RNUG Lotus User Group (www.vlaad.lv)

Avoid deleting users who left company from Reader/Authors fields and NAMES fields

Vladislav Tatarincev  15 September 2020 14:11:22

If you have ACL ACTION "MODIFY ALL NAMES FIELDS, OR READERS AUTHORS FIELDS"  then upon user rename, user is renamed by adminp in names fields and security fields.

Drawback is when user is leaving company and admin deletes user, if you have this setting enabled, then user will be deleted from all Names fields or Readers/Authors fields.

Which may lead to strange documents, like Approved by "Empty string", because person who approved left company and adminp deleted him from field.
Which is not ok, since breaks logic and compliance, we have to know who accepted document.

I got request from customer to modify my TDI script, to avoid this, and I did some reasearch on this.


I did some reverse engineering of Domino server code and found, that there are two undocumented parameters that made me very curious.

ADMINP_DISABLE_NAMEITEM_DELETE
ADMINP_DISABLE_READAUTH_DELETE


I opened ticket :) in HCL Support and HCL Support was fast like a rocket!  I got reply from Somnath and Development team that these two parameters will extend functionality of Delete action.

If you want rename, but want to skip DELETE in Names fields or Reader/Authors fields just enable these parameters. ADMINP_DISABLE_NAMEITEM_DELETE=1
ADMINP_DISABLE_READAUTH_DELETE=1



HCL Will publish a technote on this topic today.   This is brand new, so before putting in production do proper tests in test environment!

Vlad

I will be speaking on Russian Notes user group event, so everybody is welcome, content in English and Russian  https://en.rnug.ru/

Comments

1Mark Maden  15/09/2020 15:52:46  Avoid deleting users who left company from Reader/Authors fields and NAMES fields

Wow thanks for that Vlad, I have been scratching my head for some time as to why we lose the names in our HR database.

2Johnny Oldenburger  15/09/2020 16:36:27  Avoid deleting users who left company from Reader/Authors fields and NAMES fields

In the Administration Request database the action Delete in Readers/Authors fields is still created after adding the new ini settings in the configuration document and a restart of the server.

3Fred  16/09/2020 9:56:06  Avoid deleting users who left company from Reader/Authors fields and NAMES fields

@Johnny: I expect these to take effect on execution, enabling the effect to be controlled on a server by sever basis.

4Vladislav Tatarincev  16/09/2020 10:10:26  Avoid deleting users who left company from Reader/Authors fields and NAMES fields

Technote from HCL, https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0082258

5Johnny Oldenburger  16/09/2020 12:44:55  Avoid deleting users who left company from Reader/Authors fields and NAMES fields

@Vladislav Technote : https://support.hcltechsw.com/csm?sys_kb_id=7260a641dbd31854793ff381399619c6&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=c2ea17151b5fdcd4a2f48661cd4bcb94

6Fredrik Norling  17/09/2020 10:51:37  Avoid deleting users who left company from Reader/Authors fields and NAMES fields

What versions of domino does this work on ?

7Mike Fulbright  21/09/2020 19:06:36  Avoid deleting users who left company from Reader/Authors fields and NAMES fields

Thanks so much for posting this. We had to disable "Manage all Names fields" about 10 years ago due to this exact problem. Subsequently, we had to write agents to scrub & manually rename users in such fields. Pain!

Now, one thing remains. Is there a way for AdminP to scrub Names fields to handle the upgrading of a user name from a Web ID (no private public keys) to a full Notes user? We still have a lot of manual work for that task. We're in a manufacturing environment and shop floor workers are typically issued a Domino Web ID when they hire on. Years later, some are promoted or moved into positions that require full Notes license. We'd like their identity (all the docs they've touched) to follow them... ie. still show up in various MyDocs views. Again, we had to write agents to handle in every db, but it's a pain for admins to keep up with. Users often fret that their "old stull" is gone - when it really is still there.

8Mike Fulbright  21/09/2020 19:08:15  Avoid deleting users who left company from Reader/Authors fields and NAMES fields

..."old stuff" is gone...

Archives