Issue with name change and readers/authors (aka Names) fields
Category Domino Development Domino Administration Lotus Notes and Domino Issues
Bookmark :
I have just discovered an issue that I would like to share with other Domino developers and administrators.
The ACL of each database has a setting on the Advanced tab that specifies an action that should be performed by the server listed as the Administration Server on the ACL (the one with the gold key icon next to it) in the event of the user name change. I discovered that a default value for this setting is "Do not modify Names fields". This can create lots of problems if you use Readers or Authors (aka Names) fields in your design to restrict users' access to individual documents inside your application. When a user gets his/her name changed (marriage, divorce, etc.), the Administration Process task running on the designated Administration Server for your database updates his/her old name to the new name on anything that it can find, including the Names fields. However, with this setting configured to "Do not modify Names fields", the update will never happen and the user will be locked out of the documents he/she previously had access to. This is bad. Nobody wants that, I'm sure...
Another issue can arise if you do not have any server on the ACL designated as Administration Server, or if you designated a server that does not host a replica of your database. Your Names fields will not be updated even if the above setting was set correctly.
I would like to urge you to go through all the applications that you developed where you made use of the Names fields, or even restricted the access to views using view properly settings (security tab) and ensure that the ACL of those databases is configured correctly:
Bookmark :
I have just discovered an issue that I would like to share with other Domino developers and administrators.
The ACL of each database has a setting on the Advanced tab that specifies an action that should be performed by the server listed as the Administration Server on the ACL (the one with the gold key icon next to it) in the event of the user name change. I discovered that a default value for this setting is "Do not modify Names fields". This can create lots of problems if you use Readers or Authors (aka Names) fields in your design to restrict users' access to individual documents inside your application. When a user gets his/her name changed (marriage, divorce, etc.), the Administration Process task running on the designated Administration Server for your database updates his/her old name to the new name on anything that it can find, including the Names fields. However, with this setting configured to "Do not modify Names fields", the update will never happen and the user will be locked out of the documents he/she previously had access to. This is bad. Nobody wants that, I'm sure...
Another issue can arise if you do not have any server on the ACL designated as Administration Server, or if you designated a server that does not host a replica of your database. Your Names fields will not be updated even if the above setting was set correctly.
I would like to urge you to go through all the applications that you developed where you made use of the Names fields, or even restricted the access to views using view properly settings (security tab) and ensure that the ACL of those databases is configured correctly:
- always list one of the servers as the Administration Server
- make sure your database has a replica on that server
- make sure Administration Process is in fact running on that server (check with your admin)
- always set "Action" to "Modify
all Names fields" to allow user names in Readers/Authors (and
other) fields to be updated by the admin server when any user gets renamed.
I will also suggest to IBM that they change the default value for this setting to make things easier for us.
