[SOLVED] Domain Security

I am using WF 7.64. I develop in MRE. Currently, I'm the only developer. I have access to all domains. The company decided that I should NOT have access to one domain on our production box. It is the FINANCE domain. They don't want me to be able to change the source code within this one domain. Does anyone have any thought on how this can be accomplished ? I need to have access to all other domians, report caster, config files, etc ....

This message has been edited. Last edited by: Kerry,

Posts: 69 | Location: OH | Registered: November 09, 2004

Sayed

Guru

posted

Hide Post

Just remove that domain for your userid from MR Admin console. Your MR Administrator needs to do this because you will not have access to this with a developer role.

Thanks,
Sayed

WF 8.x and 7.7.x Win/UNIX/AS400, MRE/Portal/Self-Service, IIS/Tomcat, WebSphere, IWA, Realmdriver, Active Directory, Oracle, SQLServer, DB2, MySQL, JD Edwards, E-BIZ, SAP BW, R/3, ECC, ESSBASE

Posts: 285 | Location: Texas | Registered: June 27, 2006

Ignored post by Sayed posted

Show Post

CHERI

Gold member

posted

Hide Post

Currently, I sign into MRE via the admin id. Do a need to set up a new id ?

Posts: 69 | Location: OH | Registered: November 09, 2004

Ignored post by CHERI posted

Show Post

nubi

Guru

posted

Hide Post

source code? what teh fex code or the html for the domain page? either way can't your sysadmin just stop you from entering the folder via o/s security- just deny access to that entire folder and subfolder on the server- that way you will not be able to access and change the files outside of dev studio- i can only imagine those security rights are mirrored when you are in dev studio- someone else will have to verify this but i'd be surprised if it wasn't the case-

therefore its something the sysadmin needs to do at the first stage and this should cascade down into developer studio.

Developer Studio 7.64
Win XP
Output: mostly HTML, also Excel and PDF

"Never attribute to malice that which can be adequately explained by stupidity." - Heinlein's Razor

Posts: 285 | Location: UK | Registered: October 26, 2007

Ignored post by nubi posted

Show Post

Darin Lee

Virtuoso

posted

Hide Post

The problem is that you need to have access to all of the administrative functions (RC, config files, etc) so you must be at an admin level, but that level has access to ALL domains and there isn't a way to change that.

There may be something you can do with os security as nubi suggests, but it isn't as straightforward as that. It uses your MRE role security to decide who sees what, not the os security, although those can be combined. Also, (at least in our Linux environment) when a user modifies code, that code does not bear the userid of the user that modified it. It still has the WF system id which controls it.

I'm not a security guru (and I'm not on the latest version), but I would be inclined to say that you won't be able to do what you want without restricting your ability to access some of the administrator functions.

Regards,

Darin

In FOCUS since 1991
WF Server: 7.7.04 on Linux and Z/OS, ReportCaster, Self-Service, MRE, Java, Flex
Data: DB2/UDB, Adabas, SQL Server Output: HTML,PDF,EXL2K/07, PS, AHTML, Flex
WF Client: 77 on Linux w/Tomcat

Posts: 2298 | Location: Salt Lake City, Utah | Registered: February 02, 2007

Ignored post by Darin Lee posted

Show Post

PBrightwell

Master

posted

Hide Post

quote:
I'm the only developer

If you are also the WebFocus admin, your company needs to rethink this. If you don't have access to change this (as admin) then nobody will.

Pat
WF 7.6.8, AIX, AS400, NT
AS400 FOCUS, AIX FOCUS,
Oracle, DB2, JDE, Lotus Notes

Posts: 755 | Location: TX | Registered: September 25, 2007

Ignored post by PBrightwell posted

Show Post

<JG>

posted

CHERI

You do not say what platform, but OS security is the only option.

As you are the "only developer" you must at least have read access to be able to copy
to a development area should there be an issue.

WebFOCUS CAN NOT override OS security. Make the directory read/execute or just read if
they do do want you to see how badly the company is doing, and there should not be an issue.

There is an old saying, God did not have a basis to work on, that's why he got it so wrong with mankind.

Waz

Expert

posted

Hide Post

Sounds like you need a development and Production installation.

Waz...

Prod:	WebFOCUS 7.6.10/8.1.04	Upgrade:	WebFOCUS 8.2.07	OS:	Linux	Outputs:	HTML, PDF, Excel, PPT
In Focus since 1984
Pity the lost knowledge of an old programmer!