I dunno if I agree with this one either, but that is the nature of the list, yes?
Public permission is a good concept, but - IMHO - is something that is way overly used and again - IMHO - is more or less an excuse to be lazy. It is more or like granting db_datareader to all of your accounts on sql server, rather than taking the time to construct an appropriate permissions schema. One of the first questions that should be asked right after the complimentary 'you want what' should be 'who is going to access it.' With this in mind, a new group should be created, or an existing group should be used to grant permissions to the workflow. Setting up the default permissons for new objects in the admin tool only takes a couple of moments to do. Macros? I thought that these were supposed to go the way of the dinosaur and become extinct. > Axton, > > I have to disagree with you. If I want a form to hold data which menus > will > be built from, I don't want anybody being able to change the data accept > those given access to the form, like APP-Administrator. But to allow menus > to be built for all users I have to give access to them to the actual > data. > Hence using Public Hidden access on the form. How can you explain away the > word "hidden" if a macro will quite happily make it visible! > > All it is hiding it from is the list of forms on the Object List. > > Brian Bishop > > -----Original Message----- > From: Action Request System discussion list(ARSList) > [mailto:[EMAIL PROTECTED] On Behalf Of Axton > Sent: 19 April 2006 17:38 > To: [email protected] > Subject: Re: Hidden permissions > > Hidden does not imply any type of security what-so-ever. If you realy > need to protect/restrict something then revoke/apply the permissions > appropriately. Same goes for fields as well. > > Axton Grams > > On 4/19/06, Brian Bishop <[EMAIL PROTECTED]> wrote: >> ** >> >> >> Hi Sarah, >> >> >> >> This issue is also applicable to the User Tool. If you write a macro to > open >> a form, as a basic user, and then amend the macro to open a form with > just >> "Public Hidden" access it will open and give you access to the data. I >> raised this as a security issue with Remedy but was told it was "as >> designed" so had to raise an enhancement requesting the facility to be > able >> to create forms that users can access data in but not be able to open. >> >> >> >> Mind you I thought that was what hidden forms were!! >> >> >> >> >> Brian Bishop >> >> >> ________________________________ >> >> >> From: Action Request System discussion list(ARSList) >> [mailto:[EMAIL PROTECTED] On Behalf Of Evans, Sarah (Outsourcing) >> Sent: 19 April 2006 10:18 >> To: [email protected] >> Subject: Hidden permissions >> >> >> >> >> Hi >> >> >> >> I've found on the product defects this: >> >> >> >> ID SW00222152: It is still in the status of New. >> >> >> >> The form can still be accessed through Mid-Tier directly if Hidden >> permissions are set on the form. >> >> >> >> Has the person who logged it heard anything back from Remedy? If so >> what >> did they say? >> >> >> >> Also anyone at Remedy is there a time estimate for this fix? >> >> >> >> Thanks >> >> >> Sarah >> >> >> >> This e-mail and any attachment is for authorised use by the intended >> recipient(s) only. It may contain proprietary material, confidential >> information and/or be subject to legal privilege. It should not be >> copied, >> disclosed to, retained or used by, any other party. If you are not an >> intended recipient then please promptly delete this e-mail and any >> attachment and all copies and inform the sender. Thank you. >> __20060125_______________________This posting was submitted >> with HTML in it___ __20060125_______________________This >> posting was submitted with HTML in it___ > > ____________________________________________________________________________ > ___ > UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
