num = Cdbl(NumStr) + 1 End If ProfileDoc.num = Cstr(num) Call profiledoc.save(False,False) doc.Number = num End Sub The Form 1. Create a number field (named Number) to store the counter value. Add static text to surround the field value, for example: This page has been accessed [Number] times. 2. Specify the Counter agent as the WebQueryOpen form event. The Security Agents are protected by security features in the database access control list and in the server document in the Domino Directory. To make the Web page counter agent work, do the following: 1. Write down the name of the person who created or last modified the agent. This is the agent owner. The name is the Notes ID name, for example, Mark Hunt/Acme. 2. Add the agent owner’s name to the database access control list and give at least Editor access. 3. Give access to the agent owner in the server document. • Open the Domino Directory (NAMES.NSF) and open the Server\Servers view. • Find the server document for the server that stores the database and open the document in edit mode. • Add the owner’s name to the Run Restricted LotusScript Agents field in the Agent Manager section. • If the database design has been signed using the server administration Sign a Database tool, the signer’s identity must also be added to the Run Restricted LotusScript Agents field in the server document. • Close and save the document. 196 Lotus Domino Release 5.0: A Developer’s Handbook Troubleshooting If you see the following message: Error 401 HTTP Web Server: Lotus Notes Exception - You are not authorized to perform that operation. there is a problem with the entry in the access control list. Make sure that the person who created or last modified the agent is listed with at least Editor access. In addition, make sure that the agent property For Web Access: Run Agent as Web User is not selected in the Agent InfoBox. If you see the following message: Error 500 HTTP Web Server: Lotus Notes Exception - Error validating user's agent execution access. there is a problem with the Run Restricted Agents field. Make sure that the person who created or last modified the agent is listed in that field. In addition, make sure the agent property For Web Access: Run Agent as Web User is not selected in the Agent InfoBox. Using Agents — Advanced Topics Agents are very useful if you need to change the design of a database. They can help you to keep the data in the database consistent with the design. For example, you can use an agent to update all documents which are affected by a form change. Usually you will create a private agent which selects the documents affected by the form changes and run it manually. The following is a list of examples of where agents can be very useful after changes are made to the design of a database: Editing and Resaving Documents To save the step of editing and resaving documents manually, create an agent that uses the following formula: @Command([ToolsRefreshAllDocs]) Adding a Field If you create a new field, insert the new field into existing documents by creating an agent that uses the following formula: FIELD New_field_name := value; where New_field_name is the name of the field, and value is the value you want the field in these documents to have. The value can be the field default value, a formula that calculates the value, or a null value (“”) that inserts the field into the documents, but does not give them any initial value. Chapter 7: Agents 197 Removing Field Data from All Documents If you delete a field, existing documents continue to store the obsolete field and its values. This unnecessary storage can affect disk space. To remove the obsolete field, create an agent that uses the following formula: FIELD Field_name := @DeleteField; After you run the agent, compact the database to reduce its actual file size. Renaming a Field If you rename a field, existing documents continue to refer to the old field name. To update documents to refer to the new name, create an agent that uses the following formula: FIELD New_field_name := Old_field_name; FIELD Old_field_name := @DeleteField; where New_field_name is the new name for the field, and Old_field_name is the original name for the field. Reassigning Documents to Another Form If users attempt to open documents created with a form that has since been deleted, they see a message indicating that the form cannot be found. To prevent users from seeing this message, use these agent options to reassign existing documents to another form: 1. Under Which document(s) should it act on, select All Documents in Database and click Add Search. 2. Select By Form Used, select the name of the obsolete form, and click OK. 3. In the design pane, click Formula and enter: FIELD Form := "Reassigned_form_name"; where Reassigned_form_name is the name of the form that the documents should use. Removing the Stored Form from Documents Selecting the form property Store Form in Documents is useful for mail-enabled applications in which users need to see a document and don’t have the original form stored in their mail databases. This form property is permanently attached to all documents created with the form. To remove the stored form, remove all internal fields connected with that form by creating an agent that uses the following formula: SELECT $TITLE="Old_form_name"; FIELD $TITLE:=@DeleteField; FIELD $INFO:=@DeleteField; 198 Lotus Domino Release 5.0: A Developer’s Handbook FIELD $WINDOWTITLE:=@DeleteField; FIELD $BODY:=@DeleteField; FIELD $ACTIONS:=@DeleteField; FIELD FORM:="New_form_name"; This formula removes all internal fields attached to the documents where Old_form_name is the name of the form used to create the documents. The last line creates a FORM field where New_form_name is the form that will display the documents in the future. After you run the agent, compact the database to reduce its actual file size. Summary Agents allow you to automate many tasks within Domino. They can operate in the background to perform routine tasks automatically, and in the foreground when called by the user. They can easily be created without programming knowledge by using Simple Actions, but very complex algorithms can also be implemented using LotusScript or Java. On the Web you can also use agents to perform operations before a document is opened or before it is saved. You are also able to access CGI variables to capture