Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

Ignore rights with ADS not on system account

4 posts in Networking Last posting was on 2007-11-16 11:02:30.0Z
Michael Meller Posted on 2007-11-15 10:49:42.0Z
Reply-To: "Michael Meller" <m.meller@futura-solutions.de>
From: "Michael Meller" <m.meller@futura-solutions.de>
Newsgroups: advantage.networking
Subject: Ignore rights with ADS not on system account
Date: Thu, 15 Nov 2007 11:49:42 +0100
Lines: 19
Organization: FUTURA Solutions
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-RFC2646: Format=Flowed; Original
NNTP-Posting-Host: 213.23.47.250
Message-ID: <473c230b@solutions.advantagedatabase.com>
X-Trace: 15 Nov 2007 03:44:27 -0700, 213.23.47.250
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!213.23.47.250
Xref: solutions.advantagedatabase.com Advantage.Networking:715
Article PK: 1132133

Hi,
a customer wants to use the "Ignore rights" functionality without running
the ADS-Service on system account (because of stored procedures). He made a
try but it failed.

So I made a try too:
I run the ADS-Service on the account "Administrator". This works and I can
generally open dictionaries and tables.
But when I set the security of a directory only to "Administrator" and
"System" full access, I can not open dictionaries and tables in this
directory (5003 or 7013). When I change the ADS-Service back to system
account it works.

Is there a way to use the "Ignore rights" functionality without running the
ADS-Service on system account?

Michael


Edgar Sherman Posted on 2007-11-15 23:03:53.0Z
Date: Thu, 15 Nov 2007 16:03:53 -0700
From: Edgar Sherman <no@email.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
Newsgroups: advantage.networking
Subject: Re: Ignore rights with ADS not on system account
References: <473c230b@solutions.advantagedatabase.com>
In-Reply-To: <473c230b@solutions.advantagedatabase.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: 10.24.34.133
Message-ID: <473ccf1c@solutions.advantagedatabase.com>
X-Trace: 15 Nov 2007 15:58:36 -0700, 10.24.34.133
Lines: 31
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!10.24.34.133
Xref: solutions.advantagedatabase.com Advantage.Networking:716
Article PK: 1132135

I would check your security setup again. Make sure when switching the
service to Administrator you stop/start the service.

The 7013 indicates the Administrator user did not have full control of
the file.

5003 indicates data too long. I am guessing this was probably 5004
which indicates ignore rights was NOT turned on and check rights was set.

Edgar Sherman

Michael Meller wrote:
> Hi,
> a customer wants to use the "Ignore rights" functionality without running
> the ADS-Service on system account (because of stored procedures). He made a
> try but it failed.
>
> So I made a try too:
> I run the ADS-Service on the account "Administrator". This works and I can
> generally open dictionaries and tables.
> But when I set the security of a directory only to "Administrator" and
> "System" full access, I can not open dictionaries and tables in this
> directory (5003 or 7013). When I change the ADS-Service back to system
> account it works.
>
> Is there a way to use the "Ignore rights" functionality without running the
> ADS-Service on system account?
>
> Michael
>
>


Michael Meller Posted on 2007-11-16 11:02:30.0Z
Reply-To: "Michael Meller" <m.meller@futura-solutions.de>
From: "Michael Meller" <m.meller@futura-solutions.de>
Newsgroups: advantage.networking
References: <473c230b@solutions.advantagedatabase.com> <473ccf1c@solutions.advantagedatabase.com>
Subject: Re: Ignore rights with ADS not on system account
Date: Fri, 16 Nov 2007 12:02:30 +0100
Lines: 39
Organization: FUTURA Solutions
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
NNTP-Posting-Host: 213.23.47.250
Message-ID: <473d778a@solutions.advantagedatabase.com>
X-Trace: 16 Nov 2007 03:57:14 -0700, 213.23.47.250
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!213.23.47.250
Xref: solutions.advantagedatabase.com Advantage.Networking:718
Article PK: 1132136

My fault was, on one side I used a domain user and on the other side a local
user (same name).

With a local user on the service and the directory it works.


"Edgar Sherman" <no@email.com> schrieb im Newsbeitrag
news:473ccf1c@solutions.advantagedatabase.com...

>I would check your security setup again. Make sure when switching the
>service to Administrator you stop/start the service.
>
> The 7013 indicates the Administrator user did not have full control of the
> file.
>
> 5003 indicates data too long. I am guessing this was probably 5004 which
> indicates ignore rights was NOT turned on and check rights was set.
>
> Edgar Sherman
>
> Michael Meller wrote:
>> Hi,
>> a customer wants to use the "Ignore rights" functionality without running
>> the ADS-Service on system account (because of stored procedures). He made
>> a try but it failed.
>>
>> So I made a try too:
>> I run the ADS-Service on the account "Administrator". This works and I
>> can generally open dictionaries and tables.
>> But when I set the security of a directory only to "Administrator" and
>> "System" full access, I can not open dictionaries and tables in this
>> directory (5003 or 7013). When I change the ADS-Service back to system
>> account it works.
>>
>> Is there a way to use the "Ignore rights" functionality without running
>> the ADS-Service on system account?
>>
>> Michael
>>


Michael Meller Posted on 2007-11-16 09:46:40.0Z
Reply-To: "Michael Meller" <m.meller@futura-solutions.de>
From: "Michael Meller" <m.meller@futura-solutions.de>
Newsgroups: advantage.networking
References: <473c230b@solutions.advantagedatabase.com> <473ccf1c@solutions.advantagedatabase.com>
Subject: Re: Ignore rights with ADS not on system account
Date: Fri, 16 Nov 2007 10:46:40 +0100
Lines: 51
Organization: FUTURA Solutions
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
NNTP-Posting-Host: 213.23.47.250
Message-ID: <473d65c5@solutions.advantagedatabase.com>
X-Trace: 16 Nov 2007 02:41:25 -0700, 213.23.47.250
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!213.23.47.250
Xref: solutions.advantagedatabase.com Advantage.Networking:717
Article PK: 1132137

Sorry, of course you are right with 5004.

I made several tries and the customer too. We restarted the service after
changing the account.

You can reproduce this:
- run the ADS-Sevice under any account "XYZ".
- give your data files only full access for "XYZ" and no other account.
- try to open the data file
- Error!

But wy?
The goal is, that no service but ADS shall have access to the data.
It's a security problem that should be possible to solve, or not?

Michael


"Edgar Sherman" <no@email.com> schrieb im Newsbeitrag
news:473ccf1c@solutions.advantagedatabase.com...

>I would check your security setup again. Make sure when switching the
>service to Administrator you stop/start the service.
>
> The 7013 indicates the Administrator user did not have full control of the
> file.
>
> 5003 indicates data too long. I am guessing this was probably 5004 which
> indicates ignore rights was NOT turned on and check rights was set.
>
> Edgar Sherman
>
> Michael Meller wrote:
>> Hi,
>> a customer wants to use the "Ignore rights" functionality without running
>> the ADS-Service on system account (because of stored procedures). He made
>> a try but it failed.
>>
>> So I made a try too:
>> I run the ADS-Service on the account "Administrator". This works and I
>> can generally open dictionaries and tables.
>> But when I set the security of a directory only to "Administrator" and
>> "System" full access, I can not open dictionaries and tables in this
>> directory (5003 or 7013). When I change the ADS-Service back to system
>> account it works.
>>
>> Is there a way to use the "Ignore rights" functionality without running
>> the ADS-Service on system account?
>>
>> Michael
>>