I recently began to support a client in Sweden who has an installation using 6.5 clients and servers; the applications they are using were developed with the 8.5.1 designer.
They have a form, Quality-record, which is used to create documents via the Notes client. This form contains readers fields which indicate who can view the document when it is finalized and displayed on the web.
The web version of the form, Web_QR, is a read only form that is displayed via a form formula in the web view.
The issue is that the reader fields appear to be totally ineffective in controlling the security of the forms displayed on the web. For example, user 1 can see everything, but so can user 2 who is only supposed to see user 2’s documents.
I’ve already checked the usual sources – incorrect groups/roles, members in incorrect or both groups, incorrectly populated or multiple reader fields, nested groups. The only thing I have left is some type of compatibility issue between the client and application versions or a corrupted db.
Any ideas as to the cause (even if this is a ompatibility issue between the client/server and the designer version) is appreciated.
Generally, it’s not a good idea to run an application designed in a newer version of Notes on an older version server. Having said this if it’s a straight foward database that’s not using any features newer than what your 6.5 server recognizes then you may (and that covers a lot of territory) be OK.
Specifically, it sounds like your form/ database is not properly evaluating the reader field entries. How do your user authenticate with the web application? I’d recommend insuring that they are authenticating properly and that your security is such that every user is qniquely identified. This can be handled through the $webusers view of the NAB. How are the user names listed in the reader fields? If they are simply common name and not the FQN version then this will cause access problems. Are the 6.5 clients used to create the documents that other then access through the browser or are browser users creating documents and attempting to control access? Are the reader fields hard coded or dynamically created as the documents are constructed?