+ Post New Thread
Results 1 to 5 of 5
MIS Systems Thread, SIMS SOLUS - Delegating upgrade rights for management by third party in Technical; Dear all I'm sure this is an utterly ridiculous thing to ask. I'm sure as soon as I start discussing ...
  1. #1
    msi
    msi is offline

    Join Date
    Mar 2008
    Posts
    22
    Thank Post
    1
    Thanked 8 Times in 2 Posts
    Rep Power
    15

    SIMS SOLUS - Delegating upgrade rights for management by third party

    Dear all

    I'm sure this is an utterly ridiculous thing to ask. I'm sure as soon as I start discussing file and registry permissions required by SIMS SOLUS, most people will respond with "hahahaha, no you can't do that".

    But here it is.

    I support a school which has a virtual machine running two SQL database applications: SIMS and PSFinancials. I'm currently in the process of handing over support for these two applications to their respective support providers (having been the one that installed and supported them for a few years myself). I'm not employed by the school - I'm a freelance engineer.

    SIMS will be managed by the local authority's IT Support Unit, who have a fabulous record for ensuring they don't accidentally shut down servers, change the IP address of domain controllers, and all the other things that you can do to wreck a network.

    Given the above, you can imagine I'm thrilled about the prospect of giving them administrator access to the server.

    (In case your sarcasm detector is not working today - the above is of course... a joke.)

    Actually, I'm not simply "unhappy" to give them local admin to the server - it's not going to happen. No way. If they foobar the server which is not unlikely, it will prevent the finance ladies from doing their jobs properly. Of course, PSFinancials is technically supported by PSFinancials Support ... but I know how it works. It will all come back to me eventually, regardless of whatever form I get anyone to sign. (I plan to continue to provide support to the school - just not for SIMS and PSF.)

    Sadly for SQL licensing reasons, I can't split the VM into two VMs, and give each support provider local admin. That would be great.

    So I'm in the unenviable position of wanting to set up delegated permissions so that each support provider can *properly* do their job. That is, log on to the server, troubleshoot SIMS problems, upgrade SIMS database, etc. - WITHOUT giving them full admin.

    I'm sure this will end up being some hack involving:

    - Group Policy User Rights Assignment
    - A healthy dose of Sysinternals Process Monitor to figure out what permissions SIMS SOLUS3 actually needs
    - A healthy dose of ... long-term ... patience when I realise 6 months down the line there is one more permission that I didn't realise it would require to do something

    Before I get my hands dirty, can anyone tell me whether they have done something similar? Whether SIMS SOLUS has a vaguely sensible implementation of NTFS / reg permission requirements? i.e. By Group Policy I could set up a domain security group, assign full control to the obvious program files directories required as part of SOLUS upgrades, and it will just work?

    Yours in vain hope,

    MSI

  2. #2

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    4,010
    Thank Post
    1,249
    Thanked 1,099 Times in 781 Posts
    Rep Power
    337
    @msi:

    I would presume that you could either setup as you have suggested a group policy which would allow certain programs special rights. but why do all that when everything is set to work as is!

    I would create a specific user account which has the rights to access just the Solus 3 and Sims then within Sims find the best user controls that will allow the LA to do what is necessary both remotely and on site.

    Surely this would be a case of keeping it simple as long as the specific user has read write permissions over the directories which the Sims and Solus 3 use then that user would have everything it required, you could even deny access to all the other directories that are not required including the registry so that the LA can't do their very best to keep everything running well (Sarcastic note).

    regards
    Bossman

  3. #3
    msi
    msi is offline

    Join Date
    Mar 2008
    Posts
    22
    Thank Post
    1
    Thanked 8 Times in 2 Posts
    Rep Power
    15
    Quote Originally Posted by bossman View Post
    @msi:
    but why do all that when everything is set to work as is!
    @bossman I'm not sure I follow. What exactly do you mean "everything is set to work as is"? Also, what exactly do you mean by "user account which has the rights to access just the Solus 3 and Sims"? A windows user account? Are you referring to Windows ACLs when you say "a user account which has the rights [...]"? Also what do you mean by "best user controls that will allow the LA to do what is necessary"? Do you mean SIMS permissions? What's a "user control"? Sorry if I sound a bit confused but I'm not sure I follow your terminology.

    EDIT to my last post: I did log a call with Capita on this subject. But by the time I was actually put on to the "relevant department", it became apparent that the person didn't even know the difference between Windows "permissions" and "rights", so I gave up straight away with that... grr! Why can't you find technical people on technical support desks I ask?!

  4. #4

    Join Date
    Sep 2006
    Location
    London
    Posts
    1,379
    Thank Post
    36
    Thanked 369 Times in 254 Posts
    Rep Power
    82

    SIMS SOLUS - Delegating upgrade rights for management by third party

    Since a large number of problems we get can be solved by ordinary people we don't put techs onto first line!!

    If your support is from us you can log a case electronically then you will avoid 1st line.
    Last edited by PhilNeal; 6th May 2014 at 09:21 PM.

  5. #5

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    4,010
    Thank Post
    1,249
    Thanked 1,099 Times in 781 Posts
    Rep Power
    337
    @msi:

    A windows account with which you can give certain rights to via group policy and ACL rights on the directories with its own application shortcuts.

    Then in Sims the LA would have their own account already setup in which to setup accounts, groups etc.

    The specific user account would then only have access to the Solus 3 and the SQL applications shortcuts to which read write ACLs would have been set on the directories where these apps run from.

    In using ACLs on the directories where these apps and all their files run from you will be able to stop any other directories and apps from being run by that specific user, therefore you would supply the LA with that specific user account to log in with so they can do their usual best.

    I do hope this clarifies things for you.

    regards
    Bossman
    Last edited by bossman; 6th May 2014 at 09:21 PM.



SHARE:
+ Post New Thread

Similar Threads

  1. [SIMS] Solus 3 - Why bother for clients?
    By enjay in forum MIS Systems
    Replies: 54
    Last Post: 6th February 2013, 12:14 AM
  2. [SIMS] Solus 2 to Solus 3 Upgrade
    By TGilly in forum MIS Systems
    Replies: 34
    Last Post: 28th November 2012, 08:33 PM
  3. [SIMS] SIMS Solus 3 bypassed for a manual install
    By winng in forum MIS Systems
    Replies: 4
    Last Post: 14th September 2012, 12:04 PM
  4. Use of UPN by third party sites
    By localzuk in forum MIS Systems
    Replies: 6
    Last Post: 25th November 2011, 10:23 AM
  5. SIMS Feb 2008 upgrade - SOLUS error
    By cf23 in forum MIS Systems
    Replies: 8
    Last Post: 8th April 2008, 11:21 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •