Yes..."IM" here to help
Category None
Today started as a typical morning, with the need to get an email out first thing, API code to write before noon, and a looming proposal that I really meant to get out on Friday...before I discovered I would be in Atlanta Tuesday and needed to plan a bit.
Anyway, I thought I'd share one of the things that happens when I am in the office, with my Trillian or Notes-integrated Sametime turned on. Because Sametime Links is enabled for presence awareness and chat on my blog, corporate web site, and my public forum postings on LDD, there are about 500 pages on the internet where I can be "pinged".
Some people will chide me for "free consulting". I don't care, I like this stuff and am even known to be passionate about it.
Note: The name has been changed for privacy purposes...
Today started as a typical morning, with the need to get an email out first thing, API code to write before noon, and a looming proposal that I really meant to get out on Friday...before I discovered I would be in Atlanta Tuesday and needed to plan a bit.
Anyway, I thought I'd share one of the things that happens when I am in the office, with my Trillian or Notes-integrated Sametime turned on. Because Sametime Links is enabled for presence awareness and chat on my blog, corporate web site, and my public forum postings on LDD, there are about 500 pages on the internet where I can be "pinged".
Some people will chide me for "free consulting". I don't care, I like this stuff and am even known to be passionate about it.
Note: The name has been changed for privacy purposes...
John Doe/Guest (8:34 AM) John Doe (jdoe@someone-needing-help.com) wants to chat with you.
Rob Novak (8:35 AM) Hi John Doe
John Doe/Guest (8:35 AM) Hi Rob how are you
Rob Novak (8:35 AM) Good, how about you?
John Doe/Guest (8:35 AM) Rob I am a Senior Notes Web Developer from Canada and have a quickplace question if I can ask you
Rob Novak (8:36 AM) Sure - if you don't mind some pauses. I have an email to send out right away. I can multitask it....go right ahead.
John Doe/Guest (8:37 AM) I have been trying to do as much quickplace customization but I have stumbled in probably a quickplace limitation
John Doe/Guest (8:37 AM) We are using quickplace 3.0 on Domino R5 server
Rob Novak (8:37 AM) OK
John Doe/Guest (8:37 AM) and on our place, I wanted to set anonymous to NO Access
John Doe/Guest (8:37 AM) but allow read of public documents
John Doe/Guest (8:38 AM) so some documents in the place are publicly accessible using that feature by adding field $PublicAccess = 1 but the other documents that do not have that field are protected by Sign In
John Doe/Guest (8:39 AM) But the $PublicAccess does not work in quickplace
John Doe/Guest (8:39 AM) as far as I have done.
John Doe/Guest (8:39 AM) It still tells me to authenticate to those documents
John Doe/Guest (8:39 AM) what am i doing wrong ?
Rob Novak (8:40 AM) Right - QP doesn't always conform to Domino expectations for authentication, as it processes logins through a more complicated algorithm.
Rob Novak (8:41 AM) The scenario won't work, and the reason is that more than just a "document" on a QP page are protected and require authentication information. The TOC for instance computes. Design elements are late-binding documents instead of traditional Domino forms.
Rob Novak (8:41 AM) QP7 has "Default" as a new option, which would work for most of what you say, still requiring authentication but not requiring you to put someone in the ACL
John Doe/Guest (8:42 AM) but in current QP 3 is there any tweaking i can do to make public access documents work ?
Rob Novak (8:42 AM) No
Rob Novak (8:42 AM) Like I said, there is a lot more on the page than the document
Rob Novak (8:43 AM) the form presenting the document, for instance (Page) is truly about 12 documents
Rob Novak (8:43 AM) as are the theme files
John Doe/Guest (8:43 AM) i know what you mean there are multiple subforms in the main form h_PageUI
John Doe/Guest (8:43 AM) and right the theme files
Rob Novak (8:43 AM) it's not the subforms in haikucomomonforms though that require authentication
Rob Novak (8:44 AM) it's the underlying documents that make up the late-binding elements of a QuickPlace page
Rob Novak (8:44 AM) each of those would have to be accessible
John Doe/Guest (8:44 AM) i see what you mean
Rob Novak (8:44 AM) Will you be upgrading anytime soon?
