Have any one faced this peculiar problem "Privilege" notes release 2

I have some databases which were created in Notes release 2. In those databases some “privileges” were created which had also been used in form access control. Now “privileges” are not supported by Lotusscript, hence those DB ACL can not be changed by some script. So our client told us to remove those privileges and replace by “Roles”. Now problem is even if all the privileges been deleted from ACL, still when we are removing the form access control, after saving the form and reopening, the old form access control still there. More strange thing is even if we deleted the old form and create a new form with same name with no form accecc control, the old documents can not be opened. While opening the documents, “You are not authorized” message is coming.

Any one has faced this kind of problem?

Any suggestion will be greatly appreciated.

Subject: RE: have any one faced this peculiar problem “Privilege” notes release 2

You misunderstand how Reader access works. When deciding whether a user has access to a document, Notes doesn’t look at the form design; just at what’s stored in the document. See Compleat Reader and Author Field Troubleshooter.

To update the access properties for these documents, you will need to write an agent to update their Readers items with your new role names.

I’m surprised you’re having problems accessing Privileges in LotusScript, since, as described here, NotesACL does include them in the list of roles (with parens around their names rather than square brackets). If you use NotesACLEntry.DisableRole and give a privilege name in parens, does it fail to remove the privilege from the ACL entry? If you’re having a problem such as this, please contact Lotus Support and supply a small sample database illustrating the problem.

Subject: RE: have any one faced this peculiar problem “Privilege” notes release 2

Hi Andre,

As per my experience if in readers field role is present, the people without that role cant even see the document in the view. In my case peroblem is without the role i can see the document in view, but during opening error is being thrown “You are not authorized”. Of course i have checked there are no script for checking that in Postopen etc.So i thought it might be due to some strange problem.

Any way i discovered, in the document “Who can read this document” that old privilege is mentioned. So do you know how to change that or remove that for all documents by some agent? Can that be overwritten by simply adding readers field in those documents.

And regarding supporting of privilege in Lotusscript, yes all though Roles property returns privileges, enableRole, disableRole does not support privilege. IBM awares about this fact and in notes 6 documentation they have also mentioned that.

Subject: RE: have any one faced this peculiar problem “Privilege” notes release 2

during opening error is being thrown “You are not authorized”.

Ah. So your problem is not with read access to the document, but because of something else that’s happening when you open the document that you don’t have access to do, e.g. make a change to the document, access some information in another document, etc.

Of course i have checked there are no script for checking that in Postopen etc.

I don’t know what you mean by “that”. Look at your Postopen script, Queryopen, computed for display field formulas, keyword formulas, anything that executes when you open the document. You may be able to narrow it down a bit by noticing whether the error occurs before or after the document is displayed.

Any way i discovered, in the document “Who can read this document” that old privilege is mentioned. So do you know how to change that or remove that for all documents by some agent?

Yes, just use a formula agent such as, SELECT $Readers = “(privilege1)”; FIELD $Readers := @Replace($Readers; “(privilege1)”; “(NewRoleName]”)

Can that be overwritten by simply adding readers field in those documents.

No, you can’t overwrite the value in one item by adding values in another item.

And regarding supporting of privilege in Lotusscript, yes all though Roles property returns privileges, enableRole, disableRole does not support privilege. IBM awares about this fact and in notes 6 documentation they have also mentioned that.

Oh? But what about deleting the privilege entirely? Can you do that? Though of course that’s not so hard to do manually.

Incidentally, if your database ACL is so long that it makes sense to automate operations on it, it may be a good idea to consider using groups so that you end up with fewer ACL entries.