[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference iosg::all-in-1_v30

Title:	OLD ALL-IN-1 (tm) Support Conference
Notice:	Closed - See Note 4331.l to move to IOSG::ALL-IN-1
Moderator:	IOSG::PYE

Created:	Thu Jan 30 1992
Last Modified:	Tue Jan 23 1996
Last Successful Update:	Fri Jun 06 1997
Number of topics:	4343
Total number of notes:	18308

1021.0. "Delete access on shared drawer" by GYPSC::KRAMER (Fritz Kramer @UFC, Munich, 865-1305) Fri Jul 10 1992 08:16

    Hi,
    
    if I share a drawer with the ALL-IN-1 user MY_FRIEND and give MY_FRIEND
    delete/refile access, the following ACE will be propagated to the files in
    my drawers directory:
    
    
    ACCESS.DAT
    (IDENTIFIER=[MY_FRIEND],ACCESS=READ+WRITE+DELETE)
    
    DOC0.DIR ... DOC9.DIR, MSG.DIR
    (IDENTIFIER=[MY_FRIEND],ACCESS=READ+WRITE+DELETE)
    (IDENTIFIER=[MY_FRIEND],OPTIONS=DEFAULT,ACCESS=READ+WRITE+DELETE)
    
    documents-in-the-subdirs
    (IDENTIFIER=[MY_FRIEND],ACCESS=READ+WRITE+DELETE)
    
    
    I thought that the semantic of the delete/refile flag is that MY_FRIEND
    can delete/refile documents in the shared drawer, but it appears (or am
    I missing something) that MY_FRIEND can delete the complete drawer (docs,
    DIR's and ACCESS.DAT) without having control access.
    
    Fritz
    worse the DIR-Files (

T.R	Title	User	Personal Name	Date	Lines
1021.1	Not as bad as it might seem	IOSG::MAURICE	Ceci n'est pas une note	`Fri Jul 10 1992 11:43`	22
	Hi Fritz, You're talking about the scenario where a user goes round ALL-IN-1 to VMS to see what can be done there. The worst MY_FRIEND can do is to delete ACCESS.DAT which would effectively unshare the drawer. MY_FRIEND is not able to share the drawer with other users. It's for reasons like this that ACCESS.DAT was invented, i.e. we didn't put these protections on DOCDB.DAT so that MY_FRIEND cannot delete vital data. (ACCESS.DATA is an empty file with no data in it) MY_FRIEND could also delete any directories that are empty. But no actual data would be lost. The drawer would continue to exist and function. I think that if MY_FRIEND did do this then Rename User would be invoked so that the new name would be EX_FRIEND. ;^) Cheers Stuart
1021.2	empty the directory, then delete it itself	GYPSC::KRAMER	Fritz Kramer @UFC, Munich, 865-1305	`Fri Jul 10 1992 13:02`	23
	Hi Stuart, > MY_FRIEND could also delete any directories that are empty. But no > actual data would be lost. The drawer would continue to exist and > function. MY_FRIEND could empty the directories and then delete the directories themself. After that nobody couldn't create any new documents in that drawer, unless someone privileged recreates the directories again. Ok, that's not too bad, but why not just remove the delete-access from the ACE (for the DOC's and ACCESS.DAT). I think the shared drawer access would function as before and the risk to corrupt the drawer (outside of ALL-IN-1) is minimized further. Just an idea Fritz
1021.3	refile == copy then delete	CHRLIE::HUSTON		`Fri Jul 10 1992 14:28`	17
	re .2 >Ok, that's not too bad, but why not just remove the delete-access from the >ACE (for the DOC's and ACCESS.DAT). Refile is basically a copy followed by delete. So you need delete access in order to do a refile. >I think the shared drawer access would function as before and the risk to >corrupt the drawer (outside of ALL-IN-1) is minimized further. How can something brand new function as it did before if it didn't exist before?? :-) --Bob
1021.4	Maybe I was unclear...	GYPSC::KRAMER	Fritz Kramer @UFC, Munich, 865-1305	`Mon Jul 13 1992 12:33`	40
	Bob maybe I was a bit unclear in my reply, so I'll give it another try: 1) If user MY_FRIEND has delete/refile access on my drawer, the following ACL will be propagated to my RMS-Files ---------------------------------------------------------------------- ACCESS.DAT (IDENTIFIER=[MY_FRIEND],ACCESS=READ+WRITE+DELETE) DOC0.DIR ... DOC9.DIR, MSG.DIR (IDENTIFIER=[MY_FRIEND],ACCESS=READ+WRITE+DELETE) (IDENTIFIER=[MY_FRIEND],OPTIONS=DEFAULT,ACCESS=READ+WRITE+DELETE) documents-in-the-subdirs (IDENTIFIER=[MY_FRIEND],ACCESS=READ+WRITE+DELETE) ---------------------------------------------------------------------- 2) To reach the same (delete/refile-access) from ALL-IN-1, wouldn't it be sufficient to place the following ACL's on the RMS-Files ---------------------------------------------------------------------- ACCESS.DAT (IDENTIFIER=[MY_FRIEND],ACCESS=READ+WRITE+DELETE) DOC0.DIR ... DOC9.DIR, MSG.DIR (IDENTIFIER=[MY_FRIEND],ACCESS=READ+WRITE) <-- NO delete access !!!!!! (IDENTIFIER=[MY_FRIEND],OPTIONS=DEFAULT,ACCESS=READ+WRITE+DELETE) documents-in-the-subdirs (IDENTIFIER=[MY_FRIEND],ACCESS=READ+WRITE+DELETE) ---------------------------------------------------------------------- Fritz
1021.5	Not sure why...	CHRLIE::HUSTON		`Mon Jul 13 1992 14:52`	29
	Fritz, sorry for the confusion... >To reach the same (delete/refile-access) from ALL-IN-1, wouldn't it be >sufficient to place the following ACL's on the RMS-Files > >---------------------------------------------------------------------- >ACCESS.DAT >(IDENTIFIER=[MY_FRIEND],ACCESS=READ+WRITE+DELETE) > >DOC0.DIR ... DOC9.DIR, MSG.DIR >(IDENTIFIER=[MY_FRIEND],ACCESS=READ+WRITE) <-- NO delete access !!!!!! >(IDENTIFIER=[MY_FRIEND],OPTIONS=DEFAULT,ACCESS=READ+WRITE+DELETE) > >documents-in-the-subdirs >(IDENTIFIER=[MY_FRIEND],ACCESS=READ+WRITE+DELETE) >---------------------------------------------------------------------- Off the top of my head I cannot think of a draw back to what you suggest, maybe stuart can. All access for drawer delettion will be done via access.dat so as long as the guy has delete access to that he can delete the drawer. The FCS would use its privs to do the actual delete. --Bob