Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 867
  • Last Modified:

Lotus Notes view shows different data in Design as in user mode?!

- Lotus Notes 8.5.3 on Win7 x64
- Local copy of a Notes database.  It is not encrypted.  All design elements were signed by my id.  I have Manager access under my name and all the roles enabled.
- Create a view in Designer.  The view displays in the first column the Form (categorized), then in the next column the Unique ID.  Nothing strange.  Selection is SELECT @All.
- Refresh the view in Designer.  It does NOT show a category called ASRD as shown in the image below:
Same view as shown in the Lotus Notes Designer- On the same machine, open the view in regular Notes client.  It shows a category called "ASRD" with 569 documents.  When I try to expand the category, nothing shows: see image below
View as shown in Lotus Notes client
I am thoroughly puzzled.  Either you see it, or you don't... why would Designer shows something different from the Notes client?
0
Francois Koutchouk
Asked:
Francois Koutchouk
  • 6
  • 3
1 Solution
 
Sjef BosmanGroupware ConsultantCommented:
A simple reason could be that there are Reader fields in the database. Apparently there are documents for which you are not a reader. You could activate the Full Admin rights if you're an Admin, and then look again, reopen the view.

There is a view option to hide empty categories, i.e. categories with zero visible documents. It might be activated.
0
 
Francois KoutchoukCTOAuthor Commented:
Readers field was the right answer.  Turns out, nothing can be done when the NSF is on the local drive.
- Figure out in the form the default group value for the Readers field (not obvious, but feasible)  e.g. SecretAdminGroup
- Copy NSF as-is to any Domino server
- Create group "SecretAdminGroup" on that Domino server, add your Notes name in it
- Done.   All documents composed with that Form are now visible.
Now of course you have to repeat for every form.
Unless you can think of a better way, of course.
0
 
Sjef BosmanGroupware ConsultantCommented:
I wonder if it works when the option to maintain a Consistent ACL is enabled. When that's the case, Roles work and so should Reader fields. I'm not quite sure, but Reader fields also play their part during replication: when your name is absent in the Reader field, you cannot even replicate the document to your local database. So what could be done is:
- verify that you can see the documents in the database on the server
- enable Consistent ACL
- replicate (maybe delete the Replication History and then replicate)
- then verify if the documents are there, in the local database
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Francois KoutchoukCTOAuthor Commented:
Thanks Sjef.   Assuming Manager access, a Copy, rather than a Replica, will pull down the documents to the local workstation.  So the count is right, even though some of the documents cannot be open.  
IMO it is a dangerous feature, because all one needs to do is:  create a Domino server, cross certify manager id, create a group of that name (visible in the Designer) and voila, security circumvented.
I will close this issue now.  Thank you all for your help.
0
 
Francois KoutchoukCTOAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for FKoutchouk's comment #a40228179

for the following reason:

spot on.
0
 
Francois KoutchoukCTOAuthor Commented:
Issue closed with workaround.
0
 
Francois KoutchoukCTOAuthor Commented:
Spot on
0
 
Sjef BosmanGroupware ConsultantCommented:
Of course, security can be circumvented, any direct access to the database and server should be prohibited. But that's where encryption comes in: even a stolen database is useless when encryption is activated on the database.

Thanks!
0
 
Francois KoutchoukCTOAuthor Commented:
By copy, I meant a regular Lotus Notes client copy, not a file system copy.  Encryption key associated to specific documents -- and not available to my Manager id, would have been the answer, yes.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now