Monday, August 28, 2006

protected flag on Domino Directory

I recently run into a nasty issue which is exactly the same story described by Jens Polster

More than that, seems like IBM created an Technote as a result of Jens complaints.

I think that IBM has missed the point, though: I want my key users to be able to web edit person documents. I want to do it simple, using the Author level within the ACL. If this BUG maintains, I have to somehow create a separate security model for the application, which is of course time consuming. And the BUG is really simple: a field without the Security Property "Must have at least Editor access to use" gets the PROTECTED flag when saved by an Author. I will also test my Custom Directory in different scenarios and try to find a solution/answer. My environment is 6.5.4FP1 on Windows.

UPDATE: it's not a sensational update, since the solution was to allow ACL level to Editor instead of Author. I was lucky enough because the condition of one key user to NOT edit other documents was an external factor, meaning the key user had to have the same country as the user he is trying to edit. So, Author fields are of no use, insead the OfficeCountry field come to solve my particular need for simulating restrictions offered by default at Author ACL level. Afterall, I didn't have to create a rocket-science security model, I could trick the damn BUG. Hey IBM, wake up, you have a BUG in ur Domino system :)

UPDATE 2: After allowing Editor access, I've got myself another issue: how to prohibit deletion of users ? If we allow Editor + Delete documents right, all Editors will be able to delete users from other OfficeCountry then theirs. Then it struck me: we don't allow the Delete right at all. We show the Delete button on web, instead remove that person document from all Domino views, including ($Users) which is used by Domino to lookup usernames. So, this BUG turned out to be a feature, afterall ... not really.
Post a Comment

Disclaimer: The information in this weblog is provided "AS IS" with no warranties whatsoever, and confers no rights to any institution/person/organization. These are my personal thoughts and ideas. When I am inspired by others I give credit, I do not assume other's work and efforts. This site is NOT supported, approved, blessed etc. by Lotus Software and/or IBM Corporation.

Creative Commons License

This work is licensed under a Creative Commons Attribution 3.0 License.