[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference iosg::all-in-1_v30

Title:	OLD ALL-IN-1 (tm) Support Conference
Notice:	Closed - See Note 4331.l to move to IOSG::ALL-IN-1
Moderator:	IOSG::PYE

Created:	Thu Jan 30 1992
Last Modified:	Tue Jan 23 1996
Last Successful Update:	Fri Jun 06 1997
Number of topics:	4343
Total number of notes:	18308

4241.0. "Template documents and XOWN" by UTRTSC::SMEETS (Alpha AXP Compatible LinkWorks Mouse) Wed Jun 08 1994 15:53

Hello,

Customer running ALL-IN-1 V3.0 report the following reproducible problem.

An subscriber with no ALL-IN-1 privileges specifies a Template Document when 
creating a new document, the result is an empty document. After exiting this 
document either with Gold-F or Gold-K, the following messages are shown:

%OA-E-MRGINF, error opening merge file "[.DOC7]ZVGIKFLHE.WPL"
%OA-W-NOPRV_XOWN, No privilege to execute "OWN" elements
%OA-I-LASTLINE, Documeny is not created

According to the customer and myself this is not correct.

What's your opinion ?

Martin

T.R	Title	User	Personal Name	Date	Lines
4241.1	Uh	AIMTEC::WICKS_A	Atlanta's Most (In)famous Welshman	`Wed Jun 08 1994 17:31`	7
	Martin, what is not correct? does the user have PRVXOWN - see note 34. Regards, Andrew.D.Wicks
4241.2	Ok, here's more information	UTRTSC::SMEETS	Alpha AXP Compatible LinkWorks Mouse	`Wed Jun 08 1994 19:41`	19
	Hello Andrew, > what is not correct? does the user have PRVXOWN - see note 34. As specified in .0 user doesn't have any privileges, so also no XOWN privilege The problem is that a "normal" user without any ALL-IN-1 privileges is not able to create documents using template documents a standard ALL-IN-1 functionality. 1. Create a document by specifying drawer, folder and name and press NextScreen 2. Specify the template (drawer, folder, title). I don't understand why a user should have this privilege, merging is done in a lot of places within ALL-IN-1 without complaining about this privilege. Regards, Martin
4241.3	Second opinion...	UTRTSC::SMEETS	Alpha AXP Compatible LinkWorks Mouse	`Thu Jun 09 1994 07:51`	12
	Hello, This morning I showed the behaviour to my collegue Jan Schollaert and he also said this is a bug. Is it SPR time ? An official commitment would be appriciated ! Regards, Martin
4241.4	An opinion from IOSG	IOSG::SHOVE	Dave Shove -- REO2-G/M6	`Thu Jun 09 1994 11:54`	31
	Well, this is still true in v3.1. It is documented, but perhpas not forcefully enough. Section 4.3.7 in the ALL-IN-1 Management Guide, under XOWN privilege, says: "Y in this field allows the user to execute scripts and document templates in the user area ..." (It doesn't say, but does imply, that N in this field will take these facilities away). We had a lot of trouble defining the way these new (in v3.0) privs worked, because a number of the things ALL-IN-1 does for users from the standard user interface can be "abused". Up to v3.0, we always claimed that this "abuse" didn't matter, as normal VMS file protections would, on a properly run system, prevent the user doing anything seriously wrong. However, we were eventually persuaded to add these new privs to restrict what the user could do, in areas where some customers felt that some kind of abuse was nevertheless possible. We tried to do this to allow as much as possible of the normal user facilities still to work, but this is one area where that just wasn't possible. You might well feel that an SPR is justified - it might get answered by making the documentation more forceful rather than changing the code though. Dave (please note that this isn't an official view, much less any kind of commitment. If you want those, you need to talk to the product manager.)
4241.5	Document enhancement	UTRTSC::SMEETS	Alpha AXP Compatible LinkWorks Mouse	`Thu Jun 09 1994 12:14`	22
	Hello Dave, Thanks for your opinion. Maybe the documentation could be enhanced as follows: XOWN "Y in this field allows the user to execute scripts and document templates in the user area ..." Futhermore allows users to execute UDPs and merging WPS-PLUS Document templates. > You might well feel that an SPR is justified - it might get answered by > making the documentation more forceful rather than changing the code > though. Changing the code seems to me a tough job, I would prefer a document change. I'll ask the customer how he feels about this.. Thanks, Martin
4241.6	Customer doesn't agree	UTRTSC::SMEETS	Alpha AXP Compatible LinkWorks Mouse	`Thu Jun 09 1994 15:54`	12
	Hello, I talk to the customer. He doesn't accept the explanation. He also states "I don't need the XOWN privilege when I execute UDP's, why should I need this privilege when I do something which is (was) a standard ALL-IN-1 functionality" I create a document using a template document and as user I'm not interessed in merge functions and XOWN privileges. If ALL-IN-1 needs a merge operation to do its job, ok, but it should complain not having a privilege ! So he'll sumbit an SPR (IPMT) Martin
4241.7	API functions	IOSG::NEWLAND	Richard Newland, IOSG, REO2-G/L2	`Thu Jun 09 1994 17:14`	27
	The Template Document selected from the Creating New Document form has always been MERGED, and not just copied. This means that it can contain MERGE directives, including <&OA function\...> which therefore provides a mechanism to do application programming. It is for this reason that this operation is controlled by the ALL-IN-1 XOWN privilege. MERGE operations from compiled files are allowed but MERGE operations from non-compiled files are not, and the source template document is an example of a non-compiled file. UDPs are sets of keystrokes entered at the normal user interface, and therefore are not controlled by the XOWN privilege. For security reasons the ability to execute application programming functions is controlled by ALL-IN-1 privileges. Executing keystrokes from a UDP is not equivalent to executing application programming functions. ALL-IN-1 V2.4, and earlier versions, did not have XOWN privilege but all users could perform the operations which are now controlled by this privilege. By not granting users the XOWN privilege the customers has decided to further restrict what users can do. Another method of creating a document from the contents of another document, without performing a MERGE, is to use MCD (Make copy of document) to make a copy of the 'template document' and then edit the new document. Richard
4241.8	Let's stop this discussion	UTRTSC::SMEETS	Alpha AXP Compatible LinkWorks Mouse	`Fri Jun 10 1994 08:33`	27
	Hello Richard, Thanks for your (engineerings) point of view. > The Template Document selected from the Creating New Document form has > always been MERGED, and not just copied. This means that it can contain > MERGE directives, including <&OA function\...> which therefore provides a > mechanism to do application programming. It is for this reason that this > operation is controlled by the ALL-IN-1 XOWN privilege. Mr. Customers answer: My template documents are plain text documents without any merge directives, so I don't use and need the API's. So for merging plain text template documents the XOWN privilege isn't needed, however if one decides to use merge directives in his template document than the XOWN privilege is needed. end of Customer's answer. As the customer already has submitted an SPR, I think it is better to close this topic. There always will be customers which are never 100% satiesfied. Martin p.s. My own opinion is "Granting XOWN privilege isn't a big deal." I know a lot of sites which grant this privilege by default to ALL users.
4241.9	(Selectively) Turn it into MCD?	IOSG::PYE	Graham - ALL-IN-1 Sorcerer's Apprentice	`Fri Jun 10 1994 10:34`	8
	If the customer is sure that his "template" is really going to only be text for ever, then you could customise it to do 'MCD' rather than a merge. You could even be clever and conditionalise that based on whether the caller had XOWN. Graham PS I suppose we should do that in the base....