kopibean
asked on
Prevent read only users from deleting documents
I have a form and on this form, there are 2 fields which is an editable Readers field called AuthorizedReader and an editable Authors field call AuthorizedAuthor.
AuthorizedReader(consist of multi-values) can only read the document
AuthorizedAuthor(consist of multi-values) can read and edit and also delete document.
There are many documents in this db, thus users in AuthorizedReader field in document A may be users in AuthorizedAuthor field in document B.
How do I code my form to make it tat only users in field AuthorizedAuthor can delete the document, disallowing users in AuthorizedReader from deleting?
Pls advise.
Thank you.
AuthorizedReader(consist of multi-values) can only read the document
AuthorizedAuthor(consist of multi-values) can read and edit and also delete document.
There are many documents in this db, thus users in AuthorizedReader field in document A may be users in AuthorizedAuthor field in document B.
How do I code my form to make it tat only users in field AuthorizedAuthor can delete the document, disallowing users in AuthorizedReader from deleting?
Pls advise.
Thank you.
A user in a readers field CANNOT delete the document (unless he's manager/editor with delete rights). But to be entirely on the safe side, I generally NEVER give the Delete rights to ANYONE (except myself :-) ).
I generally set a flag : a field, DELETED, is set to "1" and all views have as extra selection " & DELETED!="1" " to stop them from showing 'deleted' documents.
Then deleting becomes a question of setting the field value to "1" . Use a button to do this, and hide the button for everyone except AuthorizedAuthor . Code is simple :
FIELD DELETED:="1";
@command([Filesave]);
@command([fileclosewindow]
You then make a view to show all these deleted documents (only to managers/admins ), and write an agent to periodically clear the data here.
This also gives you the chance to do 'undelete' s withoug using the 'Soft Delete' feature. Of course, Editors/Designers/Managers
You can optionally also catch the QueryDocumentDelete event to redirect it to setting the field value, only for authorized users.
I generally set a flag : a field, DELETED, is set to "1" and all views have as extra selection " & DELETED!="1" " to stop them from showing 'deleted' documents.
Then deleting becomes a question of setting the field value to "1" . Use a button to do this, and hide the button for everyone except AuthorizedAuthor . Code is simple :
FIELD DELETED:="1";
@command([Filesave]);
@command([fileclosewindow]
You then make a view to show all these deleted documents (only to managers/admins ), and write an agent to periodically clear the data here.
This also gives you the chance to do 'undelete' s withoug using the 'Soft Delete' feature. Of course, Editors/Designers/Managers
You can optionally also catch the QueryDocumentDelete event to redirect it to setting the field value, only for authorized users.
Oh, yeah, this also works for the web, so smart guys deleting documents from the web interface will be blocked too (something that setting Continue=false will NOT do)
cheers,
Tom
cheers,
Tom
Sorry, wrong answer.
You have not to programm anything.
Give to all those People only Athors acces in the database ACL.
If in a document a user is authorised to be Author, then he can also delete the document.
In a document where he is not an Author he cannot Edit, and therefore he cannot Delete.
You have not to programm anything.
Give to all those People only Athors acces in the database ACL.
If in a document a user is authorised to be Author, then he can also delete the document.
In a document where he is not an Author he cannot Edit, and therefore he cannot Delete.
I mean my first comment.
Good Morning Tom :-)
Good Morning Tom :-)
As a consequeny of ACL Author rights you need NO Readers fields. You need not to maintain those fields. Manage the complette database by Authors ACL rights.
If the Default is NoAcces, then all authors are Readers to any document. To documents where they are authors they are Editors. So you can give them also the Delete checkbox in the ACL.
If the Default is NoAcces, then all authors are Readers to any document. To documents where they are authors they are Editors. So you can give them also the Delete checkbox in the ACL.
I suppose the real problem is preventing Editors and higher to delete documents.
And a good morning to you too :-)
Tom
And a good morning to you too :-)
Tom
Was the Authors Delete prevention the question? I did not understood it in that way. Let us see.
And if you have one or more Readers fields in some Document, and at least one of the Readers field has a Value, then is that Document accessible ONLY, I repeat ONLY, to those users who are either listed in Readers or Autors field values as Person, Group or Role owner. Danger! Even as Manager are those Documents after closing Orphans to you and never accessible again.
And if you have one or more Readers fields in some Document, and at least one of the Readers field has a Value, then is that Document accessible ONLY, I repeat ONLY, to those users who are either listed in Readers or Autors field values as Person, Group or Role owner. Danger! Even as Manager are those Documents after closing Orphans to you and never accessible again.
Ok, in R6 is that danger is not so eminent because the Readers fields restriction was partial released, but in R4 and R5 was that an absolute danger. Sometimes you have a big database and no visible documents in it. That was scary :)
Oh, and because I was talking just about Readers field in Documents, the next stage of that story is that Design elements, for example Views do have also Readers access rights. Then you can have strange behaviour looking at the database if you have several Views with the same name but visible only with appropriate Readers access rights even with Dessigner access rights in the ACL.
Well I would never put a Readers field on a document without adding "[Admin]" to it, or without adding an Authors field, that's just plain common sense ...
cheers,
Tom
cheers,
Tom
ASKER
Tom,
I have use your method -> Use a button to do this, and hide the button for everyone except AuthorizedAuthor . Code is simple :
FIELD DELETED:="1";
@command([Filesave]);
@command([fileclosewindow]
I do not intend to create a view to show all deleted documents.
When the user is AuthorizedAuthor, he/she can delete this document permanently from this database, prompting user a message "This document will be permanently deleted!"
Thus, how do I configure this button formula?
Pls advise.
Thank you.
I have use your method -> Use a button to do this, and hide the button for everyone except AuthorizedAuthor . Code is simple :
FIELD DELETED:="1";
@command([Filesave]);
@command([fileclosewindow]
I do not intend to create a view to show all deleted documents.
When the user is AuthorizedAuthor, he/she can delete this document permanently from this database, prompting user a message "This document will be permanently deleted!"
Thus, how do I configure this button formula?
Pls advise.
Thank you.
ASKER
Anyone can help me on the above?
Appreciate your help.
Thanks.
Appreciate your help.
Thanks.
What access rights in the database ACL do have those users listed in document fields AuthorizedReader and AuthorizedAuthor?
The highest accerss right they should have in the ACL is: Author
Do not give them Editor or higher.
The highest accerss right they should have in the ACL is: Author
Do not give them Editor or higher.
ASKER
The access rights I give is Author but do I tick on 'Delete documents' under ACL?
If the 'Delete documents' is check, when user is not in AuthorizedAuthor, he should not be allow to delete the documents but in this case, will the document be deleted if 'Delete documents' is check under ACL?
Thus, how do I solve my above problem?
Anyone, Pls kindly advise.
Thank you so much.
If the 'Delete documents' is check, when user is not in AuthorizedAuthor, he should not be allow to delete the documents but in this case, will the document be deleted if 'Delete documents' is check under ACL?
Thus, how do I solve my above problem?
Anyone, Pls kindly advise.
Thank you so much.
Authors which are not entitled as authors in some documents have only Read access to those documents.
With Read access they will not be allowed to Delete those documents.
For verification look at ACL dialog. As soon as you give some person Read acces are the checkboxes for Create and Delete documents greyed.
With Read access they will not be allowed to Delete those documents.
For verification look at ACL dialog. As soon as you give some person Read acces are the checkboxes for Create and Delete documents greyed.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
QueryDocumentunDelete is found in Database Resources