Focal Point
Authorisation in Developer studio

This topic can be found at:
https://forums.informationbuilders.com/eve/forums/a/tpc/f/7971057331/m/7911067742

September 20, 2007, 09:30 AM
Frans
Authorisation in Developer studio
Hi all,

Does anybody know if there is a possibilities to make some authorisations in Developer studio?

I want to authorise on application paths. Anybody got an idea?


Test: WF 8.2
Prod: WF 8.2
DB: Progress, REST, IBM UniVerse/UniData, SQLServer, MySQL, PostgreSQL, Oracle, Greenplum, Athena.
September 20, 2007, 10:48 AM
hammo1j
Use the user or group profiles to set APP PATH accordingly. For development this is a bit more tricky and you will have to use AppLock feature.

To run .prf with dots in you will have to get edasprof to check the userid see if the profile is there and run it explicitly unless this now fixed in 7.6


Server: WF 7.6.2 ( BID/Rcaster) Platform: W2003Server/IIS6/Tomcat/SQL Server repository Adapters: SQL Server 2000/Oracle 9.2
Desktop: Dev Studio 765/XP/Office 2003 Applications: IFS/Jobscope/Maximo
September 20, 2007, 05:53 PM
GinnyJakes
Frans,

You don't mention if your backend environment is Windows or some other platform. If it is Unix, I can explain, if you want, how we secure a huge (over 500 directories) self service implementation for a variety of user groups whose work needs to stay separate and untouchable by developers not in their specific group.

Not sure how you would do that in Windows. But if you want more detail, I'd be happy to share.


Ginny
---------------------------------
Prod: WF 7.7.01 Dev: WF 7.6.9-11
Admin, MRE,self-service; adapters: Teradata, DB2, Oracle, SQL Server, Essbase, ESRI, FlexEnable, Google
September 21, 2007, 05:33 AM
Frans
Hi Ginny,

This is installed on Windows 2003 server. Does WF in your case include user rights of the Unix environment?


I see in techmemo's that there's an option to activate applock. But I can't find it in WF 7.6.2


Test: WF 8.2
Prod: WF 8.2
DB: Progress, REST, IBM UniVerse/UniData, SQLServer, MySQL, PostgreSQL, Oracle, Greenplum, Athena.
September 21, 2007, 09:07 AM
GinnyJakes
Yes, unfortunately for you, we do make very liberal use of Unix file and directory permissions.

As for APPLOCK, it is not a command per se. Please see section "Restricting the Use of APP Commands" in the Server Administration manual. Yours would be UnixNtAsOpen_SrvAdm76x.pdf (I don't know if there is one for 762, haven't downloaded it yet, am using 761).

You need to be careful about using this feature in a self service environment, though. We decided against it because it restricts the use of many of the APP commands, including APP PREPENDPATH. The way our environment is set up is that we have a global profile, edasprof.prf, that points to all the generic master file directories that everyone has access to. Then each user has a profile with APP PREPENDPATH to point to his or her specific directories. The command is also coded in programs because many programs are run from a browser using a default id which only has access to the directories in edasprof.

Can you do something with directory share permissions in Windows?


Ginny
---------------------------------
Prod: WF 7.7.01 Dev: WF 7.6.9-11
Admin, MRE,self-service; adapters: Teradata, DB2, Oracle, SQL Server, Essbase, ESRI, FlexEnable, Google