Access Control for 1 Type of USB Manufacture/model

Similar Messages

• Issue while enabling Access Control for a Coherence server node

  Hi
  Im trying to enable access control for a Coherence server node, using the default Keystore login method shipped with Coherence. When i start the server i get the error "java.security.AccessControlException: Unsufficient rights to perform the operation". Please see below for the sequence of steps I've followed to enable access control. I just need to be enable Authentication (not authorization) at this stage
  1. I have added the following entry in the Coherence Operational override file
  <security-config>
            <enabled system-property="tangosol.coherence.security">true</enabled>
            <login-module-name>Coherence</login-module-name>
            <access-controller>
                 <class-name>com.tangosol.net.security.DefaultController</class-name>
                 <init-params>
                      <init-param id="1">
                           <param-type>java.io.File</param-type>
                           <param-value>keystore.jks</param-value>
                      </init-param>
                      <init-param id="2">
                           <param-type>java.io.File</param-type>
                           <param-value>permissions.xml</param-value>
                      </init-param>
                 </init-params>
            </access-controller>
            <callback-handler>
                 <class-name>com.sun.security.auth.callback.TextCallbackHandler</class-name>
            </callback-handler>
       </security-config>
  2. The following is the entry in the Permissions.xml
  <?xml version='1.0'?>
  <permissions>
  <grant>
  <principal>
  <class>javax.security.auth.x500.X500Principal</class>
  <name>CN=admin,OU=Coherence,O=Oracle,C=US</name>
  </principal>
  <permission>
  <target>*</target>
  <action>all</action>
  </permission>
  </grant>
  </permissions>
  3. The following is the content of the Login configuration file "Coherence_Login.conf"
  Coherence {
  com.tangosol.security.KeystoreLogin required
  keyStorePath="keystore.jks";
  4. The following is the command line tag for starting the server
  java -server -showversion -Djava.security.auth.login.config=Coherence_Login.conf -Xms%memory% -Xmx%memory% -Dtangosol.coherence.cacheconfig=PROXY-cache-config.xml -Dtangosol.coherence.override=FOL-coherence-override.xml -Dcom.sun.management.jmxremote.port=6789 -Dcom.sun.management.jmxremote.authenticate=false -Dtangosol.coherence.security=true -cp "%coherence_home%\lib\coherence.jar" com.tangosol.net.DefaultCacheServer %1
  Following is the output on the Console when running the command. It asks for a username and password for the JKS store (If i provide the wrong password, it gives a different error, which shows that it is able to authenticate aganst the Keystore). After i put in the password, it throws the error as shown below "java.security.AccessControlException: Unsufficient rights to perform the operation"
  D:\Coherence\FOL_CacheServer>fol-cache-server
  java version "1.6.0_20"
  Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
  Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)
  Username:admin
  Password:
  Exception in thread "main" java.security.AccessControlException: Unsufficient ri
  ghts to perform the operation
  at com.tangosol.net.security.DefaultController.checkPermission(DefaultCo
  ntroller.java:153)
  at com.tangosol.coherence.component.net.security.Standard.checkPermissio
  n(Standard.CDB:32)
  at com.tangosol.coherence.component.net.Security.checkPermission(Securit
  y.CDB:11)
  at com.tangosol.coherence.component.util.SafeCluster.ensureService(SafeC
  luster.CDB:6)
  at com.tangosol.coherence.component.net.management.Connector.startServic
  e(Connector.CDB:20)
  at com.tangosol.coherence.component.net.management.gateway.Remote.regist
  erLocalModel(Remote.CDB:10)
  at com.tangosol.coherence.component.net.management.gateway.Local.registe
  rLocalModel(Local.CDB:10)
  at com.tangosol.coherence.component.net.management.Gateway.register(Gate
  way.CDB:6)
  at com.tangosol.coherence.component.util.SafeCluster.ensureRunningCluste
  r(SafeCluster.CDB:46)
  at com.tangosol.coherence.component.util.SafeCluster.start(SafeCluster.C
  DB:2)
  at com.tangosol.net.CacheFactory.ensureCluster(CacheFactory.java:998)
  at com.tangosol.net.DefaultConfigurableCacheFactory.ensureServiceInterna
  l(DefaultConfigurableCacheFactory.java:923)
  at com.tangosol.net.DefaultConfigurableCacheFactory.ensureService(Defaul
  tConfigurableCacheFactory.java:892)
  at com.tangosol.net.DefaultCacheServer.startServices(DefaultCacheServer.
  java:81)
  at com.tangosol.net.DefaultCacheServer.intialStartServices(DefaultCacheS
  erver.java:250)
  at com.tangosol.net.DefaultCacheServer.startAndMonitor(DefaultCacheServe
  r.java:55)
  at com.tangosol.net.DefaultCacheServer.main(DefaultCacheServer.java:197)

