I have 2 ACL’s with editor access. userids in ACL2 are a subset of ACL1.
All my documents have a field of type Author who’s value is computed by:
@If(Field1 = “A”;
“Tom Smith/Fishkill/IBM”:“[ACL2]”; “”).
Now, even though the Author field = Tom Smith/Fishkill/IBM":"[ACL2], (and according to The Compleat Reader and Author Field Troubleshooter), the format is correct, those documents can STILL be viewed and edited by folks in ACL1, who are not in ACL2.
As expected, all docs with Author field = “”, can be edited by all.
I wanted only those docs with Author = ACL2 to be read and edited by the ACL2 group.
Am I doing something wrong? I thaught where I specifically put a ACL group into the Authors field, they would be the only ones able to view/read/edit those documents.
I believe the first problem you have is your people have EDITOR access.
As long as they can see the document, they can edit it. No matter what is in the Author Field.
So you want to reduce your people to Author Access.
You’re wrong when it comes to "As expected, all docs with Author field = “”, can be edited by all. "
If your Author Field is “” then only those with Editor or Higher access will be able to edit the document. I would guess this will be ultimately NOT what you want.
In addition to the above, Authors fields will never hide documents from users. If you don’t want some folks to see some documents, you must use Reader fields.
Note that if you have both Author and Reader fields, the Author feilds are also considered Reader fields, and so allow access to those users.
Yes, you’re right, all my people have EDITOR access. But, If I reduce them to AUTHOR access, will they be able to edit each other’s documents(s)?
BTW,based on the premise that users cannot edit what they can’t see, I removed the Author Field, and added a field of type Reader, computed with the same formula:
Yes, you’re right, all my people have EDITOR access. But, If I reduce them to AUTHOR access, will they be able to edit each other’s documents(s)?
If they have Author access, they will only be able to edit existing documents if they are in an Authors field.
BTW,based on the premise that users cannot edit what they can’t see, I removed the Author Field, and added a field of type Reader, computed with the same formula:
and now NOBODY can see the document…me, or anyone in ACL2. There’s just an empty catagorized sort.
I’m going backwards…what am I missing?
I’d suggest you add an addition temporary Readers field hard-coded to your full canonical name. Then you can see the documents in order to debug your field above.
It’s also a very good idea for all documents that are Reader protected to have an [Admin] role in a readers field, so that database adminbistrators can see all documents. I always have a separate field for that.
I put the Author Field back in and changed the default value to:@If (Field1=“A”; “CN=ANGELO GIAIMO/OU=Fishkill/O=IBM”:“[ACL2]”; “”)
BTW, funny, when I do this and display the Authors (in the document for debugging), it strips out the CN=, OU= and O=, but keeps them in document properties. Strange.
Now, only those folks in ACL2 and Me can see the documents in a view and edit them.
Those not in ACL2, can see the title of the catagorized sorts where the docs would be, but if they try to expand the sort, there are no documents.
ONE LAST QUESTION: Is there a way NOT to show the catagorized sorts where there are documents “hidden” from those with ACL1 access?