John Doe/Guest (8:44 AM) so in short there is no way to make it work
Rob Novak (8:45 AM) (QP3 is end-of-life in April)
John Doe/Guest (8:45 AM) no we are not planning yet
Rob Novak (8:45 AM) It won't matter for this. I think you need to change the approach
John Doe/Guest (8:45 AM) is the upgrade from QP 3 to 7 seamless
Rob Novak (8:45 AM) Fairly, depending on customizations and use of JS variables
John Doe/Guest (8:45 AM) then how do you think I can approach it in another way ?
Rob Novak (8:46 AM) They are unobfuscated in QP7.
John Doe/Guest (8:46 AM) ie. make documents anonymously accessible for selected and others secured
Rob Novak (8:46 AM) Why can't you use Anonymous for this?
John Doe/Guest (8:48 AM) because if I use anonymous as reader then I have to updated h_Readers field in all docs in the place to secure them. If I use anonymous as NO Access, then I do not have to populate h_Readers field with members to secure it. Do you know what I mean ?
Rob Novak (8:48 AM) Yes
Rob Novak (8:49 AM) How about moving the sensitive documents to a room a securing it
Rob Novak (8:49 AM) One change
John Doe/Guest (8:49 AM) that may be an idea
Rob Novak (8:50 AM) Farily typical setup - public documents in main.nsf and maybe even another room (for organization) and secured documents in other rooms.
John Doe/Guest (8:51 AM) but currently we have a placetype with the documents in the main.nsf and I do not want to make big change to current design of placetype
John Doe/Guest (8:51 AM) i want to keep the documents where they are currently
John Doe/Guest (8:52 AM) I am just thinking of Domino uses special roles or fields like $Anonymous that can be used to make them public or protected
John Doe/Guest (8:52 AM) Do you know of any special roles or fields ?
Rob Novak (8:53 AM) If you opened all of the reference documents (system) it might work, but I would never suggest that.
Rob Novak (8:53 AM) It'd be overwritten with an upgrade, maybe even the design task.
Rob Novak (8:53 AM) Can I be honest?
John Doe/Guest (8:54 AM) yes
Rob Novak (8:55 AM) Don't take this wrong, but you can't get what you want (security) that way, and you're pretty much hacking at it to get around something that has a standard solution. I'd make the placetype change, modify the places' structure and be confident knowing it will survive the next two versions' upgrade.
John Doe/Guest (8:55 AM) yeah you are right
John Doe/Guest (8:56 AM) i should also be considering about future upgrades
Rob Novak (8:56 AM) And it's way too early in the morning for me to be right about anything
John Doe/Guest (8:56 AM) can i ask you something ?
Rob Novak (8:56 AM) Of course
John Doe/Guest (8:56 AM) all documents open using the form h_PageUI
John Doe/Guest (8:56 AM) can the documents use another customizable form instead ?
John Doe/Guest (8:57 AM) just a thought what do you think ?
Rob Novak (8:58 AM) h_PageUI is actually part of the late-binding architecture in QP. It is the container (not so much a form as a design element conduit for other forms).
Rob Novak (8:58 AM) You can modify a lot of QP in HaikuCommonForms.ntf
Rob Novak (8:58 AM) But it's not reasonably easy until 6.5.1, and better in 7
John Doe/Guest (8:59 AM) i see i guess not easy to do customization in QP 3
Rob Novak (8:59 AM) Form customization takes this path: If you can do it with an HTML form, do it there, then investigate the theme, then HaikuCommonForms.
Rob Novak (9:00 AM) Depends on how deep the customization is, but we've been doing it as one of our consulting practices since 2.08
John Doe/Guest (9:00 AM) sorry one more thing to ask document security with roles is that a good idea to go with ?