  Did you create the weblogic domain with the Oracle Webcenter Spaces option selected? This should install the relevant libraries into the domain that you will need to deploy your application. My experience is based off WC 11.1.1.0. If you haven't, you can extend your domain by re-running the Domain Config Wizard again (WLS_HOME/common/bin/config.sh)
  Cappa

• Access control for different user groups in APEX 4.0

  Hi guys,
  in Apex 4.0, is there any way to use the access control page to configure access control for different user groups?
  The access control page currently only has an access control list by users with 3 privileges namely, Administrator, Edit & View where Administrator has the highest access level & View the lowest. Therefore 1 user cannot have more than 1 different privilege, however if the user belongs to 2 or more different groups then we can control what access he can have in a more fine grained manner. We also want to have more than the 3 privileges given.
  Can we assign different groups to different users and let them have different privileges to be configured by page, region, process or item level?
  Now Apex will create 2 tables, Apex_Access_Control & Apex_Access_Setup to store the application access control mode & access control list. It will also create 3 authorization schemes "access control - administrator", "access control - edit" & "access control - view" based on the 2 tables.
  Does this mean we have to change the table structures & edit the authorization schemes to suit our usage? We are reluctant to do this because if we upgrade to a newer version of Apex then we would have to merge our pl/sql coding with Apex's updated code.
  How can we auto-configure more than the 3 authorization schemes in the access control page? Is there any way to achieve a finer grain of access control based on the current access control administration page given by Apex without writing it ourselves?
  We are afraid that we may have missed something on Apex access control & do not want to reinvent the wheel.

  Hi Errol,
  to build your own application authorization scheme around the security model supplied by Apex for administration of the Apex environment would be a bad idea.
  This was never intended for authorization scheme management in custom built Apex applications, it was solely intended to control access in the Apex environment overall. The API for it is not published, and making changes to it, such as adding more roles, would run the risk of breaking the overall Apex security model. It would not be supported by Oracle and Oracle would not guarantee the upwards compatibility of any changes you make in future versions of Apex.
  In short, you should follow Tyson's advice and build your own structure. As he indicated, there are plenty of examples around and provided your requirements are not too complicated, it will be relatively simple.
  Regards
  Andre

• How do I set up timed access control for a time past midnight

  I would like to set up timed access control for a number of my devices that would stretch past midnight...   An open network from 6AM to 2AM - effectively only blocking access from 2AM tp 6AM in the morning....
  Any notion on how to do this?  the timed factily does not like the setting to enable 6A to 2A, says the times are invalid. 
  Setting up timed access from 6AM to 11:59P, then doing another from 12A to 2A causes a service "hiccup" of 1 Minute.

  Set up each device as follows:
  Everyday........Between.......6:00 AM and 11:59 PM
  Add a second rule for each device that will state....
  Everyday.....Between.......12:00 AM and 2:00 AM
  You might think that there would be a one minute break between 11:59 PM and 12:00 AM, but that will not be the case, at least on every AirPort that I have ever programmed..  Reason.....11:59 is really 11:59:59:59 turning off at 12:00 AM.  But, you have a second rule to allow access at 12:00 AM, so the AirPort will be "on" at the same time the first rule ends, so there will be no break.
  If you really want the second rule to turn the AirPort "off" at 2:00 AM.......then set that time for 1:59 AM. If you set the rule for 2:00 AM, then AirPort will really turn off at 2:01 AM.

• How can I have different access control for the guest network (different than the main network)?

  I am trying to control my main wireless network with access control via mac id with no password. I wanted a separate guest network with password access and no access control. However, the only way that the guest network works is if I specify unlimited access as the default. Is what I am trying to do possible.

  I am trying to control my main wireless network with access control via mac id with no password.
  Definitely not a recommended method for security. MAC addresses are easily cloned by anyone who wants to do so with free tools available on the Internet. An unwanted guest will be on your network in less than a minute if they want to be.
  Strongly recommend that you use WPA2 Personal security with a non-dictionary password to protect your network.
  I wanted a separate guest network with password access and no access control. However, the only way that the guest network works is if I specify unlimited access as the default. Is what I am trying to do possible.
  Unfortunately, Apple does not allow separate Access Control for the "main" and "guest" networks. It's all or nothing, I am afraid.
  Likely, the  "best" way to set up Access Control is change the default rule to No Access, Then you will need to enter in the details for every device that you want to allow to connect for both the "main" and "guest" networks with the time limits for each device.

