Wow I never realized how complicated Domino security is until today!

Wow I never realized how complicated Domino security is until today! 
Alright here the situation, we just bought a new company and they need to start using a few of our key Notes Databases but they have extremly restricted access.
One of these databases is about 10 years old and the ACL settings do not make any sense.  It looks like they start off structured and then everyone just simply ends up directly on the ACL or other groups are tag on with all sorts of settings making it impossible to judge what exactly is going on. I never touch it before because it always works.
So I add the group for the new company to the ACL and set the permission to what I thought would be perfect for them.
We want them to create Docs and read selected docs only.
I sweep the readers field to add this group on the selected doc and that should do it.  Right??
Wrong!!
I can read the selected docs but cannot creat docs, i get access denied!!
So lets start with the basics
  1. ACL set to Author and checked off Create Doc
  2. Ensure the correct role is set
  3. The are a few view look ups, ensure they have access to the view
  4. Ensure they have access to create the form
  5. Check the server document in the Programmability Restrictions the groups been added to the right fields
  6. Maybe there is a field doing a DB lookup to something
  7. Check the code line by line maybe its trying to access some other view, DB, agent etc…
  8. Check if I am pointing to the correct address book on the server I made the change.
  9. Open the address book to ensure the settings there
  10. Ensure that my user is using the same server/ replica I am
  11. Maybe the settings are cached, log off, log on the user and try every thing over again.

Right about now I am pulling my hair out and am starting to hate all the security features of notes that I have always loved.

I take a break, go home and go thru the same exact process again the next day!!!  My deadline has already been passed and I still cannot figure out whats going on.

Finally I get a lucky break, I start testing other documents in that DB and I am able to create them just fine.
Do a little more investigation, go over the code and finally I get a lucky break.
The dam author access field is set to [Admin].
Now every thing makes sense why the ACL was so messed up, nobody could figure out what was wrong so they just kept promoting user access until they could wright to the database.
Alright that’s fine but what do I do now, there is no way I can add the new company to this role, they would be able to see and edit all docs.
After taking a deep breath I simply added a creatorfield set it to @username and was finally able to relax.
Dam you AuthorAccess Field, you wasted 2 days of my life!!
A good lessoned learned, from now on, I am checking the Author field first!!!
I will enjoy the moment and later go back and figure out how this DB will work when I remove the Admin role from everyone!!!
Wish me luck.
JT
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s