[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference iosg::all-in-1_v30

Title:*OLD* ALL-IN-1 (tm) Support Conference
Notice:Closed - See Note 4331.l to move to IOSG::ALL-IN-1
Moderator:IOSG::PYE
Created:Thu Jan 30 1992
Last Modified:Tue Jan 23 1996
Last Successful Update:Fri Jun 06 1997
Number of topics:4343
Total number of notes:18308

1880.0. "ACEs removed when user deleted ? profile vs VMS ??" by MSAM03::HOSOKEHUN () Tue Dec 01 1992 08:25

    HI,
    
    
    I do not have any ALL-IN-1 V3.0 system setup but customer just called
    to find out some details.. so I am hoping that someone from here can
    help to answer these questions.
    
    When I delete a user who had access to a shared folder, would the
    ACEs be removed automatically when the user gets deleted - profile
    only/ profile and VMS.
    
    
    Thanks and regards,
    Angeline
T.RTitleUserPersonal
Name		DateLines
1880.1In line with VMS security policySCOTTC::MARSHALLI'd rather be skiingTue Dec 01 1992 08:4914
>> would the
>> ACEs be removed automatically when the user gets deleted

The ACEs are not removed when the user's account (either profile, or VMS, or
both) is deleted.  This is in keeping with VMS security policy on ACLs.

If the user's VMS account is deleted, and hence their identifier is removed from
the rights database, the next time ALL-IN-1 updates the ACL for anything with
this user's ACE on it, (or, in fact, any ACE with a non-existent identifier) the
ACE will automatically (and silently) be removed.

Thus, over time, the ACEs will disappear.

Scott
1880.2still confused over ACls, ACEs and shared foldersMSAM03::HOSOKEHUNWed Dec 02 1992 02:2912
    ok....
    
    what happens when I delete a user's profile when this user has access
    to some share folders ??
    
    What haapens when this user has a group identifier ??
    
    
    thanks for taking the time to explain....
    
    Regards,
    Angeline
1880.3Depends on type shared drawersIOSG::SCMCM+ Development Team from TorinoWed Dec 02 1992 07:3922
Hi Angelina,

If a user has access to a number of shared drawers, and his/her account is 
deleted, the following happens:

1) S/He owned the shared drawer. Depending whether or not the drawer is 
   deleted also (a question asked during the process of deletion), in case
   it isn't, it will be taken over by the Holding Account specified in the 
   SSP (Set system policies)

2) S/He didn't own the shared drawer. If it's a local drawer, the ACL will
   contain the UIC of the deleted user, which .1) explained. If it's a 
   remote drawer nothing happens. The proxy account still exists on the 
   remote system.

In case of the user being part of a group, I guess s/he will be removed 
from the group, but I'm not sure.

Ciao,

	Simon
1880.4yes - deletedIOSG::TYLDESLEYWed Dec 02 1992 10:197
    re. >> In case of the user being part of a group, I guess s/he will be
        >> removed from the group, but I'm not sure.
    ========
    Yes - it's done by oa$lib:gs_delete_user.scp.
    
    Cheers
    DaveT