Directory Structure and Security
To allow easy comparison and understanding of the directory structure in Elliott 8.0, we are providing this review of the Elliott 7.x directory structure:
System level programs, registration files, USER#999.DAT and ULOG#999.DAT (for user licensing control) and some BTR files that are common to all DATA folder is in <root>. The BTR files include SYSPASS.BTR, SYUSERS.BTR and SYEVENT.BTR which are none company specific. In addition, when a new company DATA_?? folder is created; standard files will be copied from the <root> directory to the DATA_?? Subfolder.
The Elliott primary company (01) that stores Elliott *.BTR data files, *.DAT data files, Spooled Reports and Log Files.
The second company and onward like DATA directory.
The Elliott application level programs reside in this folder.
The Elliott file accesses error messages and online help
The Elliott electronic documentation in PDF format.
Database Definition Files (DDF) in V3.0 format for legacy application to interpret Elliott BTR files content.
DDF in V4.0 format for ODBC access.
Elliott Laser Form Template Files
Elliott sound files for ticklers and shipping verification
<root>\ other misc. directories
In Elliott V8.0, the directory structure has been rearranged to make it easier to configure NTFS security:
The Elliott primary company (01) that stores Elliott *.BTR data files, *.DAT data files. Spooled Reports and Log Files are moved to the Reports and Log folder.
The second company and onward like DATA directory.
This is a folder for tutorial company just likes DATA. No Elliott security apply to this directory.
All <root> directory program files, DLL files, registration files and <root>\Programs directory program files are moved to this folder. By moving program files away from <root> directory, you only need to give minimum NTFS security to the <root> directory and enhance your Elliott application security.
It is the same as <root>\Help folder in Elliott 7.x. It is renamed because this folder no longer contains online help files. It is moved under the Bin folder to simplify directory structure.
It is the same as <root>\Doc folder in Elliott 7.x. It is moved here to simplify the directory structure.
It is the same as <root>\DDF40 folder in Elliott 7.x. It is moved here to simplify the directory structure. In Elliott 8.0, we do not need files in the <root>\DDF folder.
It is the same as <root>\Forms folder in Elliott 7.x. It is moved here to simplify the directory structure
When create a new company, system used to copy standard files from <root> to DATA_?? subfolder in 7.x. Now system copy from the <root>\bin\NewData instead. This simplifies NTFS security requirement. The following is a list of these standard files:
We used to copy <root>\*.DFF in 7.x to support certain legacy applications require DDF and BTR files in the same DATA_?? folder. We no longer do that in 8.0.
In is the same as <root>\Wave folder in Elliott 7.x. It is moved here to simplify the directory structure.
Reports used to reside under DATA folders. It is now moved to this folder to simplify the structure. The subdirectory structure under Reports is like <root>\Reports\<company>\<module>.
Log used to reside under DATA folders. It is now moved to this folder to simplify the structure. The subdirectory structure under Log is like <root>\Log\<company>\<module>. Most Log files are saved in the Log folders and subfolders, but there are some exceptions. Some may be saved in the Windows %Temp% directory. SimEvent.log file is the online credit card processing log file that is stored in the Bin folder.
<root>\other misc. directories
NTFS Security in Elliott 8.0
The changes to the directory structure in Elliott 8.0 make it easier to organize Elliott directories with NTFS security.
PSQL Mixed Mode
First, configure your PSQL engine to use mixed mode security. Starting in PSQL 8.5, the transaction engine (Btrieve) comes with three different modes to control security:
· Classic: This is the old way (PSQL 8.0 or earlier version) that PSQL security works. If you need to read a Btrieve file, you will need to have the NTFS read security. If you need to write a file, you will need to have the NTFS modify security. Elliott has hundreds of tables, and thus hundreds of Btrieve files. It is almost impossible for IT to determine which users should have what NTFS rights for each table. So with this kind of security model, we typically suggest that IT granting users the full rights to our DATA folder. As a result, the NTFS security for the DATA folder is wide open. It's not a desirable situation, but this is the default mode when you install PSQL on a server for backward compatibility.
