The VSS Administrator program provides tools for managing your VSS users by specifying access rights for individual users or individual VSS projects in the VSS database.
To truly secure your database, however, you must use Windows integrated security to restrict access to the VSS folders by setting sharing and security permissions for those folders. As shown in the following diagram, your shared VSS database is only as secure as the shared network folder in which it is located.
Follow the database lockdown procedures to strengthen the Windows security by setting or changing sharing permissions for the database folder when you create a database or add or delete VSS users. Otherwise, a malicious user on the network can easily circumvent the transparent wall of VSS user Rights and Assignments. Do not rely on VSS to secure your data: even read-only VSS users can delete a VSS database from a shared network folder to which they have access.
Visual SourceSafe Security Architecture
The VSS user Rights and Assignments that you set in the VSS Administrator program are independent of Windows sharing permissions for the VSS database folder. The VSS user name and password are used by VSS for user management and accessing VSS. The VSS user name is used to manage users' rights and assignments in the VSS Administrator program and it identifies the user at logon, in history information, and in files reports. Users can log on to VSS using the user name and password. VSS creates and keeps track of an initialization file, Ss.ini, for each VSS user that contains settings to customize that user's VSS environment.
