Solved

Prevent read only users from deleting documents

Posted on 2004-08-25
17
194 Views
Last Modified: 2013-12-18
I have a form and on this form, there are 2 fields which is an editable Readers field called AuthorizedReader and an editable Authors field call AuthorizedAuthor.
AuthorizedReader(consist of multi-values) can only read the document
AuthorizedAuthor(consist of multi-values) can read and edit and also delete document.

There are many documents in this db, thus users in AuthorizedReader field in document A may be users in AuthorizedAuthor field in document B.


How do I code my form to make it tat only users in field AuthorizedAuthor can delete the document, disallowing users in AuthorizedReader from deleting?

Pls advise.
Thank you.
0
Comment
Question by:kopibean
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
  • 3
17 Comments
 
LVL 63

Expert Comment

by:Zvonko
ID: 11890262
In client you can return False feedback to Continue parameter of the event QueryDocumentunDelete
QueryDocumentunDelete is found in Database Resources
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 11890346
A user in a readers field CANNOT delete the document (unless he's manager/editor with delete rights).   But to be entirely on the safe side, I generally NEVER give the Delete rights to ANYONE (except myself :-) ).
I generally set a flag : a field, DELETED, is set to "1" and all views have as extra selection " & DELETED!="1" " to stop them from showing 'deleted' documents.
Then deleting becomes a question of setting the field value to "1" .  Use a button to do this, and hide the button for everyone except AuthorizedAuthor .  Code is simple :
FIELD DELETED:="1";
@command([Filesave]);
@command([fileclosewindow])

You then make a view to show all these deleted documents (only to managers/admins ), and write an agent to periodically clear the data here.
This also gives you the chance to do 'undelete' s withoug using the 'Soft Delete' feature.  Of course, Editors/Designers/Managers can create agents to set this field value, and delete documents.  But because they still can't really delete, the documents will remain in the database untill purged.

You can optionally also catch the QueryDocumentDelete event to redirect it to setting the field value, only for authorized users.
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 11890351
Oh, yeah, this also works for the web, so smart guys deleting documents from the web interface will be blocked too (something that setting Continue=false will NOT do)

cheers,

Tom
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 63

Expert Comment

by:Zvonko
ID: 11890356
Sorry, wrong answer.
You have not to programm anything.
Give to all those People only Athors acces in the database ACL.
If in a document a user is authorised to be Author, then he can also delete the document.
In a document where he is not an Author he cannot Edit, and therefore he cannot Delete.

0
 
LVL 63

Expert Comment

by:Zvonko
ID: 11890383
I mean my first comment.  
Good Morning Tom :-)
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 11890406
As a consequeny of ACL Author rights you need NO Readers fields. You need not to maintain those fields. Manage the complette database by Authors ACL rights.
If the Default is NoAcces, then all authors are Readers to any document. To documents where they are authors they are Editors. So you can give them also the Delete checkbox in the ACL.

0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 11890452
I suppose the real problem is preventing Editors and higher to delete documents.

And a good morning to you too :-)

Tom
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 11890489
Was the Authors Delete prevention the question? I did not understood it in that way. Let us see.

And if you have one or more Readers fields in some Document, and at least one of the Readers field has a Value, then is that Document accessible ONLY, I repeat ONLY, to those users who are either listed in Readers or Autors field values as Person, Group or Role owner. Danger! Even as Manager are those Documents after closing Orphans to you and never accessible again.

0
 
LVL 63

Expert Comment

by:Zvonko
ID: 11890518
Ok, in R6 is that danger is not so eminent because the Readers fields restriction was partial released, but in R4 and R5 was that an absolute danger. Sometimes you have a big database and no visible documents in it. That was scary :)
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 11890555
Oh, and because I was talking just about Readers field in Documents, the next stage of that story is that Design elements, for example Views do have also Readers access rights. Then you can have strange behaviour looking at the database if you have several Views with the same name but visible only with appropriate Readers access rights even with Dessigner access rights in the ACL.

0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 11890567
Well I would never put a Readers field on a document without adding "[Admin]" to it, or without adding an Authors field, that's just plain common sense ...

cheers,

Tom
0
 

Author Comment

by:kopibean
ID: 11898759
Tom,

I have use your method -> Use a button to do this, and hide the button for everyone except AuthorizedAuthor .  Code is simple :
FIELD DELETED:="1";
@command([Filesave]);
@command([fileclosewindow])

I do not intend to create a view to show all deleted documents.
When the user is AuthorizedAuthor, he/she can delete this document permanently from this database, prompting user a message "This document will be permanently deleted!"
Thus, how do I configure this button formula?

Pls advise.
Thank you.

0
 

Author Comment

by:kopibean
ID: 11900356
Anyone can help me on the above?
Appreciate your help.
Thanks.
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 11900809
What access rights in the database ACL do have those users listed in document fields AuthorizedReader and AuthorizedAuthor?
The highest accerss right they should have in the ACL is: Author
Do not give them Editor or higher.

0
 

Author Comment

by:kopibean
ID: 11908846
The access rights I give is Author but do I tick on 'Delete documents' under ACL?
If the 'Delete documents' is check, when user is not in AuthorizedAuthor, he should not be allow to delete the documents but in this case, will the document be deleted if 'Delete documents' is check under ACL?

Thus, how do I solve my above problem?
Anyone, Pls kindly advise.
Thank you so much.

0
 
LVL 63

Expert Comment

by:Zvonko
ID: 11908861
Authors which are not entitled as authors in some documents have only Read access to those documents.
With Read access they will not be allowed to Delete those documents.

For verification look at ACL dialog. As soon as you give some person Read acces are the checkboxes for Create and Delete documents greyed.

0
 
LVL 15

Accepted Solution

by:
Bozzie4 earned 100 total points
ID: 11910066
In my method, it's really necessary to create a view to show all deleted documents.  You don't have to show that view to anyone, though.
Use a name like (Deleted Documents) (the brackets will hide it from the default outlines), and set read restrictions on it.

Now create an agent, with formula
SELECT @adjust(@today;0;0;-14;0;0;0) > @modified;
@DeleteDocument

And a selection 'only document in folder :  (Deleted Documents)'  .  Schedule this agent to run every day (at night), and sign it with an id that can read all documents (can be yours)

This does not handle the situation where you deleted documents that have responses !  You'll need a more sophisticated agent for that.  But the standard delete does not handle that either :-)

Anyway, an Author can only delete a document that he or she can edit (hence, where he/she is in the Authors field, or when there isn't an Authors field, that he/she created)

cheers,

Tom
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For beginners of Lotus Notes user this is important to know about the types of files and their location supported by IBM Notes. Mostly users are unaware about how many file types are created and what their usages are. This Article is fully dedicated…
Notes Document Link used by IBM Notes is a link file which aids in the sharing of links to documents in email and webpages. The posts describe the importance and steps to create a Lotus Notes NDL file in brief.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question