Thanks, Troy. Just the info I was looking for.
-----Original Message-----
From: Troy Funte [mailto:tfunte@...]
Sent: Friday, May 25, 2001 10:39 AM
To: vantage@yahoogroups.com
Subject: Re: [Vantage] Crystal Security
I don't think Crystal is the Security issue. You can always password the
Crystal reports with a simple parameter that gives only certain users
access.
I think the HUGE security issue with ODBC is with Access (and somewhat with
Excel). A knowledgable user can link Access to ODBC and actually CHANGE
your database, as well as read ANY table or field in the database. The only
way around this is to set up Permissions in Progress. This would effectively
create TWO logins to Vantage and a log in for any access to Progress. I
don't know of anyone using it, but I understand it exists.
But even Report Builder has it's security issues. Someone can simply copy
the RB shortcut from Vantage to their desktop and design (or modify) reports
to their heart's content.
Having said all that, we haven't had any problems with ODBC at all. We
purchased enough Merant licenses for 11 workstations last year. Now I
understand there is one that comes WITH Vantage 5.0, but has shortcomings.
There is also a free one available on the web somewhere.
We actually only use about 7 of those ODBC licenses now. 5 of those
licenses now allow our Purchase Order form to have access extra fields that
are not on the regular POForm. I don't think most users really care about
the kind of information in our database. And at least the Payroll data is
encrypted, so it is not readily available to RB or ODBC.
Troy Funte
Liberty Electronics
We are moving more and more to Web based Crystal reporting
-----Original Message-----
From: Troy Funte [mailto:tfunte@...]
Sent: Friday, May 25, 2001 10:39 AM
To: vantage@yahoogroups.com
Subject: Re: [Vantage] Crystal Security
I don't think Crystal is the Security issue. You can always password the
Crystal reports with a simple parameter that gives only certain users
access.
I think the HUGE security issue with ODBC is with Access (and somewhat with
Excel). A knowledgable user can link Access to ODBC and actually CHANGE
your database, as well as read ANY table or field in the database. The only
way around this is to set up Permissions in Progress. This would effectively
create TWO logins to Vantage and a log in for any access to Progress. I
don't know of anyone using it, but I understand it exists.
But even Report Builder has it's security issues. Someone can simply copy
the RB shortcut from Vantage to their desktop and design (or modify) reports
to their heart's content.
Having said all that, we haven't had any problems with ODBC at all. We
purchased enough Merant licenses for 11 workstations last year. Now I
understand there is one that comes WITH Vantage 5.0, but has shortcomings.
There is also a free one available on the web somewhere.
We actually only use about 7 of those ODBC licenses now. 5 of those
licenses now allow our Purchase Order form to have access extra fields that
are not on the regular POForm. I don't think most users really care about
the kind of information in our database. And at least the Payroll data is
encrypted, so it is not readily available to RB or ODBC.
Troy Funte
Liberty Electronics
We are moving more and more to Web based Crystal reporting
----- Original Message -----
From: Thad Jacobs
To: 'vantage@yahoogroups.com'
Sent: Friday, May 25, 2001 10:40 AM
Subject: [Vantage] Crystal Security
We are still contemplating whether or not to go with an ODBC client on
every
workstation, or with the web-based model when we upgrade to Vantage 5.
Has anyone had security issues involving ODBC? Management is bent on
making
sure no one but administrators have access
I was wondering if the following is possible. Run compiled Crystal
Report,
which supplies ODBC password, then run a Microsoft Excel Query against the
same ODBC source. Will the access granted to the user thru the compiled
Crystal report enable the user to have read access to the progress
database
through Microsoft Query?.
Does anyone have any reccomendations either way? We will have less than
15
users accessing reports, but some of the users we'd like to have limited
access to some data, such as employee pay rates and performance, are also
software engineers, and could possibly exploit a security hole if it was
availed to them. None of the current employees that I know of would do
such a thing, but Management wants the door locked down as tight as
possible.
Just Curious.
Best Regards,
Thaddeus Jacobs
Assistant LAN Technologist / Vantage Support
Kinematic Automation, Inc
mailto:tjacobs@...
Yahoo! Groups Sponsor
www.
To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please go to:
http://groups.yahoo.com/group/vantage/files/. Note: You must have already
linked your email address to a yahoo id to enable access.
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
[Non-text portions of this message have been removed]
To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please go to:
http://groups.yahoo.com/group/vantage/files/. Note: You must have already
linked your email address to a yahoo id to enable access.
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/