Personal Blog of Thomas Hampel - Creative Mythbusting in Development and Collaboration

Who am I?

Feeds

Archives

April 2025 (1)
January 2025 (1)
December 2024 (1)
November 2024 (2)
October 2024 (2)
September 2024 (1)
July 2024 (1)
May 2024 (2)
April 2024 (3)
March 2024 (1)
February 2024 (2)
January 2024 (5)
December 2023 (3)
November 2023 (2)
October 2023 (1)
September 2023 (4)
June 2023 (1)
April 2023 (3)
March 2023 (1)
February 2023 (1)
July 2022 (1)
September 2021 (1)
August 2021 (2)
May 2021 (1)
February 2021 (3)
January 2021 (1)
November 2020 (1)
October 2020 (2)
September 2020 (2)
March 2020 (1)
November 2019 (1)
August 2019 (1)
July 2019 (1)
March 2019 (1)
December 2018 (1)
November 2018 (1)
October 2018 (1)
September 2018 (1)
May 2018 (1)
January 2018 (1)
December 2017 (1)
November 2017 (1)
September 2017 (1)
March 2017 (2)
February 2017 (5)
November 2016 (1)
September 2016 (4)
April 2016 (1)
March 2016 (7)
January 2016 (1)
December 2015 (1)
November 2015 (3)
August 2015 (1)
July 2015 (2)
June 2015 (5)
May 2015 (5)
March 2015 (3)
February 2015 (2)
January 2015 (4)
December 2014 (3)
November 2014 (1)
September 2014 (4)
August 2014 (1)
May 2014 (4)
April 2014 (1)
March 2014 (2)
February 2014 (3)
January 2014 (2)
October 2013 (1)
September 2013 (1)
August 2013 (2)
July 2013 (2)
March 2013 (2)
February 2013 (4)
January 2013 (3)
December 2012 (2)
November 2012 (1)
October 2012 (2)
September 2012 (4)
August 2012 (3)
July 2012 (1)
June 2012 (6)
May 2012 (1)
February 2012 (2)
January 2012 (1)
December 2011 (4)
November 2011 (2)
September 2011 (1)
May 2011 (2)
March 2011 (1)
January 2011 (1)
November 2010 (5)
October 2010 (2)
September 2010 (2)
August 2010 (1)
July 2010 (3)
June 2010 (1)
Query results for : July 2012

Profile documents and Author rights in ACL- 30 July 2012 - (0) Comments

Thomas Hampel
 30 July 2012

What if a developer is using user specific profile documents to store some settings in a Domino application.
In this example users have Author access with the ability to create new documents and the ability to write public documents, no roles and no reader or author name fields are used in any document.

Image:Profile documents and Author rights in ACL

I'm wondering why users are not able to modify their own profile document by using the simple formula @Command([EditProfile]; "profile"; @Username)

Of course developers will refer to the Designer Help or
this technote where IBM clearly states:

In order to edit profile documents, including your own profile, using @Command([EditProfile]), you must have at least Editor access or Author access in the ACL plus inclusion in an Author field.


so it sounds like the user name must be listed in an author name field in order to modify an existing userprofile.


Unfortunately in reality it seems to be working slightly different... see this example:

I've created a new form to be used as a profile document, the form contained only a single field

Image:Profile documents and Author rights in ACL
Additionally I've created a small agent with the following code:


Sub
Initialize
       
Dim s As New NotesSession
       
Dim doc As NotesDocument
       
Dim ws As New NotesUIWorkspace
       
       
Set doc = s.currentdatabase.Getprofiledocument("profile", s.Effectiveusername)
       
       
'# allows to modify the field values in the backend
       
Call doc.Replaceitemvalue("Test", "test")
       
Call doc.Save(true, false)
       
       
'# allows to modify field values using the frontend
       
Call ws.Dialogbox("profile", true, true, false, false, false, false, "Test", doc, false, false, false)
       
Call doc.Save(True, False)
       
       
'# does NOT allow to modify the document
       
Call ws.Editprofile("profile", s.Effectiveusername)
End
Sub

It seems like its possible to modify userprofile documents (which dont have an author name field) even when you dont have author access to the document itself.
To clarify: the application was put on a server and access rights were limited to Author.

Image:Profile documents and Author rights in ACL

I'm wondering if there's any good explanation for this behavior.

Update : The problem has been filed as SPR (Software Problem Report) # RGAU8WZE2X and the Customer Report, APAR # LO71028 was created.
Thomas Hampel, All rights reserved.