I'm using the built-in Domain Catalog database to list all the databases on a particular Domino server. I'm creating a custom view to show certain information about each database. What I'd like to have is a column that displays the creator of each database. However, if the Domain Catalog is keeping track of this information, I can't find it.
Is there a field in the Domain Catalog that provides this information that I just haven't been able to find? Is there some other way I might find this information and get it into this view? #DBlookup and related functions don't work in column formulas.
That information is not stored in the catalog, and is probably not stored in the database either (It's not shown on any of the property tabs).
You would probably need to get/write a server add-in to monitor database creation and store that data somewhere. Then you'd need to account for databases created by adminp/replication - your add-in might pick them up as having been created by a server.
This question was also asked in the R4/R5 forums in 1998 and received no answer.
Interesting question. There is no such attribute for database, but you can dig for some clues.
New databases: use NotesNoteCollection and look for some specific design element (icon, for example) and look for first element in $UpdatedBy field.
New copies/from templates: above mentioned method won't work. It will return info from original/template, not current database. In this case, try using Created property of DB and check user footprints after that date - in ACL log (he probably altered ACL immediately after copy), new design elements (probably made new view, folder, agent...) or profile documents.
What Frantisek said. Looking in the log archive (ugh!) may tell you who deployed it, but in a well run environment that won't be who developed it. A list of $UpdatedBy(0) for all design notes should give you a good idea. The catch will be that it mayl be people who left the company years ago. : )
Related
We have a (super)user who has been using VBA in an Excel spreadsheet to create and manipulate documents in a Domino database application.
The user has 'Editor' access to the application, and should normally be able to create/edit the document contents.
They have been, however, creating documents using VBA. That logic doesn't consider such important document fields as Readers, Authors, etc. .
We would like to restrict access to all Domino data so that it can only be created/modified using an IBM Notes client.
I have tried looking through the ECL, but that only restricts what 'others' do.
Since he has his Notes client available, the external logic is using his normal Notes credentials.
I have tried setting a hidden field with the Notes client and looking for that in the QuerySave event of the form design.
Unfortunately, the external code pays no attention to the form events and the save is executed despite the missing field.
Similarly, the Database Script has no bearing on the execution of external logic.
I was going to inspect the client version upon database open and restrict activity based on a variance in the version (I was hoping!).
I have de-selected the 'Don't prompt for a password...' option in the user security preferences, but that has no effect at all (suspected as much!).
The ONLY thing I have been able to suggest is to hide the database design... That's really only designed to thwart a user's efforts to understand the underlying design.
It won't prevent them from creating hundreds of thousands of documents with a fictitious form and throwing the app into disarray.
I'm hoping that there is a solution out there that I'm missing.
The user has been instructed not to undertake such activity in the future.
We were lucky that there really wasn't any malicious intent - "Just trying to be more efficient" we're told.
The effects of the activity have been remedied, and the user has been warned.
What I want to know is... how can I prevent this from ever happening again?
The circumstances are rare I know, but I would've thought there'd be a means of restricting the platforms used to manage Notes/Domino data.
Is there a way to ensure no external applications are able to access, create or modify Notes database documents?
I am currently focussing on access to Notes via COM.
I thought that, if I unregistered 'nlsxbe.dll' from the registry, that would prevent such activity - It has not.
I also tried removing the .TLB files from the Notes executable folder - removal of 'notes32.tlb' and 'domobj.tlb' have no effect at all. Removal of 'ltsci3.tlb' screws everything up (as expected!).
I'm really having no luck at all - Any/all suggestions would be most appreciated!
I'm not aware of any way to detect that a connection has been made by standalone code instead of by the Notes client, but you do have two paths available to you:
A Domino server add-in that prevents documents from being saved in that particular database if certain criteria aren't met.
An agent that is triggered to run shortly after documents are saved or modified in that particular database. The agent code can delete (or modify, if you prefer) the documents that don't conform to the required criteria.
The server add-in route would normally require coding in C, but thanks to the Open NTF Trigger Happy project, the hard part is done for you, and the rest can be filled in with either LotusScript or Java agent code that is "triggered" by the pre-written C code. You will need to have some basic knowledge of how the Notes Extension Manager interface works, but once you get past that and write your agent code to enforce your data consistency/integrity requirements, the only real hurdle is your willingness to host open source code on your server.
There may be two other possibilities, but I can't say if either will solve or deal with the issue...
In the ECL you can disable 'COM' access for the user (also known as OLE or ActiveX) automation since VBA access is usually via COM. This has stopped Notes using external COM access for me, but I don't know if also prevents VBA using Notes. Additional steps may be needed to enforce the ECL and apply to the specific users.
There is an (old) notes.ini 'DisableExternalApps' (or something similar) that disables some external access. This can affect many things (DDE/Prompts/#dblookups) but again I don't know if this will disable VBA/COM and its not user specific, but server wide.
I would have thought that removing the nlsxbe.dll or restricting access to execute it might work, but the ECL may be the best bet.
