Author field instead of reader field for Editor+?

HCL Domino Domino Forum
1

Good morning everyone,

As stated in the subject of this post, my question is pretty straightforward, still I cannot find a precise answer in any Lotus documentation. My question would simply be : does an editor (or designer, or manager) need to be listed in the reader field to be able to read the document or can he simply be listed in the author field, an author field being also a reader field ?

This is pretty confusing, because in the technotes concerning the subject (http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg21102820), it is stated that :

You can read a document if any of the following are true:

  1. There is a Reader Access List, but you are included in the form’s Reader Access List (Design>>Form Attributes>>Read Access), or in any of the Reader Names fields in the form, or in the document’s Reader Access List (Edit>>Security>>Read Access), or in any of the Author Names fields in the form. As stated above, you can be included as part of a group or role, in addition to having your name specifically written in.

So, does that mean that any user (Author, Editor, Designer and Manager), except for readers, depositor and no access (in ACL), can read the documents as of they are listed in the author field ? That would mean that the Reader field is mainly used for users with Reader access in ACL to restrict their sight of documents ?

Thx in advance for your insight, documentation is pretty confusing and I would like to put a definitive answer upon this question.

Mathieu

2

Subject: Author field instead of reader field for Editor+ ?

An Authors field grants explicit access for a user to edit a document, and you can’t edit a document you can’t see. A Readers field grants READ ACCESS; and Authors field grants READ WRITE ACCESS. (Those are capitalized because that’s how they appear in the document properties, not for shouting purposes.) A document is only read-reastricted if it has a Readers field with a non-empty value. As for the affect they have on various ACL levels:

A Depositor can’t see data documents regardless of Readers or Author fields

A Reader can see any document that is not read-restricted, and any document that lists him in a Readers or Authors field. A Reader can only edit documents if they are marked Public Access and has permission to write to public documents in the ACL. A listing in an Authors field will grant READ ACCESS, but cannot grant WRITE ACCESS to a Reader.

An Author can see what a Reader would be able to see (under the same conditions), can edit public access documents, and can edit documents in which they are listed in an Authors field.

An Editor, Designer or Manager can see anything a Reader would be able to see, and can edit any document she can see.

3

Subject: RE: Author field instead of reader field for Editor+ ?

From what I understand,

If an Editor is not listed in a reader field of a document, he cannot see it, thus he cannot edit it. What about :

1- an Editor listed in the author field of a document but not in the reader field ?

2- Or even worse, only listed in an author field and there is no reader field in the document ?

In the first case, would the Editor be prevented from seeing the document ? Or would the author field override the reader power, thus highlighting the fact that author field gives also READ ACCESS to a document (this one is pretty obvious, and I think I gave the answer in my statement) ? In the second case, would the absence of a reader field simply turn off any read access test to see if an user can see the document, highlighting the fact that only a reader field (thus not an author field) makes the logic test if an user is allowed to read the document (read test would only be made against the presence of reader field, despite effective read access would be granted through author and reader fields) ?

I know this sounds all confusing, but it is because I really wonder if it is useful to put readers fields if authors fields can do the jobs for a database where there is no readers but only authors.

Thx in advance for your answers.

Mathieu

4

Subject: RE: Author field instead of reader field for Editor+ ?

Things are really simple Author field works with author access and reader field is applicable to Readers and above…

So if you have reader field and author field both in document and you are listed in author field but not in reader field you won’t be able to edit the document (as you will not be able to see/read the document)

If there is no reader field in document then document is open to read for all readers and above… Reader fields is use to restrict readers, however Author field is use to grant and access to edit the document which person has not created and he is listed as author in ACL.

Reply if you are still unclear about anything :slight_smile:

5

Subject: RE: Author field instead of reader field for Editor+ ?

Hello Rahul,

Your post is pretty clear and confirm what I thought but wasn’t sure of (tested it a little though). As I read before in this forum that once you are in author field you don’t need to be also in the reader field, that was confusing.

In reality, things are more simple and we have to stick with the basics : reader field is for reading, author field is for editing.

I think I get the picture now thx to you Rahul and Stan, I’m gonna think about it over and if I have any doubts, I will test them and come back here if needed :slight_smile: Thx a lot again !

Mathieu

6

Subject: RE: Author field instead of reader field for Editor+ ?

Please ignore what Rahul Rai said – it was wrong. A common misunderstanding, but wrong nonetheless.

7

Subject: RE: Author field instead of reader field for Editor+ ?

Ok so I guess I’m back to where I was before Rahul posted and thus I keep in mind that once you are listed as an Author in a document which also has a reader field (I’m listed in it), you are considered as a reader also since the author field provides READ WRITE ACCESS.

As a consequence, you need a reader field to restrict access to this document (I mean to see the document) for Readers and above (in ACL) and an author field in the document for authors only (in ACL) so that they might edit the document.

Plus, if you uncheck the public documents creation in the ACL for authors, they won’t even be able to go into edit mode for documents they can access but not edit (not listed as author in author field).

Readers cannot edit documents at all, even if listed in author field. Editors can edit all documents they see, so only the presence in a reader field could be used to provide them the sight of these documents. Same goes for Designer and Manager.

In conclusion, if the user is not an Author, despite the fact that author field provides READ WRITE ACCESS, the author field is not useful for testing whether a user can see the document or not. Reader field must be used to achieve such goal.

