We had a scenario where a new user created in the Web Administrator was getting access to records owned by Teams the user was not a part of. It turned out that the new user had many additional (wrong) secrights records. Not sure if they were copied from the template or existing user but here's how we were able to resolve:
SLX27 was the user created in Web Administrator.
slx27b was created in Lan Administrator.
delete
--select sr.*
from secrights sr
where sr.accessid in (select ui.userid from userinfo ui where upper(ui.username) like 'SLX 27')
and sr.seccodeid not in (select goodsr.seccodeid from secrights goodsr, userinfo goodui where goodsr.accessid = goodui.userid and goodui.username like 'slx27b' )
and sr.seccodeid not in (select us.defaultseccodeid from usersecurity us where us.userid = sr.accessid);
After we deleted the extraneous secrights records access was restored to what it should be.
Obviously the normal caveats apply to any sql statement with the word DELETE in it.
James.
James Sutton
