Is there a way to stop the Smarticon that is out there to edit document fields…or at least a way to track the changes that were made? I know the modified date is changed and the $updatedby is updated, but can it be stopped???
Subject: Smarticon to Edit Document
If you’re trying to stop things like the smart icon and Control-E, and force a user to use an action button… Then you need to look at Post/QueryModeChange.
I would advice AGAINST doing this as you will frustrate users. It’s best to design your system to handle what you want done in the button by doing the samething whenever the document is opened in edit mode.
Subject: RE: Smarticon to Edit Document
That really kinda sucks and presents a major security issue. If an application is a workflow app, and needs to have certain users have edit access at certain points throughout the process, you have to have them in the Author field when they have work to do on the doc. At this point, if they have this button, they can edit the document.
Anyone have any ideas to get around this obvious severe security flaw in the system?
Subject: RE: Smarticon to Edit Document
You want things buttoned down tight? Never give the user direct edit access to the document after it’s submitted to the workflow. Record all user actions on separate documents that are signed (eliminates deniability), then have a run-on-server agent do any actual updates to the main document, passing the note ID of the activity document (and recording a reference to the activity document).
Subject: RE: Smarticon to Edit Document
Yeah, Stan, this is probably what I am going to have to do if the business users decide it is worth it for the miniscule amount of people who may have this button. What I would like to have is a setting that does not allow the user to make edits to a document from a smarticon, but that is too much to ask I guess…LOL.
Subject: RE: Smarticon to Edit Document
Certainly, there are many ways to build a secure application, but you need to understand what Notes can and cannot do, and build your application to it’s capabilities. Here’s some ideas for doing that…
If there are items in your document that authors should not update, set their IsProtected flag. (Form Properties : Security Options - Only Editors can update this item). Only Editors and above can modify those items.
Don’t give users author access to documents. Do all of the updating by calling a Signed trusted agent which can safely update the documents following your rules. (You could use a data-entry form to collect information that needs to be put into the real document.)
Move data values that you don’t want people to update with into separate documents that they don’t have access too. The values can be displayed in your main form through lookups, but are not saved with the rest of the document.
Fundamentally, Notes security only goes to the document level. If you need to secure data at the field level, you need to resort to work-arounds like the ones above.
And it NOT a security flaw, as the product is working as designed and documented. It may not work to your liking or expectations or understanding, but that could be said of any product.
Subject: RE: Smarticon to Edit Document
I am sorry, but if any user who has edit access to a document can simply create a smarticon and circumvent the security of a document, it is a flaw.
The suggestions you make above are all things I have thought about, but are very time-comsuming and not something that should have to be done for every single database that I want to write.
If I have a document that is locked down by using the Query Events, as well as by having an Authors field and Readers field, some hokey Smarticon(toolbar button) should not be able to make edits to the document from a view. I can’t imagine that this is how the buttons are intended to be used.
I agree that it may not technically be a “bug” in the system, but you have to admit that it is a flaw.
Subject: RE: Smarticon to Edit Document
I cannot agree with you, and totally agree with Graham.
It’s not a flaw Lotus Notes. A person cannot just create an icon and be able to edit a document, unless they have permission to edit that document. That’s not a flaw of Lotus Notes, it’s a flaw of the design of the application. You require them to use a button, but haven’t taken into account the ability of a smarticon, control-E, double clicking, etc.
The designer has given them access to edit that document, therefore they should be able to edit it?
How can we help you understand Readers and Author fields to achive what you work flow application to do?
I have built many work flow applications that limit who can see and edit a document as it moves through the process.
Subject: RE: Smarticon to Edit Document
Stephen,
Thanks for the response…thanks to everyone. I don’t want to sound pushy or ungrateful. Lotus Notes is a great product and I have been using it for a long time.
To answer your question directly, the database is 99% LOCKED DOWN. The ONLY function I am concerned about is editing a document from a smarticon in a view. There is NOTHING I can do about this except create a new form to handle edits, using an agent to then put those edits into the main form, which will not be editable. Or create a second database to handle housing the actual data, and have that database be reader only access. My database already includes alot of code to not allow editing by CTRL-e, double clicking, etc. etc. The ONLY thing I am concerned about is the damn smarticon.
I was hoping for something like an option to “Not Allow Document Editing From Smarticon”, but I guess it is not there.
Have you ever built an application that did not allow a user to edit a document via a smarticon, when it was their turn to make an edit in the workflow? If you have, I would love to know how you did it. Again, I am not talking about once the document is opened…this is easy to control. I am talking about editing the document from the view using a smarticon.
Thanks
Chris
Subject: RE: Smarticon to Edit Document
It’s not just Smart Icon buttons that you should be concerned about Chris. There’s nothing that you can do by writing code in your application’s GUI that will secure your data, because the GUI is not the only way to get to the application’s data.
Let me show this as a graphic. (I’m a visual sort of person, and rather they type 1,000 words …)
The person to the left is your normal Notes user. They access the database through the “front end” and you can control exactly how they see the data, and what they can do.
The person to the right is who you are trying to protect against. They want to access the data directly, and not use your GUI. This is not “a flaw” as Notes is specifically designed to allow this. The only true security that your data has is the ACL and the person’s access. (Reader, Author, and encryption controls are here also.)
The critical point to recognize is there there’s nothing an application designer can create in a database design that adds to the ACL security. This is why it’s important to design applications that hold secure data so that user access to the records that hold that data is appropriate. And that could very well mean that you need to store data in separate records, building your forms to work with that methodology.
Subject: RE: Smarticon to Edit Document
<< Have you ever built an application that did not allow a user to edit a document via a smarticon, when it was their turn to make an edit in the workflow? If you have, I would love to know how you did it. Again, I am not talking about once the document is opened…this is easy to control. I am talking about editing the document from the view using a smarticon. >>
I’ve generally avoided this because you’re trying to control how the user uses Lotus Notes. If they like using Control-E to edit something, why should you stop them?
I get the impression you want the user to click on the button to maybe prompt them for information to write to the document. What you could do, is have in the query mode change event if someone tries to place the document in edit mode you change it back to read mode and then run the code that is in your button (movce it to a script library and then call it both using the button and your query mode change).
That way if the person edits the document (using any of Control-E, Smart Icon, or double click) it’s the same as clicking on the Action button you want them to use? Does that help?
Subject: RE: Smarticon to Edit Document
The idea is that the user can make the edit to the document from the view, not within the document. So no ui events are going to be triggered. NO EVENTS are triggered. The only things that change are the $UpdatedBy and the $Revisions fields, as well as the field that the user changes.
There are already traps in place everywhere that do not allow the user to edit the document using ctrl-e or double-clicking anywhere on the form. This is done using the ui events.
But the smarticons do not trigger any events and so, if the user has edit rights to the document, that user can make whatever changes he/she wants using a smarticon in the view and those changes can not be tracked.
Subject: RE: Smarticon to Edit Document
That I’d respond that Notes may not be the correct tool to use to meet your business needs. If you need that level of control “out of the box”, you going to have to find a different solution. Notes is just not going to do what you want.
Author access in Notes is defined as the ability to edit documents, which means any items (fields) in those documents. That’s what Author access is defined to mean.
That is not limited to using your Notes Form to do the editing : it also allows external code, other databases, ODBC, and a host of other access methods that the user may choose to use to get at, and update that data.
Your needs seem to be more restrictive, and it’s unfair to say that Notes has a flaw, when it’s simply following it’s basic design methodology.
Subject: Smarticon to Edit Document
Nope. The Notes model presumes that your GUI design (forms, views, etc.) is one of many ways to access data in the database.
The only security control that you have is at the ACL level.