They might have the firewall blocking the AR TCP port for everything except MT?
Jason On Tue, Jan 8, 2013 at 4:35 PM, Joe D'Souza <[email protected]> wrote: > ** > > ** ** > > It appears to be a bug. If you let it slide and keep that option checked > it could be a potential data security flaw if the users have the access to > install the user client after downloading it from the web. Mind you, in > order to download the user client from the web, one does not require too > much access. If installing the user client is not much of a threat, then > you could get away with it.**** > > ** ** > > Joe**** > > ** ** > ------------------------------ > > *From:* Action Request System discussion list(ARSList) [mailto: > [email protected]] *On Behalf Of *Rick Westbrock > > *Sent:* Tuesday, January 08, 2013 5:11 PM > *To:* [email protected] > *Subject:* Re: Sub Administrator delete records permissions > **** > > ** ** > > I just tested with another user account that is neither in the Sub > Administrators group nor the other group required and that user cannot see > the Delete button in the mid-tier. I added the account back into the > required group that has sub-admin permissions but not the system Sub > Administrator group and still can’t see the Delete button in the mid-tier > so it looks like this will work as we need it to.**** > > ** ** > > I also tried the same user in the User Tool and that user still sees the > Actions > Delete option, fortunately the user base can only access the > applications via mid-tier so from an architecture standpoint they can’t > even log in via the user tool so this solution should work for us. Why it > works this way doesn’t make a lot of sense to me however, I would think > that if a user has the correct sub-admin permissions to a form we shouldn’t > need to enable that “allow deletes” option just for MT but not the user > tool. If it is working as designed I would argue that it’s a flawed design. > **** > > ** ** > > ** ** > > -Rick**** > > ** ** > > ___________________________**** > > Rick Westbrock**** > > QMX Support Services**** > > ** ** > > *From:* Rick Westbrock [mailto:[email protected]] > *Sent:* Tuesday, January 08, 2013 1:05 PM > *To:* '[email protected]' > *Subject:* RE: Sub Administrator delete records permissions**** > > ** ** > > Good catch Joe, we don’t want anyone else deleting records. These forms > have view only permissions except for the specific group to which the > sub-admins belong. I will test with normal user permissions anyway since > the MT isn’t behaving as expected already. This is actually for a couple of > custom people forms where the form-level permissions are already very > strict anyway and in fact I believe they are hidden forms for everyone.*** > * > > ** ** > > -Rick**** > > ** ** > > ** ** > > ___________________________**** > > Rick Westbrock**** > > QMX Support Services**** > > ** ** > > *From:* Action Request System discussion list(ARSList) [mailto: > [email protected]] *On Behalf Of *Joe D'Souza > *Sent:* Tuesday, January 08, 2013 12:27 PM > *To:* [email protected] > *Subject:* Re: Sub Administrator delete records permissions**** > > ** ** > > ** **** > > ** ** > > True you require those permissions too.. However the Admin and sub admin > do not require to be setup with those specific permissions in order to be > able to do that from the user tool. And it should have been consistent on > the MT too. I have not tested it out but Tony claims that it doesn’t seem > to work the same way on the MT. He was able to delete using sub admin > permissions from the user tool.**** > > ** ** > > Joe**** > > ** ** > ------------------------------ > > *From:* Action Request System discussion list(ARSList) [mailto: > [email protected]] *On Behalf Of *Jason Miller > *Sent:* Tuesday, January 08, 2013 3:13 PM > *To:* [email protected] > *Subject:* Re: Sub Administrator delete records permissions**** > > ** ** > > ** **** > > Not really. From the link I provider earlier:**** > > ** ** > > The Allow Delete option on the Basic tab of the Form Properties dialog box > enables you to allow licensed users who are not administrators to delete > entries of a form *if the following requirements are met*:**** > > ** ** > > **· **The user has access to the form.**** > > **· **The user has Change permission to the form's Request ID > field.**** > > ** ** > > It can be controlled by group.**** > > ** ** > > Jason**** > > ** ** > > On Tue, Jan 8, 2013 at 12:06 PM, Joe D'Souza <[email protected]> wrote:*** > * > > ** **** > > That will however allow ALL licensed users to delete a record from the > form – not just Administrators and Sub Administrators.. If you are ok with > general users deleting, then you are good to go. I am not sure you want to > really be doing that. My personal preference on custom applications is > locking that option out.