开发者

Securing Hidden Views in Lotus Notes

开发者 https://www.devze.com 2023-02-11 05:45 出处:网络
In Lotus Notes hidden client, hidden views are not shown by default but you can further hide them by using outlines.

In Lotus Notes hidden client, hidden views are not shown by default but you can further hide them by using outlines.

But a user can gain access to hidden views by following either of the following

  • Right click on the database bookmark, "Application" -> "Go To" while holding CTRL+SHIFT
  • User opens database and goes to "View" menu and click on "Go To" while holding CTRL+SHIFT

In these scenarios users can see any hidden views or views which are only hidden on the outline.

Is there any way to hide those views aside from creating a reader list for each vie开发者_如何学Gow?


Assuming that you do not require the documents in the view to be hidden. Ben's response is quite good. But I am not a big fan of Reader lists in view designs, even if you're using ACL roles to manage them. Reader view lists are notoriously hard to maintain, and easily overlooked later when debugging user issues.

If you want to prevent UI access to the view but still permit the user access to the documents via the application programmatically, you will need to goto the view's "QueryOpen" event in the Domino Designer and insert the the following code.

Sub Queryopen(Source As Notesuiview, Continue As Variant)
    messageBox "Not authorised to access this view"
    Continue = false
End Sub

This should prevent a user opening the view via the UI as you described, but allow the application to use it where required. And if so desired later on, you can programmatically control when those views can be access by the UI. I have had a couple of instances where I have had to create control objects that determine which type of user can open/paste documents into a view.

My answer is on the basis you just want to prevent people accessing views. But if you need to actually hide the documents in the view, then you need to consider document level security, and then design your application around that. Admittedly, this will increase the complexity of the application because, if required, you'll need to use agents to run on someone else's behalf in order to act on the documents the user can't see.


Unfortunately, there is not. The only true way to secure anything in Lotus Notes is via the reader lists at the document level, or access control lists at the database or server level. VIews, Forms, etc are just design "documents", so they need to have reader lists applied.

Those other tricks usually suffice if there isn't highly sensitive data. Many users don't figure out that means of displaying hidden views, but of course once they do it's all over :)


Even if you protect your views, any user with at least reader access can make user defined view with all documents. So I think this attempt is silly - don't waste your time.

0

精彩评论

暂无评论...
验证码 换一张
取 消