Been playing around with reader fields a bit and need help with a solution to a problem before it inevitably happens.
What happens if a document accidentally ends up with no valid readers? Theoretically you could end up with a database containing document, but nobody can actually see them.
Is there any way access can be restored. If not, is it possible just to delete these documents?
Thanks in advance,
Ben
Subject: No Readers
Best practice is that you should never limit security-related field values to inidividual / group names.
Ideally, you should always include an ACL role in computed readers fields: a kind of “super access” role if you will. This avoids the scenario whereby the only names listed in readers fields are individuals who may well have left your organisation.
On the other hand, if you’re asking what happens when a readers field is empty, then the answer’s simple: it has no effect.
Does that help?
–
Subject: RE: No Readers
I guess I should explain my problem a bit clearer. I know what I should do.
I’m trying to hide some groups, mail-in databases etc. within the public address book. I don’t wish users to see anything in the address dialog that they do not need to see. In the case of mail-in databases, I’m hiding the lot.
To do so, I’m using doc properties and the security tap. Deselecting the “all reader and above” option and checking names manually.
I’ve noticed that if I click LocalDomainServers first, I instantly “lose” the document as I’m no longer a valid reader. There’s no checkbox to confirm changes to readers. If I click the administrators group first I can continue and add LocalDomainServers as intended.
I guess I’m asking if there’s any way I can delete the documents I no longer have access to when I click the wrong entry first. I’m aware I can add myself to the LocalDomainServers group temporatily to re-acquire reader access, I just wondered if there was any other workaround?
I guess in theory, if I click the wrong entry there will always be a workaround by adding myself to the required role/group but if I don’t know which one that is it would be impossible.
Thoughts?
Subject: make yourself a Full Access Administrator
Full Access Admin rights on a server trump Reader fields and just about everything else except field-level encryption.