| Date tip published: | 11/20/2006 |
| Description: | Developers may try to create a hide-when formula in a rich text field that uses a @DBLookup. When they do this the user may get prompted with a ESA (Execution Security Alert) prompt. This tip will discuss the pitfalls of using certain @Functions in Hide-When formulas in rich text fields. The reason for these security alerts will be discussed and an alternative will be presented to solve the problem. Note that this issue does not affect hide-when formulas on design elements like forms or views, only hide-when formulas located in a rich text field. |
To learn more about Notes and Domino application development use the following links:
Notes Domino 7 Application Development 1
Notes Domino 7 Application Development 2
 Avoiding Execution Security Alerts in a Hide-When Formula
Certain @Functions will initiate an Execution Security Alert warning in the Notes client unless the Execution Control List (ECL) has been set to allow execution for the signer of the @Function formula. The ECL is set in the User Security dialog (File | Security | User Security) under What Others Do. In the following image, formulas signed by anyone in the /TLCC organization have full privileges and will not display an Execution Security Alert warning when performing any action.
Whenever a form or document is saved, the signature for the design element or document is updated with the user id of the person making the change. This signature and its privileges are checked in a user's ECL when they open the document. The formula executes without warning if the signer has the appropriate privilege for the formula action, otherwise an Execution Security Alert warning like the following is displayed:
This is a great security feature since Notes mail can include buttons, hotspots and other executable code. Or, the user might have been mailed a Notes database from outside your organization that attempts to perform certain actions that could compromise the user's security. The user will be warned when someone from outside the organization creates executable code that is not "trusted." The ECL can be administered by the administrators at a site level for all users.
The following table from Domino Designer 7 Help shows the @Functions that are affected by the user's ECL settings.
@Functions with ECL security |
|
|
 Problem with Rich Text and Hide-When Formulas
An issue arises when @functions are used in a Hide-When formula in a Rich Text field on a document. A signature is never added to hide-when formulas in Rich Text fields. For example, the following formula does a lookup in the "ControlView" view. It uses the first sorted column to find the "test1" value. The value in the second column is returned which is either "Yes" or "No". Yes indicates the information should be hidden.
 | result:=@DbLookup("Notes":"Nocache";@DbName;
"ControlView";"test1";2);
@If(result="Yes";
@True;
@False) |
However, since this formula is in a Rich Text field, no signature is associated with the hide-when formula. Unless a user has changed their ECL to allow formulas with no signature to perform this type of action (not advised), then the following Execution Security Alert warning will be displayed when any user opens a document which includes the hide-when formula shown above.
The user can choose to not execute the option, execute it one time or to start to trust the signer (which is not a good idea since there is no signature.) Obviously, we do not want our users to see this Execution Security Alert when they run our applications.
 Technique: Using a field to Determine the Hide-When
One way to use the restricted @functions in a hide-when formula (remember this only affects the hide-whens in a rich text field) is to use a hidden field to determine if the information should be hidden or not. Then the hide-when formula in the Rich Text field can reference this hidden field. In the screen image below the "hideRT" field does the actual lookup. This field should be computed when composed and be a number field. The formula should return either 1 (true) or zero (false.) In this example, the same formula from above was used.
Once a document has been created with this form then information can be hidden or shown conditionally by simply referencing this field as in the following image:
Since the formula is on the form, a signature is added to the field using the user id of the person who last saved the form. No ECL alert will occur if the signer has the proper ECL permissions needed for the formula being executed. A common practice is to sign a database with a special user id and then allow that user name to have all privileges in the ECL.
Review this Iris Today article for more information on the Workstation ECL strategy. It is on Release 5 but the information is still valid:
Also see the topic called "Creating a security policy settings document " in Domino Administrator 7 Help. Starting in Notes and Domino 6, Execution Control Lists can be controlled by the administrator and "pushed" to each user through the use of security policy settings in the Domino Directory.
|