· Mixed: This means the user does not need to have any NTFS rights to a table (i.e., a Btrieve file) in order to read and write to that table. The PSQL engine is running on the server with the "system" user privilege, which is like a local admin. So the PSQL engine will not have any NTFS issue when accessing a Btrieve file. By using this mode, we can restrict the NTFS right to the DATA folder. Then you simply let the application (Elliott Business Software) to control the security. This is much better for security control purpose and is the mode we want to use.
· Database: This mode means we need to login to a database user with a password in order to access the proper tables. This method is not applicable to Elliott Business Software.
To change PSQL from classic mode to mixed mode, bring up the PSQL Control Center on the server console. Go to Engines/your server/Databases. Right Click on DEFAULTDB and choose Properties.
Choose Security and then click on the Btrieve Security tab. Choose the Mixed option and click on Apply. Once you do this, the server will need to be rebooted for the changes to take effect.
Once you have configured your PSQL engine to use mixed mode security, the user does need to have NTFS rights to Elliott's database, which is stored in *.BTR files in the DATA folders. This is the first step to tie down the Elliott folder NTFS security.
Apply NTFS Security to Elliott Folder and Sub-Folders
<Drive>: After setting up the PSQL server to use "mixed mode" security, you need to at least give the "Traverse Folder/List Folder" rights to the mapped Elliott drive-letter level (e.g., M:\). Otherwise, the user can't even map the network drive (e.g., M:) successfully. This is considered the minimum right, which means the user can see the folders and files through Windows Explorer, but the user does not have the right to read the content of the files or copy it and paste it somewhere else. Therefore, all contents under this drive is secure even after you give users this minimum right. The List Folder and Traverse rights are available under the Advanced Security options.
<root>: You don't need to do anything at Elliott root directory level (e.g. M:\Elliott7.) The "Traverse Folder/List Folder" right you define at the drive-letter level is automatically inherited by Elliott root directory.
The following example shows that we assigned the NTFS "Traverse Folder/List Folder" rights to the drive level. As a result, at the Elliott <root> directory level, the same rights are inherited. Because the right is inherited, the check box is "grayed out."
<root>\Bin: You must give non-admin users Read & Execute rights to the <root>\Bin folder. By default, sub-directories will inherit this right too. One exception is that when you use the Elliott online credit card interface, the Payware interface module will create SIMEvent.Log file in the Bin folder. We can’t redirect this file to our Log folder due to the interface module’s limitation. You will need to give online process credit card users the Write right to this file.
<root>\DATA and <root>\DATA_??: Assign Write right for the users. This will give the users the right to create work files that are used by certain applications. This right does not give users the read permission. In addition, user cannot modify existing data to corrupt it. Therefore, your DATA folders are secure even after you give your users the "Write" permission.
<root>\DATA\*.DAT and <root>\DATA_??\*.DAT: Assign Modify rights for all users. The reason for this is because *.DAT files are not controlled by the PSQL engine. Elliott directly updates these files. So you will need to give the "Modify" right to all *.DAT files under the DATA, DATA_?? and TUTORIAL folders. In a future version, we intend to phase out *.DAT files and convert them to Btrieve files so this is no longer an issue.
<root>\Reports: You need to give "Write" rights to users. This will also give the user "Create Folder" rights. When the Spooled Reports application is launched for the first time, the company sub-directory under the Reports directory is created along with a directory for every package in the system. If this application is run by a user with full rights to the Reports directory, all of the directories will be created. If a user without "Create Folder" rights attempts to print a report or access the Spooled Reports application, he/she will receive an error stating that the directory cannot be created.
For supervisors who can view, archive or delete other users' spooled reports, it is necessary for IT to assign these users "modify" rights to this folder.
