MOD2000: modAppOwners Members Can Delete Solution Even If NTFS Permissions Are Denied

ID: Q247688

The information in this article applies to:
  • Microsoft Office 2000 Developer

SYMPTOMS

Members of the modAppOwners group who are also the solution database owner (dbo) can delete the solution when the following conditions exist:

  • The solution dbo registered the solution database with the Access Workflow Designer and also created the Web.


  • The system administrator revoked the Write, Delete, and Change permissions for the modAppOwners group for the NTFS wwwroot Web folder.


  • The system administrator revoked the Write, Delete, and Change permissions for the modAppOwners group for the NTFS solution Web folder.


  • The Microsoft FrontPage administrator allows the modAppOwners group to only browse this Web.


  • The Microsoft FrontPage administrator allows the CREATOR OWNER to only browse this Web.



CAUSE

modTBAD overrides any explicit NTFS permissions.


RESOLUTION

Members of the modAppOwners group can delete workflow-enabled Webs even if the explicit NTFS permissions have been revoked.


MORE INFORMATION

Steps to Reproduce Behavior

  1. On the Access Workflow Designer server computer, add a user to the modAppOwners group.


  2. On the Access Workflow Designer server computer, create a database in Microsoft SQL Server Enterprise Manager. Give the user that you added to the modAppOwners group in step 1 database owner (dbo) permissions.


  3. On a computer where the Access Workflow Designer development components have been installed, log on as the user that you added to the modAppOwners group in step 1. Start Microsoft Access.


  4. On the development computer, start Access Workflow Designer, and then register this database with Access Workflow Designer. If you are prompted, also create the Web for this database.


  5. On the Access Workflow Designer server computer, browse to the wwwroot folder and remove the Write, Delete, and Change permissions for the modAppOwners group.


  6. On the Access Workflow Designer server computer, browse to the solution folder under the wwwroot folder and remove the Write, Delete, and Change permissions for the modAppOwners group.


  7. On the Access Workflow Designer server computer, start Microsoft FrontPage. Set security permissions so that the modAppOwners group can only browse this Web.


  8. On the Access Workflow Designer server computer, start Microsoft FrontPage. Set security permissions so that the CREATOR OWNER can only browse this Web.


  9. On the development computer, open the Team Solutions Manager. Delete the solution that you created for this scenario. Note that this user is allowed to delete the solution.


Additional query words: pra override

Keywords : kbdta modWFDesigner
Version : :
Platform :
Issue type : kbbug


Last Reviewed: January 26, 2000
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.