Weblog
11/1: Readers Field Problem
I've been having a strange problem today with readers fields. I have written a Notes client based Leave Requests System that contains a Leave Summary for every person in the company. Readers fields are used to hide documents so that staff can only see other staff within the same department (apart from some roles such as [Admin] and [Personnel] and apart from supervisors and supervisor's supervisor (who may be in other departments)).This all works fine. However, when testing the system I have four documents visible and 271 documents in total. When I select all documents with CTRL A, the system reports 271 documents -- actually it reports 272 but is including the one visible category. How can that be right? I don't even want the user to know that there are other documents.
Despite not being able to see the documents, I can delete the documents and I can create a replica of the database that contains those documents. Is this working right? I was always led to believe that you couldn't replicate documents if you were locked out with a Readers field. Help me out guys!! I'm on version 7.01 at the moment.
Update 12th Jan
I've just tried this on a database in production and get the same behaviour and I've also tried it with a version 6.03 client with the same results. All I can say is that this "feature" surprised me. I wouldn't have thought it would be possible to delete documents that you are protected from seeing with a Readers field.
Naturally, I would also use Authors fields and use the Query Document Delete event to prevent unauthorised deletion of documents in a real application.
Author: Rob Wills Categories: Domino
1. Robin Wills wrote:
There is a great post from Andre Guirard on Authors and Readers fields on the forum, linked here:
{ Link }
It also links to an agent that Andre has written stored within OpenNTF.
It didn't help me as such since the Readers field in my application is working. However, it refers to having "Full Access Administration" which is something I probably have given myself without realising the implication. It is probably that access which is overriding the Readers field. I'll report back once I know more.
2. Robin Wills wrote:
Contrary to my comment above, I did not have "Full Access Administration" mode enabled in the Administrator client (by selecting Administration - Full Access Administration). It was disabled.
So to summarise, I have documents that are properly configured with Readers fields to be hidden from me and yet I can still select and delete them using the Notes UI. Surely that can't be right?