IEF-RA 1.0 FTF Avatar
  1. OMG Issue

IEFRA_ — Clarify permissions required for file access within folders

  • Key: IEFRA_-26
  • Status: closed  
  • Source: Upham Security ( Frederick Hirsch)
  • Summary:

    For folder access it isn’t clear, but It think from the flow diagram that not only do you need folder permission to list the folder contents, but also permission to access each item in the folder to display it in the list? Is this correct? It wasn’t entirely clear.
    (looks like this is different from Unix execute directory permissions)

  • Reported: IEF-RA 1.0b1 — Wed, 12 Jul 2017 17:11 GMT
  • Disposition: Resolved — IEF-RA 1.0
  • Disposition Summary:

    Correction for IEFRA-26

    Note: IEFRA-13 in FTF 1 was renumbered as IEFRA-26 in FTF 2.

    For folder access it isn’t clear, but It think from the flow diagram that not only do you need folder permission to list the folder contents, but also permission to access each item in the folder to display it in the list? Is this correct? It wasn’t entirely clear.
    (looks like this is different from Unix execute directory permissions)

    It is - and adds another level of security for shared networks requiring operating with multiple security and caveat domains.

  • Updated: Tue, 8 Oct 2019 17:56 GMT