (temporary) workaround.
Quite a discussion guys! Nice comment Sjef.... I might quote you one day (the credit-card thing)!
I knew that was causing the problem, but before I'd make you change the ACL, I felt that I had to make sure first. The "&Login" can be used as a (temporary) workaround.
Quite a discussion guys! Nice comment Sjef.... I might quote you one day (the credit-card thing)!
If you want me to send you all some business cards? Guaranteed mine... Bwahahahah!
Sjef ;)
Sjef ;)
Feel free, and don't forget to include your credit-card..... you know me, don't you?
Don't need your whole wallet; you may not know me that well.... <GRIN>
(Sigh..... so I finally get to buy this home cinema set after all!)
Don't need your whole wallet; you may not know me that well.... <GRIN>
(Sigh..... so I finally get to buy this home cinema set after all!)
ASKER
Thanks sjef, I will download and see the book you referred me to. Very helpful tips from all of you, thanks for them.
CRAK, to get to sjef's credit card you will have to work in the help desk of sjef's bank ;) BTW, am I invited to watch a movie on your new cinema set :)
CRAK, to get to sjef's credit card you will have to work in the help desk of sjef's bank ;) BTW, am I invited to watch a movie on your new cinema set :)