Solved

Reader & Author Fields Issue

Posted on 2004-04-29
8
547 Views
Last Modified: 2013-12-18
Hi

I have an application where read and write access is controlled by a Reader and an Author field to control viewing and editing access by country.  It isn't working as expected.

Basically I have a document where the Authors field contains the roles:-

[ED]:[PU]

The Readers field contains the following roles:-

[UK]

The ACL is setup as follow:-

"Uk Group" with Reader access only and the [UK] role (to allow anybody in the Uk group to see UK documents)

"Editor Group" with Author access and the [ED] role (to allow them to edit any documents the Readers field allows them to see)

"Power User Group" with the [PU] role (to allow them to edit all documents they can see and also lets them access setup functions)

The idea is that only people in the UK group have the [UK] role and therefore can only see the UK documents and then only people who have either the [ED] or [PU] (Editor or Power User) roles (as well as the [UK] role) can actually edit documents for the UK.

A person setup as as editor for the UK ([ED] and [UK] roles) can incorrectly see other countries documents as well when they should only be able to see UK documents.

Any ideas?  Sorry it's a bit muddled, I can clarify anything if needs be..

Many Thanks

Ian
0
Comment
Question by:IanWood
8 Comments
 
LVL 19

Expert Comment

by:madheeswar
ID: 10946965
Change the Editor access to Author access and test.
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 10947074
This works as designed : all roles in the Authors field can Read the documents too, even if they are not in the Readers field.

So everybody with an ED role, will see ALL documents that have ED in the Authors field.

Now what can you do about this ?  If you don't have too many countries, you could create a role per country (EDUK, EDUS , etc).
This becomes impractical if you have a lot of roles, and there is a limit to number of roles supported.

Another possibility is to use groups in the Authors field.  There you can use as many groups as you like (eg. Editors_UK, Editors_US), but you 'll have to make sure the people in the groups have access to the database !

cheers,

Tom
0
 

Author Comment

by:IanWood
ID: 10947202
Thanks for that!

I had a feeling that was what was happening with the authors field overriding the reader, but was hoping otherwise!  I started off with EDUK etc, but as you mentioned there are lots of countries and hit the limit on the number of roles.

Looks like using the groups is the way forward..
0
 
LVL 24

Accepted Solution

by:
HemanthaKumar earned 300 total points
ID: 10948261
Simple...

Create two groups

UKReaders  - Give Reader Access
UKEditors  - Give Author/Editor Access

Assign both of them to UK Role, and in your document Author field should contain

[ED]:[PU]:[UK]

& Readers field set to
[UK]

These security fields just leverage the access of the persons to that of ACL.

In this setup when uk reader login, he is at reader access and is not promoted to Author but is set to Reader... Similarly UK Editors login, he is at author level and take the benefit of edit capability on the document

~Hemanth
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:IanWood
ID: 10948357
Nice one, Cheers!  I'll give it a go and let you know..
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 11018592
One more comment.

If you use any of the group or Role methods, you have to use the
Enforce Consistant ACL, or someone can bypass your ACL settings on a local replica.

I hope this helps !
0
 

Author Comment

by:IanWood
ID: 11169549
Hemanth

I (finally) tried your suggestion, it works fine for readers, BUT the Editors can see any countries documents and not just their own?  Any way round this or is it back to using group names in the author/reader fields?

Cheers

Ian

PS i've uped the points in an attempt to make up for my tardyness! ;-)
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 11172733
Small correction....Remove [ED]:[UK] from the Authors field.. It is not needed...

This will now properly show the documents that editors are enabled to look at !
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

For Desktop Techs: How to retain a user's Notes configuration data when swapping out the end user's computer. (Assuming that you are not upgrading to a completely different version of Notes client) All you need to do is: 1) install Notes o…
Problem "Can you help me recover my changes?  I double-clicked the attachment, made changes, and then hit Save before closing it.  But when I try to re-open it, my changes are missing!"    Solution This solution opens the Outlook Secure Temp Fold…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now