Wednesday, March 12, 2008

Securety for different parts of document. 1-st approach.

Let's say we have one document and it contains couple different areas, for example 1 part of document contains information about salary of employee and another one contains information about family of employee. Of course, fields that contains information about salary have to be hide from all eyes except special role (Finance department). Information about employee's family also has to be hide from all except (HR department). Application should work in Lotus Notes client and in WEB also.
We can't just hide fields using "hide formula", because smart users can use next approach and they can found fields with salary. But it should be private information.
So, I propose next approach, we can create one main document and N response documents (it depends on how many areas you have). Each response document will contain information about special area and also will contain information about Readers, in our case it will be 2 documents - 1 for Salary information + Readers field = "Finance department" and another one for HR department. All others manipulations it is only game with QueryOpen and QuerySave event in Client and Web.

Simple chart :-).
What I did:
1) on QO event I put code that take all data from response documents and put to main document. It is very usefull to use NotesItem.SaveToDisk = false in QO event, because in this case you can forget about removing values in QS event from main document.
2) on QS event I put code which takes values from main document and put data back to response documents.

Probably it is not the best way but it works.

Any new idea would be appreciate ! ;-)

1 comment :

Yuriy Pastovenskyy said...

Hi, brother.
Your approach is good and clear understood, but I would say it has some shortages.
The main disadvantage from my point of view is that users will not be able to work offline with such app. without special manipulations (and may be at all).
Readers fields with groups names inside, will not be expanded in local replica (just because Groups definition left on server). If you decide to keep usernames directly inside of Readers fields, then you have to warry about:
- new employees to existing departments
- dismissed employees
etc...
All such occurrences force you to refresh Readers fields.
In a word, it looks like a horroble stuff.

I suggest you to think about native capabilities of Lotus Notes security.
For instance, solution can be the next: LN admins generate few secret keys, fan out them between required employees.
Developers set necessary fields to use this keys - that's it.
In such case there are next advantages:
- less documents
- users can work offline
- even if database is stolen, approach with secret keys is more secure then with Readers fields

Of course, this way has its own shortages...