[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference iosg::all-in-1_v30

Title:	OLD ALL-IN-1 (tm) Support Conference
Notice:	Closed - See Note 4331.l to move to IOSG::ALL-IN-1
Moderator:	IOSG::PYE

Created:	Thu Jan 30 1992
Last Modified:	Tue Jan 23 1996
Last Successful Update:	Fri Jun 06 1997
Number of topics:	4343
Total number of notes:	18308

3632.0. "One user gets CAB_DRWDISABLED ?" by COPCLU::COPLE4::GLARGAARD (Allan Glargaard, DS @DMO) Mon Dec 06 1993 11:22

  Hi!

  One user at a customer site cannot add a known drawer on the system
  to her own list of drawers. She can see it on IAD, but gets an
  CAB_DWRDISABLED (drawer has been disabled) error when trying to add
  it to her list.

  All other users on the system have no problem with this drawer, and
  an MGT MFC MD ENA on this drawer says "Drawer is already enabled".

  Using the Add Drawer option instead, specifying 
  HV1::"[MANAGER]AKB TEGNINGSARKIV" also gives an CAB_DWRDISABLED.

  The trace I've done doesn't give much information, but maybe I need
  glasses? :-)

  Any clues?

  Best regards,
  Allan

T.R	Title	User	Personal Name	Date	Lines
3632.1		IOSG::MAURICE	Insufficient hair for flower	`Wed Dec 08 1993 01:58`	18
	Hi, I'm at DECUS on a slow line and don't have the books, but I vaguely remember the enabled/disabled flgag is a PARTITION field. Try <get partition.disabled["[username]MAIN"] I'm sorry but I'm not exactly sure of the field name. When you have it, you can use WRITE CHANGE PARTITION etc. to enable the drawer. Can other users access the drawer OK? If so then the above is not the problem. Cheers STuart
3632.2	All but one user can see the drawer!	COPCLU::COPLE4::GLARGAARD	Allan Glargaard, DS @DMO	`Wed Dec 08 1993 09:26`	21
	Re: .1, Stuart > Try <get partition.disabled["[username]MAIN"] I will try so when I get to the customer system again, but isn't that what a MGT MFC MD ENA checks first? It says "Drawer is already enabled" > Can other users access the drawer OK? If so then the above is not the > problem. Yup, the drawer is common to all users, and so far I've only heard of this one user having the problem. Starting TeamLinks for a different user (or ALL-IN-1 NEWDIR to another user) gives access to the drawer with no problems - I can read the folder and the one document that is in there. Thanks for trying to help, do you want to give it another try? :-) Best regards, Allan
3632.4	WILLCO, but not until customer has AES/DSN	COPCLU::COPLE4::GLARGAARD	Allan Glargaard, DS @DMO	`Mon Dec 13 1993 09:32`	17
	Stuart, I will post a pointer to the trace file as soon as my customer gets their AES connection established. I don't want to go on-site just for this one user :-) Btw, all users lost the connection to a common drawer since we changed the access to it from WORLD to LOCAL. It turned out that none of the users had the identifier LOCAL. I put *WORLD back on the drawer and will try to find the missing LOCAL stuff somewhere. I don't quite understand why the users don't have the LOCAL by default, because I certainly do on all the systems I have access to, if they are running DMW/ALL-IN-1 or not doesn't matter. Strange. The story will continue, but take a break now ... waiting for AES ... waiting ... waiting ... Best regards, Allan
3632.5	Doesn't help your problem, but...	IOSG::MARCHANT	I'd sink therefore I swam	`Mon Dec 13 1993 10:32`	16
	FYI > changed the access to it from WORLD to LOCAL. It turned out that > none of the users had the identifier LOCAL. I put *WORLD back on the > drawer and will try to find the missing LOCAL stuff somewhere. I > don't quite understand why the users don't have the LOCAL by > default, because I certainly do on all the systems I have access to, > if they are running DMW/ALL-IN-1 or not doesn't matter. Strange. You only get the `LOCAL' identifier if you connect to a system via LAT or a directly connected VT. If you `$SET HOST' to a system, VMS will give you `REMOTE' instead (VMS even does this if you `$SET HOST 0' from a session with the `LOCAL' identifier!!) Cheers, Paul.
