RE: [Emerald] Client Permissions Revisited

wilson@dagupan.com
Thu, 20 Jan 2000 09:59:31 +0800

ive encountered the report problem in sql. What i did was to go into sql
7.0 security, and added the data_reader option to the login account.

> -----Original Message-----
> From: David Routh [mailto:drouth@davlin.net]
> Sent: Thursday, January 20, 2000 8:24 AM
> To: emerald@iea-software.com
> Subject: RE: [Emerald] Client Permissions Revisited
>
>
> At 03:49 PM 01/19/00 -0800, you wrote:
> >: I've created an account in the EmeraldSecure SQL as well
> as a new operator
> >: group called 'Remote Setup'. I have given this group the
> ability to read
> >: and add MBRs and Services only. Despite these settings, users in
> >: this group
> >: can make modifications to both MBR fields and Service
> fields. How do I
> >: prevent this?
> >
> >This is bizarre. I simply cannot get these permissions straight.
> >
> >With the user configured as above (plus read-only report and
> RadLog access),
> >The Invoices and Batch buttons are grayed out as one would
> expect. However,
> >I cannot view reports (even with ODBC set up as 'sa'!) and
> get the following
> >error: 'StartPrintJob in PrintCustom caused an error: SQL
> server error' I
> >don't understand this, especially since the user even has a
> SAM membership
> >in the Emerald group for the central reports directory and share.
> >
> >Perhaops even more bizarre, if I change the SQL group (not
> the operator
> >group where all the permissions are assigned) for the user,
> the Invoices and
> >Batch buttons show up again and I can run the reports -
> albeit very slowly.
> >
> >Combine this with the fact that the user can modify services and MBRs
> >independent of the intended permissions and I am totally
> stumped. Is it me
> >or is the permissions mechanism in Emerald totally screwy?
> >
>
> I went through pretty much what you're describing...
> basically I found out
> via the list... mostly Dale, that the views in Emerald are
> just that...
> views... they just allow people to see what you have defined,
> it doesn't
> stop them from doing things.
>
> I ended up duplicating a group like the Emerald group (I think) and by
> setting (restricting) permissions I was able to put some of
> our people in
> that group that could only look at things and create Incidents...
>
> I'll look to see if I still have the messages Dale posted
> about doing what
> I did..
>
> David
>
>
>
>
>
>
>
>
> >___________________________________
> >David V. Brenner - dvb@cport.com
> >International Services Network Corporation
> >http://www.cport.com
> >
> >
> >
> >For more information about this list (including removal) go to:
> >http://www.iea-software.com/support/maillists/liststart
> >
>
> For more information about this list (including removal) go to:
> http://www.iea-software.com/support/maillists/liststart
>

For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart