Front Page Permissions

I have to allow users write access to a specific folder. (This is for updating a database).

Can I do this in FP98 without giving write access to the entire Front Page Web?
LVL 2
MoMarviAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mgoergenCommented:
Create a FP subweb  of the main web and add the users to this web. This is the easy way.

The perfect solution is to create access directly to the database. For example via ODBC Driver to the database. Depends on which Database you use.
0
zs6phdCommented:
Not sure exactly what type of access you require.
Yes, you can provide access to a specific directory only, without providing access to the rest of the web.
If you wish to allow one or more local network users to have access to the folder in order to open the database with one or other application, then you need to provide them with the relevant access. This is a function of the operating system - In NT you need system admin rights, or get the system administrator to provide the access.
If you want to allow a user to ftp to that folder and upload a replacement database then the same applies, but this depends on the type of security employed on the server.  Again, speak to the system administrator.
Note that a database may be stored within your web, or external to it.  If external, then you need to set up a system name linking your web to the database.  If it is within the web then you have more freedom and can access the database dynamically without the need for setting up system names.
If you need to allow many users to add data there is another way.  Keep the database under your own control, but provide a web page which allows users to submit data which you then add to the database.  In this case the user does not need access to the folder, as your web site is the 'user', and you can apply your own security system as to who may add or alter information.
0
MoMarviAuthor Commented:
Sorry for rejection, but I am looking for a front page solution, such as mgorgen's comment.

for mgoergen,

How do I make a su-web. Do I do it while the main web is open, or do I do it on it's own.

MoMarvi
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

MoMarviAuthor Commented:
Well, I found out that you cann;t make a sub-web from an existing directory. I ended up destroying the entire directory.

OUCH!

Not much in backups either. DUH!

0
zs6phdCommented:
I always find it helpful to go back to the basics.  In this case it appears that you want a function which will give (all?) users write access to a specific folder in your web. It also appears you are using an NT server running IIS, with the FrontPage Server Extensions installed.
Consider the behaviour you want from the web: You want to open up a folder to unrestricted access by a user.  Presumably you are working remotely, which means that the basic access will be via ftp.
Now, in its normal environment, IIS restricts write access to the owner of the site.  This has nothing to do with FrontPage: It is a normal function of hosting a web site.  
In addition, you can specify for each folder whether (a) Scripts may be executed, and (b) whether programs may be executed.  The normal state for a web folder would be neither, and sometimes you would allow scripts to be executed.  FrontPage supports setting these options by the web owner.
Now, lets see if there are any special FrontPage features which would support allowing users write access to a folder.  If you look at the FrontPage Extensions you will see that none of these touch on access control.
I therefore repeat that, unless your system administrator has abdicated all responsibility for security, you will not be able to do this simply via FrontPage.
The solution I have used is to get the system administrator to provide additional (ftp) access with write priviliges to a specific folder, using a different user id / password to those of the owner (myself).  I can then give this user id /password to those people whom I want to be able to upload new data, and security is relatively intact.
I say 'relatively' because there are still two exposures:
(a) As the user will be using ftp, he could theoretically upload an enormous file, using up my space allocation, and causing harm to the server.  
(b)He could also delete the database and not replace it, thus damaging my web site.
Another solution you could consider is to construct a web page which accepts the data and replaces it or updates the database on the web. This can be done entirely in normal html, so it can be built in FrontPage.
If you need to introduce security to restrict the functionality to a group of authorised users then you will need to employ server-side processing to perform the authorisation.  There are various ways in which you can do this.  A neat and convenient way is to add some asp code to your pages - This is not strictly an FP function, but FP tolerates the addition of asp code as long as you keep to certain rules.  Unfortunately FP98 does a rather hack job, and often 'fixes' the asp code, destroying the functionality.  FP2K is better at this, but can still get confused.  There have been some questions and answers on Experts Exchange which set the ground rules.
If you want more info on database access and access control using asp code, look at http://www.activeserverpages.com.  There is an excellent discussion on the pros and cons of the various forms of security available.  Look for Authentication - cookie based.
0
MoMarviAuthor Commented:
Actually, the user is making changes based on input to an ASP page, The method of creating a sub-web, and pointing to that sub-web seem to work the best. the only reason I'm just waiting to see ho it works.

As for authentication, I'm using a password database, and session variables for authentication. All of that is on the server side.

Since the users will not know where the database file is, (no ftp) I'm not worried for now. Eventually, I'll have to use more robust security.
0
mgoergenCommented:
Hi MoMarvi

Try the following

Create a new FP web. Point it to www.youdomain.com/userweb

Hopefully you have now 2 Webs one called www.youdomain.com and the other called www.youdomain.com/userweb

Up to now it is easy to give special rights to each other.

I tested this one on our server IIS / FP 98 and it works fine.

On the other site I would make the access and update directly over the database depends on which database you use.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MoMarviAuthor Commented:
I did that, and made the mistake of naming the web to an existing directory.

I lost it all!

It'll take 2 more days to recreate.

My new Mantra-
"BackupBackupBackup....."

0
decurtinCommented:
For intranet users of FP2000, providing permissions to secured areas is accomplished using the FP2000 tool bar and the identifying groups or individuals users by domain or computers by IP address.

The web (or sub-web) is defined as open to all browsers or restricted to individuals as to browse, author & browse, or administer, author & browse.  The tool bar will guide this process.  It will be important to know the exact username, domain and IP address if lookup directories are not available; although FP2000 will verify that the entered person/computer exists (or is available).

From sharing MoMarvi's experience on setting up new sub-webs, some advice: Given that a main web exists, first create a folder under the parent web and make sure that you're satisfied with the folder's name, etc.  No need to place files in the folder just yet.  Check the permissions of the main web, and revise for "general access" or "limited access", with groups and/or individuals as appropriate.  This is important, since sub-webs will inherit this information and save setup time later.  Next, convert the "new" folder to a web (or sub-web in this case).  This is done by right-clicking on the folder (this does not always show up in the drop-down menus).  Next check the permissions of this sub-web, and modify as necessary, usually further restricting access for a sub-web.

Never "convert" a web or sub-web back to a folder, unless your a betting person.  It is easier on the mind/soul to copy what you want from the sub-web into another folder or web/sub-web, then delete the sub-web.  This is also the best way to "rename" a sub-web - e.g., create a new one and refile the documents.

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development Software

From novice to tech pro — start learning today.