Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     WF 7.6 Dev Studio and Windows Security Groups

Read-Only Read-Only Topic
Go
Search
Notify
Tools
WF 7.6 Dev Studio and Windows Security Groups
 Login/Join
 
Laure
Gold member
posted
We would like to restrict folks with DEVELOPER security in Dev Studio to allow updating of only specific Domain files. We've found that anyone given developer access and the domain access can update the domains. We only want developers to be able to update thier personal domain, yet read other domains. Has anyone successfully done this? Any suggestions?

We are running 7.6 on Windows using Active Directory.
Thanks in advance.


Laure

Prod: WebFOCUS 7.7.03 - MRE, BID, - WindowsXP - Oracle 9i, SQLServer, DevStudio 7.7.3 - Apache Tomcat , Output: HTML, Excel 2013 and PDF
 
Posts: 78 | Location: Florida | Registered: December 07, 2006Report This Post
dhagen
Virtuoso
posted Hide Post
Since you are using AD anyway, why not tie in directory read/writes to the userid, where you give the user read access to the domain directories you want them to see, and read/write to the domains you want them to contribute to. I realize that this is a two step process, but it should at least achieve the desired result.


"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott
 
Posts: 1102 | Location: Toronto, Ontario | Registered: May 26, 2004Report This Post
Prarie
Virtuoso
posted Hide Post
Does that work in MRE?


In Focus since 1993. WebFOCUS 7.7.03 Win 2003
 
Posts: 1903 | Location: San Antonio | Registered: February 28, 2005Report This Post
Laure
Gold member
posted Hide Post
This is exactly what we tried.
Windows security group with read access on the domain directory and the user account assigned to the group.

When that user access the domain within MRE they are still able to modify the files.

It seems that the MRE must access these files as someone else, not the user account logged into MRE.


Laure

Prod: WebFOCUS 7.7.03 - MRE, BID, - WindowsXP - Oracle 9i, SQLServer, DevStudio 7.7.3 - Apache Tomcat , Output: HTML, Excel 2013 and PDF
 
Posts: 78 | Location: Florida | Registered: December 07, 2006Report This Post
dhagen
Virtuoso
posted Hide Post
Ya ... sorry about thatFrowner I guess I didn't think that one all the way through.

Application files (/ibi/apps directory) are under the control of the reporting server, and as such, can take advantage of OS level directory rights - such as AD if you are running under windows. The problem here is that MRE is actually controlled and written to by the web application (ibi_apps). When content is created in MRE, it is created solely by the web app without any involvement from the reporting server. Therefore - I think - that OS level security is bound to the credentials of the web app or application server.

If this is true, then I suspect that authorization for disk writes is handled programmatically by the web app. In other words, you would probably have to request some security changes to the existing MRE roles to achieve what you are looking for.

The key phrase above is "I think", so don't take my word for it!


"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott
 
Posts: 1102 | Location: Toronto, Ontario | Registered: May 26, 2004Report This Post
Laure
Gold member
posted Hide Post
I suspect you are correct. We've come up with the same assumptions.
Thanks.


Laure

Prod: WebFOCUS 7.7.03 - MRE, BID, - WindowsXP - Oracle 9i, SQLServer, DevStudio 7.7.3 - Apache Tomcat , Output: HTML, Excel 2013 and PDF
 
Posts: 78 | Location: Florida | Registered: December 07, 2006Report This Post
Prarie
Virtuoso
posted Hide Post
What are those changes. I'm told by my admin...you cannot do this in MRE at all. I'm wondering why? Why can't I just see the code and not update.


In Focus since 1993. WebFOCUS 7.7.03 Win 2003
 
Posts: 1903 | Location: San Antonio | Registered: February 28, 2005Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     WF 7.6 Dev Studio and Windows Security Groups

Copyright © 1996-2020 Information Builders