True ? Thx a lot for helping me figuring this out, I know this is a lot discussed, but light must be shed as obviously lots of people are misled into false concepts.

Mathieu

8

Subject: RE: Author field instead of reader field for Editor+ ?

True? No. Lets take an example document having a Readers field and an Authors field. You and I are users of the database, and we are both Editors. John Smith is also a user of the database, and is an Author. If the document looks like this

Readers → “”

Authors → “CN=John Smith/OU=Central/O=Acme”

You and I can both see and edit the document because the Readers field is empty and we are both Editors. John Smith can see the document because the Readers field is empty, and can edit the document because he is an Author and is listed in an Authors field.

If it looks like this:

Readers → “CN=Mathieu Redzioch/OU=Central/O=Acme”

Authors → “CN=John Smith/OU=Central/O=Acme”

You can see and edit the document. You can see the document because you are in a Readers field, and you can edit it because you are an Editor. I cannot see the document, so I can’t edit the document. John Smith can see the document and edit the document. He can see the document because he is listed in an Authors field, and can edit the document because he is an Author and is listed in an Authors field.

If it looks like this:

Readers → “CN=John Smith/OU=Central/O=Acme”

Authors → “CN=Mathieu Redzioch/OU=Central/O=Acme”

You can see and edit the document. You can see the document because you are in an Authors field. You can edit the document because you are an Editor, not because you are in an Authors field. I still can’t see or edit the document and am starting to think that’s a bit unfair – but life is what it is, you know? John Smith can see the document, but he can’t edit it – and that makes me feel a bit better. But only a bit.

If it looks like this:

Readers → “CN=Stan Rogers/OU=Central/O=Acme” : “CN=John Smith/OU=Central/O=Acme”

Authors → “”

Finally, I can see the document and you can’t. Life is fair at last. I can also edit the document because I am an Editor. John Smith still can’t edit the document, and that, too, is good.

9

Subject: RE: Author field instead of reader field for Editor+ ?

Indeed a complete answer to my questions. Life may be unfair, but this answer was definitely helpful.

Thx Stan for the time you took to explain this to me ! I don’t have anymore questions lucky you :wink:

Oh, and btw, salute the old John for me …

PS: So, to my question : “Author field instead of reader field for Editor+ ?”

Answer is : it can, providing the reader field isn’t empty (technically speaking it is possible), but definitely useless as Editors and above just need to be present in a reader field to edit the document. No need for them to be present in the author field, in contrary to the Authors who need to be listed in the author field to be able to read AND edit the document. Listing them in the reader field only would only allow them to read the document …

10

Subject: RE: Author field instead of reader field for Editor+ ?

Cool reply …Thanks Stan for your explanation.Now I understood what I was missing.

Just one more confirmation from you.

Can this statement be considered as true.

Author field works as Reader field for every one except author. (Reader, Editor, Depositor and Manager)

Because author field gives author permission to edit document which he is not author of.

11

Subject: RE: Author field instead of reader field for Editor+ ?

That’s a fair statement, as long as you understand that authors are also granted read access by an authors field. That’s not so much for you as it is for anyone else who comes across this thread. I just want it to be clear to everybody that you can’t use a Readers field to hide a document from anybody who is listed in an Authors field – that’s been a major source of confusion for a lot of people.

12

Subject: RE: Author field instead of reader field for Editor+ ?

Thanks alot.

13

Subject: RE: Author field instead of reader field for Editor+ ?

Rahul Rai wrote:So if you have reader field and author field both in document and you are listed in author field but not in reader field you won’t be able to edit the document (as you will not be able to see/read the document)

That is incorrect. An Authors field also grants read access to users with Reader-level access or higher. If the user in that case has Author-level access or higher, he will also be able to edit the document.

14

Subject: RE: Author field instead of reader field for Editor+ ?

To answer the first question: an Authors field ALWAYS grants read access to a document. I thought my original response was very clear on that point. An Authors field will not affect an Editor’s ability to edit a document at all, but if there is a non-empty Readers field on the document, the Editor will need to be listed in a Readers field OR an Authors field in order to be able to see the document. If the Editor can’t see the document, he can’t edit the document.

Readers fields are used to HIDE documents from users. If there is no Readers-type field on the document (including the $Readers system field you set using the “Who can read” entry on the security tab of the document properties dialog), or if all of the Readers fields on the document are empty, then all users who are Readers and above (Author, Editor, Designer, Manager) can see the document. If any Readers field on the document is not empty, then only users who are listed in either a Readers field or an Authors field can see the document.

People who should always be able to see the document should be listed in an Authors field. That means administrators, servers, or “super users” of the database (HR personnel, for instance, in the case of databases holding confidential employee info). Being listed in an Authors field guarantees access to the document, but does not restrict anyone else’s access. If a document needs to be hidden from some (or most) users, then the users who have conditional access to the document should be listed in a Readers field (that is, users who should be able to see that particular document but who don’t have a “see all” role in the database).

Most users of most databases should probably have Author access. Even people who act in a supervisory capacity and will need to edit documents created by many other users rarely ought to have the ability to edit ALL of the documents in a database. Anybody (other than servers, admins and “super users”, who generally have Editor or higher access) who needs to be able to edit documents should be listed in an Authors field of the documents they are allowed to edit.