Solved

Prevent read only users from deleting documents

Posted on 2004-08-25
17
188 Views
Last Modified: 2013-12-18
I have a form and on this form, there are 2 fields which is an editable Readers field called AuthorizedReader and an editable Authors field call AuthorizedAuthor.
AuthorizedReader(consist of multi-values) can only read the document
AuthorizedAuthor(consist of multi-values) can read and edit and also delete document.

There are many documents in this db, thus users in AuthorizedReader field in document A may be users in AuthorizedAuthor field in document B.


How do I code my form to make it tat only users in field AuthorizedAuthor can delete the document, disallowing users in AuthorizedReader from deleting?

Pls advise.
Thank you.
0
Comment
Question by:kopibean
  • 9
  • 5
  • 3
17 Comments
 
LVL 63

Expert Comment

by:Zvonko
Comment Utility
In client you can return False feedback to Continue parameter of the event QueryDocumentunDelete
QueryDocumentunDelete is found in Database Resources
0
 
LVL 15

Expert Comment

by:Bozzie4
Comment Utility
A user in a readers field CANNOT delete the document (unless he's manager/editor with delete rights).   But to be entirely on the safe side, I generally NEVER give the Delete rights to ANYONE (except myself :-) ).
I generally set a flag : a field, DELETED, is set to "1" and all views have as extra selection " & DELETED!="1" " to stop them from showing 'deleted' documents.
Then deleting becomes a question of setting the field value to "1" .  Use a button to do this, and hide the button for everyone except AuthorizedAuthor .  Code is simple :
FIELD DELETED:="1";
@command([Filesave]);
@command([fileclosewindow])

You then make a view to show all these deleted documents (only to managers/admins ), and write an agent to periodically clear the data here.
This also gives you the chance to do 'undelete' s withoug using the 'Soft Delete' feature.  Of course, Editors/Designers/Managers can create agents to set this field value, and delete documents.  But because they still can't really delete, the documents will remain in the database untill purged.

You can optionally also catch the QueryDocumentDelete event to redirect it to setting the field value, only for authorized users.
0
 
LVL 15

Expert Comment

by:Bozzie4
Comment Utility
Oh, yeah, this also works for the web, so smart guys deleting documents from the web interface will be blocked too (something that setting Continue=false will NOT do)

cheers,

Tom
0
 
LVL 63

Expert Comment

by:Zvonko
Comment Utility
Sorry, wrong answer.
You have not to programm anything.
Give to all those People only Athors acces in the database ACL.
If in a document a user is authorised to be Author, then he can also delete the document.
In a document where he is not an Author he cannot Edit, and therefore he cannot Delete.

0
 
LVL 63

Expert Comment

by:Zvonko
Comment Utility
I mean my first comment.  
Good Morning Tom :-)
0
 
LVL 63

Expert Comment

by:Zvonko
Comment Utility
As a consequeny of ACL Author rights you need NO Readers fields. You need not to maintain those fields. Manage the complette database by Authors ACL rights.
If the Default is NoAcces, then all authors are Readers to any document. To documents where they are authors they are Editors. So you can give them also the Delete checkbox in the ACL.

0
 
LVL 15

Expert Comment

by:Bozzie4
Comment Utility
I suppose the real problem is preventing Editors and higher to delete documents.

And a good morning to you too :-)

Tom
0
 
LVL 63

Expert Comment

by:Zvonko
Comment Utility
Was the Authors Delete prevention the question? I did not understood it in that way. Let us see.

And if you have one or more Readers fields in some Document, and at least one of the Readers field has a Value, then is that Document accessible ONLY, I repeat ONLY, to those users who are either listed in Readers or Autors field values as Person, Group or Role owner. Danger! Even as Manager are those Documents after closing Orphans to you and never accessible again.

0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 63

Expert Comment

by:Zvonko
Comment Utility
Ok, in R6 is that danger is not so eminent because the Readers fields restriction was partial released, but in R4 and R5 was that an absolute danger. Sometimes you have a big database and no visible documents in it. That was scary :)
0
 
LVL 63

Expert Comment

by:Zvonko
Comment Utility
Oh, and because I was talking just about Readers field in Documents, the next stage of that story is that Design elements, for example Views do have also Readers access rights. Then you can have strange behaviour looking at the database if you have several Views with the same name but visible only with appropriate Readers access rights even with Dessigner access rights in the ACL.

0
 
LVL 15

Expert Comment

by:Bozzie4
Comment Utility
Well I would never put a Readers field on a document without adding "[Admin]" to it, or without adding an Authors field, that's just plain common sense ...

cheers,

Tom
0
 

Author Comment

by:kopibean
Comment Utility
Tom,

I have use your method -> Use a button to do this, and hide the button for everyone except AuthorizedAuthor .  Code is simple :
FIELD DELETED:="1";
@command([Filesave]);
@command([fileclosewindow])

I do not intend to create a view to show all deleted documents.
When the user is AuthorizedAuthor, he/she can delete this document permanently from this database, prompting user a message "This document will be permanently deleted!"
Thus, how do I configure this button formula?

Pls advise.
Thank you.

0
 

Author Comment

by:kopibean
Comment Utility
Anyone can help me on the above?
Appreciate your help.
Thanks.
0
 
LVL 63

Expert Comment

by:Zvonko
Comment Utility
What access rights in the database ACL do have those users listed in document fields AuthorizedReader and AuthorizedAuthor?
The highest accerss right they should have in the ACL is: Author
Do not give them Editor or higher.

0
 

Author Comment

by:kopibean
Comment Utility
The access rights I give is Author but do I tick on 'Delete documents' under ACL?
If the 'Delete documents' is check, when user is not in AuthorizedAuthor, he should not be allow to delete the documents but in this case, will the document be deleted if 'Delete documents' is check under ACL?

Thus, how do I solve my above problem?
Anyone, Pls kindly advise.
Thank you so much.

0
 
LVL 63

Expert Comment

by:Zvonko
Comment Utility
Authors which are not entitled as authors in some documents have only Read access to those documents.
With Read access they will not be allowed to Delete those documents.

For verification look at ACL dialog. As soon as you give some person Read acces are the checkboxes for Create and Delete documents greyed.

0
 
LVL 15

Accepted Solution

by:
Bozzie4 earned 100 total points
Comment Utility
In my method, it's really necessary to create a view to show all deleted documents.  You don't have to show that view to anyone, though.
Use a name like (Deleted Documents) (the brackets will hide it from the default outlines), and set read restrictions on it.

Now create an agent, with formula
SELECT @adjust(@today;0;0;-14;0;0;0) > @modified;
@DeleteDocument

And a selection 'only document in folder :  (Deleted Documents)'  .  Schedule this agent to run every day (at night), and sign it with an id that can read all documents (can be yours)

This does not handle the situation where you deleted documents that have responses !  You'll need a more sophisticated agent for that.  But the standard delete does not handle that either :-)

Anyway, an Author can only delete a document that he or she can edit (hence, where he/she is in the Authors field, or when there isn't an Authors field, that he/she created)

cheers,

Tom
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

This is an old article, please see an updated version of this article, located here: http://www.experts-exchange.com/articles/23619/Notes-8-5x-Windows-7-Notes-info-and-tips.html
Article by: Rob
Notes 8.5 Archiving Steps and Tips This article covers setting up a Notes archive, and helps understand some of the menu choices making setting up and maintaining a Notes archive file easier.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now