<root>\Log: It is necessary to give non-admin users Modify rights to the <root>\Log folder so Elliott can update the log files for support and auditing purposes.
<root>\Images: We suggest giving non-admin users Read & Execute rights to the <root>\Images folder.
The Minimum Right of a Non-Admin User
The following is a re-cap of NTFS rights and the minimum privilege to give to a non-admin user in order to run Elliott 8.0. You may adjust and give more NTFS privileges as needed.
- <Drive:>: Follow the explanation above; grant "Traverse Folder/List Folder" right.
- <root>: Inherit the "Traverse Folder/List Folder" from the parent folder, so you don't need to do anything.
- <root>\bin: Follow the explanation above; grant "Read & Execute."
- <root>\DATA: Follow the explanation above and grant "Write" rights.
- <root>\DATA\*.DAT: Follow the explanation above; grant the "Modify" right to all *.DAT files in DATA, DATA_?? and TUTORIAL folder.
- <root>\Reports: Follow explanation above; grant the "Write" rights.
- <root>\Log: Follow the explanation above; grant the "Modify" right to this folder.
For more details, please refer to the following Knowledge Base article: http://support.elliott.com/knowledgebase/articles/654601-elliott-8-0-directory-structure-and-ntfs-rights.
Help files are no longer installed with Elliott software. Pressing Shift-F1 or using context menus for help will result in launching a process to get the help information from the Web. Because help files are centrally maintained, they can be updated on a timelier basis.
Note: Access to Web-based Help can be removed for the entire installation by selecting the Disable On-Line Help option of the Elliott V8.0 Configuration utility (EL800CF).
Continuous Notes Enhancement
The Notes functionality in Elliott version 8.0 has been enhanced to allow for continuous, free-format notes. The following capabilities have been added:
- Continuous content: You will be able to scroll the entire content of the note on a single screen regardless of how many physical records are required to store the note content.
- Word wrap: Text can be typed continuously and the content automatically will be split between lines based on word boundaries. You also will be able to insert and delete text on an existing line and have the current and following lines reformat on word boundaries.
- Cut-and-paste: You will be able to use the normal text cut and paste operations (and Ctrl-C, Ctrl-X and Ctrl-V keystrokes) that you use in all your other computer applications.
- Undo: A single level of Undo is supported.
- Change to paragraph: A note created in Elliott v7.5 will have a CR/LF at the end of each line. You can select any sized portion of such a note and use the Change to paragraph option to remove the CR/LF pairs and allow the text to word wrap from line to line.
- Find-and-replace: You can search for and optionally replace strings in continuous notes.
- Note copy functionality: In addition to creating new notes from other notes, you now can append the content of other notes onto a continuous note.
- Customizable Notes list: The Notes list window has been enhanced with the following new capabilities:
- The window is resizable, allowing for more columns and more rows of information.
- The columns displayed are configurable, allowing you to choose which columns will be displayed and how wide each column will be.
- The Subject column has been expanded to include the first page of content of the note. Hovering the mouse over a row in the Subject/Content column provides a popup preview of the content of the note without having to drill down to the note itself.
- Note types with labels: Notes that are assigned to Note Types that have predefined labels will continue to use the current single-line, single-record method for viewing and editing the note. Also, the content of such notes cannot be appended automatically onto a continuous note.
- Ticklers: Notes that are also Ticklers will continue to use the current single-line, single-record method for viewing and editing the note. Continuous notes that contain more than 10 lines cannot be changed to Ticklers.
Compatibility with Elliott v7.5
Notes created in either version of Elliott (v7.5 and v8.0) can be viewed and edited using the other version. In v7.5, the current single-line, single-record method is used, and in v8.0 the enhanced method is used for non-Tickler, non-labeled notes. There is one restriction: when using v7.5 to edit a v8.0 multi-record note, you are not allowed to insert or delete a line if the note is continued on another record (because it would not adjust the following record(s) properly). You should use v8.0 if you need to insert or delete a line in a multi-record note.