My database is on a server and has “Enforce consistent ACL” checked. I am a member of group WIP Admin. WIP Admin has roles [Admin] and [MM]. I am not a member of any other group in the ACL and not listed individually.
If I click the Groups and Roles button, it shows my heirarchy entries (i.e., *, */OMG, */ONYC/OMG), then it shows my fully qualified name (Jeffrey Schwarz/ONYC/OMG), then it shows my group with a checkmark (there are no other groups listed), then it shows the two roles listed (but they’re not checked).
In the ACL, I add a new role to test my hide-whens: [IM]. When I click the Groups and Roles button, [IM] does not appear in the list. I even completely leave the database and reopen it, but still, [IM] doesn’t appear.
If I add other roles or even remove roles, only the original two roles ([Admin] and [MM]) ever appear.
Why doesn’t [IM] appear? Why can’t I change my roles no matter what I do? I am trying to hide buttons on the form and in embedded views based on my role.
This problem persists even if I turn off “Enforce consistent ACL”.
Thanks,
-Jeff
P.S. Also, why are only some of the entries in the Groups and Roles box checked, while others aren’t?
First, the current-access box will not show roles with check marks next to them. If it shows the role at all, you have it. Groups are treated differently and you have it only if you have a checkmark next to it. Don’t ask me why Notes aren’t treating them the same way…
Second, roles are cached. So, once you are assigned a role in a database, it will not change unless you close the application and re-open it. Note that you don’t need to close Notes or Notes Designer; you only need to be sure that none of these 2 program have a page open in the application. Since many developer test with the developer still oopen within the application, the application has never been closed, so the access is still cached. F5 will also flush the security cache, so once you re-enter your password, it will reload your security profile.
I believe you also need to ensure that the database icon is no longer selected on the workspace if you don’t use F5 or logout – as long as the icon remains selected, the old ACL values remain in play.
“First, the current-access box will not show roles with check marks next to them.”
Right, didn’t think about that when answering.
“Groups are treated differently and you have it only if you have a checkmark next to it.”
Nope, not really. Notes displays all groups you are member of, but the one that grants you the highest access level (which determines your effective access) will get the check mark.
the current-access box will not show roles with check marks next to them
I think you mean “the current-access box does not put check marks next to the roles it shows”. Your sentence sounds like if the role has a check mark next to it, then it won’t be shown (which raises the question why would they bother to put the check mark next to it).
If I understand you guys correctly, if a group or a role is shown, you have it, otherwise you don’t. The groups are checked and the roles are not and we have no idea what the check mark means.
the check mark indicates what entry is providing the access to the db. If your name is explicitly in the ACL then the check mark will be next to your name. If you are getting acess via a group then a check mark will appear next to the group that gives you the highest access. You will never see a check mark next to a role, if it’s in the list then you have it.
