I'm having a permissions problem with UD (v7.1.9). I've created a separate
directory for our application and test account. The permissions are defined
on this directory ("E:\DataTrust") without inheritance to allow the
"Administrators" and the "UniData" group to have "full control". The
development account ("E:\DataTrust\Dev") allows inheritable permissions and
includes the "Developers" group, who also have "full control".
However, inside the main application directory, there's an application
account that contains the main application BP file. This file allows the
"Developers" read and execute privileges but not write privileges. This is
an important point to remember, as we don't want anyone modifying the source
code, either BP items, DICT items, or anything else. We've created a new
web application account, also within this main directory structure, that
gives the "Developer" group "full control". Here's where the BP file exists
that they can modify. Thus, developers log into the development account and
edit, compile, and locally catalog programs in the "web" BP file (using a
pointer within the development account).
The "E:\IBM\ud71" directory's permissions look like:
Administrators
CREATOR OWNER
SYSTEM
UniData
Users
A problem has arisen where developers occasionally get the following message
when they compile a "web" BP program:
3 Dev (0)-> COMPILE DTABP HM1 -Z2
Compiling Unibasic: E:\DataTrust\DTA\BP\BP\HM1 in mode 'p'.
override protection for E:\DataTrust\DTA\BP\BP\_HM1: Y
compilation finished
When they recompile this program it compiles normally. When looking at the
permissions of the compiled code (the "_HM1" item), prior to recompilation,
the permissions look like:
Administrators
DtaDevelopers
UniData
After recompiling the above program the permissions of the compiled code
(the "_HM1 item) have been changed to:
Administrators
Developer user <-- I logged in using this user.
SYSTEM
UniData
Users
How were the permissions changed? It seems the old compiled code was
deleted and UniData created a new compiled code item, with newly defined
permissions. Isn't this totally bogus, since I've lost the set permissions
for the "Developers" group? If I were to add the "Developers" group to the
"E:\IBM\ud71" directory with write permissions then a developer is able to
recompile our main development source code, even though they don't have
"write" privileges within the "E:\DataTrust\Aplication" directory.
I'm hoping this is caused by something I've overlooked but am not sure.
Thanks,
Bill Haskett
-------
u2-users mailing list
[email protected]
To unsubscribe please visit http://listserver.u2ug.org/
