I'm struggling to find an answer to this one one way or the other, but can I affect the workspace from Lotusscript? I am developing a lotus notes application that opens other lotus notes databases, however at the moment each time one of them is opened it leaves behind a dangling reference on the workspace. Is there a way I can prevent the regency being created, delete it once it's created, or have them all cleared off a user's workspace via a domino policy?
The NotesUIWorkspace.OpenDatabase() method has an optional argument (see doc here and note the 'temp' parameter) that you can use to prevent adding databases to the workspace.
Related
We have a (super)user who has been using VBA in an Excel spreadsheet to create and manipulate documents in a Domino database application.
The user has 'Editor' access to the application, and should normally be able to create/edit the document contents.
They have been, however, creating documents using VBA. That logic doesn't consider such important document fields as Readers, Authors, etc. .
We would like to restrict access to all Domino data so that it can only be created/modified using an IBM Notes client.
I have tried looking through the ECL, but that only restricts what 'others' do.
Since he has his Notes client available, the external logic is using his normal Notes credentials.
I have tried setting a hidden field with the Notes client and looking for that in the QuerySave event of the form design.
Unfortunately, the external code pays no attention to the form events and the save is executed despite the missing field.
Similarly, the Database Script has no bearing on the execution of external logic.
I was going to inspect the client version upon database open and restrict activity based on a variance in the version (I was hoping!).
I have de-selected the 'Don't prompt for a password...' option in the user security preferences, but that has no effect at all (suspected as much!).
The ONLY thing I have been able to suggest is to hide the database design... That's really only designed to thwart a user's efforts to understand the underlying design.
It won't prevent them from creating hundreds of thousands of documents with a fictitious form and throwing the app into disarray.
I'm hoping that there is a solution out there that I'm missing.
The user has been instructed not to undertake such activity in the future.
We were lucky that there really wasn't any malicious intent - "Just trying to be more efficient" we're told.
The effects of the activity have been remedied, and the user has been warned.
What I want to know is... how can I prevent this from ever happening again?
The circumstances are rare I know, but I would've thought there'd be a means of restricting the platforms used to manage Notes/Domino data.
Is there a way to ensure no external applications are able to access, create or modify Notes database documents?
I am currently focussing on access to Notes via COM.
I thought that, if I unregistered 'nlsxbe.dll' from the registry, that would prevent such activity - It has not.
I also tried removing the .TLB files from the Notes executable folder - removal of 'notes32.tlb' and 'domobj.tlb' have no effect at all. Removal of 'ltsci3.tlb' screws everything up (as expected!).
I'm really having no luck at all - Any/all suggestions would be most appreciated!
I'm not aware of any way to detect that a connection has been made by standalone code instead of by the Notes client, but you do have two paths available to you:
A Domino server add-in that prevents documents from being saved in that particular database if certain criteria aren't met.
An agent that is triggered to run shortly after documents are saved or modified in that particular database. The agent code can delete (or modify, if you prefer) the documents that don't conform to the required criteria.
The server add-in route would normally require coding in C, but thanks to the Open NTF Trigger Happy project, the hard part is done for you, and the rest can be filled in with either LotusScript or Java agent code that is "triggered" by the pre-written C code. You will need to have some basic knowledge of how the Notes Extension Manager interface works, but once you get past that and write your agent code to enforce your data consistency/integrity requirements, the only real hurdle is your willingness to host open source code on your server.
There may be two other possibilities, but I can't say if either will solve or deal with the issue...
In the ECL you can disable 'COM' access for the user (also known as OLE or ActiveX) automation since VBA access is usually via COM. This has stopped Notes using external COM access for me, but I don't know if also prevents VBA using Notes. Additional steps may be needed to enforce the ECL and apply to the specific users.
There is an (old) notes.ini 'DisableExternalApps' (or something similar) that disables some external access. This can affect many things (DDE/Prompts/#dblookups) but again I don't know if this will disable VBA/COM and its not user specific, but server wide.
I would have thought that removing the nlsxbe.dll or restricting access to execute it might work, but the ECL may be the best bet.
Alternatively, rather than add hidden flags to your design (and the documents), and then delete the offending documents, your agent could apply the correct author/reader fields to the documents instead.
Very tricky. Did you find a better solution?
I recently made changes and created two forms in a database residing in a production server. When I sent out the link, the users are getting this error:
Unable to create document, database does not contain design.
I suspect that the database residing in their Workspace is not getting the latest design elements (not in-sync). I tried asking one user to remove the database from her Workspace, sent the link to the database to open it again, and click on another link which I provided to open up the two forms and she was able to access the forms.
May I ask if there's any other way I can do for them to not delete it from their Workspace and re open it again so it will get the latest design elements? Should I request the Notes Administrator to perform some codes in the console?
Form designs are cached by the Notes client, presumably to aid performance. As far as I know, it's not possible to disable the caching.
If users have a database open when you modify or add forms, it's usually necessary for them to close and reopen the database to see the design changes, but they shouldn't ever have to remove the database from the workspace and re-add it. I don't think there's any way to avoid having to reopen the database.
I have seen a problem affecting several users at one customer where Notes wouldn't update its design cache, no matter what they did inside the client. The only solution I found in that case was to close Notes, delete a file named "cache.ndk" from the root of the Notes data directory, then restart Notes. It's been 2 or more years since this last occurred, so it might have been fixed in some version of Notes.
I have a configured a retention policy on a document library, the document should be moved to another location (Drop Off library) after certain amount of time. This doesnt seem to be working.
