[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference iosg::all-in-1_v30

Title:*OLD* ALL-IN-1 (tm) Support Conference
Notice:Closed - See Note 4331.l to move to IOSG::ALL-IN-1
Moderator:IOSG::PYE
Created:Thu Jan 30 1992
Last Modified:Tue Jan 23 1996
Last Successful Update:Fri Jun 06 1997
Number of topics:4343
Total number of notes:18308

363.0. "BUG - Set Mail User" by MSDSWS::DUNCAN (To boldly go..Where no one dares) Mon Mar 30 1992 20:15

    If I grant  a privileged user access to my mail for Process Mail only
    (NOT SEND MAIL), that user can STILL send mail if he has his prvs on.
    
    While this may not be a BIG problem as a privileged user can do
    anything (if they know how), it is still a problem.
    
    Don't tell  me, you want me to submit an SPR.  Right??  Thought you
    (the powers that be) might want to know about this.
    
    
    Darryl
T.RTitleUserPersonal
Name		DateLines
363.1Same for TeamLinksWARNUT::DORANMr Ken ShabbyTue Mar 31 1992 07:2914
    Darryl,
    
    This problem is due to the fact that ALL-IN-1 V3.0 uses only ACLs to
    decide access to file cabinets. It does not 'double check' by using
    ALL-IN-1 (eg an ALL-IN-1 validation form).
    
    This problem also means that a TeamLinks user can access any file
    cabinet on any ALL-IN-1 system on which he has priviliges.
    
    I believe that this is a problem - I believe that customers will see
    this as a problem. I mentioned this some months ago in the
    WINDOWS_OFFICE conference, but there will not (it seems) be a fix.
    
    Andy
363.2Not a bugIOSG::MAURICEIOSG ain't a place to raise a kidTue Mar 31 1992 09:2114
    If you do not wish users with SYSPRV to *easily* do this then you have
    to go the mail_access.dat file and remove System access to it. But if
    you do this don't fool yourself into believing that this, or anything
    else would stop the determined privileged user. By giving a user
    privileges you have declared your trust in the user.
    
    This is not a bug - this is just that we have by default taken the
    decision that our UI will allow System managers to have full access.
    You have the choice of customising the default behaviour if you so
    wish.
    
    Cheers
    
    Stuart
363.3Compare with: VMSMAIL> SET FILE [SECRET]MAIL.MAIIOSG::TALLETTJust one more fix, then we can ship...Tue Mar 31 1992 09:271