× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2006

RE: Supplemental Groups

Steve, 
        I agree that some thought needs to accompany this process, but its
not that hard.  If you cannot delete a profile because it owns objects, you
simply re-assign ownership when deleting the profile.  Not that hard.  You
can simply wrkusrprf xxxxx, then give an option 12 to display owned objects.
Putting option 9 in front of the objects and then specifying the new owner
on the command line is all you need to do.  You can now simply change the
ownership.  
        
Larry

Larry Ketzes
Senior Security Project Analyst
American Life Insurance Company

One ALICO Plaza
600 King Street
Wilmington, DE 19801
Phone: 302-594-2146
Mobile: 302-559-1631
Email: larry.ketzes@xxxxxxx


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Steve Martinson
Sent: Thursday, February 16, 2006 12:11 PM
To: midrange forum
Subject: RE: Supplemental Groups

Snip
   
  "That is why many admin's suggest you have individual profiles own their
own objects when they are created."
   
  End Snip
   
  I respectfully and whole-heartedly disagree with this statement.  The fact
that individual user profiles own objects quite often caused MUCH grief to
administrators, most notably when BOB leaves the company (or gets hit by the
beer truck).  I see this all the time (and I'm at a different client site
practically every week).  They try to delete his profile, but it owns
bunches of objects, including device descriptions and who knows what else.
So... they leave it there (hopefully *DISABLED with password of *NONE)
because they can't get rid of it. 
   
  The owner of newly created objects should be set to the user's primary
group profile and this should be coupled with group profile entries within
authorization lists to facilitate access to the application programs and
files.  Of course, if you can avoid getting too deep into supplemental
groups, that's always better (as someone already mentioned).
   


Best regards,

Steven W. Martinson, CISSP, CISM
Consultant - Servique, LLC

Cell 281.546.9836
www.servique.com 
4801 Woodway Drive, Suite 300E
Houston, TX 77056

"Uniquely Qualified"
                
---------------------------------
 Yahoo! Autos. Looking for a sweet ride? Get pricing, reviews, & more on new
and used cars.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.