Do Author fields override Reader fields?For example:
There is one Reader field and one Author field on a document. The Reader field = “[Admins]”. I am NOT a member of the [Admins] role, therefore, I should not be able to see the document.
The Authors field contains the group “Developers”. I am a member of the Developers group.
Based on the Readers field setting I would believe that I couldn’t see the document, however, I can. I figure because I am a member of the Authors field? Is that the way Author and Readers work: the Author field can override the Reader field members or is it possible the server access for this db is wrong and the Reader/Author field isn’t working as designed?
It’s not a matter of overriding, as such. Readers fields are READ ACCESS; Authors fields are READ-WRITE ACCESS. Being listed in an Authors field gives explicit permission to edit a particular document, and you cannot edit that which you cannot see.
At one time I wanted to construct an application that utilized the the ability to give someone author access, but only if they could see the document. It was at that time that I encountered this same concern - and found nothing in the documentation anywhere about this.
Although, that would be a really cool way of handling security.