Solved

Lotus Notes Agent running with the user desired

Posted on 2013-12-05
10
903 Views
Last Modified: 2014-02-27
Hi,

I have 3 agents that triggers a webservice in another platform and get the result, these agents call each other( 1 calls 2 call 3 and returns result)and the last agent calls the web service and returns the result.

My first agent that is triggered gets the field values on a form and saves it to a tempdoc and calls 2nd agent (which is run on server because only server has right to call webservice)  then my 3rd agent is called with the tempdoc's paramid and my 3rd agent which is a client side agent calls the webservice get the output to a variant and saves it to tempdoc and returns and my 1st agent reads the tempdoc and if error gives prompt if not finishes..

it all works fine until someone in the company that do not have right to see the parent document triggers the 1st agent from subform..because 1st agent gets the field values on a form if the form has a parent form then it gets the values on the parent form .when user have no right to see the parent doc then
Although

Dim pDoc As NotesDocument
Set pDoc=db.Getdocumentbyunid(curDoc.Parentdocumentunid)

this statement works fine and pDoc exists all the fields are empty and so i get error when i call webservice..

so my question is although the agent is run by whoever clicks the button on the form is it possible to run the agent with someone that have the full authorization rights so that the parentdoc fields don not come empty ?

I tried in the properties of the agents' security-->"Run On Behalf Of" i put users that have right but still it does not work or change anything,
i also tried "sign or run agents on behalf on someoneelse" property of the server document and put my name but it has not made any change unfortunately..

pDoc is coming with empty items and other properties but it is not Nothing ,how can i solve this problem? thx in advance...
0
Comment
Question by:nicedone
  • 5
  • 5
10 Comments
 
LVL 46

Expert Comment

by:Sjef Bosman
Comment Utility
A rather complex story... I have some questions:
- it's a SOAP web service, correct?
- why do you say that "[it] is run on server because only server has right to call webservice" ? why is that ?
- how did you come to the conclusion that you need three agents ? and not two, or one, or none at all ?
- parent document ? parent form ?? forms have no parents... what is the child document then?
- how come that "someone in the company that do not have right to see the parent document" actually can trigger the first agent ? can it not be prevented ?
- or why do you need it ?

Normally, an agent runs with the privileges of the person who signed the agent. If you sign the agent using the server's id, and the server has Manager rights in the database, it can do everything on the condition that the document is readable to the server. If Reader fields are used, the server should be granted access to the document using a role or so. Otherwise, not even the server can see the document.

Can you give some (very reduced) sample codes of the three agents? So that we can understand what you intend to accomplish? Thank you.
0
 

Author Comment

by:nicedone
Comment Utility
Hi some brief answers are below;

-it is a soap service yes,

-all the employees of the company can make requests from the form and company has policy to allow some ips and not all of them so, when it comes to why i really dont know as well but i know that client can not trigger the web service but the server

-at first i made 2 agents first one gets the field values on the form and second makes the ws call but i got  the error below
"Cannot create automation object" error is received.
so i made one more agent in the middle to prevent that and the error is gone

-in the parent document process starts if it is a for example authorization transfer process than from main document a subdocument is created after the click ,then if this form is approved it will do the operation, but the subform do not have all the fields i need so i need to reach to the parent document and get the required fields.

- this is a authorization transfer request and i have a case where the manager can assign the form to someone else in the company but it might happen that this person can not see the main form but it sees just the subform and if he accepts the authorization then he will get it but he does not have to see who created the parent document, who approved it etc....

i signed the agent but it does not work with my priviliges. if i do the approval then it works fine but if someone else it does not work do definetly that other person is not running it with my rights.
I will give u the codes when i go to company..thx
0
 
LVL 46

Expert Comment

by:Sjef Bosman
Comment Utility
Still, can you explain why you use agents, and not LotusScript in a view action or in a button on the form? Instead of:

:
your script
:
Call agent.RunOnServer()
:
your script continues
:
0
 

Author Comment

by:nicedone
Comment Utility
Ok actually the mainly the forms trigger the ws from action buttons on them or after an approval the logic needs to trigger the webservice.

