What's the best way...

Deskin, Bob Bob.Deskin@Cognos.COM
Thu, 18 Mar 1999 09:07:20 -0500 

Based on this discussion, I have passed on a suggestion to modify the
ACTIVITIES to allow specificcation of a list of ASCs. There are no
guarantees about when this would get in of course.

Bob Deskin              
Senior Product Advisor, Application Development Tools, Cognos Inc.
bob.deskin@cognos.com (613) 738-1338 ext 4205 FAX: (613) 228-3149
3755 Riverside Drive P.O. Box 9707 Stn. T, Ottawa ON K1G 4K9 CANADA


-----Original Message-----
From: Robert J.M. Edis [mailto:Robert.Edis@creatcomp.com]
Sent: Thursday, March 18, 1999 8:50 AM
To: 'powerh-l@lists.swau.edu'
Subject: RE: What's the best way...


Chris

I'm a little bit puzzled by your statement that quick has to open the
file/table in read/write mode.  Security can be implemented on many levels,
at least in a VMS environment.  The first level of write prevention I would
use on the table is a RIGHTS IDENTIFIER on the file or table.  If the user
only has read privileges to the file, it doesn't matter what security you
put in the Quick screen.  However, a dumb user will not find out they don't
have ENTRY,CHANGE or DELETE capability until they try to perform a screen
update.  Then they will get a nasty message from the file system.

I think the simplest way is the conditional compile method and use the ASC
at the menu level to select which QKC to run.  This PLUS the RIGHTS
IDENTIFIER of course.  Someone already stated that an enterprising user will
find a way around the screen security.

If you have the case where different users are allowed to update different
fields then you will be forced to perform an ASC check in an EDIT procedure
for each screen field plus the PREUPDATE procedure.

Contrary to Bob's observation about the extent of usage for these methods, I
have seen them used extensively on at least three large systems.

Blue
PowerHouse consultant
Rhode Island, USA

Disclaimer:
The opinions and ideas expressed in this message are my own and have no
relationship to my current employer, Initial Technical Staffing, its client
CCI, or any of CCI's clients.



	-----Original Message-----
	From:	Chris Sharman [SMTP:Chris.Sharman@ccagroup.co.uk]
	Sent:	Thursday, March 18, 1999 6:59 AM
	To:	Bob.Deskin@Cognos.COM
	Cc:	Chris.Sharman@ccagroup.co.uk; powerh-l@lists.swau.edu
	Subject:	RE: What's the best way...

	>This sort of need doesn't come up very often which is why we don't
have mode
	>based security. It's been a nice to have but not a killer.

	Well, nearly everyone seems to have their own fixes, of varying
nastiness.
	Even when you've done all that procedural coding (which we all
bought
	Powerhouse in order to avoid), you still have to give write access
to the data
	to all the readers to allow Quick to open the files, so the
knowledgeable can
	still exploit that to alter/trash the data by other means if you're
not careful.

	There's a lot to be said for having Quick work in readonly mode when
it can't
	open the data files read/write. That would get rid of all this
horrible code
	and the potential security hole, and give us all screens that worked
either
	way. To preserve existing behaviour you could add an "ALLOWREADONLY"
keyword or
	similar to the screen or file statement.

	"Nice to have" is what it's all about with a premium product, I
think.

	BTW, nice to see REVERSE is present in all 8.x components: any other
	corrections to my post of gains & losses for VMS 7->8 ?

	Chris
	
______________________________________________________________________
	Chris Sharman			Chris.Sharman@CCAgroup.co.uk
	CCA Stationery Ltd, Eastway, Fulwood, Preston, Lancashire, PR2 9WS.
	= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
= = = =
	Subscribe: "subscribe powerh-l" in message body to
majordomo@lists.swau.edu
	Unsubscribe: "unsubscribe powerh-l" in message to
majordomo@lists.swau.edu
	powerh-l@lists.swau.edu is gatewayed one-way to
bit.listserv.powerh-l
	This list is closed, thus to post to the list, you must be a
subscriber.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Subscribe: "subscribe powerh-l" in message body to majordomo@lists.swau.edu
Unsubscribe: "unsubscribe powerh-l" in message to majordomo@lists.swau.edu
powerh-l@lists.swau.edu is gatewayed one-way to bit.listserv.powerh-l
This list is closed, thus to post to the list, you must be a subscriber.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Subscribe: "subscribe powerh-l" in message body to majordomo@lists.swau.edu
Unsubscribe: "unsubscribe powerh-l" in message to majordomo@lists.swau.edu
powerh-l@lists.swau.edu is gatewayed one-way to bit.listserv.powerh-l
This list is closed, thus to post to the list, you must be a subscriber.