Thursday, December 7, 2006

Who Read Those E-mails? (SnTT)

Wow, this is my first SnTT post in about 2 months. Lately I've replied to a couple of threads at devWorks where people have asked how to find out which emails someone with ACL access has read in Lotus Notes. This is not something that is available by default and I have asked the most obvious question at the forum: "First, I guess you should question why the person is in the ACL of the database if he/she shouldn't be looking at the documents. By granting people a specific ACL level, you are granting them permission to do whatever that ACL level will allow." The answer is that the person may have authority but is accessing it with no specific reason. I decided to run with my "Who Deleted That Document?" post and port it to log the opening of emails. Upon some further reflection, this may still not be 100% accurate in some scenarios. First of all, the reader would have to have a connection the server where the log database resides. Of course, you could port the code to log the offenses to a document in the current database. Secondly, this is not taking into account that the reader could copy/paste the emails into their own mail file. After brief investigation, all you have to do is modify the ACL for the offender to disable "Replicate or copy documents" in the Attributes section. Also, you could probably go a step further and add code in the "Post Open" option for the ($Inbox) folder to log if someone was looking in the folders but not actually opening the emails. Thirdly, this will not work if the offender is going through the web to open the emails. I can't think of an easy solution for Domino Web Access use. However, you could temporarily change the mail file to not be based on the DWA template and you could modify the Standard Mail template to do some type of logging via WebQueryOpen on the form (the code below should work that way with minor modifications) or port it to javascript in onLoad.

Here are the steps you may wish to perform:

1. Create a log database. This can just be based off the log.ntf template.
2. Set the log database's ACL for -Default- to be Depositor with nothing checked but "Create documents". This will prevent the person from seeing the log documents if he somehow figured out something was happening.
3. Disable copying for the user. On the mail database, modify the ACL for the offender to disable "Replicate or copy documents" in the Attributes section.
4. Add the following code to the PostOpen event for the Memo, Reply, and Reply with history forms if you are concerned with Calendar or To-Do documents. You could also add it to other forms.

'Generate log event for opening of emails by someone other than the DB owner
If Not source.IsNewDoc Then
'If the user is not the database owner then log the document open
Dim session As New NotesSession
Dim db As NotesDatabase
Dim dbowner As Variant
Dim prodoc As NotesDocument
Set db = session.CurrentDatabase
Set prodoc = db.GetProfileDocument("calendarprofile")
dbowner = prodoc.GetItemValue("Owner")
If session.UserName <> dbowner(0) Then
Dim delivereditem As NotesItem
Dim delivered As notesdatetime
Set delivereditem = source.document.GetFirstItem("PostedDate")
Set delivered = delivereditem.DateTimeValue
Dim OpenLog As New NotesLog(db.FilePath)
Call OpenLog.OpenNotesLog("HQAPP01/COMPORIUM", "ChrisDesigns\loggingdb.nsf")
Call OpenLog.LogAction("Email Opened: " + source.FieldGetText("Subject") + " From: " _
+ source.FieldGetText("From") + " Received On: " + delivered.LocalTime)
Call OpenLog.Close
End If
End If
'END logging of email opens
This LotusScript was converted to HTML using the ls2html routine,
provided by Julian Robichaux at


No comments: