2 Replies Latest reply on Dec 27, 2015 10:26 AM by smith7180

    Automated imports vs Restricted File Access

    smith7180

      Summary:

      I wish to create an automated update script that will import data from an old copy to a new copy.  The script will have to run remotely and without my supervision since the client wishes to keep their financial data private.  My problem is that my strict file access settings are not allowing the new file to access the old one.  My solution thus far is to ensure the target file is already opened.  I'd like to know whether this (along with the other steps I've outlined) is a potentially problematic approach.

       

      My approach to security

      After reading the security guide along with numerous posts on the community forums, I have taken the following approach to securing my file:

      1. Account creation, deletion, modification, etc... is handled via scripts.
      2. Under the file access tab in the security window, I have checked "Require full access privileges to use references to this file."
      3. All security other than account creation is handled strictly via accounts and privilege sets (i.e. no ersatz/scripted security).
      4. Admin access has been permanently removed.

       

      My approach to updates:

      Everything is and has been working fine for months.  When an update is required for a client, I take the following steps:

      1. I notify the client that I am performing an update.  They make no changes until I have finished and notified them.
      2. I create a copy of my master file (which still has full access enabled). 
      3. I make a few changes (like inputting the company's name/logo).
      4. I download my clients database from their server.
      5. I open their database with the highest level security (but not full access, since full access was removed).
      6. I open the updated database mentioned in steps 2 & 3 (which still has full access).
      7. I import all the data from the old file into the new file.
      8. I remove admin access from the new file and upload it to their server.

       

      My approach to remote updates:

      However, I now have clients that wish to keep their financial data private from everyone (including me, the developer).  Therefore I have created a script that will run when I send them the updated copy.  Imports all the data, recreates all the accounts (though with a default password since of course their old password was not stored in the database). 

       

      The issue I wish to address:

      My issue is with file access.  File access cannot be granted via the "do you wish to grant access etc... this is a one time process etc...." window since neither file has a full access account.  As best I can tell the only work around is to open the target file first.  There are 2 things I don't like about this approach:

       

      1. Importing from an open file imports the found set instead of the entire table. 
      2. The import status/dialogue box opens and closes for each table imported.  I would prefer to avoid this.

       

      Is there a way to perform an update/import without opening the target file?  Are there potential dangers/pitfalls to performing and 'remote' update the way I have described above?  Am I being to stingy by checking "Require full access privileges to use references to this file"?

       

      Thanks,

      J Smith

        • 1. Re: Automated imports vs Restricted File Access
          Mike_Mitchell

          I think you're confused. The "Require full access" only affects your ability to place TOs from the protected file on the Graph. Doesn't have anything to do with actual file access (for data); that's covered under the Security dialog.

           

          smith7180 wrote:

           

          The issue I wish to address:

          My issue is with file access.  File access cannot be granted via the "do you wish to grant access etc... this is a one time process etc...." window since neither file has a full access account.  As best I can tell the only work around is to open the target file first.  There are 2 things I don't like about this approach:

           

          1. Importing from an open file imports the found set instead of the entire table.
          2. The import status/dialogue box opens and closes for each table imported.  I would prefer to avoid this.

           

          Is there a way to perform an update/import without opening the target file?

           

          No.

           

          1. Importing from an open file imports the found set instead of the entire table.
          2. The import status/dialogue box opens and closes for each table imported.  I would prefer to avoid this.

           

          You have to perform the necessary Find in the source table first. The easiest thing in your sort of situation is to write a script that performs the Find (even if it's a Show All Records) in the source file, then launch that script from the new target file.

           

          As far as the dialog, just check "Perform without dialog" in the Import Records script step.

           

           

          Are there potential dangers/pitfalls to performing and 'remote' update the way I have described above?  Am I being to stingy by checking "Require full access privileges to use references to this file"?

           

          Thanks,

          J Smith

           

          No, and no.  

          • 2. Re: Automated imports vs Restricted File Access
            smith7180

            Great info- thanks Mike.