Bill;
You may be able to take ownership of the source code directory by another user and then remove the administrators group write access to the directory. I've seen UD do some funny stuff with the SQL permissions (if a member of the administrators group is the owner of the file then any member of the administrators group has full access - regardless of the permissions defined), so you may have to do some wrangling around to give a non-adminstative user ownership of the files. A user requires write access to the VOC on the account they login to (although there is a way around that). I think as long as you remove their rights from the source code directory (and dictionary) and not the entire account everything should work OK. In the AdminNT.pdf of the doc there is a table with the required permissions that the various types of users require. Actually, a user can stopudt their own processes - but you do need to be an administrator to use deleteuser. I've used stopudt on telnet processes, other processes may have different owners. Task Manager may show the user information (or maybe something more involved like Process explorer). hth Colin Alfke Calgary, Canada > From: wphaskett > > We have a network with several Windows development machines on it. UniData > is on one machine and our Web server is on another machine. Our UD > environment is set up so that only the administrator (me) has access to > everything. We have three additional groups: > developers > appusers > UniData > UniData has access to every directory where UniData is involved. In > addition, appusers have full access to their local account directories and > developers have access to the application directory. However, both appusers > and developers have only read and execute privileges to the application > software account. This way, they can use the software but can't modify it > at all (developers develop on a development account). > The problem I have is developers use UO connections to develop and when > something goes wrong they need to kill the connection. UD requires only > administrators have access to the "deleteuser" and "stopudt" commands. > Thus, if a developer has done something that is create ever-expanding log > (or como) files they need to be able to kill the connection. If I give them > administrator privileges they have access to the entire machine. > I tried to remove administrator privileges from our development account but > then I couldn't log into a development account within our development > directory. I tried to make numerous modifications to the permissions but > could do nothing unless administrator privileges were implemented to our > development environment, even though "developers" had full control of the > entire development directory and I was a member of the "developers" group. > Go figure... > Does anyone have a clue how I can give someone administrator access to > UniData commands but deny them write privileges to the source code in our > application directory? > Thanks, > Bill _________________________________________________________________ Reunite with the people closest to you, chat face to face with Messenger. http://go.microsoft.com/?linkid=9650736 ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/
