AnsweredAssumed Answered

PDMWorks basic security Questions (and info about DBWorks)

Question asked by Jason Ebersole on Jun 2, 2008
Latest reply on Jun 11, 2008 by Jason Ebersole
The reason for this thread:

I'd like to ask questions about the security structure of PDMWorks as it relates to basic IT security theories and to share with users in these forums some basic things I've recently learned about DBWorks security.

I am currently evaluating DBWorks and will start a PDMWorks in-house evaluation in a couple of weeks. Some of the things I've learned about DBWorks security has raised an eyebrow, and I am looking for confirmation of these findings from people with DBWorks experience, and a comparison of these findings to how PDMWorks "does it."

I have a couple of things to discuss:
When using DBworks with SQLServer as the DB platform, there is a DbWorks utility that will assign a windows domain group (intended for DBWorks user accounts) proper DB permissions. What this utility does is assign this group "owner" rights to the DBWorks db on SQLServer. From a DB Admin perspective, this is a huge issue. For DBWorks people, can this be tweaked to better secure the DBWorks DB? For PDMWorks people, is this also the case with PDMWE? If not owner rights, would a PDMWE user still be able to connect to db tables via ODBC with read/write/delete access to the data?

To control user permissions on checked-out files in DBWorks, each client PC runs a DBWorks service called DBWServer. If a DBWorks user checks out a file, this service tweaks windows file-level permissions on the file "on the fly" so other DBWorks users have only read/execute permissions while it is checked-out. As far as I know, this DBWServer service needs to start under a Domain account with Domain Admin rights. This gets configured on every DBWorks PC. Hmmm. DBWorks people, is there any way to protect DBWorks file repositories without the use of a Domain Admin level account configured on each PC? PDMWorks people, I am vaguely familiar with the PDMWorks infrastructure, but from what I can tell, vault files are protected by a service that runs on the server where the files are being stored. Is this correct? This seems much more proper in an Enterprise environment. Are there any similar security-related concerns that are worth discussing?

Thanks, Jason