Alternatively, rather than add hidden flags to your design (and the documents), and then delete the offending documents, your agent could apply the correct author/reader fields to the documents instead.
Very tricky. Did you find a better solution?
We've a real pain in our project where we ask a team of 50 resources to update a single excel sheet that's placed in a network location and when someone tries to update the data, it's locked by somebody else and they don't update it. So, they end up not updating the data.
I'm looking for an alternate solution like
creating a form in sharepoint/ jira - no sharepoint/ jira developer
getting data in mail - too tedious and lots of rework
creating a custom form and hosting it in local server - might work - any templates on this?
Or, any alternates? I'm out of ideas.
easiest thing would be to create a simple SharePoint-List. All Users can update their data at the same time and the Input-Form will be there automatically. (Can also be exported to Excel)
If you are on SharePoint-Online you could also have a look at Windows Form which provide more flexibility in creating the form.
And if you need even more capabilities you can have a look at PowerApps
I am looking for a way to add or remove Global Navigation items from my sql server database.
I want to know where the data for global navigation is stored in sharepoint 2010 database schema.
I have seen some people (http://sharepointbabe.com/tag/navigation/) used NavNodes table but I can't find this table in my database.
Editing the database directly is really a no-go. Use the API's to manage your environment:
Check this: https://discoveringsharepoint.wordpress.com/2013/03/19/programmatically-set-navigation-settings-in-sharepoint-2013/
It seems that I was looking at a wrong database. That table NavNodes must always exist in Sharepoint website content database. So the database I was looking at was another one which was made to hold membership information and other related information of the website.
A business owner of my ticket tracking app in Xpages wants to track every change to the document. If a user opens the doc in edit mode but doesn't change anything, then no tracking. If, however, they open up a document and change one field, I have to capture that.
Here is my solution. When a user edits a doc, I create a "shadow document", which is a "before" vision. When the user saves I am comparing field for field for changes, and then acting appropriately.
Is there a better way to do this?
This is another good use case for Java beans. If you create a bean which sits between XPages-UI and Domino back-end document then you can easily track field changes.
Karsten Lehmann wrote a blog about it some time ago.
... and you could use the OpenNTF Domino API that has functions for exactly this. As far as I remember there is an example of this in the demo database. Not sure if it is also in the new version of the demo database - but then you may just need to find an older version (e.g. for milestone 4.5 where I saw this).
/John
I am developing a sharepoint 2010 project.
I want to restrict users view on lists based on their identity. (e.g. the branch of organization they work in, but in fact the ristrictions can be more complicated).
What solutions do you recommend?
With out of the box features this is not possible. You can go to great lengths to remove the list's view selectors and other navigational elements that let people cruise around a the schema and metadata for a list but it is not a security mechanism.
If a user has read permissions to an item, they'll have read access to all the fields of that item.
There is an outside chance that it you disabled all RPC mechanisms, SOAP, RESTful web services, Client Object Model and the office clients that you might be able to claim this as a security mechanism. If you don't there will always be a way around your "security" scheme.
This feature can't be implemented by SharePoint by now and I think neither for the next version
You can use a third part tool to achieve it, such as BoostSolutions' Column/View Permission or LightningTools' DeliverPoint
BTW, I work for BoostSolutions and I mentioned our own product because it works for your issue. Hope it helps :)
create sharepoint groups based upon your requirement or diffrent type of user base and accordingly give them rights may be item level or on complete list
and while doing these things just go through the following posts
http://blogs.gartner.com/neil_macdonald/2009/02/25/sharepoint-security-best-practices/
http://weblogs.asp.net/erobillard/archive/2008/09/11/sharepoint-security-hard-limits-and-recommended-practices.aspx
Not 100% sure on SharePoint 2010, but definitley for SharePoint 2007, there is not a way to do this, especially if the views are corresponding to security requirements on the columns users are able to see.
One way to work around this is have the list be not accessible by users, and then have code logic allow for access to the data creating the different "views" on the data in something like a Web Part. The downsides to this is search becomes an issue (since the data is hidden) and having multiple "views" of the data (if necessary) is also another item to work through.
I know its a very old question but posting it as it might help someone.
There is an work around to do it as described here
I find it easier, if possible, to create the view and lock it with the filters on the list settings page.
For example, I have a list of employees that includes their employee IDs. I use that list on other pages to gather data in other webparts. So I filter the employee list to [ME]. So the data is available to the page needing it to filter others and they cannot see anything else.
Now, what about the person who needs to manage that page? I create a view, call it HR. That view can see everything. Then I export that webpart with that list view on it through the designer. I then delete the HR view from the employee list.
This leaves no way for anyone to switch views and see everything again. I create a webpart page for the person who manages it, and I upload that webpart and set the view of the webpart to HR. In the end, I have a page that I lock down instead of trying to lock down views or list permissions separately.
Would you be able to have two lists that are joined. One that all users have access to and another that only certain people have access to, and then join them? Then maybe the people that don't have access to the other table it doesn't pull the information? Not sure, but I'll try that out later today.