en-us Tue, 21 May 2013 07:38:36 +0000 An RSS feed generated by IdeaJam(tm) for Grant access to create databases/replicas on a server IN A DESIGNATED DIRECTORY http://ideajam.net/ideajam/p/ij.nsf http://ideajam.net/ideajam/p/ij.nsf http://ideajam.net/ideajam/p/ij.nsf/LogoSquare.gif?OpenImageResource Fri, 25 Jun 2010 21:12:56 +0000 <b>Author:</b> David Hablewitz<br><b>Tags:</b> <a href="http://ideajam.net/IdeaJam/P/ij.nsf/ProductByCategory?openview&restricttocategory=create database">create database</a> <br><b>Idea:</b> <div>Currently the security setting to allow creating databases on a server is an all-or-nothing option.&nbsp; I would like to give users limited ability to create databases on the server in a designated directory.&nbsp; This would allow them to replicate local databases like their archives to the server in a managed way.&nbsp;</div> <div>&nbsp;</div> <div>&nbsp; Without this ability, the alternative is for the user to give a copy of the file to someone who can create replicas on the server or to set up a server that allows everyone to create replicas, knowing the admin will need to go in and move things around and clean them up.</div> <div>&nbsp;</div> <div>Access to create databases in a directory should be managed by an ACL of sorts that permits the use of groups.&nbsp; User policies may come into play somewhere here too.</div> <div>&nbsp;</div> <div>As an addendum based on comments, the user should be able to initiate the replica process and have it require approval in AdminP just like other processes require approval.</div><br> http://ideajam.net/ideajam/p/ij.nsf/0/42462E9560228D6F8625774D006F0C48?OpenDocument Mon, 28 Jun 2010 09:15:28 +0000 <b>Author:</b> Bill Malchisky<br /><b>Comment:</b> Couldn't you just create a group for allowing people to make replicas, then apply that to the respective replicas? <br /> <br /> So, &lt;allow_create_archive_replica&gt; add that to the Server doc, then apply group to the ACL on each replica and template used in respective directory. May not be the most direct way, but it should get the job done, if I am understanding your post correctly.<br /> http://ideajam.net/ideajam/p/ij.nsf/0/42462E9560228D6F8625774D006F0C48?opendocument&#commentsanc&id=55743A35DC81BB9E86257750002D5C97 Mon, 28 Jun 2010 17:13:29 +0000 <b>Author:</b> David Hablewitz<br /><b>Comment:</b> No, that won't get the job done.<br />If someone has the rights to create a new replica or Db on a server, that has no impact on where they put it. There is no way to restrict which folder they create the database in. They can even create new folders on the server as they create the database. <br /> <br /> Inevitably they will put it in the wrong place. (then I would need this feature available: { <a href="http://ideajam.net/IdeaJam/P/ij.nsf/0/2BF166D0737FDBA68625771B0065FB46?OpenDocument" rel="nofollow" target="_blank">Link</a> } ) <br /><br /> http://ideajam.net/ideajam/p/ij.nsf/0/42462E9560228D6F8625774D006F0C48?opendocument&#commentsanc&id=25D454FE68BB466C862577500059200B Tue, 29 Jun 2010 11:10:00 +0000 <b>Author:</b> Vlad Sh<br /><b>Comment:</b> I am opposed because: <br /> 1. Starts the uncontrolled creation of databases / replicas on the server and free space in the server's disk subsystem, designed for the required databases, may be occupied by user. <br /> 2. This increases the vulnerability of the server, because might be possible to run the agents, who are currently (already) can not run.<br /> http://ideajam.net/ideajam/p/ij.nsf/0/42462E9560228D6F8625774D006F0C48?opendocument&#commentsanc&id=556F36D64C9E14F4862577510037D8F1 Tue, 29 Jun 2010 18:27:50 +0000 <b>Author:</b> David Hablewitz<br /><b>Comment:</b> Vlad, thanks for the comment. To clarify:<br /><br />1. I am not sure how more granular restrictions on creating new replicas makes it LESS controlled. I'm talking about restricting where new replicas can be created.<br />But, to address that, I will adapt my suggestion to include the AdminP approval process. Actually, that should be a separate idea...<br /><br />2. This has no effect on users' rights to run agents nor ACLs of databases.<br /><br />Ultimately, the problem that needs solving is a more effective means to manage creation of new databases/replicas by end users onto servers. There are times when this is appropriate.<br /> http://ideajam.net/ideajam/p/ij.nsf/0/42462E9560228D6F8625774D006F0C48?opendocument&#commentsanc&id=894F555428E8168486257751005FEEC1 Tue, 29 Jun 2010 19:49:58 +0000 <b>Author:</b> Vlad Sh<br /><b>Comment:</b> David <br /> <br />2. It happens that the user has remained a local replica of the old agents. It creates a replica on the server and agent (has the right, as signed by the server) starts to work - it can change the data from other databases, it can be adapted to the old model of the data, ie break the new data model. These errors are subtle, more difficult to correct them later...<br /> http://ideajam.net/ideajam/p/ij.nsf/0/42462E9560228D6F8625774D006F0C48?opendocument&#commentsanc&id=D36FE0017995DAD186257751006773BE Fri, 09 Jul 2010 15:17:29 +0000 <b>Author:</b> Peter Presnell<br /><b>Comment:</b> I am for ANYTHING that will allow at least some Administrators to consider granting these rights to a server. We are killing off power-users by preventing them from a basic right - to have their databases hosted. For Notes to be successful we need more Notes databases not less.<br /> http://ideajam.net/ideajam/p/ij.nsf/0/42462E9560228D6F8625774D006F0C48?opendocument&#commentsanc&id=053FD8AA1833AF0A8625775B004E8155