• Shared Services Assign Access Control for Essbase

  Hi we have a used who has his provisioning in form of filters in essbase group. I tried assigning his filter to thim through Assign Access Control in shared services. I'm able to see the user and also the the filter I created for the user but when I try to assign it to him and save it is really not getting assigned. It still stays the user doesnot have any filters assigned to his account. Am I missing anything.
  Thank you.

  Have you given maxl a try:
  grant filter appname.dbname.filtername to user;
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Error while turning on Access control for web proxy

  When I try turning on access control setting for the service (using web-based server admin page: sever preferences->restrict access), i got this pop-up error message:
  System Error:
  The POST variables could not be read from stdin.
  Environment:
  Windows2000 SP2
  Sun ONE WebProxy 3.6 SP1
  File-System NTFS
  Thx

  Hi,
  Please mention on which platform you have installed the iplanet web proxy server. If it is on NT then make sure it must on NTFS partition.
  refer the following link for more details
  http://docs.iplanet.com/docs/manuals/proxy/36/adminnt/contents.htm

• Default Keychain Access Control for Safari

  For the Keychain item Safari Forms Autofill, what are the default settings for Access Control? Mine are set to Confirm Before Access, and Ask For Keychain Password and no applications are listed. How it is out of the box?

  Hmmm... if I open Keychain Access, I do not see separate keychains for each browser - just one for "System", "Login", "scott" and "X509Anchors" - and all of my internet passwords are stored in "scott". Also, if I open an internet item, I get a window that shows a tab for "Access Control" - where I can give access to all applications, or I can specify any specific application to have access to that info.
  So, from that I had assumed that when I add Camino to the list of applications under "Always allow access to these applications" for an internet password item, that it would automatically be pulled from there by Camino when needed (and I was pretty sure that's what had happened when I was dealing with this yesterday).
  However, after testing a couple more by adding Camino to that list, and changing another to allow access by any application, the username and passwords did not automatically come up in Camino. I must have been dreaming it. :?
  Are the "Internet Password" and "Web form password" items in Keychain Access not what the browsers draw from? Do they maintain their own "keychains" as part of their "Application Support" files?

• "Enable Access Control" for shared directory is grayed out

  For shared directories in WorkGroup Manager, the checkbox "Enable Access Control" is grayed out. I want to enable ACL on a directory I have moved from another volume. The "Enable disk quotas" is also grayed out.
  How do I turn on Enable ACL?
  Dennis

  ACLs are enabled at the volume level. In the Sharing panel of WGM, you need to click the "All" tab so that you see more than just your sharepoints. Select the disk volume upon which your directory is located and then the "Enable Access Control" option should become available to you.
  Note that enabling the ACLs doesn't apply them. Your directory will continue to use POSIX permissions until you specifically apply ACLs to it.
  Xserve G5   Mac OS X (10.4.5)  

• Access control for a noob

  SurveillanceWizard wrote: ...Cat5 or any cat cable is only good for the main controller most of local "door" controllers use RS232 or something similar back to one or two main controllers. so you may have just wasted cat cable although I would use that cable for cameras since its there....and if you use a lanyard be careful where you punch the hole though the card.Yeah it's RS-485, depending on the distance you can run it over a CAT5 cabling but shielded RS-485 purpose made cable will provide better performance and reliability. Unless you plan to integrate ID cards with the access cards, I'd use the key fob style, they already have a hole in them and are much more durable and you can still put them on a lanyard if you want to.

  I have been tasked with building a ground up access control system for a new 63,000 sq ft building my company is moving to. I have no experience in this field whatsoever. I have been given the following requirements by the company owner:1.) The card readers will need to be proximity based, that is he would like the door to unlock when a user with an access card passes within a few feet of the card reader.2.) 13 access points will need to be controlled by card reader with an additional being controlled by a button behind a desk that a receptionist can press to grant entry. 3.) The system needs to log data for times/dates of individual employees entering/exiting each access point. At the moment I have a CAT5e cable run to each door that will need card reader access. I assume the first step is to determine the system that can handle those...
  This topic first appeared in the Spiceworks Community

