从Java提取Lotus Notes文档的完整ACL [英] Extract Lotus Notes Document's complete ACL from Java
问题描述
我正在尝试找到一种方法来保存特定Lotus Notes文档的完整用户列表访问特权.
I'm trying to find a way to save the complete user list access privileges for a specific lotus notes document.
我知道我可以从catalog.nsf获取数据库级别的ACL,但不能从文档级别访问.同样,我相信文档的作者"字段不会列出只读访问用户.
I know I can get database-level ACL's from catalog.nsf, but not document-level access. Also the Author field of the document -I believe- won't list read-only access users.
有人知道如何为特定文档获取每个用户的完整ACL吗?
Does anyone know how to obtain the complete ACL of every user for a specific document?
感谢您的帮助,谢谢!
拼写.
推荐答案
Simon是正确的.这是不平凡的.尽管我会跳过他的阅读表格的建议,但这仍然是不平凡的.即使仅根据您的问题检查单个文档,它也不是一件容易的事.我知道审计师有时确实需要这类信息,但是Domino的安全系统并不是在设计时就考虑到了这一点,并且没有内置的API来获取信息.
Simon is correct. It is non-trivial. Even though I would skip his suggestion of reading the Forms, it is still non-trivial. Even for checking just a single document as per your question, it is non-trivial. I know auditors sometimes want exactly this type of information, but Domino's security system wasn't designed with that in mind, and there's no built-in API to get the info.
在Java中,您需要使用Document.getItems()方法来检索所有Items的向量.然后,您必须浏览项目.您需要检查Item.getType()以确定它是Item.READERS还是Item.AUTHORS.如果是,那么您需要执行Item.getValues()来检索值的向量,并且您必须遍历向量检查以查看每个值是否都是角色.如果是角色,则必须使用Database.getACL()并遍历ACLEntries以确定哪些角色具有角色,以及它们是人员"条目还是组"条目.而且,如果它们是组条目,则必须在Domino目录中查找组成员-这可能需要扩展嵌套组.对于Item中非角色的任何值,您已经对照Domino目录检查了该值以查看它是否是有效的Person或Group,然后再次扩展组,直到最终找到People为止.对于Domino目录中的查找,您必须担心以下事实:可能配置了目录服务,在这种情况下可以检查多个Domino目录数据库,但是如果可以使用Notes/Domino 8,则这样做会更容易一些,因为Directory班为您服务.
In Java, you need to use the Document.getItems() method to retrieve a vector of all Items. Then you have to look through the Items. You need to check Item.getType() to determine if it is a Item.READERS or Item.AUTHORS. If it is, then you need to do Item.getValues() to retrieve the vector of values, and you have to loop through the vector check to see if each value is a role. If it is a role, you have to use Database.getACL() and iterate through the ACLEntries to determine which ones have the role and whether they are Person entries or Group entries. And if they are group entries you have to look up the group members in the Domino Directory -- which might require expanding nested groups. For any values in the Item that are not roles, you have check that value against the Domino Directory to see if it is a valid Person or Group -- and again expand the group until you finally get to the People. For the lookups in the Domino Directory you have to worry about the fact that Directory Assistance may be configured in which case there can be multiple Domino Directory databases to check, but this is somewhat easier if you can use Notes/Domino 8 because there is a Directory class that takes care of that for you.
这篇关于从Java提取Lotus Notes文档的完整ACL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
