Yup, that's where if you don't want web access you have an active link that fires on Open to prevent access to the form using Client type in the Run-IF.
On Jun 22, 1:38 pm, "Boyd, Rebecca E." <boy...@wfu.edu> wrote: > If they know the form name, they still can get to it by creating an artask as > described below or by using the following syntax: > > http://<server name>:8080/arsys/forms/<server name>/<Form Name> > > -----Original Message----- > From: Action Request System discussion list(ARSList) > [mailto:arsl...@arslist.org] On Behalf Of Chuck > Sent: Tuesday, June 22, 2010 2:11 PM > To: arsl...@arslist.org > Subject: Re: 7.5 Mid Tier Object List Question > > Object list is a Normal Remedy Form, maybe you can go in and customize > the form... > > On Jun 22, 12:55 pm, "Boyd, Rebecca E." <boy...@wfu.edu> wrote: > > "Security by Obscurity" is exactly the term my people used. > > > For example, one of my support staff users, not an admin, located > > SYS:Status Transition Rules and was able to modify it. > > > BMC said if I modified these forms in any way I risked breaking > > something else. > > > I find myself in a bit of a predicament. My people say "fix it" and BMC > > says "don't change it." > > > -----Original Message----- > > From: Action Request System discussion list(ARSList) > > > [mailto:arsl...@arslist.org] On Behalf Of LJ LongWing > > Sent: Tuesday, June 22, 2010 1:10 PM > > To: arsl...@arslist.org > > Subject: Re: 7.5 Mid Tier Object List Question > > > Rebecca, > > This is a security model I have often referred to as 'Security through > > Obscurity'....which is obviously not security at all....putting a tarp > > over > > something sitting in an open field doesn't mean someone can't get to > > it....just that they can't see it without first pulling the tarp > > off....same > > thing with hiding fields on a form...they can always still pull a report > > on > > the field and get its contents, the only way they can't get its contents > > is > > if they don't have access to it via permissions....your security people > > MAY > > have a right to be upset...if the data in question shouldn't be made > > available to the users. Now....don't confuse access to the form with > > access > > to the row/field...you can have access to a form, but if you have row > > level > > access setup to restrict access to all records except those they should > > have > > access to, then there is no issue.... > > > -----Original Message----- > > From: Action Request System discussion list(ARSList) > > [mailto:arsl...@arslist.org] On Behalf Of Boyd, Rebecca E. > > Sent: Tuesday, June 22, 2010 9:47 AM > > To: arsl...@arslist.org > > Subject: Re: 7.5 Mid Tier Object List Question > > > When some of my users discovered they could see - & in some cases modify > > - lots of forms using the API interface, they raised a concern. My > > security people are not happy. This is what BMC sent me from internal KB > > 20021753: > > > ================ > > > The User form has Public hidden permission. > > While using the User tool, a user without Administrator access cannot > > open the User form. > > When using the Web tool, the user can open the form. > > > Is this a bug or do we need to build workflow to prevent users from > > accessing User form on the web? > > > ================ > > > The web behavior is not a bug, is normal. > > > Permission and Visibility are two different things (although we tend to > > club them together): > > > Permission: Whether a User can access an object or not / pull up data > > from it or not. > > Visibility: Whether a User can see the object in the Object List or not. > > > For example if a Form has Public-Hidden permissions details attached to > > it. > > This means they can pull up data from it / open it but it won't be > > visible in the Object List. > > If you use the Mid-Tier object list, you will find that it too shows the > > same behavior as the User Tool object list. > > > Q. But is it possible to open up forms in User Tool like Mid-Tier which > > have public hidden permissions? > > > A. Well actually you can. Here are the steps > > > 1) Open up the Object List in User Tool. > > 2) Right click any form name and select "Create Shortcut" > "Search > > Form" > > 3) Save the task file somewhere. > > 4) Open the ARTask file in notepad > > 5) Change the Name = <Form Name> to the form name you want to open > > example Name = User > > 6) Save and Double Click to open the form. > > > -----Original Message----- > > From: Action Request System discussion list(ARSList) > > [mailto:arsl...@arslist.org] On Behalf Of Kemes, Lisa > > Sent: Tuesday, June 22, 2010 11:26 AM > > To: arsl...@arslist.org > > Subject: Re: 7.5 Mid Tier Object List Question > > > Looks like the original post did not come through which I was referring > > to. > > > Amanda Pierce asked (back in Jan of 2010): > > > I have imported the Mid Tier Object List form/workflow, when I log in as > > a regular user with restricted permissions I can see ALL forms even if I > > don't have permission to view them i.e AR System forms. > > > Is there any way to restrict the visibility of these forms the same way > > the client does based on Permission Visible/Hidden? > > > Lisa > > > -----Original Message----- > > From: Action Request System discussion list(ARSList) > > [mailto:arsl...@arslist.org] On Behalf Of Kemes, Lisa > > Sent: Tuesday, June 22, 2010 11:24 AM > > To: arsl...@arslist.org > > Subject: Re: 7.5 Mid Tier Object List Question > > > Has anyone been able to figure this out? Looks like the only forms that > > show up on this list is the ones with Public Permissions. We want it to > > act just like the Object List on the client (where the customer can only > > see the forms that they have access to). > > > Also, is there an easier way for the midtier customer to get to the > > object list other than an entry link or adding a button on every single > > form that takes them to the MidTier Object List Form? > > > We enabled the "Enable Object List" setting on the Midtier > > configuration, but it appears that enabling on the MidTier server is > > sort of an error trap. > > The MidTier will bring up the Object List if a bad URL is entered. > > > I can't get this to work even if I try to use a "bad URL" (whatever that > > is!) > > > I really hope this is one thing that gets taken care of in MT 8.0! > > > Thanks! > > > Lisa > > > Midtier 7.5 p4 > > ARS 7.1 p7 > > Oracle 10g > > > -- > > View this message in > > context:http://ars-action-request-system.1093659.n2.nabble.com/7-5-Mid-Tier-Obje > > ct-List-Question-tp4469645p5209293.html > > Sent from the ARS (Action Request System) mailing list archive at > > Nabble.com. > > > ________________________________________________________________________ > > _______ > > UNSUBSCRIBE or access ARSlist Archives > > atwww.arslist.orgattendwwrug10www.wwrug.comARSlist:"Where the Answers Are" > > > ________________________________________________________________________ > > _______ > > UNSUBSCRIBE or access ARSlist Archives atwww.arslist.org > > attend wwrug10www.wwrug.comARSlist:"Where the Answers Are" > > > ________________________________________________________________________ > > ____ > > ___ > > UNSUBSCRIBE or access ARSlist Archives atwww.arslist.org > > attend wwrug10www.wwrug.comARSlist:"Where the Answers Are" > > > ________________________________________________________________________ > > _______ > > UNSUBSCRIBE or access ARSlist Archives atwww.arslist.org > > attend wwrug10www.wwrug.comARSlist:"Where the Answers Are" > > > _______________________________________________________________________________ > > UNSUBSCRIBE or access ARSlist Archives atwww.arslist.org > > attend wwrug10www.wwrug.comARSlist:"Where the Answers Are"- Hide quoted > > text - > > > - Show quoted text - > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives atwww.arslist.org > attend wwrug10www.wwrug.comARSlist: "Where the Answers Are" > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives atwww.arslist.org > attend wwrug10www.wwrug.comARSlist: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
