Hello,
I have found the following issue.
situation
-
I have a document in the database with several restricted access sections and this document is subject to 3 level approval
-
the document contains a Authors type field with the names of the people who can edit it and the names of the approvers (so I can log during the approval process)
issue
-
imagine we are in the 2nd approval step - the restrcited sections will not allow anyone to edit the document content via UI and there is a script for queryOpen to make sure there is no way this document can get to edit mode
-
user has created a button in LN toolbar that can create/delete/change any field on any document (I am sure you know this ‘magic button’) in any database
-
since the user is listed in the Authors field, he can do any changes to the document in the database using this toolbar button and there will be no track of this.
Is there a way how to handle this? To me it seems like a quite security issue.
Thank you for any hints.
Subject: Editing a document using a toolbar button - possible security issue?
Yes. Try not confuse Form display restrictions with document security.
Same thing as if a person has reader access, just because a field is not displayed on a form doesn’t mean the user cannot design their own view with a column to show other fields, or look at the document properties.
If you want to restict what a person can change - you either have to remove author access or store the key values (fields) in a seperate document.
Let’s say you have an employee document. Maybe you want to allow certain HR people the ability to change address and phone numbers but not salary. If salary is store in the same document and they have author accesss… As you stated they can even if they cannot see the field by writing an agent.
A possible solution. Create a virtual relational document with different document security which contains the salary and don’t include salary in the employee document. If you want it to display on the screen you have a Dblookup in the form for display purposes.
Subject: RE: Editing a document using a toolbar button - possible security issue?
Hi Stephen,
thnx for the answer.
Seems like I have not selected a correct example. What I was trying to say is that even I have differend kinds of security implemented in the database as long as I keep the Authors type field with user name there is a way on the client level how this user can change the content of the document. E.g. for any workflows I have no possibility to log the workflow history directly in the document that is subject to workflow.
What is surprising that in DB ACL I can restrict agent creation but user can easily have a formula agent done via client toolbar and bypass the ACL settings.
Subject: RE: Editing a document using a toolbar button - possible security issue?
Yeah, it seems I wasn’t clear… When I said remove “Author” access I mean on the document.
If you have a work flow that is requester → Manager → VP type thing. Once the Requester puts in the request you probably want the Author field to exclude the requester. Then when the manager approves, limit the author to the VP.
This way if someone make a purchase request and says it’s going to cost 1000, the requester cannot go back and change it at a later time (after Manager and VP approval) and say it said 10,000 and you approved it.
Subject: RE: Editing a document using a toolbar button - possible security issue?
ACTUAL security would involve removing the user from the Authors field when the user is no longer entitled to modify the document (such as when submitting for approval further up the chain).