: 4582 | 108668 | 12353
|
: 26 : 29 : 3 |
Readers field security is a wonderful thing.
My idea is to add a new data type to Domino which offers the exact opposite of the Readers data type, that is, if a name, group or role is listed in a field of this type then that person, group or role will not be able to see the document.
This would make Domino so much more flexible when designing and implementing highly complex security models.
|
1) Bas van Gestel2808 (08 Mar 2011)
I promote because more flexibility in security would indeed be nice.
I am however not convinced that it should be an extra field type. I there is a NoReaders field, then there also needs to be a NoAuthors field.
What if you have both a reader field and a noreader field, which one would be used?
I would like more flexibility in deletion rights as well, so add a Deletors and NoDeletors fields??
IMHO it would be based have a new property on document level which is inherited from the form properties in which you can define who can/cannot read, edit or delete the document. Here you could select names or choose to use a formula.
This would make Reader and Author fields obsolete.
I am however not convinced that it should be an extra field type. I there is a NoReaders field, then there also needs to be a NoAuthors field.
What if you have both a reader field and a noreader field, which one would be used?
I would like more flexibility in deletion rights as well, so add a Deletors and NoDeletors fields??
IMHO it would be based have a new property on document level which is inherited from the form properties in which you can define who can/cannot read, edit or delete the document. Here you could select names or choose to use a formula.
This would make Reader and Author fields obsolete.
2) Bruce Lill6687 (09 Mar 2011)
It would have to be an added field, why not just allow the "!" operator so "![managers]" would prevent anyone with the managers role from reading the document.
The question on which should over ride go with the ACL method where you get the higher authority
The question on which should over ride go with the ACL method where you get the higher authority
3) Pantelis Botsas76 (20 Jul 2011)
The suggestion that Bruce Lill has made would perfectly fit my needs.
But the field Deletors is something I would like to see also.
But the field Deletors is something I would like to see also.
4) Kenneth Axi1694 (04 Sep 2011)
This is totally unnecessary - You will accomplish exactly the same thing by setting a readers field and NOT having the [managers] role in it - then the managers would not have readers access to the document.
I don't like turning around the security model 180 degrees - if You add a readers field - then everything should be locked out unless specifically stated in the readers field. The other way around; have all access except one role/group/person will open up for the possibility that You forget to add a name/role/group in the field and they will have access to something they shouldn't. This scenario is much less likely when access is turned off by default and turned on for each member.
I don't like turning around the security model 180 degrees - if You add a readers field - then everything should be locked out unless specifically stated in the readers field. The other way around; have all access except one role/group/person will open up for the possibility that You forget to add a name/role/group in the field and they will have access to something they shouldn't. This scenario is much less likely when access is turned off by default and turned on for each member.
Welcome to IdeaJam
You can run IdeaJam™ in your company. It's easy to install, setup and customize. Your employees, partners and customers will immediately see results.
Use IdeaJam to:
- Collect ideas from employees
- Solicit feedback and suggestions from employees and customers
- Run innovation contests and competitions
- Validate concepts
- Use the power of "crowd-sourcing" to rank ideas and allow the best ideas to rise to the top
IdeaJam™ works with:
- IBM Connections
- IBM Lotus Quickr
- Blogs and Wikis
- Websphere Portal
- Microsoft Sharepoint
- and other applications.
IdeaJam has an extensive set of widgets and API's that allow you to extend and integrate IdeaJam™ with other applications.
Learn more about IdeaJam >>
IdeaJam developed by