There are 3 operations , new ,renew and revoke and those 3 operations are being triggered in 36 places different places on the forms. so I thought making a script library that calls and handles the web service and buttons that are on the form already have a lot of operations and they already do somethings so adding code over there did not seem much logical and I did not know if it was possible to call script library operations from the forms' action buttons so there comes the agents..

I only made the trigger part from the action buttons on the form and it calls an agent and agent calls a run on server agent (to prevent the error ==>"Cannot create automation object" error is received. ) so this run on server agent calls the last client side agent which call s the web service and gets the results and saves to a document which will be accessed by the prior agent and will know the result and notify the user accordingly..
1st agent which is client side gets the data on the form saves It to a temp doc and calls the second agent second agent just accesses that temp document and calls the 3rd agent and 3rd agent calls the script library operations( new,renew,revoke)

so this architecture is not logical? the programmer before me did it this way so I did not want to risk and try something new but get this working asap , so I just tried to do exactly the same he did and take no risks..

but what would you recoomend what is wrong here? actually codes on action buttons are already very long and some of them are formula and some are lotusscript so there is really too much to add and the code will be the same so a centralized function type structure was anyways required which would be the script library.. is that the wrong way?
0
 
LVL 46

Expert Comment

by:Sjef Bosman
Comment Utility
> ... and take no risks.
No guts, no glory... ;-)

Of course, generally speaking, it would be best if you kept everything in one Script library. I can understand you need RunOnServer to avoid the error (actually, what special object is used, OLE or COM?). I can even understand that you need another agent, in order to start LotusScript from formula language. I suppose the problems begin with the 3rd agent, since it isn't running (apparently) with the current user's credentials. I'd have tried to write everything in LotusScript, thus avoiding agents and context changes. But it's your kitchen and I can't see what's in the pans.

Could you give an example, i.e. where those 3 agents are used?

By the way, did you ask an Admin to sign the agents with the server's id?
Do you have a development/test environment (server) where you have all the rights?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:nicedone
Comment Utility
Actually the application is nnot a new one it has been around about 7-8 years in the company and many developers worked in the application put something in their way of doing things then left the company so it is basicly hard to see what it is doing type of application and if i count the whys in the application i would never get this done so instead i just determined where those integration points will occur and to integrate 2 different systems i made a centralized agent that;s called from any where regardless of formula or lotusscript is used.But i agree with you to avoid agents and context differences and write less and clear code i wish they built the application with just one language of lotusscript or java.

actually i use a LOG library i dont know what is causing the error of create automation error really so cant answer if OLE or COM but i just get the values of the fields on the form and pass it two the second agent i just used lotusscript classes and functions and nothing special really so cant address this issue.

I am working with the development environment and have the full right to server.so basically i sign the agents.

By the way i progressed alittle bit on the problem ...when some one that donot have right to see the main form instead of below code (pDoc=parent document) i call another agent (server side) and i pass the current document note id with the tempdoc and server side agent makes a look up with db.Search if a parent document exists of this sub document and if it exists gets the fields with the agent. But now

Dim pDoc As NotesDocument
Set pDoc=db.Getdocumentbyunid(curDoc.Parentdocumentunid)
0
 
LVL 46

Expert Comment

by:Sjef Bosman
Comment Utility
0
 

Author Comment

by:nicedone
Comment Utility
yes thanks that is helpful I think as they say it is a bug. But what is amazing to me is that although i put someone else in the "run on behalf of" field and i include that person in the servers document and it does not work with the that person's credentials but whoever make the click on the action button ...do you know if that is the case or what is wrong here?
0
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 500 total points
Comment Utility
That I do not know... Here some more tips: http://www.ytria.com/WEBSITE.NSF/WebPageRequest/Tip7-1_~D
0
 

Author Closing Comment

by:nicedone
Comment Utility
Thank you and sorry for late
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Entering time in Microsoft Access can be difficult. An input mask often bothers users more than helping them and won't catch all typing errors. This article shows how to create a textbox for 24-hour time input with full validation politely catching …
Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now