I would like to use the reader's field for anonymous access to a Web Application, but the problem is there is more than one anonymous user & no anonymous user should see another anonymous user's documents. I have to allow anonymous access because the client is not willing to invest in Notes ID's. Can I use roles for anonymous? If so, how can I do this? Can I include "anonymous" in the readers field & use an embedded view to show a single category, as per the application level user ID (users who do not have Notes IDs but their profile is maintained in the same .nsf )?
Access level for anonymous is 'Author'. I want to use readers field, as there are some users who do have a Notes ID & they have to authenticate with the server & access the same application.
Here is an answer provided by Frederic Dahm of Lotus, who helps me with some of these questions. His thoughts concur with mine on this subject.
> I would like to use reader's field for anonymous access to a Web Application
This is problematic, since you can't say who authored the document since the author is "Anonymous". If you decide to specify that someone is "Anonymous1", "Anonymous2", ... then these users need to be authenticated and they're no longer "Anonymous", meaning you might as well use real names. It'll be less confusing for the user (as in users wondering "what Anonymous number was I again?"...) and for the administrator as well.
> but the problem is there is more then one anonoymous users & no anonymous
> user should see another anonymous users' documents.
Anonymous posting helps people write and say things under the cover of anonymity (generally without reprisals), and if the information is not for public consumption, then access should be restricted. But access can only be restricted using authentication, which requires disclosure of a person's exact identity (or at the very least, that person's credentials, which uniquely identify him/her to the system), which is the opposite of anonymity.
> I have to allow anonymous access because the client is not willing to invest in Notes ID's.
Then what the client should do would be to get a license that permits as many external people hosted on a server as the machine can handle (a Domino Internet license, I believe it's called). It's a one-time fee for usage on one external machine, and whether there are 5 external users on one machine or 50,000,000, it doesn't matter. As I had posted once in one of the questions in the Administration forum, I am not sure what the exact name of this bundle is, but it exists, as it was advertised and available a while back for R5.
> Can I use roles for anonymous? If so, how can I do this? Can I include
> "anonymous" in the readers field & use an embedded view to show a single
> category as per the application level user ID (users who do not have Notes
> IDs but their profile is maitained in the same .nsf ).
Assuming, just for the heck of it, that the roles worked (but then again roles are tied to a specific entry in the ACL, so you see the problem there...), you would still have the original problem of one anonymous author seeing the documents contributed by another Anonymous author. So this does not solve the problem.
> I want to use readers field, as there are some users who do have Notes ID &
> they have to authenticate with the server & access the same application.
> Any Suggestions?
There is a good granularity of security in Notes and depending on the exact needs for restricting access to information, one of the mechanisms could be to use Reader Name fields or something else. Right now, it seems that the requirement is not so much of security, but really for finding a way to inexpensively provide an application to external users without having to pay a large license fee. The proper course of action, that I can recommend at this time, is for that person to contact the nearest Lotus office, sort the details out of this specific license and once this is done, revisit the security and information segregation issues with normal user names.
Dig Deeper on Lotus Notes Domino Administration Tools
Related Q&A from Chuck Connell
Learn how to change authentication timeout interval for Domino Web Access logins. Continue Reading
SearchDomino.com expert Chuck Connell helps a Lotus Domino administrator troubleshoot a "File truncated – file may have been damaged" error ... Continue Reading
This administrator has a replication issue between two servers in two domains. Front-end replication works fine, but when replication is initiated ... Continue Reading