Reputation: 1000
Notes ACL Reader Level and Readers/Authors fields
I have 3 groups in my ACL that are associated with a corresponding Role. Default is set to No Access. There are no user names listed in the ACL, only groups.
One of the groups has Reader level access.
On one of the documents that has Readers and Authors fields, they would like to have a field where they can choose a user (Notes User Name/ID) to add as an Author to that document.
I add that user to the Authors and Readers fields on the save event, which works great.
However, if a user from the Readers level group is added to that document (added to that field), that should NOT give them Author access to that document? Is this right? I don't think that would "trump" their Reader level access. I think they would still have Reader access to that document even if their name appears in the Author field.
I am getting conflicting answers from some peers.
Thanks! Dan
Upvotes: 1
Views: 1975
Answers (2)
Reputation: 14628
Yes, your interpretation is correct. Here is how Lotus people generally explained it:
Reader and Author fields can only refine the ACL. They cannot override the ACL by adding permissions to users for specific document.
I.e., adding a Readers field to a document refines the ACL by saying "Only these specific people with Reader (or above) access in the ACL can see this document". And adding an Authors field to a document refines the ACL by saying "Only these specific people with Author access in the ACL can edit this document." (Note the conspicuous absence of "or above" or "or below" from that one. Anyone with Editor access or above can always edit a document, regardless of whether there is an Authors field. And anyone with Reader access or below in the ACL can never edit a document, even if they are listed in an Authors field.)
One reason it's confusing is that lack of an Authors field effectively removes a permission because someone with Author access in the ACL can't edit a document unless an Authors field exists and contains their name (or group or role), whereas lack of a Readers field effectively adds a permission because someone with Reader access or above in the ACL can see everything that doesn't have a Readers field as well as everything that does have a Readers field that does list their name (or group or role). Thinking in terms of refinement of the ACL helps avoid this confusion.
Upvotes: 5
Reputation: 101
Also, if a person is in the author field/s they can see the document even if not specified in the reader field/s (as long as they have implied access at reader or above in the ACL).
Confusing! Make sure you put an admin role (:[ADMIN] or whatever you call it) in the author field to make life easier for support purposes as it's difficult providing support if you can't see the document/s in question.
All the best.
Upvotes: 1
Related Questions
- Override Authors Field and allow access to some fields. Lotus Notes
- how to implement AclServiceUtils.getAcl() in order to retrieve user info from lotusnotes
- Extract IBM Notes View/Folder full ACL form Java API
- Reader field and group name
- Manage ACL for the entire users in domino
- Author Access to Save and Edit a Document in Lotus Notes
- Access Control List in Lotus Notes
- User not able to edit a Lotus form
- Do Access Control Sections Need an Authors Field Too?
- Access ACL entries