Hi,
I have a NSF with -Default- ACL access set to Editor. My application needs a “non Readers” field. Example: All employees can view DOC A but the User XXX cannot see DOC A.
[Roles] is not a good solution because the app has a lot of doc with the same rule.
Private Views neither since a hard maintenance
Remember that the user can perform a Search
Single Category will not work too
Set all employees in a Readers field without the User XXX is not a good solution too
Work with Groups can work but the Domino Administrator will rate me
That is it.
Regards
I do not know if this information is important but actually I am CLPP
Subject: How to perform an inverse Readers field ?
Uh, you may be a CLPP, but you apparently don’t understand readers fields.
“Example: All employees can view DOC A but the User XXX cannot see DOC A.”
That IS what a readers field does. Give your default access users a role. Put that role in the readers field. Give your non-default users editor access without that role. They won’t be able to see the documents.
“Set all employees in a Readers field without the User XXX is not a good solution too”
Why not?
Subject: RE: How to perform an inverse Readers field ?
Hey man… take it easy …
Lets start again, I DO know how Readers field works …
but my app need the inverse … I can call it: “!Readers” … where ! is NOT
“Set all employees in a Readers field without the User XXX is not a good solution too” Why not?
because I have a lot of docs working the same way but maybe User XXX, YYY, ZZZ … as you can see I do not know who is the user …
I hope you can help me instead of saying: “Uh, you may be a CLPP, but you apparently don’t understand readers fields”
Subject: RE: How to perform an inverse Readers field ?
Cool it.
Your question is logical but not sensible. Notes gives you a brilliant tool to control access to individual document. You say - “I want to do that, but not use the Notes tools”. If not, why not.
Subject: RE: How to perform an inverse Readers field ?
I ave assumed in my sketch below that each document wll have a list 9whichmay be none) of readers who can’t read that particulr document
So add a multi-valuie field to the form that will contain the list of people who are banned
OK, now add to the QueryOpen and Querymodechange eventssome code to check the current user (session.commonusername should do it) and see if that name is in the field
If it is, set continue to False (you might want to give them an error message at this point)
HOWEVER this won’t prevent them from looking at the document with doc properties
To REALLY hide it, you have to do exactly as Henry has said, and every time the document is saved, add to the readers field the list of all users who CAN see it
Tedious and prone to be out of date rapidly, but there is no simple way that I know of to do this
Chris
Subject: RE: How to perform an inverse Readers field ?
Nice discussion,
I donot know why developers fear from readers and authors field. Chris is right if u donot wana with both the horible field then should go with chris’s logic . Do all the things manually "means dbcol, and dblookup.
Otherwise seems difficult…
Rishi
Subject: RE: How to perform an inverse Readers field ?
Hey,
Chris´s solution is good but is not what I want !!!
Remember my -Default- ACL access is Editor, so I can´t use the Readers field as of it was made for.
I said READERS because at that moment i do not know how to call it … since Reader is a nom and a Notes field too
Try to abstract your mind and forget Lotus Notes Readers Field, as I said I DO know how it works
Subject: RE: How to perform an inverse Readers field ?
What does default access=editor have to do with anything? Readers fields prevent anyone who is not in the field from accessing the document, even if they have manager access.
Subject: RE: How to perform an inverse Readers field ?
my company has 200K users … if Default ACL set as Editor … I mean 200K open the NSF … I cannot compute 200K to Readers Fields …
You have the deep think about what is my issue
Subject: RE: How to perform an inverse Readers field ?
No, you don’t compute 200k names - you use roles. I still don’t know why you’re so against that. I’m sorry if you think I’m being harsh, but it really seems like either you don’t understand the built-in security model of Notes, or Notes is not the solution you should be using.
Subject: How to perform an inverse Readers field ?
It seems to me that this would work if your domain has an AllUsers group:
Field1:
Name:
AllUsers
Type:
Names, multi-value, Computed for display
Value:
@dblookup(“”; “” : “names.nsf”; “($Groups)”; “AllUsers”; “Members”)
Other:
Hidden
Field2:
Name:
NonReaders
Type:
Names, multi-value, Editable
Other:
Visible, Use address book for choices
Field3:
Name:
Readers
Type:
Readers, multi-value, Computed
Value:
@trim(@replace(AllUsers; NonReaders; “”)
Other:
Hidden, follows AllUsers in evaluation order.
Field4:
Name:
AdminReaders
Type:
Authors, multi-value, Computed when composed
Value:
“Administrators” : “LocalDomainServers”
Other:
Hidden, follows AllUsers in evaluation order.
(That last field is, of course, to keep the end users who edit the NonReaders field from locking admins and servers out of the document.)
Subject: RE: How to perform an inverse Readers field ?
yeap it should work … but actually my company has more the 200K users…
I am think …I will have to create more than 100 Readers Field … Do you have any other clue ?
Subject: RE: How to perform an inverse Readers field ?
That would work - a ‘black list’ of readers, have implemented the same thing.
The only other way I can think of to do it which would not be overly secure and would require a lot more code would be to have the black list on the document and prevent the document from opening (and so on) if a user is in that list. Without using readers fields though, they would still be able to see the documents they don’t have access to in views etc.
Subject: RE: How to perform an inverse Readers field ?
“Without using readers fields though, they would still be able to see the documents they don’t have access to in views etc.”
Which is what I said was the problem with my simple solution above
I think that we may be suffering here from a bit of a troll.
Several people have pointed out reasons why this is impractical - not least becasue anyone who CAN see the document can print, copy or email it for those supposedly excluded from viewing it, but have provided suggestions anyway
Several people have also pointed out that Notes is set up as an ‘inclusive’ model - you decide who CAN read things, and our troll’s only answer is “So you don’t know how to do it”
Maybe we should just leave him to solve it himself, as he’s not happy with any of our assistance?
Chris Boote
Subject: RE: How to perform an inverse Readers field ?
Thank you gays for all your post. I found a way to solve the problem …
Using 2 db one for control who can read and other to hold all documents… Using an agent (Running as HTTP)that copy documents from one to another …
Anyway I think i will get performance issue in the next few months … but until there i can think in an archive db
Subject: RE: How to perform an inverse Readers field ?
Some people said that it is impratical… However, this is exactly what I am looking for-- Inverse Readers.
We have certain products that we agree not to sell to a few customers who are also customers of our suppliers. We call these outsourced products. Therefore, only a few customers cannot view certain products (from our web sites).
Subject: RE: How to perform an inverse Readers field ?
Sure – restrict access to documents to those who NEED to see the documents. There is no way in the world that you can convince me that ANY document is okay for viewing by anybody, anywhere EXCEPT Milt in the basement office, especially if this is on an individual, document-by-document basis. What you are describing is just plain silly.
Subject: RE: How to perform an inverse Readers field ?
Right … so you do not know the answer …anyway Thank you.
Subject: RE: How to perform an inverse Readers field ?
Look, what you are trying to do is impractical. There is no built-in feature that will provide a document-by-document “excluded user” functionality , especially if you want global access for everyone else. The excluded user will not actually be prevented from knowing the content of a given document, given human nature and the number of people who CAN see the document. RE-THINK THIS.
Subject: RE: How to perform an inverse Readers field ?
As usual, I agree with Stan. This security policy is illogical, impractical, and impracticable, since, as Stan points out, if the majority of the company has access to data, then either intentionally or unintentionally, the few who don’t have access to that data may be given that data, either by word of mouth, copying, or other means.
That said, you may very well not be the person who dreamed up this scheme, nor might you have the ability to change it.