?
Solved

How do Roles and Readers fields interact for security? Complicated task....

Posted on 2007-04-11
5
Medium Priority
?
289 Views
Last Modified: 2013-12-18
Could someone explain how roles and readers fields interact to provide security?

I have to accomplish the following:
1. Form is completed and saved and cannot be viewed again by the author.

2. There are authors in 4 sites.

3. For each author, and within the respective sites, there is a hierarchy of team leads, managers, site leaders etc. that need to see views that reflect counts of the forms filled out in their areas of responsibility.

4.  I have a lookup view that ties each author to all of the relevant relationships.  There are hidden computed when composed fields that bring those releationships in to each document (however they are not the full cannon name, I think I saw somewhere it needs to be that - I'll fix it)

I am thinking this can be done by some kind of if statement in the readers field - can that be done?  Then when the user looks at the view, will they only see totals for the documents they are allowed to read?  Would roles help somehow?

I just don't understand how roles and readers work together.

If my concept is doable, can you help me with the if... it needs to chain about 5 conditions, for team lead, manager, site chief, and ceo.
0
Comment
Question by:jkee54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 18889729
ROles restrict access to the database based on security that you either
1) Build into the views or document security

or

2) use to limit or allow functionality via programming.

Reader fields only set who can read a document - This includes al the fields ( unless encrypted ).

For a view, reader fields will limit who can see the documents in the view, so it could be used for totalling a field if needed.

Do you also have author fields ?
Is anyone set as Editor or above in the ACL, since that over rides reader/author fields.

I hope this helps !
0
 

Author Comment

by:jkee54
ID: 18889980
I'm not sure I need author field, since the document creators are not supposed to be able to get back to it.  However, sometimes a creator can also be in the supervisory hierarchy :(

I had it backwards - I thought reader fields superseded everything.  I had everyone defaulted to editor during test - if I set them all to Reader, and have the Reader field with the If statements, will that work?

How would they syntax for an If statement in the reader field work - would I incorporate @failure if the user isn't in one of the hierarchy fields?
0
 
LVL 22

Accepted Solution

by:
Bill-Hanson earned 1000 total points
ID: 18890508
I have adopted a standard method for dealing with authors and readers fields that has really simplified document security for me.  Most of the forms that I create contain these fields:  

CreatedBy - Names , Computed when composed (CWC)
ModifiedBy - Names, Computed (C)
DefaultAuthors - Names list, C
DefaultReaders - Names list, C
AuthorRoles - Text list, Computed for display (CFD)
ReaderRoles - Text list, Computed for display (CFD)
DocAuthors - Authors list, C
DocReaders - Authors list, C

 - DefaultAuthors contains my backdoor authors.
 - DefaultReaders contains my backdoor readers.
 - AuthorRoles contains an array of roles that can edit the record.
 - ReaderRoles contains an array of roles that can read the record.
 - DocAuthors contains this code:

authors := @Trim(@Unique(
      DefaultAuthors :
      AdditionalAuthors :
      AuthorRoles
));
authors

 - DocReaders contains this code:

readers := @Trim(@Unique(
      DocAuthors :
      DefaultReaders :
      ReaderRoles :
      AdditionalReaders
));
@If(
      ReaderRoles != ""; readers;
      AdditionalReaders != ""; readers;
      "")

Using this method, it becomes very simple.  Just add an AdditionalReaders field to the form and set it to a computed list of the names (and / or roles) who can read the document.
0
 
LVL 63

Assisted Solution

by:SysExpert
SysExpert earned 1000 total points
ID: 18890705
You should not have anyone but Admins  ( or global Editors ) with rights higher than author in the ACL.

The person who creates the Doc should be in an Author field until such time that he no longer needs author access.  Then he should be put in a reader field ( if needed ).

That's all you need to do. Notes handles the rest.

See Bill-Hanson's comment on what you should be doing for general Form Security.

I have something similar in almost all of my forms.  Good design practice.

You may not need roles at all in your case ( except for backdoor access perhaps )

A Caveat - This security may not work well on a local replica, and on a database that does not have Enforce consistant ACL turned on.

I Do not allow access to local replicas of any important DB's with security on them.

I hope this helps !
0
 

Author Comment

by:jkee54
ID: 18891539
Thanks guys!  I *get* it :)
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an old article, please see an updated version of this article, located here: http://www.experts-exchange.com/articles/23619/Notes-8-5x-Windows-7-Notes-info-and-tips.html
Lack of Storage capacity is a common problem that exists in every field of life. Here we are taking the case of Lotus Notes Emails, as we all know that we are totally depend on e-communication i.e. Emails. This article is fully dedicated to resolvin…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question