Re: [U2] To Limit TCL Access Privilege
Hey, I think that is a really good tip . >back... > >You can manage these by creating your own private "flavor". > >Once you have your account's VOC how you want it: > >1. Look at the NEWACC file in the UV account. You'll see it is a >Pick-style "multi-level" file with the various flavors defined under it >there. Look at the UV account's VOC NEWACC, too. > >2. Create a new file under NEWACC ( CREATE.FILE DATA >NEWACC,[yourflavorname] ) & mimick what's in the flavor that your >account started out life as (per your account's VOC RELLEVEL), but with >your own special modifications, R-items, & enhancements. > >3. Change your account's VOC RELLEVEL to point to your new private >flavour. > >4. When installing a new release of UV, look carefully at any NEWACC >changes (often negligible or none), and make sure your own private >flavour reflects those, before UPDATE.ACCOUNT-ing your VOC(s). > >cds >--- >u2-users mailing list >u2-users@listserver.u2ug.org >To unsubscribe please visit http://listserver.u2ug.org/ [demime 1.01d removed an attachment of type text/x-vcard which had a name of john.vcf] --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] To Limit TCL Access Privilege
> > Take a look at "remote verbs" - these are ideal for what > > While you're at it, don't forget that an update will > potentially overwrite the changes you've made to the VOC, so > that it's worth keeping track of which items you've modified > and having a mechanism in place to put the modified versions > > > > back... You can manage these by creating your own private "flavor". Once you have your account's VOC how you want it: 1. Look at the NEWACC file in the UV account. You'll see it is a Pick-style "multi-level" file with the various flavors defined under it there. Look at the UV account's VOC NEWACC, too. 2. Create a new file under NEWACC ( CREATE.FILE DATA NEWACC,[yourflavorname] ) & mimick what's in the flavor that your account started out life as (per your account's VOC RELLEVEL), but with your own special modifications, R-items, & enhancements. 3. Change your account's VOC RELLEVEL to point to your new private flavour. 4. When installing a new release of UV, look carefully at any NEWACC changes (often negligible or none), and make sure your own private flavour reflects those, before UPDATE.ACCOUNT-ing your VOC(s). cds --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] To Limit TCL Access Privilege
Do you use Wintegrate? I have my users use Query Builder instead of TCL. -Original Message- From: Ang Suan Yong [mailto:[EMAIL PROTECTED] Sent: Thursday, October 27, 2005 9:32 PM To: U2-Users New Lists Subject: [U2] To Limit TCL Access Privilege Dear All I am trying to give some user to have privilege to access to uniVerse TCL level to do some listing but not using updating or deleting or files / data . Is there any idea to set such setting ? Thanks in Advance --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] To Limit TCL Access Privilege
Original Message From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Simon Carter Sent: Friday, October 28, 2005 9:28 AM To: u2-users@listserver.u2ug.org Subject: RE: [U2] To Limit TCL Access Privilege >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of >> Keith W. Roberts >> Sent: 28 October 2005 16:17 >> To: u2-users@listserver.u2ug.org >> Subject: RE: [U2] To Limit TCL Access Privilege >> >> >> Yuck!!! >> >> - read about "Security routines" in the UV System Description manual >> - write a security routine(s) to allow/deny access per user, >> per group, whatever >> - create a file which has the 'R'emote verbs with security >> routine(s) specified >> - copy those verbs over the user VOC after every UPDATE.ACCOUNT >> - restrict *all* verbs which write to files (including >> UPDATE.ACCOUNT) >> >> Alternately, you can use o/s security to determine who can >> write to specific files. Lots of discussion on these topics >> in the archives. >> >> -Keith >> > > ...or write yourself a fake TCL with a highly restricted list of > operable verbs, et al. --- True. But if you do that, make sure that ON.ABORT reinvokes it, or else the user will end up at the *real* TCL on any ABORT, a quit from the debugger [eg, when (E or TRAP is used], or when an EXECUTEd program/command blows up [I think; and handling may differ between UV/UD]. -Keith --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] To Limit TCL Access Privilege
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Keith W. Roberts > Sent: 28 October 2005 16:17 > To: u2-users@listserver.u2ug.org > Subject: RE: [U2] To Limit TCL Access Privilege > > > Yuck!!! > > - read about "Security routines" in the UV System Description manual > - write a security routine(s) to allow/deny access per user, > per group, whatever > - create a file which has the 'R'emote verbs with security > routine(s) specified > - copy those verbs over the user VOC after every UPDATE.ACCOUNT > - restrict *all* verbs which write to files (including UPDATE.ACCOUNT) > > Alternately, you can use o/s security to determine who can > write to specific files. Lots of discussion on these topics > in the archives. > > -Keith > ...or write yourself a fake TCL with a highly restricted list of operable verbs, et al. --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] To Limit TCL Access Privilege
