?
Solved

How to do this in Notes

Posted on 2010-11-10
12
Medium Priority
?
333 Views
Last Modified: 2013-12-18
I am trying to create what SEEMS like it should be a simple application in Notes.  The basic database is a one that holds documents related to safety metrics.  Each document has a category and a subcategory.  A simple Notes view can show the documents grouped by category and subcategory.

Where the design gets a bit difficult (for me anyway) is the security/access.  The user has requsted that the application be designed so that documents of each subcategory be visible to some users but not others and that they can modify that access on their own (without using the ACL). (Note that each category can have completely different subcategories.)

I have no idea how to design this.  I would use groups and roles in a relational database - enabling or disabling subcategories depending upon the user's membership in specific roles.  However, within Notes, I don't have access to functions like @UserNamesList and @DbColumns from within views to allow me to filter what documents are selected, so I'm at a bit of a loss.

I admit, I'm a little out of my element here.  Notes development is not my forte.  I've tried a number of approaches that just don't work.  My gut feeling is that I'm just not thinking about this problem from a Lotus Notes perspective.  

Does anyone have any suggestions how you might go about this or can you point me to some resource (book or website) that might explain how to do this in Notes?

John
0
Comment
Question by:jmgroft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +4
12 Comments
 
LVL 22

Assisted Solution

by:Bill-Hanson
Bill-Hanson earned 500 total points
ID: 34106661
For security, READERS fields are the only true answer.  Take a look in the documentation under the heading "Using a Readers field to restrict access to specific documents".

Basically, you'll just create a Computed READERS field that evaluates to a group name or role, etc...

Making it so the users can define their own access?  You're going to have to design a small mini-app just to handle that part.  Can't say what it would look like without knowing the details.
0
 
LVL 3

Expert Comment

by:fredniel
ID: 34106800
Hi, I suggets you to create a configuration docs with users and roles so they can modify the access from this document and not from the Access Control List.

Then, create a script like this example i've found, but adapted to your problem, selecting only the subcategories as per notes user and then performing the appropiate selection formula. give me more details i'll give you som further help:

Sub Click(Source As Button)
Dim uiw As New NotesUIWorkspace

Dim uiview As NotesUIView
Dim uidoc As NotesUIDocument

Dim view As NotesView
Dim one As String
Dim two As String
Dim doc As NotesDocument
Dim formula As String
doc.Form = "Finance"


one=uiw.Prompt(Prompt_OKCANCELEDIT,"Geef de start datum in","Start Datum (DD/MM/YYYY) ","")
two=uiw.Prompt(Prompt_OKCANCELEDIT,"Geef de eind datum in","Eind Datum (DD/MM/YYYY) ","")

formula = | SELECT datum > [| & one & |] & datum < [| & two &|] & doc.Form = Form |

Set uiview =uiw.CurrentView
Set view =uiview.View
view.SelectionFormula = formula

Call uiw.ViewRebuild

End Sub
0
 
LVL 22

Expert Comment

by:Bill-Hanson
ID: 34106854
Although that technically works, it violates just about every best practice concerning document security and view design.  It's a good example of what can be done, but not good in an enterprise environment.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Accepted Solution

by:
doninja earned 500 total points
ID: 34110537
If user access can be simplified to being that a user has access to documents in a whole catagory or not and there is no reason to have exceptions to this then you could use Directory groups to hold lists of users that have access to a specific catagory and allow certain people edit rights to these groups to manage the access.
This would be better than having to edit every document in a catagory etc.

Then use the Readers field solution from Bill and just have the filed Computed with a value of "SomePrefix-Catagory"

You can add ganularity if needed by including the sub catagory in the name or adding extra groups that might be an admin group etc.
i.e.
readerfield:="SomePrefix-" & Catagory:"SomePrefix-" & Catagory & "-" & SubCatagory:[AdminRole]:"Local-Administartors-Group"
0
 
LVL 5

Expert Comment

by:iPinky
ID: 34110866
fredniels answer is as Bill-Hanson stated definetely the wrong way...
it would actually require users to have designer rights (so they could modify the selection formulas on views, unless it's private views), so very bad

then it would mean that the seletion formula would change for every user which would mean each user changing it would change it for the other connected users to.

but to enhance Bill-Hansons proposal:
you could indeed, there I agree with fredniel, create configuration documents to setup a kind of "default" access, authors and readers, for the category/subcategory combinations.

ie. in the config doc you would have fields:
category/subcategory (or multiple values if required) and defaultReaders/defaultAuthors (but those fields would simply be "names" fields not real readers/authors fields

in your main documents you would then have 3 fields, actually 6, 3 per readers and 3 per authors (here only the readers are listed, apply the same scheme for authors):
defaultReaders: computed names field with values from config doc
additionalReaders: editable names field
docReaders (the way I usually name real readers fields): computed reader field: @trim (   @unique( defaultReaders : additionalReaders ) )

same for authors...