3632.6	WORLD and LOCAL confusion ... hmm	COPCLU::COPLE4::GLARGAARD	Allan Glargaard, DS @DMO	`Mon Dec 13 1993 15:07`	15
	Re:.5, Paul So, only a VT user has the LOCAL identifier. Does this mean that I can't give all my TeamLinks users access to a drawer in one go, except by granting WORLD access to my drawer? LOCAL translates to an ACL=(IDENTIFIER=LOCAL,ACCESS=...) WORLD translates to an ACL=(IDENTIFIER=*,ACCESS=...) Maybe this is documented but I don't understand it. Best regards, Allan
3632.7	more ...	IOSG::MARCHANT	I'd sink therefore I swam	`Mon Dec 13 1993 17:50`	22
	> So, only a VT user has the LOCAL identifier. Only a VT user _can_ have the LOCAL identifier (whether they have it or not depends on how they logged into the system.) In case there's any confusion, the identifiers `LOCAL', `REMOTE', `INTERACTIVE', `BATCH' etc. are granted to processes by VMS when you log into the system - they have nothing to do with ALL-IN-1. ALL-IN-1 does however map the `LOCAL' group onto the `LOCAL' identifier, so members of the `LOCAL' group will be those processes that VMS decided were local when they were created. > Does this mean that I can't give all my TeamLinks users access to a > drawer in one go, except by granting WORLD access to my drawer? Yes. But you can get round this, however, by creating a group that has all your TeamLinks users in it, and granting that group access to your drawer. Hope this helps, Paul.
3632.8	Thanks Paul (CAB_DRWDISABLED still open)	COPCLU::COPLE4::GLARGAARD	Allan Glargaard, DS @DMO	`Tue Dec 14 1993 08:55`	14
	Re:.7, Paul, thanks for the clarification on LOCAL, REMOTE etc - I did not know that. I'll ask my customer to create a TL_USERS group or similar. Anyone willing to offer a script to put all the users in a group? :-) I still don't know why oneuser can get a CAB_DRWDISABLED, but I wil investigate further some other day... Best regards, Allan
3632.9	for a small fee...;-)	IOSG::TYLDESLEY		`Tue Dec 14 1993 09:34`	12
	Allan, >Anyone willing to offer a script to put all the users in a group? :-) You could quite simply hack out the queue management bits from SM_QMA_ADD_USER.SCP and you would be left with a script to add a user to group. You could then put this in a profil loop e.g. for profil with not (.direct eqs " " or .user = "@" or .user <=> ":") do - Cheers davet
3632.10	A TeamLinks user should be LOCAL (SPR time?)	COPCLU::COPLE4::GLARGAARD	Allan Glargaard, DS @DMO	`Fri Dec 17 1993 13:24`	15
	Re: .7, Paul After having thought it over, I think that a TeamLinks user should also have the LOCAL rights. After all, the TeamLinks user has given his username and password in order to connect to the server, then why should he not have the same privileges as a local interactive user. I consider this a bug in the OAFC$SERVER authentication code! I'll SPR when I get to know my IPMT stuff ... :-) Best regards, Allan
3632.11	Already bugged (THRs 16453 & 17077) but...	IOSG::MARCHANT	I'd sink therefore I swam	`Sun Dec 19 1993 23:01`	26
	Re: .10 > After having thought it over, I think that a TeamLinks user should also > have the LOCAL rights. Pragmatically, I agree. It'll be easier to do that, than fix the problem at the real source - the bad choice of using something as ephemeral as the LOCAL identifier in the first place. > After all, the TeamLinks user has given his username and password in > order to connect to the server, then why should he not have the same > privileges as a local interactive user. They do! You're just not comparing like with like. TeamLinks users connect over the network, and you'll find VT users that connect over the network (via $SET HOST) will have the same problems as TeamLinks users. Of course most VT users have a workaround, unlike TeamLinks users, which is why I agree in the first paragraph above. > I consider this a bug in the OAFC$SERVER authentication code! Actually you mean the authorisation code, but we don't want to start going down that rathole... ;-) Cheers, Paul.