Readers and Authors fields control user access at the document level (who can see a document and who can edit it). Readers fields are effective up to the ACL level Manager; Authors fields apply to people/servers with the ACL level Author.
This is nothing new and is certainly familiar to every developer. However, you find different opinions on the question of whether to use the short form (e.g. Manfred Dillmann) or rather the fully qualified user name (e.g. Manfred Dillmann/Schulung/IMD) in such fields.
The issue with Readers and Authors fields
In certain cases it is observed that short names (provided they are unique, i.e. no users with exactly the same first and last name exist) work flawlessly. In other Domino environments it works "sometimes", and yet other developers claim that using the short name has never worked in their applications.
Technical background
With Release 3, IBM/Lotus introduced fully qualified, hierarchical user names in order to allow unique user names in larger Domino environments – without having to change the first or last name itself. This way, two people with the same name
Hannes Tester/Purchasing/Stuttgart/IBM and Hannes Tester/Sales/Stuttgart/IBM
can still be distinguished unambiguously. Since then, user names have at least the components CN (=Common Name) and O (=Organization) and optionally up to 4 organizational units OU (=Organizational Unit). A user name from the example above is stored internally in e.g. a Readers field like this:
CN=Hannes Tester/OU=Purchasing/OU=Stuttgart/O=IBM
You can easily verify this by listing the document fields in the Document Properties dialog.
Solution
When using fully qualified user names in Readers or Authors fields, you can assume that the intended access control will ALWAYS work flawlessly.
If, on the other hand, you use the short form (i.e. only the first and last name), the functioning of the Readers or Authors field depends on whether the accessing user is in the same organization as the Domino server that is being accessed.
So if the user
Hannes Tester/Purchasing/Stuttgart/IBM
accesses the server
DOM-SVR01/DE/IBM
a Readers or Authors field populated with the short name will work as expected.
If, however, access is made to the server
DOM-SVR01/DE/Lotus
a Readers or Authors field will NOT work as expected.
You can also find confirmation of this information in the IBM/Lotus Knowledgebase article no. 1085207 titled "Cannot See Documents You Have Read Access To or Edit Documents You Have Author Access to in Notes".
Conclusion
When using fully qualified user names, Readers and Authors fields will always work as intended. In addition, users are then identified "uniquely and unambiguously" – even in comparatively small Domino environments it can happen very quickly that a new Notes user with exactly the same first and last name as an existing user is "added" to the Domino environment.
That was exactly the reason why IBM/Lotus introduced hierarchical user names with Release 3.
Amazon Affiliate Link
