Preview | SOLIDWORKS USER FORUM
Use your SOLIDWORKS ID or 3DEXPERIENCE ID to log in.
JEJason Ebersole02/06/2008
The reason for this thread:
I'd like to ask questions about the security structure of PDMWorks as it relates to basic IT security theories and to share with users in these forums some basic things I've recently learned about DBWorks security.
I am currently evaluating DBWorks and will start a PDMWorks in-house evaluation in a couple of weeks. Some of the things I've learned about DBWorks security has raised an eyebrow, and I am looking for confirmation of these findings from people with DBWorks experience, and a comparison of these findings to how PDMWorks "does it."
I have a couple of things to discuss:
When using DBworks with SQLServer as the DB platform, there is a DbWorks utility that will assign a windows domain group (intended for DBWorks user accounts) proper DB permissions. What this utility does is assign this group "owner" rights to the DBWorks db on SQLServer. From a DB Admin perspective, this is a huge issue. For DBWorks people, can this be tweaked to better secure the DBWorks DB? For PDMWorks people, is this also the case with PDMWE? If not owner rights, would a PDMWE user still be able to connect to db tables via ODBC with read/write/delete access to the data?
To control user permissions on checked-out files in DBWorks, each client PC runs a DBWorks service called DBWServer. If a DBWorks user checks out a file, this service tweaks windows file-level permissions on the file "on the fly" so other DBWorks users have only read/execute permissions while it is checked-out. As far as I know, this DBWServer service needs to start under a Domain account with Domain Admin rights. This gets configured on every DBWorks PC. Hmmm. DBWorks people, is there any way to protect DBWorks file repositories without the use of a Domain Admin level account configured on each PC? PDMWorks people, I am vaguely familiar with the PDMWorks infrastructure, but from what I can tell, vault files are protected by a service that runs on the server where the files are being stored. Is this correct? This seems much more proper in an Enterprise environment. Are there any similar security-related concerns that are worth discussing?
Thanks, Jason
I'd like to ask questions about the security structure of PDMWorks as it relates to basic IT security theories and to share with users in these forums some basic things I've recently learned about DBWorks security.
I am currently evaluating DBWorks and will start a PDMWorks in-house evaluation in a couple of weeks. Some of the things I've learned about DBWorks security has raised an eyebrow, and I am looking for confirmation of these findings from people with DBWorks experience, and a comparison of these findings to how PDMWorks "does it."
I have a couple of things to discuss:
When using DBworks with SQLServer as the DB platform, there is a DbWorks utility that will assign a windows domain group (intended for DBWorks user accounts) proper DB permissions. What this utility does is assign this group "owner" rights to the DBWorks db on SQLServer. From a DB Admin perspective, this is a huge issue. For DBWorks people, can this be tweaked to better secure the DBWorks DB? For PDMWorks people, is this also the case with PDMWE? If not owner rights, would a PDMWE user still be able to connect to db tables via ODBC with read/write/delete access to the data?
To control user permissions on checked-out files in DBWorks, each client PC runs a DBWorks service called DBWServer. If a DBWorks user checks out a file, this service tweaks windows file-level permissions on the file "on the fly" so other DBWorks users have only read/execute permissions while it is checked-out. As far as I know, this DBWServer service needs to start under a Domain account with Domain Admin rights. This gets configured on every DBWorks PC. Hmmm. DBWorks people, is there any way to protect DBWorks file repositories without the use of a Domain Admin level account configured on each PC? PDMWorks people, I am vaguely familiar with the PDMWorks infrastructure, but from what I can tell, vault files are protected by a service that runs on the server where the files are being stored. Is this correct? This seems much more proper in an Enterprise environment. Are there any similar security-related concerns that are worth discussing?
Thanks, Jason