cJAM and Unified User Management
http://www.jomdev.de1. I'm please with your product. It continues to simplify my work and my application design, prototyping, development, testing, and management.
2. What I'd like to have is a capability to automatically generate a security audit report in .rtf, .xls, .xml, and/or .html table format. I'd have cJAM workfile properties as a top/parent table and a detail/child table consisting of the .mdw filename and description as column 1 and 2, .mdw path as column2, database object name as column 3, create datetime as column 4, modify change time as column 5, and the 10 cJAM attributes for each database object instance for each associated user account and group. I've created the report manually by cutting and pasting from cJAM's screen, and was thus able to identify gaps in my "denies" and "allows" at a highly granular level.
2.1 From this audit report, I can process/search the report to look for inconsistencies and patterns across objects, groups, and users. This analytical capability would make cJAM even more useful, especially if I were saving the audit content in such a way that the filenames were timestamped, allowing me to monitor changes in security and context over time.
2.2 You might also consider having these audit tables serve as an external security data format, which can be imported into cJAM for automatic creation/update/deletion of settings under appropriate controls. This would facilitate automation of Jet DBMS security management.
3. I'm very interested in pulling selective LDAP, NT Domain, ADS, and other directory/metadirectory entries into cJAM so I do not have to manually administer group and user account creation. If network group and user entries and their attributes are selectively pulled from theses sources you'll have one of the most complete database and database application security management environments available, stronly supportive of policy-based management and criteria-based PKI. This would be invaluable now, but would be even more valuable once LDAP is more ubiquitous in OS/NOS/DBMS environments.
4. I encourage you to explore the use of visualization tools other than the tree/table view you now use. The tree and table is useful for seeing categorization of group, user, and object, but provides no means to see associations ("star" view). I suggest you look at visualization and navigation/linking tools that can place any workgroup/unit, group, user, object, object-attribute, or setting into the center of a star of assocations. You might consider tools such as Natrificial Brain at http://www.natrificial.com, or similiar C++ or Java applications or Java applets. (I also suggest you look at MindMan 3.5 at www.mindmanager.com. Their mindmap functionality looks like a star, but is really a circular form of hierarchy they refer to as "radial". If they strengthened the ability to relate the branches of their mindmaps together, then they'd begin to have the "star" and "snowflake" functionality.)
5. When you can provide functionality that allows us to view and manage Jet security information in tree/hierarchical, star/association, and arrow/change patterns, then we'll be able to secure the entire context of Jet containers, content, and change. From another perspective, this would enable cJAM to function as an overlapping-group "access criteria" management tool, much needed for security of complex information content, containers, and behaviors.
6. With this capability, I can then leverage the associated tree/star/arrow information in my Total Enterprise Management effort. See /rer/owis/.
7. I corresponded with you earlier on the use of cJAM with MS Project. I've noted that even though MS Project 98 can store its content in MS Access tables (with .mdb or .mpb extentions), MS Project itself only seems to use the "Admin" user account and login when opening the projects via file or ODBC connection. This is the case even when I'm able to get MS Access to collect my .mdw username and password as part of opening the database. This has forced me to use NT file permissions to manage my project content security rather than Jet security. Do you have knowledge of a means to get MS Project to send the appropriate username and password to Jet, rather than just "Admin" user with no password?
8. If you decide to provide the star/association and arrow/change-log functionality I describe above, I'd like to discuss a business venture with you, on the subject of moving cJAM's functionality into a generalized Enterprise Security Management mechanism, encompassing everything from the Enterprise Mission and Strategic Plan, down to the protocols and signals on a device or the configuration settings of an appliction.
Roy Roebuck Enteprise Engineer One World Information System and Principal Information Engineer SAIC, Global Command and Control Support US DoD GCCS Engineering Team Support