Wow I never realized how complicated Domino security is until today!
Alright here the situation, we just bought a new company and they need to start using a few of our key Notes Databases but they have extremly restricted access.
One of these databases is about 10 years old and the ACL settings do not make any sense. It looks like they start off structured and then everyone just simply ends up directly on the ACL or other groups are tag on with all sorts of settings making it impossible to judge what exactly is going on. I never touch it before because it always works.
So I add the group for the new company to the ACL and set the permission to what I thought would be perfect for them.
We want them to create Docs and read selected docs only.
I sweep the readers field to add this group on the selected doc and that should do it. Right??
I can read the selected docs but cannot creat docs, i get access denied!!
So lets start with the basics
ACL set to Author and checked off Create Doc
Ensure the correct role is set
The are a few view look ups, ensure they have access to the view
Ensure they have access to create the form
Check the server document in the Programmability Restrictions the groups been added to the right fields
Maybe there is a field doing a DB lookup to something
Check the code line by line maybe its trying to access some other view, DB, agent etc…
Check if I am pointing to the correct address book on the server I made the change.
Open the address book to ensure the settings there
Ensure that my user is using the same server/ replica I am
Maybe the settings are cached, log off, log on the user and try every thing over again.
Right about now I am pulling my hair out and am starting to hate all the security features of notes that I have always loved.
I take a break, go home and go thru the same exact process again the next day!!! My deadline has already been passed and I still cannot figure out whats going on.
Finally I get a lucky break, I start testing other documents in that DB and I am able to create them just fine.
Do a little more investigation, go over the code and finally I get a lucky break.
The dam author access field is set to [Admin].
Now every thing makes sense why the ACL was so messed up, nobody could figure out what was wrong so they just kept promoting user access until they could wright to the database.
Alright that’s fine but what do I do now, there is no way I can add the new company to this role, they would be able to see and edit all docs.
After taking a deep breath I simply added a creatorfield set it to @username and was finally able to relax.
Dam you AuthorAccess Field, you wasted 2 days of my life!!
A good lessoned learned, from now on, I am checking the Author field first!!!
I will enjoy the moment and later go back and figure out how this DB will work when I remove the Admin role from everyone!!!
Wish me luck.