Solved

@Userroles is not working

Posted on 2004-04-14
27
643 Views
Last Modified: 2013-12-18
I am using @UserRoles. It works fine in client. But it is not working in web. It only shows $$WebClient not any roles assigned. What may be wrong?
0
Comment
Question by:small_doubts
  • 10
  • 10
  • 3
  • +2
27 Comments
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 10821298
Are you using Preview in a web browser on a local database? Probably not. I never had any problems with @userroles. What versions are you using, in what environment?
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 10821325
Some code to review would be nice :)
0
 
LVL 13

Accepted Solution

by:
CRAK earned 30 total points
ID: 10821392
Did you login or are you "anonymous" user (without roles)?
To make sure append "&login" to your url, some place after "?open...".
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 19

Expert Comment

by:madheeswar
ID: 10821436
very quick guys
0
 

Author Comment

by:small_doubts
ID: 10821636
Thank you for your suggestiongs. Truely quick. But I solved it.

It is for web. My nsf is on the server. There are a few roles. I was just trying to extract the available roles for a user. My ID has manager access and a few roles enabled. I did some research and found that it was showing me "Anonymous" and the role was "$$Webclient". So, I felt it was an authentication problem. I added "Anonymous" with "No Access" and as of now it is working fine.

I think I have a different question now. It must have been due to authentication. Because, earlier it was not asking for username/pwd. After adding anonymous it asked for a password and it is working fine. Is this ok? If I close the window and reopen it is not asking for password. It is more secure than earlier but is it really secure. Can you help me?

I think is is not required but this simple line was the problem.

@If(@implode(@UserRoles) = ""; "NO Access";@Implode(@UserRoles))
0
 
LVL 19

Expert Comment

by:madheeswar
ID: 10821751
What u have done is correct.

And for authnticatoin, u have to change Server document. Change session based authentication to Multiserver
0
 

Author Comment

by:small_doubts
ID: 10821829
I did not get it. What should I do? I want to make it it ask for password everytime it opens the form? It should either ask everytime, or it should not ask at all.
0
 
LVL 19

Assisted Solution

by:madheeswar
madheeswar earned 20 total points
ID: 10821834
it should ask everytime. Inorder to implement this, you need to enable session based authentication in your server document.
0
 

Author Comment

by:small_doubts
ID: 10821961
Can I put this code in a .js file and include it with script tag before using?
0
 

Author Comment

by:small_doubts
ID: 10821964
Sorry. Wrong place.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 10822255
1. You're asking two questions for the price of one
2. The browser stores the current user's info, so when you load or refresh a page on the same site you won't be asked for name/password unless the database you're trying to gain access to is not accessible by you; with session-based authentication you will have to login once, and as long as the session lasts you won't be asked to login again
0
 

Author Comment

by:small_doubts
ID: 10822660
sjef, actually I solved my problem myself. But I wanted to give points anyway than request for a refund. Thanks for your explanation. But my problem remains there. Can you tell me how to make the browser either ask for password all the time or never.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 10822867
Re 1: CRAK was on the dot, wasn't he? ;)
Re 2: what do you mean with "never"? Maybe SSL could be the solution for you, if you need proper authentication
0
 

Author Comment

by:small_doubts
ID: 10822919
CRAK was heading in the right direction, although not a solution to my problem. That's why I thought of accepting his comment as a B but I thought It would be nice to see if i could do better.

Is it possible to use @Userroles or some alternative mechanism without authenticating the user?
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 10823031
Let me answer with another question: Without knowing me, would you trust me with your credit card?

If you don't authenticate users, they are all the same: unknown human beings, who might be honest in telling you who they are but you'll never be sure. Even with authenication you cannot be absolutely sure, for passwords can be stolen, codes can be cracked, even fingerprints and retinas are copied.

Why do you want to authenicate your user? Are there different user-types? With different privileges?
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 10823081
"Without knowing me, would you trust me with your credit card?"

Nice arguement sjef ...

I would trust you for my visiting card ;-)

0
 

Author Comment

by:small_doubts
ID: 10823145
Nice jokes :) I can also trust sjef with my visiting card :-)

I know what you mean. But I need to have different user goups. User groups can be flexible. Flexible in the sense physical entities and user goups may map one to one or one to many or many to one. And these relationships are likely to change often. Thats what the user group called admin is for.

What were you suggesting about SSL? I am not sure what you meant.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 10823341
SSL (secure socket layer) is a means of identification, with personal and public keys. Most Internet security is based on SSL, although I put more faith in Notes' security. If you intend to use SSL, you have to set up a Secure Key generation, using a database supplied with Domino. Or you have to be able to import Internet-keys they send you. In this way you could have thorough authentication.

Are you thinking of giving the users separate names? Or how are you going to differentiate them?? Are all your users known to your organization?
0
 

Author Comment

by:small_doubts
ID: 10823445
I think SSL is not something we would prefer immediately. This might conflict with the way existing applications work.

All users are known, but no coding is to be done using person name/ids. Only roles. Users use individual ids. Sometimes, they will act on the group's behalf, but individual identity still needs to be maintained for the sake of ownership of actions.

May be some kind of OS integration? Fetch the domain and username from OS in order to authenticate automatically? Otherwise, i have to go with authentication.

I think I should ask a seperate question about authentication.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 10823642
If they all have a Notes-id, you could use a Java-based application. Is it your private Intranet or is it an Internet application, that even I could reach if I had name/password? By the way, it seems that theft happens more often inside companies than by people from outside... Beware of the reliable user myth!
0
 

Author Comment

by:small_doubts
ID: 10823733
This is an Extranet application and probably will be used on Internet too. We can and are supposed to work on making it unbreakable against common/obvious threats only. Aftreall, who knows when do crackers sleep?
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 10824040
Then you most definitely need some good form of authentication. There's a good book on this subject, an IBM RedBook "Lotus Security Handbook", http://www.redbooks.ibm.com/abstracts/sg245341.html

I'm not sleeping ;)
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 10824081
Actually, the link above refers to a book "Lotus Notes and Domino R5.0 Security Infrastructure Revealed". The book mentioned above can be found at http://publib-b.boulder.ibm.com/redbooks.nsf/redbookabstracts/sg247017.html?Open
0
 
LVL 13

Expert Comment

by:CRAK
ID: 10824136
Thanks for the points small_doubts.
I knew that was causing the problem, but before I'd make you change the ACL, I felt that I had to make sure first. The "&Login" can be used as a (temporary) workaround.

Quite a discussion guys! Nice comment Sjef.... I might quote you one day (the credit-card thing)!
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 10824220
If you want me to send you all some business cards? Guaranteed mine... Bwahahahah!

Sjef ;)
0
 
LVL 13

Expert Comment

by:CRAK
ID: 10827279
Feel free, and don't forget to include your credit-card..... you know me, don't you?
Don't need your whole wallet; you may not know me that well.... <GRIN>

(Sigh..... so I finally get to buy this home cinema set after all!)
0
 

Author Comment

by:small_doubts
ID: 10830726
Thanks sjef, I will download and see the book you referred me to. Very helpful tips from all of you, thanks for them.

CRAK, to get to sjef's credit card you will have to work in the help desk of sjef's bank ;) BTW, am I invited to watch a movie on your new cinema set :)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
Problem "Can you help me recover my changes?  I double-clicked the attachment, made changes, and then hit Save before closing it.  But when I try to re-open it, my changes are missing!"    Solution This solution opens the Outlook Secure Temp Fold…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question