I needed to build an XPages to get the users' calendar entries for both public and private. And I could achieve this enhancement with using sessionAsSignerWithFullAccess in SSJS.
However my code doesn't work in XPiNC in Notes/Domino 9. It seems that sessionAsSignerWithFullAccess doesn't work as I expected and access only public documents.
Are there any way to resolve this issue?
Btw, I've also tried to call the Lotusscript agent in beforePageLoad, which is behalf of administrator and web access user, but no luck. Lotusscript also access only public documents.
Any suggestions would be very much appreciated! Thank you in advance.
I believe it's the case that the sessionAsSigner sessions run as the current user when using XPiNC, rather than the signer of the XPage. Inconvenient as this is, it makes sense from a security perspective: while a Domino server has free reign to act as any name it likes, a Notes client acts solely as the active ID. Normal XPiNC setups run everything from the local client, so, from a security perspective, it's the same as accessing non-XPage elements.
You could double-check to see if my thinking is accurate by outputting sessionAsSignerWithFullAccess.getEffectiveUserName(). If I'm right, it will be the currently-running user, not the signer.
One way around it would be setting the XPiNC apps to execute on the server (new in 9, I believe). It has some caveats (https://frostillic.us/f.nsf/posts/how-i-got-xpinc-run-on-server-with-sso-working), but it has a lot of advantages both from a performance and a predictability perspective: since the app is actually running on the server in basically the same way as it would in a web browser, it (likely) also supports sessionAsSigner.