that way you give a "default" setup but you allow authors to give other users read or author access

you could even setup roles in the ACL and add those roles to certain config docs so you could easily use ACL grous assigned to those roles to modify basic access:
ie: [marketing], [engineering],[administration]  to give those roles read and/or author access to the relevant categories

importang:
author fields DO act as reader fields to! so if a user is in an author field but NOT in a reader field he anyway will see the document and be able to edit,
the general db access would then be: authors for everyone (in order that they can at least create documents)

if the whole thing is JUST about readers forget the part about the authors and simply apply it for readers but be aware of the fact that you should add a default as well (usually [Designer] : [Servers] and/or [Admin]) otherwise it can occur that no-one can see documents anymore under certain circumstances!
0
 
LVL 11

Expert Comment

by:larsberntrop
ID: 34110921
need more info:
>  The user has requsted that the application be designed so that documents of each subcategory be visible to some users but not others and that they can modify that access on their own (without using the ACL). (Note that each category can have completely different subcategories.)

By visible do you mean not accessible at all just not seen in the view? What kind of access do additional users get?
(For a feel of the magnitude:  How many users?  How many roles?)

I think you need to look in the Designer help, especially the topic 'Application Design'.  Review the subtopic 'Creating a workflow application' also in Topic 'Application Management', review subtopic 'Application design element security', articles about readers and authorts fields.
Remember that to enforce access, normal users should have Author acces to the database.

Very handy references:
Lotus Notes client help, Domino Designer Help and Administration Help. You should peruse these, to get a feel where to look for stuff.
Lotus Domino Release 5.0: A Developer's Handbook: http://publib-b.boulder.ibm.com/abstracts/sg245331.html?Open
Domino Designer 6: A Developer's Handbook: http://publib-b.boulder.ibm.com/abstracts/sg246854.html?Open
Lotus Security Handbook: http://publib-b.boulder.ibm.com/abstracts/sg247017.html?Open
Lotus Notes and Domino Application Development wiki: http://www-10.lotus.com/ldd/ddwiki.nsf
0
 

Author Comment

by:jmgroft
ID: 34112082
Thank you so much guys.  This gives me a number of great ideas.  I'm going to look further into the reader/author fields.  I'm not familiar with those, but it just sort of 'feels' like the right approach from what I'm gleaning from your comments.  As soon as I know for sure, I'll flag a solution.

To answer the question about scope, there would be approximately 15 different roles and about 30 - 50 users.  The reason for the various roles is that there are about 14 different facilities that will be submitting information and an overall coordinator.  Users from the various facilities should be able to see each others documents, but only be able to update the documents for their own facility.  There are some additional documents (in a separate category) that should only be visible to the coordinator and the members of the facility that added them.
0
 

Author Comment

by:jmgroft
ID: 34112121
Oh and to answer the question about visibility - my thought was that they just wouldn't show up in the view for any user that doesn't have access.   I'm not sure its necessary to go to any extraordinary lengths to prevent a doc from being accessible.  I don't believe the info is quite THAT sensitive.  But I'm not averse to a simple solution that does both.
0
 
LVL 11

Expert Comment

by:larsberntrop
ID: 34112621
I mentioned it because reader fields can have performance drawbacks (server needs to compute visibility) in large databases where only a small portion of the documents are visible to a user.

From your extra info, I would only put reader fields on the separate category.

I think you will be best served with assigning Author access for most users, and assigning roles to groups. When a user has a role which is in an Author field in a document, he can edit the document.  If not, he can only read the document.
0
 

Author Comment

by:jmgroft
ID: 34114088
That's actually the approach I'm taking now.  So far, it looks to be exactly what I needed.  I had actually already decided on the roles and groups, but implementing it was a challenge before I understood what reader/author fields were.  I'm coming from a relational & .NET background and many of the concepts don't translate well to Notes.

Thanks again.  I'll let you know how I make out.
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 34146428
Bear in mind that Notes is NOT relational, so you may run into problems if the list of users in a particular set ever changes. To alleviate this, have a Group document created in the Domino Directory for each unique access combination (site, plus one for the central admin). Place the group name in the readers and authors fields. You shoudl come up with a naming convention, something like:

Authors_AppName_CentralAdmin
Authors_AppName_SiteName
Readers_AppName_SiteName
0
 

Author Closing Comment

by:jmgroft
ID: 35777803
It wasn't the solution that I was expecting, but I was brining a non-Notes mindset to a Notes problem.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
THe viewer will learn how to use NetBeans IDE 8.0 for Windows to perform CRUD operations on a MySql database.
The viewer will learn how to use and create new code templates in NetBeans IDE 8.0 for Windows.
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question