App-V 4.5 Permissions Bug
Just checking if anyone knows if this is by design or a serious bug in 4.5. I've been using softgrid since 3.0 and this is the first version I have found this.
For this example lets say I have a suite like MSOffice that has say 6 published icons, Excel, Word, PowerPoint, Outlook, Access, and PictureManager. If I give a user access to Word and refresh the user Word now shows up on their desktop and they can run it. Everything works fine so far, right. So now I have a smart user. That user browses to the content share and clicks on OSD files to launch apps. That smart user who ONLY has access to Word through the Softgrid MMC can actually launch EVERY OSD file related to the MSOffice suite. This is a problem.
Anyone else experience this? Is this by design or a known bug?
Thanks for the help...
For this example lets say I have a suite like MSOffice that has say 6 published icons, Excel, Word, PowerPoint, Outlook, Access, and PictureManager. If I give a user access to Word and refresh the user Word now shows up on their desktop and they can run it. Everything works fine so far, right. So now I have a smart user. That user browses to the content share and clicks on OSD files to launch apps. That smart user who ONLY has access to Word through the Softgrid MMC can actually launch EVERY OSD file related to the MSOffice suite. This is a problem.
Anyone else experience this? Is this by design or a known bug?
Thanks for the help...
0 Comments
[ + ] Show comments
Answers (3)
Please log in to answer
Posted by:
DannyC
15 years ago
This is 'by design' I'm afraid..
You could apply permissions to the OSD's directly but that wouldn't stop your 'smart' user from modifying the OSD that he does have access toand launching another exe from within the same package.
In 4.5 you can apply ACL's to the files in the package to prevent this from happening as well but it's still not ideal.
You could apply permissions to the OSD's directly but that wouldn't stop your 'smart' user from modifying the OSD that he does have access toand launching another exe from within the same package.
In 4.5 you can apply ACL's to the files in the package to prevent this from happening as well but it's still not ideal.
Posted by:
anonfoo
15 years ago
Dang...that kinda sucks. Any idea why they did that? That was useful for a simple example if I package Office I dont want to have to have a seperate package for MSAccess and I dont want all users to have access to MSAccess but I do want all users to have access to Word, Excel, etc. If thats by design it's kinda stupid to have the access tab on the OSD publication, it should be on the package publication. We have a lot of apps that have the user GUI and the Admin GUI where we dont give users access to the Admin GUI (icon) this means when we move to 4.5 they will now have access to it :(
Posted by:
kkaminsk
15 years ago
What are your client settings? Make sure "require authorization even when cached" is turned on and users shouldn't be allowed to double click other OSDs in the package other than the ones they have rights to.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.