Roles are a very powerful and useful feature that can be used to further refine a database ACL. Roles are actually created in the ACL through the Roles tab, which is shown in Figure 23.15.
Figure 23.15. The Roles tab of the ACL is where database managers can add and delete roles.
Just like groups, people are assigned to roles. What's different about roles is that groups can also be assigned to a role. In fact, any entry in the ACL can be assigned to a role. However, this is also the major flaw in using roles. Only those entities listed in the ACL can be assigned to a role. Therefore, if you use group names in the ACL and you want only some of the people in that group specified in a particular role, you couldn't do it unless you explicitly place those users' names in the ACL.
To create a new role in a database, follow these steps:
Clicking the Add button brings up a simple window to add a new role. Type the name of the role and click OK. The new role appears enclosed in brackets in the Role window. Roles also appear in the Roles window in the lower-right corner of the Basics tab of the ACL. Up to 75 roles can be added to a database. Role names can contain numbers , characters , and spaces. Lotus recommends (and I agree) that it's best to exclude spaces when naming roles.
After a role is added to the database, it can be used to limit access to design features of the database. Both forms and views have a Security tab on the properties box where roles can be used. This is useful if you have certain documents that store values that only specific groups of people should update, such as lists that are used in keyword fields. You can limit create access to the form that stores the lists and read access to the view that displays the form to that group of individuals. The values in the forms can still be accessed by using @DbColumn or @DbLookup against a hidden view. The returned list can then be used in a keyword field. Roles can also be used to limit access to documents. To limit access to a form using a role, follow these steps:
Similarly, read access to documents created by the form can be limited by deselecting All Readers and Above at the top of the properties box under Default Read Access for Documents Created with This Form and choosing an appropriate role. In both cases, make sure that groups and individuals have the role selected in the Basics tab of the ACL. This is accomplished very easily by selecting the group or individual in the ACL and clicking the appropriate role in the Roles list box. A check mark appears beside the role. Figure 23.16 shows an example of assigning a role to an individual.
Figure 23.16. The NewsEditor role is assigned to individuals and groups by placing a check mark beside the role.
Using roles in view security is similar to form security. To use a role to limit access to views:
Remember that roles are not the only means of limiting access to forms and viewsgroups and individuals can also be named in these lists. Furthermore, this technique does not override the ACL. If a user has Reader access to a database, he can only read documents in that database. Even assigning create access for a form to that user does not allow the user to create a document with a form. You should always think of this technique as a refinement of the ACL.
Roles can also be used to limit read and edit access to specific documents. Adding a role to a Readers or Authors field will quickly and easily accomplish this. The role must be enclosed within quotes and square brackets as in the following example: "[ReardenSteel]".
Part I. Introduction to Release 6
Whats New in Release 6?
The Release 6 Object Store
The Integrated Development Environment
Part II. Foundations of Application Design
Advanced Form Design
Using Shared Resources in Domino Applications
Using the Page Designer
Adding Framesets to Domino Applications
Automating Your Application with Agents
Part III. Programming Domino Applications
Using the Formula Language
Real-World Examples Using the Formula Language
Writing LotusScript for Domino Applications
Real-World LotusScript Examples
Writing Java for Domino Applications
Real-World Java Examples
Enhancing Domino Applications for the Web
Part IV. Advanced Design Topics
Accessing Data with XML
Accessing Data with DECS and DCRs
Security and Domino Applications
Creating Workflow Applications
Analyzing Domino Applications
Part V. Appendices
Appendix A. HTML Reference
Appendix B. Domino URL Reference