SearchDomino.com September 5, 2001 Admin Tip: Reader fields -- an oldie but goodie ================================================= SPONSORED BY: Softquest ================================================= Are you upgrading to R5 or Rnext? Let InstallPump help you save time and money! InstallPump is the only complete software distribution solution that is geared specifically towards deploying and managing Lotus Notes client software. With InstallPump, Domino administrators can perform software upgrades from a central location. DOWNLOAD YOUR FREE COPY OF INSTALLPUMP TODAY AT http://installpump.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ================================================= CONTENTS: [1] Chuck Connell's Security Tip [2] Ask the Security Expert [3] Reader feedback [4] Featured book ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The searchDomino.com weekly Administrator tips feature one tip per month dedicated to security issues, featuring expert security advice from Chuck Connell, president of CHC-3 Consulting (www.chc-3.com), a consultancy that helps organizations with all aspects of Domino and Notes. If you have a specific security topic that you'd like Chuck to cover or comments about a tip, email us at [EMAIL PROTECTED], or pose a security question to Chuck Connell in Ask the Experts section: http://searchdomino.techtarget.com/ateQuestion/0,289624,sid4_tax287305,00.html Feature Tip: Reader fields -- an oldie but goodie Reader fields have been part of the Domino security architecture since the Mesozoic Era. Even so, they are not well understood by all Domino administrators and developers. This is unfortunate, since Reader fields offer one of the simplest, yet most powerful, security features of Domino and Notes. This short article will present an overview of Reader fields, so you will know where they might be helpful to you, mention some important side issues related to Reader fields, and provide pointers for further information. SUMMARY OF READER FIELDS Reader fields are Domino's per-document security method. In other words, Reader fields are used to grant (or deny) access to specific documents for specific users. The Domino server handles this work invisibly, so that users never see the documents they are not allowed to see. To implement Reader fields, you create a field (with any name) on the form and designate the field as type Readers. The contents of the field can be created in any way you want -- calculated when a document is created with the form, chosen manually by the document's author from a picklist, etc. When a document has a Reader field, the Domino server will only show that document to users who: a) have at least Reader access to the database in the ACL, and b) are listed in the Reader field of the document. Reader fields can also contain role names (and the roles can be assigned to groups) to provide great flexibility. Reader fields are useful in many situations. For one example, imagine that you have a database which contains sales leads for all the salespeople in your company. But suppose that you don't want salespeople to see one another's leads. You can do this easily with Reader fields. Add a field named WhoCanSeeThis to the contact form. Set the field to type Readers and make it a Computed field in a hidden paragraph. Calculate the contents of the field (salesperson name) based on the first 3 digits of the Zip code (or however sales territories are assigned). Whenever salespeople open the database, they will see only their own sales leads. Leads in other sales territories simply will not appear in any view. COROLLARY: USE REAL NAMES ON FORMS A corollary to Reader fields is to use real Notes-style names whenever you include names in a form design. Then, if you later want to add a Reader field to the form, you already have the right names. To see how important this is, imagine that you don't do it. Suppose you have a field on a document with names like "Smith, John" and "White, Betty". If you want to add the Reader feature, these names will have to be translated (a potentially tricky process) to Notes-style names such as "John Smith" or "John Smith/ACME". COROLLARY: DON'T ROLL YOUR OWN DOCUMENT-LEVEL SECURITY Another corollary to Reader fields is to let Domino do this work for you. Some applications attempt to simulate the same feature by checking for document permission in a QueryOpen event. The QueryOpen code compares the user's name to a list of allowed names, then disallows the open event if the user is not authorized. There are several problems with this. The first is that there is no reason to write code for a feature that you can get with no coding! Second, a clever user probably can get around the security check, so your security is not very secure. FOR MORE INFORMATION Here is an article that presents a broad discussion about Domino/Notes Security, with one section dedicated to Reader fields: http://www.notes.net/today.nsf/cbb328e5c12843a9852563dc006721c7/71102330e24a7ce5852564b5005e3682?OpenDocument Here is a short sidebar to another article and also covers Reader fields well: http://www.notes.net/today.nsf/625c2f03e734191a85256468005e76f6/f4268ab5fe50e95085256571006ef94f?OpenDocument Also see the Domino R5 Designer Help (which comes with the Domino product), click on the Index view, then type "readers". --- Chuck Connell ================================================= ------------------------------------------------- READER FEEDBACK ------------------------------------------------- In a recent question from a reader, I addressed the issue of system administration people being able to read users' email messages. I said that, to some extent, you just had to trust system admin people. Reader Douglas Butler responded with some helpful information about how his company handles this situation. Here is what he wrote.... I have worked for two different companies