information about the user. Chapter 7: Agents 199 As a database designer you can control who has access to an application you create at every level in the application. Domino provides a variety of security mechanisms to enable you to do this. This chapter will help you understand how these mechanisms fit together to secure your application. The designer of an application and the administrator of the system should work closely together to define security for an application, because the choices you make have an impact on system performance. Even though user authentication and creation are normally administrative tasks, we will briefly discuss them here as these tasks may have an impact on defining security for different types of clients and users in your application. You may also have to integrate with, or even develop, a user registration application for Web users. For a detailed description of Domino’s system security and authentication features, please refer to the redbook: Lotus Notes and Domino R5.0 Security Infrastructure Revealed, IBM form number SG24-5341, Lotus part number CT6TPNA. This chapter will help you decide how to: • Set up an access control list (ACL). • Create roles to manage access for groups of users. • Restrict access to database elements. • Control document access. • Develop a plan that provides the required security for your data and appropriate access for each user. Note This chapter is in part based on the Lotus Education Learning Byte: Securing Your Application. Controlling Access to Domino Data There are a number of ways of approaching access to data in a database; you can secure certain design elements and information so that that users cannot access them at all. Alternatively, you can hide certain fields and information from the user. In this instance, the information is still accessible to the Chapter 8 Securing Your Application 201 experienced user but it is hidden from the casual user. This is more a usability issue than a security feature. By using both the database access control list (ACL) and the encryption features provided by Domino, you can achieve true security for your application. Creating access lists, hiding design elements, and using such features as computed subforms, hide-when features, and collapsible sections lets you hinder access, are good usability features but they are not true security features. Overview of Domino Security Architecture The Domino environment is made up of several components, all of which can be secured. If access is allowed to: • The network, server tests are applied • The server, database tests are applied • The database, design factors are tested • Design elements, encryption is checked The following figure illustrates the places in the database structure where access tests are applied. These are the elements you will be concerned with in securing your application at the database level: 202 Lotus Domino Release 5.0: A Developer’s Handbook Design Elements for Controlling Access Setting up the ACL establishes who has access to the database as a whole. You can further restrict access to database elements by using the following Domino design elements: • Access lists for documents, forms, and views • User roles in the ACL • Authors and Readers fields in a document • Hide-when capabilities for fields, actions, sections and outlines • Controlled access sections To control user access to Domino data, consider the following situations: Add encryption to HTTP transactions by activating Secure Sockets Layer (SSL) at the server. (See the Domino Administrator’s Help for more information on SSL.) Provide an extra layer of security. Use @ClientType to enable a computed subform.Display different information for Web users and Notes users. Apply encryption techniques.Secure field information. Use hide-when capabilities for fields, actions, and sections, or create a controlled-access section. Control display of database elements within forms. Create Authors and Readers fields in a document, or create a document access list. Restrict access to specific documents. • Add a group containing the names of registered Web users to the ACL. • Choose which databases can be accessed by Web users and what level of access to provide for each database. • Authenticate any Web client accessing a Domino server, database, view, or document. Control Web user access to parts of your site. Create access lists for documents, forms, and views, and consider creating user roles in the ACL. Start with “Using the Access Control List to Control Access to an Application” in this chapter. Restrict access to database elements to specific users. Create Web users and passwords in the Domino Directory. See also “Planning for Web User Access” in this chapter. Define server authentication at the user level for Web users. Create an Anonymous entry in the database ACL. See “Anonymous Access to Databases” in this chapter. Allow anonymous users access to your site. SolutionSecurity Requirement Chapter 8: Securing Your Application 203 Using the Access Control List to Control Access to an Application Every database includes an Access Control List (ACL) which Domino uses to determine the level of access that users and servers have to that database. When a user opens a database, Domino classifies the user into an access level that determines privileges. The access level for a user may vary in different databases. The access level assigned to a user determines the tasks that the user can perform in the database. The access level assigned to a server determines what information the server can replicate within a particular database. Only someone with Manager access can create or modify the ACL of a database located on a server. This section covers: • Displaying the ACL • User and server access levels Displaying the ACL The access control list of a database lists all the servers, groups, and users who have access to the database. To display the access control list of a database: Choose File - Database - Access Control and the following panel will be displayed: 204 Lotus Domino Release 5.0: A Developer’s Handbook User and Server Access Levels A database ACL determines the level of access that users, groups, and servers have. Someone with Manager access to the database assigns levels to the users, groups, and servers listed in the ACL. With Domino Release 5.0 there are seven main levels of