HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Add a new idea Subscribe
Status Needs Review
Workspace Domino
Categories Administration
Created by Guest
Created on Oct 17, 2022

RELATED IDEAS

ACL Group Entries based upon values in a Document


You can currently manage the ACL with code, it gets complicated when you start wanting to change many entries in the ACL. Imagine an application where you have three groups, Readers, Authors and Managers. You could add those groups the NAB and add the groups to the ACL, then the code only has to manage the contents of the group.

Great. Now imagine that there are 300 databases of that application, so each db requires it's own group in the NAB, so 300 x 3 = 900 Groups. Many companies are reluctant to do allow this.

Imagine instead that you had one of the new fangled named documents in the database. You could have three named documents in the db, one for Reader, one for Author, one for Managers.

You could make it so that the ACL entry could be something like NamedDoc:<<NamedDocName>>:<<FieldName>>

Where the ACL would use the contents of the named document, passed field name for it's contents.

From a programming point of view, the management of the ACL group entry becomes much easier, and the ACL changes wouldn't require Admin rights to a db, just rights to update the Named Document.

  • Attach files
  • Admin
    Thomas Hampel
    Reply
    |     May 15, 2023
    Updating / managing reader /author name fields is quite a resource intensive task -(AdminP) will have to loop through all NSFs and all docs, which in large environments can take a long time.
  • Admin
    Thomas Hampel
    Reply
    |     May 9, 2023

    Essentially you are proposing to remove ACL groups from the NAB into the app itself. Would this not make administration more complex? e.g. how/where would you be able to see who got access to a database?

    1 reply
  • Guest
    Reply
    |     Oct 17, 2022

    "The named document would be stored in that NSF itself? So in order to access this doc, one would need to have at least reader access to the NSF? Wouldnt this cause a Schroedinger‘s cat problem?"

    The entire ACL wouldn't be stored in the NamedDoc, just specific ACL entries. So no the cat would still be dead ;)


    1 reply
  • Admin
    Thomas Hampel
    Reply
    |     Oct 17, 2022
    The named document would be stored in that NSF itself? So in order to access this doc, one would need to have at least reader access to the NSF? Wouldnt this cause a Schroedinger‘s cat problem?
Copyright © 2023 HCL Technologies Limited