Populate a Readers Field

HCL Domino Domino Forum
1

Hello, I’m trying to populate a readers field with a list of users based on their Office Symbol.

I have a list of users in a view like this:

4P Name1

4P Name2

4PA Name1

4PA Name2

4PA Name3

4PAM Name1

4PAS Name1

Now, what I’m trying to do:

  • I get the Office Symbol from the document which contains the readers field

  • The readers field for 4P should contain the names that match 4P above

  • The readers field for 4PA should contain the names that match 4PA above AND 4P

  • The readers field for 4PAM should contain the names that match 4PAM, 4PA AND 4P

  • The readers field for 4PAS should contain the names that match 4PAS, 4PA AND 4P

I’ve been trying to use DbLookup and DbColumn in a @For loop to no avail and can’t for the life of me figure out how to do this. Could someone point me in the right direction?

2

Subject: Populate a Readers Field

OK, here’s what I came up with…

@If(

		@Length(OffSym) = 2;

		userList := @DbLookup("";"";"DivisionAccessUsers";OffSym;2);

		@Do(

			@While(@Length(OffSym) >= 2;

				userList := @Trim(userList : @DbLookup("";"";"DivisionAccessUsers";OffSym;2));

				OffSym := @LeftBack(OffSym;1);

				@If(

					@Contains(OffSym;"-");

					OffSym := @LeftBack(OffSym;"-");

					OffSym := OffSym

				)

			)

		)

	);



	@If(

		OffSym = "";

		"";

		userList

	)

This seems to work and I haven’t been able to break it yet. If anyone sees anything that is obvious it isn’t going to work please let me know.

Keith

http://www.keithstric.com

3

Subject: RE: Populate a Readers Field

Is it really necessary to store usernames in a readers field? What happens when someone changes departments?

Why don’t you just have groups named xxx-4P, xxx-4PM and so on, and put the names into those groups? Then you don’t have to do any lookups, and your reader access changes as the group membership changes.

4

Subject: RE: Populate a Readers Field

Due to the powers that be, the process to get groups created, edited, removed is about a 3 week process. They don’t believe in making the application owner, owner of their respective groups so this is the work around I came up with.

Believe me I’ve had this fight with them several times and have basically been told that I’m wrong, no one should have access to do anything with the address book :frowning:

I know it’s not ideal, but the application owner wants to be able to control who has reader access

5

Subject: RE: Populate a Readers Field

Sounds to me you need new management - not new methods.

We have many clients who do exactly what Andre suggested, and the way to manage the NAB and groups is via an Access Manager that will populate Groups for you automatically in the NAB.

So you never have to manually touch the NAB (which I think is good policy) but a well designed and managed Access Manager can save a lot of development time and add value to the security policies within an organisation.

6

Subject: RE: Populate a Readers Field

Ray, is this an application you can share, e.g. on openntf.org?

7

Subject: RE: Populate a Readers Field

Believe me I’ve had this fight with them several times and have basically> been told that I’m wrong, no one should have access to do anything with

the address book :frowning:

Would you like me to talk with them?

Maybe you need to address this as part of a larger initiative of process improvement. “I want to make sure we’re adding value with every step of a process,” you could say. “I want to improve productivity by making sure (y)our employees aren’t wasting time doing pointless tasks, and that they aren’t blocked in their tasks by unnecessary wait time on their requests.” It’s hard to argue against that. “Are these group membership change requests ever denied? All the administrator does is make sure the request comes from the right person? Oh, we can automate that process.”

If they’re paranoid about giving anyone author access to the address book, there is an adminp request to add users to a group, or you could do it as follows. The authorized owners of a group would be listed as owners in the group document in the address book – just as they are in a sensible setup – except this doesn’t grant them access because they aren’t authors. Then you establish a separate group request database with depositor access for everyone. Anyone can compose a group access change request for a group of which they are the listed owner (verified by code on the form that looks up the group). The request is electronically signed to insure the identity of the requester. An agent in the request database processes all new requests within minutes, verifies that the requester is a listed owner of the group and the signature is valid, and makes the requested change in the membership or ownership. This is, of course, no more secure than just giving people appropriate access and roles in the address book, but it might feel to management more like it’s under their control. You could add a manual approval step if people are nervous, but also add a checkbox allowing the approver to instruct that requests for updates to that particular group should be handled automatically in future. 95% of those boxes will be checked the first time an a request comes through for the particular group.

Alternatively, if you don’t have too many different “office symbols,” you could use ACL roles instead. Just define a role name for each “office symbol” and assign the appropriate users to it. Your formula could come up with a list of roles, e.g. translating 4PAS to “[4PAS]”:“[4PA]”:“[4P]”. You can define, I believe, up to 75 roles.

If you must do it the way you’ve designed, then at least do only one lookup; that’ll work if all the indexes are defined, or if you can arrange that any indexes that are not defined go at the end of the key list. You could do this:

key := @Unique(OffSym : @Left(OffSym; 3) : @Left(OffSym; 2));

@DbLookup(…; key; …; [failsilent])

8

Subject: RE: Populate a Readers Field

Thanks Andre, I spent a week emailing and had 2 conference calls with the powers that be to no avail, and I did offer to create a web based group change request app for them. I posted about this and Kevin Pettitt suggested the same course of action (http://www.keithstric.com/A55BAC/keithstric.nsf/d6plinks/KSTD-763JTS)

I even pointed to several best practices I found here and there, most of them on the IBM Developerworks site. The people that are overall in charge of the infrastructure here are not Lotus Notes/Domino people, they’re not even IT people, they are politicians (sorry can’t say more) who believe they are always right, no exceptions, no arguments.

With that attitude they get people like me who try to go around their process in order to make the customer happy. I don’t think that’s a good thing and I don’t recommend it as I’ve gotten quite a bit of flak about some things, but my customers are happy and Lotus Notes application growth in our region is booming and becoming the preferred medium for new applications :slight_smile: