Becoming a member of the Privilege Group
People,
I am using the PL/SQL packages wwsec_api and wwsec_oid to create and maintain users and groups. The problem is that I need some users to members of the "Privilege Group". This is described on the OID html interface as "Grant members full DAS privilege".
Problem is I can't find the Privilege Group anywhere. I'm not having any problems adding a user to the DBA group, PORTAL_PUBLISHERS group, or my own groups.
Does anyone know how to programmatically add a user to the Privilege Group?
Thanks in advance
James Hayward
Cheers
James.
Yes to 1 thru 5
To access the account it is faster just to logout and login rather than rebooting.
Similar Messages
-
Not a member of the Administrators group
My wife wants to use my iMac to do office work for her employer at home.
To do this, she has to install some employer software on my iMac. But when she tries to install her employers Mac software, she get the message "Hardware installation cannot start with this user account. Make sure that the user is a member of the Administrators group on the computer."
To make her a User/Admistrator, do I do the following:
1) Go into System Preferences and clicked on Users & Groups.
2) With the Current User as Admin checked, clicked on the padlock to unlock it and type in my password.
3) With the padlock unlocked, under Login Options, do I click on the + to establish a new user account for her?
4) Then, highlight the new account and click on the box "Allow user to administer this computer" and relock the padlock?
5) When the computer reboots, will it reboot with her as Administrator so she can load her employers software?
Once I have done this, in the future when she wants to use her new account, does she go into System Preferences - Users & Groups, unlock the padlock, click on her account to highlight it, relock the padlock and reboot the computer.
Thanks,
jzach52Yes to 1 thru 5
To access the account it is faster just to logout and login rather than rebooting. -
Primary member of the 501 group ?
I try install a tool, copy the message from a dialog box:
An OS user that is a primary member of the 501 group is required to install.
username: oracle
password:
But not continue...
And I check the linux's configuration and I have:
#cat /etc/passwd
oracle:x:501:501::/oracle:/bin/bash
#cat /etc/group
oinstall:x:501:oracle
dba:x:502:oracle
#id oracle
uid=501(oracle) gid=501(oinstall) grupos=501(oinstall),502(dba)
#cat /etc/gshadow
oinstall:!::oracle
dba:!::oracle
What wrong I do? or What more I do?But not continue...Whyt do you mean "not continue". You type password and login will hang or what?
Could you post exact steps how you created user?
Are there some error messages in /var/log/secure or /var/log/messages?
Are there some other error messages? -
Check if entered employee is member of the service group
Hello,
in servicerequest i need to check if the maintained employee is member of the maintained service group.
Any suggestions for this requirement?
Is there a function module to check with the employee ID in which groups this employee is assigned?
Thank you
Kind regards
ManfredHi Manfred,
You can use FM RH_STRUC_GET to achieve that. You can get an example in how to do that using FM CRM_EMPLOYEE_GETORGUNIT and puting an breakpoint at FM RH_STRUC_GET call. The problem with FM CRM_EMPLOYEE_GETORGUNIT is that it only returns one result, so you need to adapt to get multiple assignments.
If in your scenario, instead of employee ID, you can check with the User ID, you may use static method GET_ASSIGNMENTS_OF_USER of class CL_CRM_PPM_UM_TOOLKIT to get all the information you need.
Check if it helps you a little more.
Kind regards,
Garcia -
I recently installed SharePoint 2013 SP1 and thus far all seems to be going well. I do have one issue concerning permissions to a team site I have created:
1. If add a user User1 only to a SharePoint group that has edit permissions to the site, that user can log in successfully.
2. If add a user User1 only to a security group that is a member of the aforementioned SharePoint group, the user gets "the site has not been shared with you. The security group is a global SG, though I tried changing it to universal
but that did not help
I have tried updating the SPSecurityTokenServiceConfig as briefly described at this link:
http://macaalay.com/2014/05/27/active-directory-groups-and-access-denied-in-sharepoint-2013/. I performed the steps and it did not work. I also
tried rebooting the server after that, and that did not work either. any thoughts?
Thanks in advance for your helpHi,
I tested the issue on SharePoint server 2013 without sp installed. It worked and I used global security group. I will test the issue on SharePoint 2013 sp1 later, and please provide more information to narrow down the issue.
Please go to site settings > site permissions > check permission, type in domain\user1, and post the result here.
If the user has been granted permission, please try logging on another machine to test if Windows credential casues the issue.
Did the issue occur to one site collection? Please test on other sites or web applications?
Please create new user to test the issue again.
Regards,
Rebecca Tu
TechNet Community Support -
How to be a member of the administrator group
since i got my ipod i can't get games because i am not a member of the adeministrator groupsooo mad i need games on my ipod to have fun plz
So, I've searched and searched the topic - is there no answer? Does Apple not monitor this site and give any answers? My 9yr old gets an ipod touch and cannot use it. I am so upset and ready to go to my Facebook page and tell the world that I will NEVEE buy another apple product!! Someone from Apple, please respond!
-
Ouch!
Did a Server migration from Server 2003 to Server 2012 R2. Virtualized the Domain controller and a File Server.
Used Robocopy, icacls and takeown to get the permisions and access to work correctly.
One user we will call here Mary is a member of three groups: HR, HRA and Boardroom but when I give a test file Administrators only access she can breeze right in!
I do not know if this was how it worked before the migration but how do I stop it.
Effective permissions appear correct but she just tra-la-la's right on in!
Any ideas?
LiamPlease do this after you verify all permission settings for all the groups the account is associated with. Also, make sure you check the NTFS folder permissions before doing this as well.
Since the same result happens on multiple computers, it is not the profile.
I am recommending you delete the AD account (or rename to backup the account).
It will not effect the users Exchange account, but you will need to link it back to the new AD user account.
You can also delete her profile just to remove it, for the "just in case" scenario.
Don't forget to mark the post that solved your issue as "Answered." By marking the Answer you are enabling users with similar issues to find what helped you. Lewis Renwick - IT Professional -
Hi
With restricted groups I can specify the end user -domain- accounts that are members of the local administrators group on domain PCs. But - I need a particular LOCAL account on all the machines to keep its membership of the local administrators group for testing reasons. At the moment restricted groups is striping this local account of its admin access.
Is it possible to specify a -local- computer account as admin on all the PCs via group policy or it can only be done with domain accounts?
thanksYou are asking for local accounts to be managed via "Restricted Groups".
Yes, it is possible.
Rajesh showed you one way with domain groups. In his version "Administrators" group will only contain those accounts
that are specified in the GPO, no manually added accounts. This is not always desired.
If you wish to have an account (group or user, local or domain) to be added to "Administrators" group while keeping all the other
members, proceed like this:
- create the local account on the client(s)
- in the GPO select "Add Group" in "Restricted Groups".
- type in the name of the local account, e.g. "TestID"
- in the appearing dialogue choose "This group is a member of" => Add
- type in "Administrators"
Link the GPO and that's all.
The original MS description for "Restricted Groups".is here:
http://support.microsoft.com/kb/279301/en-us
Another nice one here:
http://www.frickelsoft.net/blog/?p=13
Besides that, a great solution to manage local accouts is GP Preference Extension "Local Users and Groups".
You can simply create a "Local Users and Groups" Item (computer or user based) and specify the needed options.
http://technet.microsoft.com/en-us/library/cc731972.aspx
Of course you need some prerequisites (at least one Vista or Winows 2008 for management and the GPP CSE on each target machine).
If you are new to GPP, these links will help you to get into it:
http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=42E30E3F-6F01-4610-9D6E-F6E0FB7A0790&displaylang=en
http://support.microsoft.com/kb/943729/en-us
http://technet.microsoft.com/en-us/library/cc732027.aspx
http://technet.microsoft.com/en-us/library/cc731892(WS.10).aspx
Patrick -
LDAP Authentication Failed :user is not a member in any of the mapped group
Hi,
I tried to set up the LDAP Authentication but I failed.
LDAP Server Configuration Summary seems to be well filled.
I managed to add a Mapped LDAP member Group: This group appears correctly in the Group list.
But itu2019s impossible to create a User. Although this user is a member of the mapped group (checked with LDAP Brower) , an error message is displayed when I tried to create it (There was an error while writing data back to the server: Creation of the user User cannot complete because the user is not a member in any of the mapped groups)
LDAP Hosts: ldapserverip:389
LDAP Server Type: Custom
Base LDAP Distinguished Name: dc=vds,dc=enterprise
LDAP Server Administration Distinguished Name: CN=myAdminUser,OU=System Accounts,OU=ZZ Group Global,ou=domain1,dc=vds,dc=enterprise
LDAP Referral Distinguished Name:
Maximum Referral Hops: 0
SSL Type: Basic (no SSL)
Single Sign On Type: None
CMS Log :
trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
trace message: LDAP: LdapQueryForEntries: QUERY base: dc=vds, dc=enterprise, scope: 2, filter: (samaccountname=KR50162), attribute: dn objectclass
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 2453 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
trace message: GetParents from plugin for cn=huh\,chen, ou=accounts, ou=users, ou=domain1, dc=vds, dc=enterprise.
trace message: LDAP: De-activating query cache
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
trace message: LDAP: query for DSE root returned 89
trace message: LdapQueryForEntries: incr. retries to 1
trace message: LDAP: Updating the graph
trace message: LDAP: Starting Graph Update...