access that a database administrator can assign to a person, server, or group: Replicate all changes to the database and the ACL. Perform all operations on the database, including modifying ACLs and deleting the database. Manager Replicate design changes as well as all new and changed documents, but not ACL changes. Have Editor access to documents, except where restrictions exist for specific documents, and they can modify the database design, but they cannot delete the database or modify the ACL. Designer Replicate all new and changed documents. Create, read, and edit all documents unless there are restrictions on specific documents. Editor Replicate new documents.Create and read documents, but can only edit their own documents if they are listed in an Authors field on that document. Author Pull changes from the replica but not send changes to it. Read documents, but cannot create, edit, or delete them. Reader Not receive changes; not relevant for servers. Create documents, but cannot read, edit, or delete documents, including those they create. Depositor Not access the replica at all.Not access the database at all.No Access Servers with this access can…Users with this access can…Level Server access levels are often the cause of databases failing to replicate as expected. Keep the following points in mind: • Servers not specified in the ACL have the access level that is assigned to the -Default- group. • Listing a server with Manager access in the ACL lets people know which server has Manager access. To allow a replica to receive changes made by people with Author access, assign the server Editor access or higher in the replica ACL. Chapter 8: Securing Your Application 205 [...]... NotesDatabase 'Declare acl as the Notes Database ACL Dim acl As NotesACL 'Declare aclentry as ACL Entry type 212 Lotus Domino Release 5.0: A Developer’s Handbook Dim aclentry As NotesACLEntry 'Declare RoleName as type String Dim RoleName As String 'Set db to the currently selected database Set db = session.CurrentDatabase 'Set acl to the ACL of the current database Set acl = db.ACL ' 'Get Rolename from... information database • Author to allow access to an interactive database Caution If the database ACL does not contain an Anonymous entry, all anonymous users receive the Default access To protect the databases from unregistered users you can establish the Default as No Access If Default access needs to be higher, create an Anonymous entry in the database ACL and grant it No Access When granting access... Authors, and Readers Managers and Designers to create personal folders and views in a database on a server Create shared folders/views Editors to create shared folders and views Managers and Designers Create LotusScript/ Java agents Readers, Authors, Editors, and Designers to create LotusScript and Java agents Managers Read public documents* Users to read documents created with forms, and use views and folders,... access to unauthenticated Web clients, you will want to grant anonymous users the least access that still allows them to use the database effectively For example, you might grant anonymous users: • Reader access for an information database • Author access for an interactive database Differentiating Default and Anonymous Access If Anonymous is not listed in the ACL, Domino grants the user access based on... the database Roles let you define responsibilities in the application and further define access to database elements What is a Role? A role is a subset of the ACL that is controlled by the database manager A role can be used anywhere that a group or user name can be used Users and groups are assigned roles to refine access to particular views, forms, sections, or fields of a database Instead of assigning... control list as it applies to ACLs on workstation or laptop replicas is not a security feature Data in the local replica is not secure unless you physically secure the workstation or laptop or you encrypt the database using the local security feature Also, a Domino add-in program can bypass an ACL enforced on local workstations To keep the ACL the same across all server replicas of a database, you must... $PublicAccess with a value of “1” added by Domino 208 Lotus Domino Release 5.0: A Developer’s Handbook Anonymous Access to Databases You can handle anonymous users in one of the following two ways: • Define an anonymous entry in the ACL and specifically define access privileges for anonymous users • Allow anonymous users the same access as the Default entry in the ACL Note Any application that will be deployed... control access to a form in several ways: 1 Exclude the form from the Create menu and make it available to a select set of users with a View action button 2 Create a form access list that specifies who can create documents with the form 3 Create a form for Public Access users with Read or Create rights in the ACL 216 Lotus Domino Release 5.0: A Developer’s Handbook Making a Form Available to a Select List... are placed in the packet header, but instead are encoded with base 64 Base 64 is an algorithm that forms part of the Multipurpose Internet Mail Extensions (MIME) protocol It is a mechanism that turns any bit stream into printable ASCII characters (It is described in RFC1521.) In fact, the objective of base 64 is not for masking data at all, but to provide a method to send binary data through a mail gateway... names you select 6 Click the blue person button to add names, roles, and groups to the list from the Address books that you have access to and check that they are added to the ACL before you make the database available to users 220 Lotus Domino Release 5.0: A Developer’s Handbook 7 To deny Read access for documents created with the form, click a name to remove the checkmark Note Creating a form read . db As NotesDatabase 'Declare acl as the Notes Database ACL Dim acl As NotesACL 'Declare aclentry as ACL Entry type 212 Lotus Domino Release 5. 0: A Developer’s Handbook Dim aclentry As. the ACL. With Domino Release 5. 0 there are seven main levels of access that a database administrator can assign to a person, server, or group: Replicate all changes to the database and the ACL. Perform. the access control list of a database: Choose File - Database - Access Control and the following panel will be displayed: 2 04 Lotus Domino Release 5. 0: A Developer’s Handbook User and Server Access