Ok, so you give them (Public) permissions to the form (visible or hidden, doesn't matter) and you give them read only permissions to the fields (Public read, APP-Administrator write). Visibility of the forms or fields don't offer any protection from what can be done with the api; which is what everything is built upon.
This way anyone can read the data, but only APP-Administrator can change it. Again, has nothing to do with the visibility of the form or fields. Axton Grams On 4/19/06, Brian Bishop <[EMAIL PROTECTED]> wrote: > Axton, > > I have to disagree with you. If I want a form to hold data which menus will > be built from, I don't want anybody being able to change the data accept > those given access to the form, like APP-Administrator. But to allow menus > to be built for all users I have to give access to them to the actual data. > Hence using Public Hidden access on the form. How can you explain away the > word "hidden" if a macro will quite happily make it visible! > > All it is hiding it from is the list of forms on the Object List. > > Brian Bishop > > -----Original Message----- > From: Action Request System discussion list(ARSList) > [mailto:[EMAIL PROTECTED] On Behalf Of Axton > Sent: 19 April 2006 17:38 > To: [email protected] > Subject: Re: Hidden permissions > > Hidden does not imply any type of security what-so-ever. If you realy > need to protect/restrict something then revoke/apply the permissions > appropriately. Same goes for fields as well. > > Axton Grams > > On 4/19/06, Brian Bishop <[EMAIL PROTECTED]> wrote: > > ** > > > > > > Hi Sarah, > > > > > > > > This issue is also applicable to the User Tool. If you write a macro to > open > > a form, as a basic user, and then amend the macro to open a form with > just > > "Public Hidden" access it will open and give you access to the data. I > > raised this as a security issue with Remedy but was told it was "as > > designed" so had to raise an enhancement requesting the facility to be > able > > to create forms that users can access data in but not be able to open. > > > > > > > > Mind you I thought that was what hidden forms were!! > > > > > > > > > > Brian Bishop > > > > > > ________________________________ > > > > > > From: Action Request System discussion list(ARSList) > > [mailto:[EMAIL PROTECTED] On Behalf Of Evans, Sarah (Outsourcing) > > Sent: 19 April 2006 10:18 > > To: [email protected] > > Subject: Hidden permissions > > > > > > > > > > Hi > > > > > > > > I've found on the product defects this: > > > > > > > > ID SW00222152: It is still in the status of New. > > > > > > > > The form can still be accessed through Mid-Tier directly if Hidden > > permissions are set on the form. > > > > > > > > Has the person who logged it heard anything back from Remedy? If so what > > did they say? > > > > > > > > Also anyone at Remedy is there a time estimate for this fix? > > > > > > > > Thanks > > > > > > Sarah > > > > > > > > This e-mail and any attachment is for authorised use by the intended > > recipient(s) only. It may contain proprietary material, confidential > > information and/or be subject to legal privilege. It should not be copied, > > disclosed to, retained or used by, any other party. If you are not an > > intended recipient then please promptly delete this e-mail and any > > attachment and all copies and inform the sender. Thank you. > > __20060125_______________________This posting was submitted > > with HTML in it___ __20060125_______________________This > > posting was submitted with HTML in it___ > > ____________________________________________________________________________ > ___ > UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