Yuck!!! - read about "Security routines" in the UV System Description manual - write a security routine(s) to allow/deny access per user, per group, whatever - create a file which has the 'R'emote verbs with security routine(s) specified - copy those verbs over the user VOC after every UPDATE.ACCOUNT - restrict *all* verbs which write to files (including UPDATE.ACCOUNT) Alternately, you can use o/s security to determine who can write to specific files. Lots of discussion on these topics in the archives. -Keith Original Message From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Nichol Sent: Thursday, October 27, 2005 8:12 PM To: u2-users@listserver.u2ug.org Subject: Re: [U2] To Limit TCL Access Privilege > At 10:31 28/10/05 +0800, you wrote: > >> Dear All >> >> I am trying to give some user to have privilege to access to >> uniVerse TCL level to do some listing but not using updating or >> deleting or files / data . Is there any idea to set such setting ? > > DELETE VOC ED > DELETE VOC DELETE.FILE > > removes the editor & delete file verbs from the account is this > good enough? > > Or you might want to rename VOC ED and VOC DELETE.FILE to something > you can remember and use, without telling *them* . > > That's the simplest way > > HTH >> Thanks in Advance >> --- >> u2-users mailing list >> u2-users@listserver.u2ug.org >> To unsubscribe please visit http://listserver.u2ug.org/ >> >> >> >> -- >> No virus found in this incoming message. >> Checked by AVG Anti-Virus. >> Version: 7.1.362 / Virus Database: 267.12.5/150 - Release Date: >> 27/10/05 > > Regards, > > Bruce Nichol > Talon Computer Services > ALBURYNSW 2640 > Australia > > http://www.taloncs.com.au > > Tel: +61 (0)411149636 > Fax: +61 (0)260232119 > > If it ain't broke, fix it till it is! --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] To Limit TCL Access Privilege
> From: "John Jenkins" <[EMAIL PROTECTED]> > To: > Sent: Friday, October 28, 2005 7:28 AM > Subject: RE: [U2] To Limit TCL Access Privilege > > >> Take a look at "remote verbs" - these are ideal for what you want to >> achieve. >> >> Essentially, you change the VOC entries of key verbs to "R" type and use >> a >> BASIC subroutine to moderate any commands entered at TCL/ECL. >> >> The BASIC program can then decide to grant/deny/modify the command > entered. >> >> ALL editor commands should be blocked as should access to shell >> commands. >> >> You can also limit some commands (LIST/SORT for example) to only allow >> access to specified files. >> >> Don't forget, ON.ABORT and ON.EXIT > > > While you're at it, don't forget that an update will potentially overwrite > the changes you've made to the VOC, so that it's worth keeping track of > which items you've modified and having a mechanism in place to put the > modified versions back... This thread has been discussed before at length including sample programs. Check the archives (I forget where they are, but check http://u2ug.org and you'll be directed to them). As for changing and modifying VOC verbs? I don't recommend it because it increases the administration extensively, plus it makes any upgrade much more daunting. Choose 'OS' modifications wisely else they *will* come back to haunt you. I wrote a TCL program that simulates the TCL prompt. That way, it's called from our application based on @LOGNAME and grants specific rights to some and other rights to others. This method is the easiest for me because upgrades don't overwrite it. I did it once and haven't had to do any more with it over the past 3 upgrades, including the purchase of a new server. My $US 0.02 Karl --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] To Limit TCL Access Privilege
From: "John Jenkins" <[EMAIL PROTECTED]> To: Sent: Friday, October 28, 2005 7:28 AM Subject: RE: [U2] To Limit TCL Access Privilege > Take a look at "remote verbs" - these are ideal for what you want to > achieve. > > Essentially, you change the VOC entries of key verbs to "R" type and use a > BASIC subroutine to moderate any commands entered at TCL/ECL. > > The BASIC program can then decide to grant/deny/modify the command entered. > > ALL editor commands should be blocked as should access to shell commands. > > You can also limit some commands (LIST/SORT for example) to only allow > access to specified files. > > Don't forget, ON.ABORT and ON.EXIT While you're at it, don't forget that an update will potentially overwrite the changes you've made to the VOC, so that it's worth keeping track of which items you've modified and having a mechanism in place to put the modified versions back... --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] To Limit TCL Access Privilege