• Access control for Custom Objects

  Hi,
  I am working with two custom objects: Custom Object 1 and Custom Object 5. There is a team on Custom Object 1.
  The user has access to both and has create access for Custom Object 5.
  The user is not the owner of a record in Custom Object 1, but is on the team for the record with full access.
  When in the related section for the custom object 5 you click on edit I get the following error: "You have read-only access to this record. Click Cancel button or Back link to continue. Access Denied.(SBL-DAT-00284)"
  When you click on the link to the related record and then on edit it works fine, the user can edit and save the changed record.
  I do not understand why this does not work in the related section.
  Thanks for your reply!
  Arnold

  Hi Errol,
  to build your own application authorization scheme around the security model supplied by Apex for administration of the Apex environment would be a bad idea.
  This was never intended for authorization scheme management in custom built Apex applications, it was solely intended to control access in the Apex environment overall. The API for it is not published, and making changes to it, such as adding more roles, would run the risk of breaking the overall Apex security model. It would not be supported by Oracle and Oracle would not guarantee the upwards compatibility of any changes you make in future versions of Apex.
  In short, you should follow Tyson's advice and build your own structure. As he indicated, there are plenty of examples around and provided your requirements are not too complicated, it will be relatively simple.
  Regards
  Andre

• Access controls for ABAP Proxies

  When an ABAP proxy is created,what controls are available to ensure that only authorized access to it occurs?

  Hi Rick,
  An interesting question... what is stopping any other application from sending an XML message of the right format into the receiver pipeline of the application system.
  Well, the answer is user authentication. You can disable anonymous logon to the XI engine (in transaction SICF). When you configure the connection from XI either using a sm59 destinaton or URL directly in the communication channel, you specify a username and password. The connection can be made over HTTPS ensuring further security.
  Of course , if you know the username and password, theoretically you should be able to configure a stand-alone J2EE adapter to pick up, for example, a file and convert into the XML format expected by the proxy and send it in to the receiver pipeline for the proxy to be executed. Have never tried it yet though.
  Cheers
  Manish
  Hope this helps you.

• Access Control for SunOne Web Server 6.0.5 vs. 6.0.4

  This question is about bypassing an appserver by specifying an alias without the appserver vitual host so as to download a class or jar file. With only the default ACL on the 6.0.4 version of the Sunone web server I found that .class and .jar files were not downloadable. However, on version 6.0.5 they are. For example, the URL:
  https://myhost/appserv/alias/path/file.jsp
  would return the html resulting from that file.jsp file being processed by my application server. But by contrast, the URL:
  https://myhost/alias/path/file.jsp
  will prompt the user as to where they want to save the file. Specifying the alias immediately after the hostname (omitting appserv) will allow free access to any files under that aliases target directory. This is a problem especially for .class and .jar files which contain server side programs. I have created an ACL as described in the administrators guide and this does solve the problem (thank goodness for that). My question is, why didn't I experience this problem before?

  To Disable directory listing : http://www.sun.com/bigadmin/features/hub_techtips/dir_list_web_srvr.jsp

• "Assign Access Control" returns error for essbase apps in shared services

  Hello,
  I installed and configured Oracle EPM 11.1.2 (Foundation, Essbase, Planning, Reporting&Analysis):
  OS: Windows Server 2008 Sp2 (32bit)
  Default Installation with default ports,
  Installation of all components on the same server,
  no clustering
  EPM System Diagnostic says that everything is OK.
  Now I want to assign filter access for an essbase database in the Shared Services.
  Starting the menu item "Assign Access Control" in Shared Services returns the following error:
  Error 404--Not Found
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  +10.4.5 404 Not Found+
  The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
  +....+
  Can anybody help ???
  best regards,
  Nicole

  Hello,
  here's what I found out so far:
  I get the error if I start the shared services console via the URL "http://servername:port/interop/index.jsp" and then select the "assign access control" for an essbase database.
  If I start the shared services console via the workspace everything works fine.
  Does anybody know what to do so that it also works if I start the shared services console via URL?
  best regards,
  Nicole

• [SOLVED] xhost access control does not work for specified users

  After last upgrade of xorg to v1.17.1-1 I get message: "unable to open display ":0" " when trying to run any window application as user specified in xhost. My xhost list looks like:
  access control enabled, only authorized clients can connect
  SI:localuser:steam
  SI:localuser:root
  But if I disable access control for everyone by invoking "xhost +" applications run on another accounts without problems. Does anyone has that problem too?
  Last edited by slx (2015-02-22 12:24:17)

  slx wrote:I see that fix is pending http://lists.x.org/archives/xorg-devel/ … 45644.html
  Can you test package here http://pkgbuild.com/~lcarlier/test/ ?