[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference iosg::all-in-1_v30

Title:	OLD ALL-IN-1 (tm) Support Conference
Notice:	Closed - See Note 4331.l to move to IOSG::ALL-IN-1
Moderator:	IOSG::PYE

Created:	Thu Jan 30 1992
Last Modified:	Tue Jan 23 1996
Last Successful Update:	Fri Jun 06 1997
Number of topics:	4343
Total number of notes:	18308

3896.0. "SMU - Privileges Needed?" by GUCCI::SMCNEILL (SHERRY MCNEILL @DCO) Thu Feb 17 1994 14:20

    I have a customer whose non-privileged users cannot perform the SMU
    option properly.
    
    If a user SMU to a user who has not granted them access they will get
    the correct message: You have not been granted mail access by this user.  
    
    If a user SMU to a user who HAS GRANTED them access they will get an
    error message:  Cannot find this user's drawer.
    
    If I give the user at least BYPASS privilege then SMU will work fine. 
    I think I narrowed it down to the MAIL SET_USER function.  If I perform
    this function interactively with no privileges same error:  cannot
    fined this user's drawer.  If I MAIL SET_USER interactively with
    privileges it will work fine.
    
    There is an ACL on MAIL_ACCESS, the user has RE privilege to the OA
    subdirectory and DOCDB and DAF.DAT has world access even though that
    may be wrong.
    
    I have had problems with file protections in the past at this site so
    the protections could very well be set incorrectly but I am at a blank
    as to what other files are involved.
    
    Any ideas as to what to do next?????
    
    Thanking you in advance,
    Sherry

T.R	Title	User	Personal Name	Date	Lines
3896.1		IOSG::MAURICE	I left my heart in Alcatraz	`Thu Feb 17 1994 17:57`	15
	Hi, Some questions: a) Can the user use the SDR (set drawer) command to access the Manager's drawer? b) If the Manager does an ID (index of drawers) and then does a read (R), do you get the warning about no World Execute access? c) Have you tried MUPA? Cheers Stuart
3896.2	Some answers	GUCCI::SMCNEILL	SHERRY MCNEILL @DCO	`Thu Feb 17 1994 19:06`	14
	a) No, if the user does SDR - gets message: No item satisfied the search criteria. b) If the manager does an ID from the FC menu the user's drawer is not there. If the manager does a select of the drawer from the MD menu it appears and says that you have control access. c) MUPA was installed on January 7, 1994 at 3:28 in the AM. This customer likes late nights. Hope this helps. Thanks, Sherry
3896.3		IOSG::MAURICE	I left my heart in Alcatraz	`Thu Feb 17 1994 21:15`	16
	Hi, Next step is to determine the drawer directory. This is shown on the R(ead) listing when the Manager selects the drawer from the index of available drawers. Next as the Manager do a $dir/sec of the file ACCESS.DAT in the drawer directory. Check that the sharee is on the list. Then as the unprivileged user go to DCL and try to do the same. Cheers Stuart
3896.4	Still going ...	GUCCI::SMCNEILL	SHERRY MCNEILL @DCO	`Thu Feb 17 1994 21:33`	9
	No, the user does not have access to ACCESS.DAT but there is an ACL on MAIL_ACCESS.DAT. What should the protection be on ACCESS.DAT? If there should be an ACL then the system is not putting one on it. It is a good possibility that the system manager changed the default protection on ACCESS.DAT so it could potentially be incorrect. Thanks
3896.5	Don't meddle with ALL-IN-1 files	IOSG::MARSHALL	When you've got a widget, you don't need gimmicks	`Fri Feb 18 1994 10:09`	12
	>> It is a good possibility >> that the system manager changed the default protection It's a bit dumb for system managers to change access to "system" files then complain when users can't access things! The file ACCESS.DAT is used to determine who can access the drawer. If I GMA someone (or give them any sort of access to my drawer), then an ACE for them will appear on ACCESS.DAT's ACL. Without that ACE they can't do SMU, or any other sort of drawer access. Scott
3896.6	I suspect the user rather than the Manager!	IOSG::MAURICE	I left my heart in Alcatraz	`Fri Feb 18 1994 15:45`	19
	Hi, For SMU to work it is a pre-requisite that the user has DELETE access to the drawer. Your evidence shows that the sharee does not have this access. Normally the GMA (grant mail access) will make sure that happens. However if the drawer is ADVANCED SHARED then the the sharer is asked whether GMA should share the drawer. This gives us two significant possibilities: a) The drawer is ADVANCED SHARED, and the the sharer indicated that s/he would do the drawer sharing bit later. b) The sharer did the GMA and let GMA share the drawer, but then later went to the drawer sharing menu and unshared the drawer! Cheers Stuart