as the Domino Administrator. In both cases, we turned on mail encryption on the server (in NOTES.INI in R4 and in the server configuration document in R5). In addition, we add an entry for "[Notes Administrators]" to the ACL of the mail template (eg. MAIL50.NTF) as a "Person Group" with "Manager" access, but (to prevent mistakes) no delete privileges. The square brackets around the template ACL entry ensures that Notes Administrators will, by default, have manager access to all newly created mail files (existing mail files can easily be updated by mailing a button-based script to all users). When new users are created, either the user types in their password directly, or an administrative clerk enters a temporary one of her choosing. The clerk does not get access to the ID file, and the Administrator does not know the password. Finally, we tell all users that there is absolutely no reason to give out their Notes password. So, now we have the following: Notes Administrators have full manager access to all user mail files, but (because of forced mail encryption) cannot read the mail; Any activity we do perform is recorded in the logs under the name of the administrator actually performing the work - not under some ID that they also know the password to; Maintenance is much easier, because we are always working under our own IDs. (Thanks for helping Doug!) Chuck Connell ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ================================================= ------------------------------------------------- ASK THE SECURITY EXPERT: ------------------------------------------------- Here are some security questions presented to Chuck Connell on searchdomino's Ask the Expert forum. Pose a security question to Chuck here: http://searchdomino.techtarget.com/ateQuestion/0,289624,sid4_tax287305,00.html QUESTION: I have set the default level in the ACL so that users cannot create shared or personal views or folders within the database we are using. Everything is running local on the user's station. For the present, we are not using the server. However, we find that users have full access to do anything they want with the database. Our goal is to stop users from deleting/creating/renaming views and folders of any kind within the application. ANSWER: If I understand this correctly, here is what you are doing... You have created a Notes application. You gave each person a separate physical copy of the application, and put it on each person's computer. Then you adjusted the ACL of each copy to control what that person can do in the application. Assuming I have this correct, the problem is that it won't work. Notes enforces most of its security settings by working with the Domino server. Notes basically assumes that you are using a Domino server to hold the databases. Most security features are simply turned off when you have your own local copy of a database. QUESTION: Chuck.. how did you suppress someone hitting /$DefaultNav? I have created some $$ViewTemplate forms which works well but someone can still see the listing. Any ideas? Thanks for a great resource. ANSWER: This one sent me to the search boxes on the Lotus and Iris Web sites. I'm glad you asked though, because I knew there was a way to do it, I just forgot what it was. The following post on Notes.net tells you everything you need. It references an article that originally appeared in The View. http://www.notes.net/46dom.nsf/Search/d63e52236875911f852569710054cfb9?OpenDocument ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ================================================= FEATURED BOOK ================================================= White-Hat Security Arsenal: Tackling the Threats by Aviel D. Rubin Whether you are an IT professional, a system administrator, an academic, or simply a regular Internet user, White-Hat Security Arsenal is full of information you can't afford to miss. Using a problem-oriented approach, Rubin walks you through everything from protecting against network threats to using credit cards on the Web. Each chapter begins with a problem statement, continues with a description of the threat, explains the technologies involved, and then offers solutions. Chapters conclude with one or more case studies. http://www.digitalguru.com/DigitalGuru/product_detail.asp?catalog_name=Books&category_name=&product_id=0201711141&partner_id=60 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ================================================= Disclaimer: Our tips services and online tips exchange are a way for you to learn from other IT professionals and share technical advice and expertise with your peers. Techtarget.com provides the infrastructure to facilitate this sharing of information. However, we can't guarantee the accuracy and validity of the material submitted. You agree that your use of the searchDomino.com tips services and your reliance on any questions, answers, information or other materials received through searchDomino.com will be at your own risk. ================================================= NOTIFY US WITH FEEDBACK ================================================= If you have a specific security topic that you'd like Chuck to cover or comments about a tip, email us at [EMAIL PROTECTED] ================================================= If you would like to sponsor this or any TechTarget newsletter, please contact Gabrielle DeRussy at [EMAIL PROTECTED] ================================================= If you no longer wish to receive this newsletter simply reply to this message with "REMOVE" in the subject line. Or, visit http://searchDomino.techtarget.com/register and adjust your subscriptions accordingly. If you choose to unsubscribe using our automated processing, you must send the "REMOVE" request from the email account to which this newsletter was delivered. Please allow 24 hours for your "REMOVE" request to be processed.
