Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 559
  • Last Modified:

Reader & Author Fields Issue

Hi

I have an application where read and write access is controlled by a Reader and an Author field to control viewing and editing access by country.  It isn't working as expected.

Basically I have a document where the Authors field contains the roles:-

[ED]:[PU]

The Readers field contains the following roles:-

[UK]

The ACL is setup as follow:-

"Uk Group" with Reader access only and the [UK] role (to allow anybody in the Uk group to see UK documents)

"Editor Group" with Author access and the [ED] role (to allow them to edit any documents the Readers field allows them to see)

"Power User Group" with the [PU] role (to allow them to edit all documents they can see and also lets them access setup functions)

The idea is that only people in the UK group have the [UK] role and therefore can only see the UK documents and then only people who have either the [ED] or [PU] (Editor or Power User) roles (as well as the [UK] role) can actually edit documents for the UK.

A person setup as as editor for the UK ([ED] and [UK] roles) can incorrectly see other countries documents as well when they should only be able to see UK documents.

Any ideas?  Sorry it's a bit muddled, I can clarify anything if needs be..

Many Thanks

Ian
0
IanWood
Asked:
IanWood
1 Solution
 
madheeswarCommented:
Change the Editor access to Author access and test.
0
 
Bozzie4Commented:
This works as designed : all roles in the Authors field can Read the documents too, even if they are not in the Readers field.

So everybody with an ED role, will see ALL documents that have ED in the Authors field.

Now what can you do about this ?  If you don't have too many countries, you could create a role per country (EDUK, EDUS , etc).
This becomes impractical if you have a lot of roles, and there is a limit to number of roles supported.

Another possibility is to use groups in the Authors field.  There you can use as many groups as you like (eg. Editors_UK, Editors_US), but you 'll have to make sure the people in the groups have access to the database !

cheers,

Tom
0
 
IanWoodAuthor Commented:
Thanks for that!

I had a feeling that was what was happening with the authors field overriding the reader, but was hoping otherwise!  I started off with EDUK etc, but as you mentioned there are lots of countries and hit the limit on the number of roles.

Looks like using the groups is the way forward..
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
HemanthaKumarCommented:
Simple...

Create two groups

UKReaders  - Give Reader Access
UKEditors  - Give Author/Editor Access

Assign both of them to UK Role, and in your document Author field should contain

[ED]:[PU]:[UK]

& Readers field set to
[UK]

These security fields just leverage the access of the persons to that of ACL.

In this setup when uk reader login, he is at reader access and is not promoted to Author but is set to Reader... Similarly UK Editors login, he is at author level and take the benefit of edit capability on the document

~Hemanth
0
 
IanWoodAuthor Commented:
Nice one, Cheers!  I'll give it a go and let you know..
0
 
SysExpertCommented:
One more comment.

If you use any of the group or Role methods, you have to use the
Enforce Consistant ACL, or someone can bypass your ACL settings on a local replica.

I hope this helps !
0
 
IanWoodAuthor Commented:
Hemanth

I (finally) tried your suggestion, it works fine for readers, BUT the Editors can see any countries documents and not just their own?  Any way round this or is it back to using group names in the author/reader fields?

Cheers

Ian

PS i've uped the points in an attempt to make up for my tardyness! ;-)
0
 
HemanthaKumarCommented:
Small correction....Remove [ED]:[UK] from the Authors field.. It is not needed...

This will now properly show the documents that editors are enabled to look at !
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now