| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 2693.1 | Nothing new here... | SCOTTC::MARSHALL | Spitfire Drivers Do It Topless | Tue May 11 1993 10:47 | 17 |
| Hi,
>> different from *violating* the system. In this case,
>> a user, innocently, may see all the drawers in the system
If a privileged user were to do $ DIR USER1:[000000]*.DIR, they would
"innocently" see everyone's login directory, so I don't think ALL-IN-1 is
giving anything away by showing every drawer to privileged users.
Basically, ALL-IN-1 V3.0 will not let a user do anything they couldn't do
by other means. What it does do, however, is make more visible the "power"
that a privileged user has. IE previously "the management" gave their system
managers privileges and because they didn't understand it, didn't worry. Now
they can better understand it, they worry and will be more careful about who
they give privileges to. IMVHO that is a good thing.
Scott
|
| 2693.2 | IAD/ADR not equal to drawer access | CHRLIE::HUSTON | | Tue May 11 1993 15:24 | 16 |
|
As Scott says in .1, they can't do anything via ALL-IN-1 that they
cannot do via VMS anyway.
Just because a user can see and add a drawer via IAD, does not mean
he can access that drawer, or the contents of it. If the user has
the OAFC$SYSMAN rights ID the IAD will show all drawers to the user
(OAFC$SYSMAN means the guy is priv'd as a manager). any drawer can
be added to anyones file cabinet, there is no access check during
the add (sort of like adding any notes conference to your VAX notes
notebook.). The access checks, and/or existance checks will be done
when the person tries to access the drawer.
--Bob
|
| 2693.3 | Done to death before! | IOSG::PYE | Graham - ALL-IN-1 Sorcerer's Apprentice | Tue May 11 1993 19:38 | 3 |
| This "problem" has been discussed at length earlier in this conference.
Graham
|
| 2693.4 | Which note? | COPCLU::ELIN | Elin Christensen @DMO, DTN 857-2406 | Wed Jun 15 1994 15:13 | 14 |
|
> This "problem" has been discussed at length earlier in this conference.
>
> Graham
I cannot find it. Could you give me a pointer?
I have a customer who is worried about what his privileged users might now
realize that they have access to.
He thinks that there should be something in ALL-IN-1 (datafiles or other
arrangements) that prevented other users than those explicitly listed in
ALL-IN-1 drawer administration from getting access to the documents.
Elin
|
| 2693.5 | | IOSG::PYE | Graham - ALL-IN-1 Sorcerer's Apprentice | Wed Jun 15 1994 19:37 | 9 |
| No, I can't offhand, but it has been often discussed and at some
length. Try some more searches. Or perhaps it was in A1INFO, sincew it
might have been considered a security risk and hence not wise for
general view.
Failing that, get someone in Atlanta to search the STARS database of
all the notes from this conference!
Graham
|
| 2693.6 | for example | AIMTEC::WICKS_A | Atlanta's Most (In)famous Welshman | Wed Jun 15 1994 21:00 | 1 |
| note 3227?
|
| 2693.7 | hidden? | COPCLU::ELIN | Elin Christensen @DMO, DTN 857-2406 | Thu Jun 23 1994 11:16 | 3 |
| Note 3227 must be a hidden one. I can't find it.
Elin
|