Microsoft KB Archive/247688

= MOD2000: modAppOwners Members Can Delete Solution Even If NTFS Permissions Are Denied =

Article ID: 247688

Article Last Modified on 7/31/2001

-

APPLIES TO


 * Microsoft Office 2000 Developer Edition

-



This article was previously published under Q247688



SYMPTOMS
Members of the modAppOwners group who are also the solution database owner (dbo) can delete the solution when the following conditions exist:
 * The solution dbo registered the solution database with the Access Workflow Designer and also created the Web.
 * The system administrator revoked the Write, Delete, and Change permissions for the modAppOwners group for the NTFS wwwroot Web folder.
 * The system administrator revoked the Write, Delete, and Change permissions for the modAppOwners group for the NTFS solution Web folder.
 * The Microsoft FrontPage administrator allows the modAppOwners group to only browse this Web.
 * The Microsoft FrontPage administrator allows the CREATOR OWNER to only browse this Web.



CAUSE
modTBAD overrides any explicit NTFS permissions.



RESOLUTION
Members of the modAppOwners group can delete workflow-enabled Webs even if the explicit NTFS permissions have been revoked.



Steps to Reproduce Behavior

 * 1) On the Access Workflow Designer server computer, add a user to the modAppOwners group.
 * 2) On the Access Workflow Designer server computer, create a database in Microsoft SQL Server Enterprise Manager. Give the user that you added to the modAppOwners group in step 1 database owner (dbo) permissions.
 * 3) On a computer where the Access Workflow Designer development components have been installed, log on as the user that you added to the modAppOwners group in step 1. Start Microsoft Access.
 * 4) On the development computer, start Access Workflow Designer, and then register this database with Access Workflow Designer. If you are prompted, also create the Web for this database.
 * 5) On the Access Workflow Designer server computer, browse to the wwwroot folder and remove the Write, Delete, and Change permissions for the modAppOwners group.
 * 6) On the Access Workflow Designer server computer, browse to the solution folder under the wwwroot folder and remove the Write, Delete, and Change permissions for the modAppOwners group.
 * 7) On the Access Workflow Designer server computer, start Microsoft FrontPage. Set security permissions so that the modAppOwners group can only browse this Web.
 * 8) On the Access Workflow Designer server computer, start Microsoft FrontPage. Set security permissions so that the CREATOR OWNER can only browse this Web.
 * 9) On the development computer, open the Team Solutions Manager. Delete the solution that you created for this scenario. Note that this user is allowed to delete the solution.

Additional query words: pra override

Keywords: kbbug kbpending kbworkflowdesigner KB247688

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.