**** > > **** > > Joe**** > > **** > ------------------------------ > > *From:* Action Request System discussion list(ARSList) [mailto: > [email protected]] *On Behalf Of *Rick Westbrock > *Sent:* Tuesday, January 08, 2013 2:48 PM**** > > > *To:* [email protected] > *Subject:* Re: Sub Administrator delete records permissions**** > > **** > > Thanks Jason, I was thinking that there used to be a global setting to > allow non-administrators to delete records but didn’t see it on my 7.6.04 > system here (my previous engagement was still on 7.0.1) I do see the “Allow > Delete” checkbox on the Basic tab of the form properties and it was not > checked for the form in question. **** > > **** > > I tested again after enabling that and now I can see the Delete button in > the mid-tier and can now delete records. Thanks Jason!**** > > **** > > **** > > -Rick**** > > **** > > **** > > ___________________________**** > > Rick Westbrock**** > > Support to SPAWAR – IT Service Management Project, Code 54520**** > > QMX Support Services**** > > Office (619) 524-2303**** > > **** > > *From:* Action Request System discussion list(ARSList) [mailto: > [email protected]] *On Behalf Of *Jason Miller > *Sent:* Tuesday, January 08, 2013 11:31 AM > *To:* [email protected] > *Subject:* Re: Sub Administrator delete records permissions**** > > **** > > ** **** > > I am not sure when it was added (7.6.03 or 7.6.04 I assume) but there is > an option to "Allow Delete" on a from.**** > > **** > > https://docs.bmc > .com/docs/display/public/ars8000/Allowing+users+to+delete+entries**** > > **** > > I see in on our 7.6.04 system so you should be set.**** > > **** > > Jason**** > > **** > > On Tue, Jan 8, 2013 at 11:20 AM, Rick Westbrock <[email protected]> > wrote:**** > > ** **** > > Thanks Joe, the user can delete from the WUT so it appears to be an MT > problem only. I have it ingrained in me now to flush the MT cache and then > clear the local browser cache before testing changes so it looks like it > may in fact be a bug. I did open a case with support for this and mentioned > that it does work in the WUT just fine.**** > > **** > > I was hoping to avoid adding a button plus AL because there are multiple > forms where deleting records will be required.**** > > **** > > -Rick**** > > ___________________________**** > > Rick Westbrock**** > > Support to SPAWAR – IT Service Management Project, Code 54520**** > > QMX Support Services**** > > Office (619) 524-2303**** > > **** > > *From:* Action Request System discussion list(ARSList) [mailto: > [email protected]] *On Behalf Of *Joe D'Souza > *Sent:* Tuesday, January 08, 2013 11:17 AM**** > > > *To:* [email protected] > *Subject:* Re: Sub Administrator delete records permissions**** > > **** > > ** **** > > Can the sub admin delete from the user tool? If so this could be a bug at > the MT level (assuming that you have gone through the motions of refreshing > the MT cache as well as the browser cache for the affected sub admin user.) > **** > > **** > > Your best bet in the interim would be to create a button with access to > the sub admin to delete those records.**** > > **** > > Joe**** > > **** > ------------------------------ > > *From:* Action Request System discussion list(ARSList) [ > mailto:[email protected] <[email protected]>] *On Behalf Of *Rick > Westbrock > *Sent:* Tuesday, January 08, 2013 2:11 PM > *To:* [email protected] > *Subject:* Re: Sub Administrator delete records permissions**** > > **** > > I neglected to mention that this is for custom forms only, nothing OOTB. > The Sub Admin user can’t see the Delete button on the mid-tier but it can > see the Actions > Delete option in the user tool.**** > > **** > > -Rick**** > > **** > > **** > > ___________________________**** > > Rick Westbrock**** > > QMX Support Services**** > > **** > > *From:* Rick Westbrock [mailto:[email protected] <[email protected]>] > *Sent:* Tuesday, January 08, 2013 10:43 AM > *To:* [email protected] > *Subject:* Sub Administrator delete records permissions**** > > **** > > Hi all-**** > > **** > > Has it ever been possible to give members of the Sub Administrator group > the ability to delete records? I had thought it was possible but it appears > that only full Administrator accounts have the ability to delete records. I > was trying to avoid having to create a button and write workflow to allow > sub administrators to delete records on their forms.**** > > **** > > I have given the forms in question Sub Administrator permissions for the > required group and made sure that my user is in that group as well as the > Sub Administrators group and has a Fixed license. I also made sure the > forms have the Delete menu item enabled already (I can delete records as a > full administrator just fine).**** > > **** > > ARS 7.6.04 SP2 on Windows 2008**** > > **** > > -Rick**** > > **** > > **** > > ___________________________**** > > Rick Westbrock**** > > QMX Support Services **** > _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: > "Where the Answers Are" and have been for 20 years_ > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
