Yes. Although we don't use it, I believe there is also a domain admin - or at least there used to be somewhere back in time - that has full access to only specified domains.
Regards,
Darin
In FOCUS since 1991 WF Server: 7.7.04 on Linux and Z/OS, ReportCaster, Self-Service, MRE, Java, Flex Data: DB2/UDB, Adabas, SQL Server Output: HTML,PDF,EXL2K/07, PS, AHTML, Flex WF Client: 77 on Linux w/Tomcat
September 22, 2008, 09:30 PM
ChannyS
Does no one find this to be a problem with security?
We have an NFR for a Production Support Role for MRE...so you will be able to give certain access by Domain - rather than all access to everything...still waiting....
In Focus since 1993. WebFOCUS 7.7.03 Win 2003
September 23, 2008, 12:03 PM
Darin Lee
Prarie, isn't that what the Content Manager Role is for?
As for the other question - what would be the definition of an admin? It's the person who has complete control over the system and can do whatever needs to be done.
If you have a mainframe, there's an admin who can control everything on the mainframe. If you have a Novell network, there's an admin who can access and control anything on the network. Someone has to have that role, but as Waz says, that person or person(s) should be selected carefully.
Some functions like making shared reports into standard reports, creating domains, moving reports between users, have to be done by someone who can see everything (users, reports, domains, etc.) and has rights to do everything. I wouldn't consider that a security problem unless the admin personally is a security risk - then that's an HR problem, not a system problem.
Regards,
Darin
In FOCUS since 1991 WF Server: 7.7.04 on Linux and Z/OS, ReportCaster, Self-Service, MRE, Java, Flex Data: DB2/UDB, Adabas, SQL Server Output: HTML,PDF,EXL2K/07, PS, AHTML, Flex WF Client: 77 on Linux w/Tomcat
September 23, 2008, 01:54 PM
Prarie
Well Darin...I'm not sure...can they change code? I'm just learning to be a MR adminstrator. I've been a Developer and Production Support role where I'm working now.
September 23, 2008, 05:31 PM
Waz
quote:
It's the person who has complete control over the system and can do whatever needs to be done.
That may be the case in some cases, but I would have thought a typical admin would have a role to administer the domains, i.e. create domains, create/change/delete users, deploying from "dev" to "Prod", etc.
As for access to reports, running, deleting, changing, I think would be on a site by site basis.
A more structured site would have specific roles, where a smaller or more general site would not.
Waz...
Prod:
WebFOCUS 7.6.10/8.1.04
Upgrade:
WebFOCUS 8.2.07
OS:
Linux
Outputs:
HTML, PDF, Excel, PPT
In Focus since 1984
Pity the lost knowledge of an old programmer!
September 24, 2008, 09:31 AM
PBrightwell
I think there is no way to secure the code from the administrator but you can control access to the data through your database security. Add a login routine requiring a password to your programs for restricted database access. You have to remember that if you do this you probably won't be able to run jobs through report caster.
Pat WF 7.6.8, AIX, AS400, NT AS400 FOCUS, AIX FOCUS, Oracle, DB2, JDE, Lotus Notes