Please note that I have configured the Content organizer feature and "Send To" connections in Central Admin. I also have changed the trigger time for Information Policy and expiration policy job to run every 2 mins and 5 mins respectively.
Am i missing anything, because the functionality is not working and there is no error being thrown. All i can see is that the retention action is displayed as completed in "Compliance details" tab after sometime, but documents havent moved to drop off library. Also other retention action such as move to recycle bin work perfectly fine.
Please help.
Thanks in advance
If Move to recycle bin is working but Transfer isn't, I'm assuming your destination site is the same as the source. If so, this is not going to work because according to Microsoft support
It was as per design. If you try to move documents to a different location using Retention policy, you have to move it a library in a different site collection. Preferably ‘Records center‘ site collection. Main idea of Microsoft is to have one Archival or Records center site collection for the whole organization.
So, if you are trying to move documents after expiration to a library in same site or site collection, you can use a workaround to start a workflow on expiration date which moves the document to archival library.
Hope this helps. Source
To start with for investigation
1.There are two timer job services in Sharepoint 2010 ( it looks the same on 2013 as well) so ... "Information management policy" and "Expiration policy". check if these Job are working as desired for the web application. I understand it works partially on some instances. But I don't know if it is on the same webapp level.
Next can you check if these documents are checked-out to some one on the team or to a person who has left the firm which is very common sometime User Profile service may give you tickle by not syncing as desired.
If you have custom content type for which the the document is saved. then if the same content type exist on the destination folder ( drop off lib) where document to be moved.
I had a situation when the documents where located inside a folder (leaf) inside document library. Move of document expected a same folder on destination which was weird. But after changing folder name which had '(' symbol it worked.
I have also seen some instances of permissions to the folder for the timer job but, I did not have that experience.
Without actual settings on the retention policy I can only give only pointers. Therefore, please give bit more information about the retention policy setup if it is not confidential.
I have similar problem, and after lots of try and error I found up that I have a required column in the destination content type which wasn't required in the source content type. Just check it!
I have an XPages Library database where all my XPages are created. From there users will access other databases to do their work.
I need to put the names of those databases in variables so they can be found on any server (development, test, production, etc.) since the names are always the same. I think that those variables should be applicationScope variables but I am not sure.
If applicationScope in the variable that I need, can you tell me where is the best place to create them.
If it is not the right variable, which kind of variable will be the best and where do I define them.
An easy way to deploy some static references is the xsp.properties file. This file allows to add variables which are accessable on all XPages applications on the server
For example this variable...
myproperty.test=Hello World
... can be accessed in any XPage this way:
context.getProperty("myproperty.test")
These properties can be set by a theme too.
But the property has to be added to any server manually.
Another way is to use configuration documents: These can easily deployed by the replication mechanism to any database on any server. The value of these documents can be cached in applicationScope variables for a better performance.
EDIT:
You should alter the XSP.properties file on the server, not the database specific One. This does not require a Designer, only a text Editor is required.
applicationScope variables stay in memory about 10-15 minutes and are discarded after that. If I understood your need correctly, you should store the database names or URLs permanently and Notes documents would be the best fit for that.
The disadvantage of putting the values into a.properties file is that you need a designer Client to make changes.
I would suggest to use a global configuration document for your application that can be edited either in the client or using an XPage.
Take a look into the xhelp application by Paul Withers. Dig into the code to see how you can use a configuration document in your application. XHelp can be donloaded from here http://www.openntf.org/internal/home.nsf/project.xsp?action=openDocument&documentId=426CB81230B6F94A8625789000830762
I think because you are talking about a portal like application that it would be best to have a settings document implementation. You have to create an admin xpage which will check if there will be a document of a certain type in the lookupsettingsview ( you have to create this yourself ofcourse ). If there is none create the document. If there is one use the document as the datasource.
On this document you can store the replication id's and server information about the applications you want to display. This can be a simple form with a multiline text field on it. The data could be stored in a format like "Description$repid$server". On the web you have to check for this document, read the entries in the document using a repeat. For each iteration you can just use a xp:link tag. Ofcourse you first need to compute the url of the applications but that's not the biggest issue here.
I'm using the built-in Domain Catalog database to list all the databases on a particular Domino server. I'm creating a custom view to show certain information about each database. What I'd like to have is a column that displays the creator of each database. However, if the Domain Catalog is keeping track of this information, I can't find it.
Is there a field in the Domain Catalog that provides this information that I just haven't been able to find? Is there some other way I might find this information and get it into this view? #DBlookup and related functions don't work in column formulas.
That information is not stored in the catalog, and is probably not stored in the database either (It's not shown on any of the property tabs).
You would probably need to get/write a server add-in to monitor database creation and store that data somewhere. Then you'd need to account for databases created by adminp/replication - your add-in might pick them up as having been created by a server.
This question was also asked in the R4/R5 forums in 1998 and received no answer.
Interesting question. There is no such attribute for database, but you can dig for some clues.
New databases: use NotesNoteCollection and look for some specific design element (icon, for example) and look for first element in $UpdatedBy field.
New copies/from templates: above mentioned method won't work. It will return info from original/template, not current database. In this case, try using Created property of DB and check user footprints after that date - in ACL log (he probably altered ACL immediately after copy), new design elements (probably made new view, folder, agent...) or profile documents.
What Frantisek said. Looking in the log archive (ugh!) may tell you who deployed it, but in a well run environment that won't be who developed it. A list of $UpdatedBy(0) for all design notes should give you a good idea. The catch will be that it mayl be people who left the company years ago. : )