Solved

Reader Access

Posted on 2006-07-13
12
331 Views
Last Modified: 2013-12-18
Have a form that I am using author fields to allow read access to only the user who submitted a request. I have been asked to open that a little. I have requests which will be coming in from multiple users within the same office. I would like to change the design so any user who is within an office can see all the requests placed for that office. I capture the office ID in a field and it is standardized format. How can I add a reader or author field to allow all users in office say 123 to see all these requests placed with 123 in that Office id field, not just there own.
0
Comment
Question by:jforget1
  • 6
  • 5
12 Comments
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 17101806
Contradiction in terms: Author fields are not to be used to restrict read access, that's what Reader fields are for.

Use roles for this purpose: give a group a role, and create an additional (internally generated) Reader-field with the value "[Role]"
0
 

Author Comment

by:jforget1
ID: 17103219
I thought reader was the way to go, did not want to assume, but is there a way to link to the value in the office field? It is not viable to do it by roles. Lets say I have user A and they enter a record for office 123, I have user B and they enter a record for office 123. Right now user A and B can only see the records they entered because they are the author. Can I do a reader field that ties to the value 123 in the office field so user A can see User B's requests and vice versa, but not the requests for other offices.  
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 17103362
About the roles, it's rather easy:
- add a Readers-field OfficeReaders, computed, formula "[" + Office + "]"
- in the ACL, create groups of users per office
- assign each group the role of the appropriate office
- I hope there are no more than 72 offices... that's the max number of roles allowed
- you can do the same with group-names instead of roles, with Group/OU/ACME

Since Readers-fields need to be stored in the document before they can function, you need an agent to update existing documents.
0
 

Author Comment

by:jforget1
ID: 17105419
The problem is there are well over 100 offices involved and we do not know up front who will be the users for each office.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 17106279
> The problem is there are well over 100 offices involved ...
Ah. Now you're in trouble, can't do that with roles, only with groups.

> ...and we do not know up front who will be the users for each office.
That's a disaster! If you don't know what office a user works for, how should your application know??

Does each office have its own server? You could restrict replication, but that would be a last resort solution to me.
0
 

Author Comment

by:jforget1
ID: 17107341
I agree I have been telling the people I work for that this is n ot possible. I was just hoping that there may be some way to tie into the office ID field and if there some way to tie into the commonality.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 250 total points
ID: 17107434
Of course you can do funny thing in the QueryOpen of a form. This would only result in a document that cannot be opened, but they can still see it and, if the design isn't hidden, they can still inspect the fields using the Document Properties.

So:
- Reader field is okay
- do things properly
- either role or group in the Reader field
- give users a role (ACL), or place them in groups (NAB)

But as I've been the only one answering your question, you could wait a little, to see whether my colleagues have other opinions...
0
 

Author Comment

by:jforget1
ID: 17107486
Appreciate the help, I may give this a lil time to see if maybe someone has some quirky work around.
0
 
LVL 8

Assisted Solution

by:behenderson
behenderson earned 250 total points
ID: 17114815
You can create a view and an agent so that you can update the documents with new users who list a specific office in one of the documents so that anyone who has created a document with a specific office listed will be able to see all other documents that have that office listed... That is not very secure though since anyone can create a document listing any office as their own... It is great for local replicas though.   (they end up small and replication is fast)

This is not a simple solution and would involve creating some rather extensive scripts new forms and new views.   I would create a document called and Office Definition document and have that document be public and create a view that lists those office documents alphabetically .  Each Office definition document must have a field (or fields depending on the number of users per office) that will store the names of the individuals in that office in it.  Your other private forms must have a querysave script that looks up the office document in the view and then adds the user to the members field if they are not already there and then adds the people listed in the members field to a readers field in that document.  

Remember that if you use back end scripts to add the users to a readers field that you need to set the isReaders flag in the notesitem in order for it to be a readers field.  Remember also that their MUST be a readers field that lists admins and your servergroup members so that their are not lost documents.

The second part of this is adding an agent that updates documents with the new people who are listed in the office definition documents to all outstanding documents for that office.. so when you put a new documetn in the database that lists a specific office you will be able to see your other office memebrs documents only after the update agent has run.

Number 1 most important thing to remember with readers fields is that they are subtractive and it does not matter if you are the admin of the database if there is a document with a readers field and you are not listed you will not be able to see the document so you will not be able to have agents that will fix the document or anything like that
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 17114949
Wouldn't an Office Definition then be the functional equivalent of a Group in the NAB? Maybe I don't understand where your proposed solution really differs from Groups.

You can also create a categorized view, first column is the office, and create a Page with that view embedded on it, with show single category. In that way, the documents for one office only can be shown. Note that this has nothing to do with security...
0
 

Author Comment

by:jforget1
ID: 17167009
I think the problem here is that we have this database setup to be open and not require a lot of maintenance of the ACL. THat will limit the ability to capture the info needed above without making it very cumbersome, but I appreciate the help.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 17173767
I appreciate the appreciation :)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
IBM Notes offer Encryption feature using which the user can secure its NSF emails or entire database easily. In this section we will discuss about the process to Encrypt Incoming and Outgoing Mails in depth.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now