Problem with field Authors

hcl-bot · January 28, 2008, 11:36am

I’m having problems with an Authors field. Within my Database, all users have the right Editor in ACL.

The problem is that only require that users in the field Authors altered a document, but all users can modify documents.

thanks.

Tengo una base datos, donde los Usuarios incluidos dentro del ACL possen permiso de Editors, y dentro de un formulario requiero que solo los usuarios incluidos dentro del un Field Authors puedar modificar este documento, sin embargo el campo Author no esta siendo validado, y todos los usuarios tienen permiso de modificar dicho formulario.

hcl-bot · January 28, 2008, 12:44pm

Subject: Problem with field Authors

Maybe this table will make things clearer

Person A - in ACL - reader

Person B - in ACL - author

Person C - in ACL - editor

Created

By

Readers Field(s)

Author

Fields(s)

Person A

Person B

Person C

B

none

read only

read only*

read / write

B

none

A

read only

read / write

B

none

B

read only

read / write

B

none

C

read only

read / write

B

none

A, B, C

read only

read / write

- Updated based upon correction from Rene Scheening()

Notice that Person A cannot edit the document even if they are listed as the Author because they only have READ access to the database.

Notice theat Person C ALWAYS can edit the document.

hcl-bot · January 28, 2008, 1:18pm

Subject: RE: Problem with field Authors

thanks

hcl-bot · January 29, 2008, 4:12am

Subject: Beware…

The first line of the table is not correct.

An ACL-author cannot edit a document he created, unless there is an author field in the document in which he is enlisted (by name/group/role).

So the first line should be: (sorry, no client, so no neat table):

A & B can read

C can read/write

hcl-bot · January 29, 2008, 12:33pm

Subject: RE: Beware…

I thought if there was no Author field, then it defaulted to who created the document then?

hcl-bot · January 30, 2008, 4:00am

Subject: RE: Beware…

This was the case in older versions of Notes. But nowadays you have to be editor or there has to be an author field.

Author:

Create documents if the user or server also has the Create documents access level privilege. When you assign Author access to a user or server, you must also specify the Create documents access level privilege.

Edit the documents where there is an Authors field in the document and the user is specified in the Authors field.

Read all documents unless there is a Readers field in the form. If there is a Readers field, the Author must be listed to be able to read documents.

hcl-bot · January 28, 2008, 12:18pm

Subject: Problem with field Authors

you can place something in the quesrysave event to look at the authors field, and it they are not in the authors field don’t let them save it.

you can also place code in the queryChange event not to allow them to edit the document in the first place as well.

john

hcl-bot · January 29, 2008, 2:05pm

Subject: RE: Problem with field Authors

Be aware that using the Query events or any form based means of preventing the wong people to access the document is not a secure solution. The only real security is by the use of the correct acl settings and readers and/or authors fields. Everything that is based on code in a form can be bypassed by changing the document with an agent or other means that doesn’t use the form.

hcl-bot · January 28, 2008, 11:59am

Subject: Problem with field Authors

Posted by Luis Angel Segura

I’m having problems with an Authors field. Within my Database, all users have the right Editor in ACL.

The problem is that only require that users in the field Authors altered a document, but all users can modify documents.

Editor Access IGNORES an Author Field.

When you add an author field, you’re expanding who can Edit the document NOT restricting who can edit a document. (Not like Readers fields - which is probably why people get confused.)

By Default - the author is normally - the person who created the doucment.

If you create an author field you can add people who can edit the document. E.g. I want to give access to you and me, then I would put your name and my name in the Authors field.

However, if we have Editor access and see the document - then we can edit the document no matter who is in the Authors field.

What you want to do is LOWER people’s access from Editors Access to Author Access and then add to your authors field only the people you want to be able to edit.

Hope that clears things up?

hcl-bot · January 28, 2008, 12:29pm

Subject: RE: Problem with field Authors

To summarize … Author fields only apply to ACL Authors, and not any other access level.

(Well, with one exception - when on a document that’s also protected with Reader fields, the Author fields also grant Reader access.)