HiThis is regarding groups and ACL. I’ve a user who belongs to the group “Management”, and i’ve placed the group in the ACL list. I don’t list the username explicitly in the ACL. Now i want to refine the access of the user to a particular screen and hence i need to make out the user’s group name. I want to know the group name, to which the user is associated with, when he logs into the application. Now don’t consider this is as a web application. It is not web oriented. How can i retrieve the user’s group name in this scenario? I just have the particular input viz., session.username, and with this i need to retreive the user’s group name. Plz help.
Best Regards,
Brian.
Subject: Retrieving group name from the ACL.
Hi,
as far as I know this cant be done any easy way. :-((
You have to consider that your actuall access to a database has not to be defined by only one ACL-Entry.You can get the level from one entry, some roles from others and some “flags” from an other one. (Maybe this is not your case for this database but it could be and properbly therefore there is no function/property which would tell you which ACL-Entry “gives” you the rights to a db)
The only way I know of would be to write a LotusScript function which would find this information for you. (Loop through all ACL entries → check against the NAB if it is a group → check if the user is a member of this group (even recursively !!) → get the ACL-Entry with the highest Level)
This solution is not really easy and might take a long tim to execute.
One more idea would be to check the Louts-API if there is an equivalent function for “Effective Access”. (?? It has to be somewhere). If you could get this kind of information it would be much easier.
Hope this helps.
Bye
Subject: RE: Retrieving group name from the ACL.
Hi Hynek,
thank you for the response. I think the second option looks better and it will work fine, if we just fine tune the performance and make it speedier. Thank you. I’m also looking out for the Lotus-API function, for finding out the effective access.
Best Regards,
Brian.
Subject: Retreiving group name from the ACL.
Once a person is logged in there is no simple way to determine the group that they got their rights from. The only persistant information is Max Access Roghts and their Role/s. So, I would assign a different role to each group and then check to see if the person has that Role. So give the group “Management” a Role “Management” and check to see is “Management” is a member of @USerRoles and you have the same thing. Now if the user is a memebr of the Management group and the Grunt group they will possess both roles, but that should not be a big issue.
Subject: Retreiving group name from the ACL.
Take a look at @UserNamesList – it will have as members all of the groups the user belongs to as long as the database is on the server. You can use @IsMember to check for a specific value.