Hi there,
we are facing following issue:
when we work with open roles to manage users the form does not react on the dynamic chosen user.
- closed roles work as expected
- open / dynamic roles: When using those roles in rules, the system does not react on those settings. Buttons and text boxes do not change.>> see attachment.
As we use HCL Domino Leap we would like to understand how open & closed groups work on basis of HCL Domino databases ACL. As we understood these kinds of databases are used.
Rollenfehler_eng.docx
Hi there,
since you are using open roles i am guessing that stage changes for the form are in place,
where you assign a role dynamically to a user or group of users.
This doesn't really show based on your screenshots.
a dynamic role can be assigned to users or groups on stage change.
What happens is, that on stage change the documents are computed with the form and saved to the database and additional reader/author fields are placed on the documents.
There actually is a bug in the current version, where form hide rules based on changing roles during stage change are not shown instantly and you have to reopen the document to see these.
-edit-
I did not report the error yet back to hcl, because i am very busy for weeks. If it turns out to be your problem also, we should create tickets soon. You can verify this by saving the document and refreshing the url to "reopen" it and see if the hide formulas for roles are working correctly after that.
with kind regards
Oliver
This depends on your DLeap version and fix level. There were multiple changes and bugs in 1.x so be sure to use the latest build available for your version.
Closed DLeap roles are implemented as ACL for the corresponding NSF file:
- if user has read access in any role in any stage of any form, he becomes Reader
- if user has write access in any role in any stage of any form, he becomes Editor
- if user has create access (aka initiator role) on any form, he gets Create Documents permission
- if user has remove access on any form, he gets Remove Documents permission
- if user is Administrator of the app, he becomes Manager
Unfortunately this means that ACL of a given NSF file can potentially change with every submit of a form as users obtain different permissions! This is not a good patter in Domino world and quite error prone in complex scenarios.
Second, there is also fine-grained document-level security implemented as $VoltReaders and $VoltAuthors authors field, so you can not see open roles in File -> Application –> Access Control dialogue in Notes.
Open roles are implemented via $VoltDynRoles field also at document level so you can't see them either.
Please vote for my idea to make open roles visible https://domino-ideas.hcltechsw.com/ideas/VOLT-I-319 and to remove people from open roles: https://domino-ideas.hcltechsw.com/ideas/VOLT-I-338
