I created a “discussion” database (by using the Discussion - Notes & Web (6) template) and the user wants the following security to this database. I’m at lost on how exactly I should do this. Currently, there is an authors and readers field on the “Main Topic” form and a readers field only on the “Response” and “Response to Response” forms. Any suggestions you may have would be appreicated! Also, on a side note, Anonymous has Author access while the TD Admin group has Editor access.
Anonymous
can view any posting (“Topic” and “Response” documents) without logging in
login to respond to a “Topic” document
login to respond to a “Response” document
can not post a “Topic” document
can not delete any document
TD Admin (group)
can view any posting (“Topic” and “Response” documents) without logging in
I’m not an expert on web-facing databases, but I can cover the basics.
First, scrap all Reader fields. As I interpret your requirements, all documents can be read by anyone
That means remove them from all forms, AND remove them from all existing documents.
Second, give Anonymous READER access only. Then no-one can create documents without logging in.
Next set up two groups, one for general users and one for the administrators. Give the admin group an [ADMIN] role.
I’m not sure how you can prevent general users from creating Topics - hide the create button unless the user has the [ADMIN] role ?
Someone with more Web experiance may be more help here.
Only give the Administrators DELETE access
Your requirements are not complete, as they don’t address who should be able to edit existing documents. That would drive how you need to setup the Author fields, and what level of access the groups require.
Thank you, Graham for your assistance. For those who can edit documents, the Admins can edit their own documents but can not edit other documents. Right now, I’m waiting to hear from the client on whether or not if the Anonymous users can edit their Responses.
On the “Main Topic” form, I have an action hotspot “Edit Document” that are hidden to those who aren’t the author of that document. I noticed that when I first open the database on the web, the “Edit Document” button is hidden no matter what. If I close the window and reopen the database, the “Edit Document” link appears. Does anyone know why this is happening?
For those who can edit documents, the Admins can edit their own documents but can not edit other documents.
Then Admins need to be AUTHORS, and you’ll need to store their names in an Authors field.
I’m waiting to hear from the client on whether or not if the Anonymous users can edit their Responses.
As you don’t know who Anonymous users are, if you allow then to edit Responses, they would be able to edit anyone’s responses.
If you want them to only edit their own, they would need to log in, have Author access to the database, and have their names in an Authors field.
On the “Main Topic” form, I have an action hotspot “Edit Document” that are hidden to those who aren’t the author of that document. I noticed that when I first open the database on the web, the “Edit Document” button is hidden no matter what. If I close the window and reopen the database, the “Edit Document” link appears. Does anyone know why this is happening?
Graham, thank you for your response. I followed your suggestions on regarding to the Admins in the Authors field and it worked as expected. As for the “Edit Document” link, it’s OK. Thanks for your help though!