Discussions
Categories
Groups
Community Home
Categories
INTERNAL ENABLEMENT
POPULAR
THRUST SERVICES & TOOLS
CLOUD EDITIONS
Quick Links
MY LINKS
HELPFUL TIPS
Back to website
Home
Web CMS (TeamSite)
securing access to datacapture.cfg
Gerard
Users with the role author can save DCR's in the data directory (somewhere under the templatedata directory).
These users normally are not allowed to do a lot in TeamSite, however by default they are able to edit the datacapture.cfg files of alle DCT's in the same templatedata structure. That's a bit strange. What's a good approach to make this impossible, without using file-level OS security?
Is it possible to specify somewhere that the actual DCR's should be saved and stored in another place?
Gerard
Find more posts tagged with
Comments
Migrateduser
Let me see if I understand: you want authors to be able to create new DCRs, but not to be able to see or edit the DCRs of others? Or even their own?
If the former, bear in mind that DCRs created in one workarea are not visible at all in other workareas, unless a get-latest is done. So one method would be to have authors work in seperate workareas (owned by editors), create and submit their DCRs normally, but not --ever-- do get-latest on the .../data directories. Preventing the later might be tricky, but perhaps could be removed from the GUI by removing the get-latest function from the UI in iw.cfg.
bw
Bob Walden [bob.walden@interwoven.com]
Interwoven Education Group
IM: Yahoo, MSN bob_walden
Adam Stoller
Why do/can you not use OS file level security?
Frankly, I would adjust the permissions on the existing datacapture.cfg files at the OS level and add an entry to the submit.cfg file to set them appropriately if/when such a file is added/edited in the future (keeping in mind that the access you permit should include userids that *can* edit the file)
--fish
(Interwoven, Curriculum Development)
Gerard
No that's not what I meant.
What I mean is that authors are allowed to add all kinds of DCR's, that is what they are supposed to do anyway.
I don't want the authors to be able to change the underlying datacapture.cfg files of the DCT's. By default when authors have write access to the workarea, they are able to do that.
So I want a way to restrict access to just the real datacapture.cfg files.
E.g. if a DCT specifiies that a certain field is not allowed for a certain author, but that author is able to change the corresponding datacapture.cfg to create a workaround for this........this is a situation we want to prevent!
The reason why I don't want to use OS security on datacapture.cfg, is because this is inflexible: when one adds a new DCT one has to remember to restrict access to the new datacapture.cfg file. And so, this is also not error-proof.
If it would be possible to separate the definition of all DCT's from the storage of the created DCR's, it would be better.
So, I'm suggesting to create not just a templatedata directory structure, but e.g. something like templatedefinition (accessible by TeamSite developpers) and templatedata (where end-users can work and store their DCR's). In this way we could use directory security, which at least is a bit better than file level security..
Not a strange request I would say. Hopefully this clarifies my question.
Thanks for your reply!
Gerard
james1
Gerard
As suggested earlier, you can use submit.cfg to impose permissions on your DCT's and only your DCT's at submit time. This solves your problem of needing to remember to set permissions whenever a new DCT is created.
-- James
--
James H Koh
Interwoven Engineering