Take a look at "remote verbs" - these are ideal for what you want to achieve. Essentially, you change the VOC entries of key verbs to "R" type and use a BASIC subroutine to moderate any commands entered at TCL/ECL. The BASIC program can then decide to grant/deny/modify the command entered. ALL editor commands should be blocked as should access to shell commands. You can also limit some commands (LIST/SORT for example) to only allow access to specified files. Don't forget, ON.ABORT and ON.EXIT Regards JayJay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ang Suan Yong Sent: 28 October 2005 03:32 To: U2-Users New Lists Subject: [U2] To Limit TCL Access Privilege Dear All I am trying to give some user to have privilege to access to uniVerse TCL level to do some listing but not using updating or deleting or files / data . Is there any idea to set such setting ? Thanks in Advance --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] To Limit TCL Access Privilege
Some products in our market allow you to secure individual commands. Nucleus, for example has a security system built in that's easy to maintain and allows individual commands to be restricted to general users and only turned on for the selected few. - Chuck "4GL, 5GL, whatever it takes" Barouch --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] To Limit TCL Access Privilege
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ang Suan Yong Sent: Thursday, October 27, 2005 10:32 PM To: U2-Users New Lists Subject: [U2] To Limit TCL Access Privilege >Dear All > > I am trying to give some user to have privilege to access to >uniVerse TCL level to do some listing but not using updating or >deleting or files / data . >Is there any idea to set such setting ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Nichol Sent: Thursday, October 27, 2005 11:12 PM To: u2-users@listserver.u2ug.org Subject: Re: [U2] To Limit TCL Access Privilege DELETE VOC ED DELETE VOC DELETE.FILE removes the editor & delete file verbs from the account is this good enough? Or you might want to rename VOC ED and VOC DELETE.FILE to something you can remember and use, without telling *them* . That's the simplest way HTH -- Good idea, I thought of a couple other voc items you might want to rename and those would be EDIT.LIST and CLEAR.FILE --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] To Limit TCL Access Privilege
I have a routine that sits between our basic menu system and the universe : prompt thats only allows users access to certain commands (like SELECT & LIST) but does not allow them access to others (like DELETE) would you like a copy ? Bob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ang Suan Yong Sent: 28 October 2005 03:32 To: U2-Users New Lists Subject: [U2] To Limit TCL Access Privilege Dear All I am trying to give some user to have privilege to access to uniVerse TCL level to do some listing but not using updating or deleting or files / data . Is there any idea to set such setting ? Thanks in Advance --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] To Limit TCL Access Privilege
ohh ! yupp :) thanx > -Original Message- > From: Bruce Nichol [SMTP:[EMAIL PROTECTED] > Sent: Friday, 28 October, 2005 11:12 AM > To: u2-users@listserver.u2ug.org > Subject: Re: [U2] To Limit TCL Access Privilege > > At 10:31 28/10/05 +0800, you wrote: > > >Dear All > > > > I am trying to give some user to have privilege to access to > > uniVerse TCL > >level to do some listing but not using updating or deleting or files / data . > >Is there any idea to set such setting ? > > DELETE VOC ED > DELETE VOC DELETE.FILE > > removes the editor & delete file verbs from the account is this good > enough? > > Or you might want to rename VOC ED and VOC DELETE.FILE to something you can > remember and use, without telling *them* . > > That's the simplest way > > HTH > >Thanks in Advance > >--- > >u2-users mailing list > >u2-users@listserver.u2ug.org > >To unsubscribe please visit http://listserver.u2ug.org/ > > > > > > > >-- > >No virus found in this incoming message. > >Checked by AVG Anti-Virus. > >Version: 7.1.362 / Virus Database: 267.12.5/150 - Release Date: 27/10/05 > > Regards, > > Bruce Nichol > Talon Computer Services > ALBURYNSW 2640 > Australia > > http://www.taloncs.com.au > > Tel: +61 (0)411149636 > Fax: +61 (0)260232119 > > If it ain't broke, fix it till it is! > > > -- > No virus found in this outgoing message. > Checked by AVG Anti-Virus. > Version: 7.1.362 / Virus Database: 267.12.5/150 - Release Date: 27/10/05 > --- > u2-users mailing list > u2-users@listserver.u2ug.org > To unsubscribe please visit http://listserver.u2ug.org/ --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] To Limit TCL Access Privilege
At 10:31 28/10/05 +0800, you wrote: Dear All I am trying to give some user to have privilege to access to uniVerse TCL level to do some listing but not using updating or deleting or files / data . Is there any idea to set such setting ? DELETE VOC ED DELETE VOC DELETE.FILE removes the editor & delete file verbs from the account is this good enough? Or you might want to rename VOC ED and VOC DELETE.FILE to something you can remember and use, without telling *them* . That's the simplest way HTH Thanks in Advance --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.362 / Virus Database: 267.12.5/150 - Release Date: 27/10/05 Regards, Bruce Nichol Talon Computer Services ALBURYNSW 2640 Australia http://www.taloncs.com.au Tel: +61 (0)411149636 Fax: +61 (0)260232119 If it ain't broke, fix it till it is! -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.362 / Virus Database: 267.12.5/150 - Release Date: 27/10/05 --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/