Rob Novak (9:01 AM) Such as [h_Manager] ?
John Doe/Guest (9:01 AM) ie. h_Readers currently contains member names or group names in our places
John Doe/Guest (9:01 AM) no I mean our own custom roles we define
John Doe/Guest (9:01 AM) like c_Readers
John Doe/Guest (9:01 AM) and c_Authors
Rob Novak (9:01 AM) Sure you can do that. We've done it before
Rob Novak (9:02 AM) Not too commonly, but it works.
Rob Novak (9:02 AM) I prefer to use an internal group and resolve it for security. It puts the group management in the hands of the end users.
John Doe/Guest (9:02 AM) but is c_Readers , c_Authors a QP used name for something else like h_Managers in QP 6.5.1 or 7
Rob Novak (9:02 AM) And is more easily explained than roles (ACLs are an abstract concept for users)
Rob Novak (9:03 AM) No, all c_ names are your own making.
John Doe/Guest (9:03 AM) I looked at groups a little bit and not sure how it works exactly
Rob Novak (9:03 AM) I'd be sure not to create a field name of one of them on a form, it could confuse things
John Doe/Guest (9:04 AM) so how do groups work ? you create them and then what do they do ? because I created one and then when to members page and did not see them there
Rob Novak (9:04 AM) Internal groups create a document in the contacts1.nsf, and populate it with names. Then a view is available in contacts1.nsf, and you can use it to resolve names sith some script.
Rob Novak (9:04 AM) The Groups link on the members page is where you manage them.
Rob Novak (9:05 AM) You can then use the internal QP group for security in rooms, or programmatically.
John Doe/Guest (9:06 AM) I tried groups in main.nsf but did not see them in members page i was confused
John Doe/Guest (9:06 AM) Rob sorry to take up so much of your time i know you must be very busy and you have been very helpful in answering my questions
Rob Novak (9:06 AM) Yes the members page shows external.internal members and LDAP/directory groups.
Rob Novak (9:07 AM) Create a group, put some people in it, then it's available in lots of places in QP where you normally choose a "Person". Like room security.
Rob Novak (9:07 AM) No problem.
Rob Novak (9:07 AM) May I have your premission to reprint our chat with your name & email changed?
John Doe/Guest (9:08 AM) i could not have gone forward without your help.
Rob Novak (9:08 AM) I have a blog - people like reading this stuff....
John Doe/Guest (9:08 AM) can i have the web address to the blog
Rob Novak (9:08 AM) Sure: http://www.lotusdigerati.com
John Doe/Guest (9:09 AM) hello?
Rob Novak (9:09 AM) Yes sorry, chat dropped
John Doe/Guest (9:09 AM) sorry Rob i guess when i clicked the URL you sent me somehing happened
John Doe/Guest (9:10 AM) sure you can make it public
Rob Novak (9:10 AM) Thanks - it might help somebody else.
John Doe/Guest (9:10 AM) can i preview before you make it public ?
Rob Novak (9:10 AM) Certianly, it's just going to be this transcript.
John Doe/Guest (9:11 AM) ok can i have a copy of this transcript ?
Rob Novak (9:11 AM) Yep. It's two now, I'll append them and send to you as soon as we close this.
Rob Novak (9:11 AM) I'll just change the name and drop the email.
Rob Novak (9:13 AM) Thanks and good luck
John Doe/Guest (9:13 AM) whats your email if I can contact you directly ?
Rob Novak (9:14 AM) rnovak@snapps.com - you'll have my reply info in the transcript I send you in a moment
John Doe/Guest (9:15 AM) ok thanks for all your help Rob very helpful.
Rob Novak (9:15 AM) sure no problem
John Doe/Guest (9:15 AM) talk to you later
Rob Novak (9:16 AM) bye
John Doe/Guest (9:16 AM) bye