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
trace message: LDAP: query for DSE root returned 89
trace message: LdapQueryForEntries: incr. retries to 1
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
assert failure: (.\ldap_wrapper.cpp:3066). (pSetAttributes : no message).
trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
trace message: LDAP: LdapQueryForEntries: QUERY base: dc=enterprise, scope: 2, filter: (&(cn=gp-asia)(objectclass=group)(member=cn=huh
, chen, ou=accounts, ou=users, ou=domain1, dc=vds, dc=enterprise)), attribute: objectclass
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
assert failure: (.\ldap_wrapper.cpp:3066). (pSetAttributes : no message).
trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
trace message: LDAP: LdapQueryForEntries: QUERY base: dc=enterprise, scope: 2, filter: (cn=gp-asia), attribute: member objectclass samaccountname cn
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 3109 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
trace message: LDAP: query for DSE root returned 0
trace message: Failed to commit user 'KR50162'. Reason: user is not a member in any of the mapped groups.
trace message: [UID=0;USID=0;ID=79243] Update object in database failed
trace message: Commit failed.+
Can you please help?
JoffreyPlease do this after you verify all permission settings for all the groups the account is associated with. Also, make sure you check the NTFS folder permissions before doing this as well.
Since the same result happens on multiple computers, it is not the profile.
I am recommending you delete the AD account (or rename to backup the account).
It will not effect the users Exchange account, but you will need to link it back to the new AD user account.
You can also delete her profile just to remove it, for the "just in case" scenario.
Don't forget to mark the post that solved your issue as "Answered." By marking the Answer you are enabling users with similar issues to find what helped you. Lewis Renwick - IT Professional -
List Membership In Privileged Groups
Regarding the script here: http://gallery.technet.microsoft.com/scriptcenter/List-Membership-In-bff89703
From: http://blogs.technet.com/b/askpfeplat/archive/2013/04/08/audit-membership-in-privileged-active-directory-groups-a-second-look.aspx#171707
In short the issue is in multi-domain forests the code running under Powershell v3 doesn't correctly query the privileged groups and the generated csv's aren't correct.
It seems when running in a multidomain forest and with Powershell v3 the findall() function fails. From memory the line: Foreach ($uniqueMember in $uniqueMembers) doesn't seem to select distinct single entities from the array $uniqueMembers so when calling
getUserAccountAttribs it throws a fit as it's passed 10-100s of accounts.
What's interesting is this issue is resolved in Powershell v2 and only apparent in v3.
Does anyone have any thoughts on to how to fix this script for Powershell v3? it is inevitable this will become the default Powershell in later versions of Windows so I don't want to relay on needing an older (v2) version for it to function.
Note: Reported to author (as best I can) and commented on the original blog, but interested in any community sourced fixes in the meantime...
ThanksHi Mark,
Did you get any solution to this. If so please update here.
Regards,
Satyajit
Please “Vote As Helpful”
if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you. -
I am trying to get into the Game Center and download some apps. I enter my user id/password the keep getting a "you are not part of the/this administrators group" message then a cancel/retry command. What do I do to become part of this/the administrators group? I am using a friend's wi-fi...Help!
I am trying to get into the Game Center and download some apps. I enter my user id/password the keep getting a "you are not part of the/this administrators group" message then a cancel/retry command. What do I do to become part of this/the administrators group? I am using a friend's wi-fi...Help!
-
I am getting the error message "you are not a part of the administrator group" when I try and set up my ipad and log in with my apple id. How can I bypass this error message?
Firstly, I recommend to go to Central Administration > Security > Manage the farm administrators group > make sure that your account is listed.
Yes, the account that I log into the server is a Farm Admin account
Secondly, did you do the backup or restore operations with PowerShell command or through Central Administration?
Used to be able to do it thru the CA, now I'm running PowerShell and using the scheduled tasks to run it when needed.
If you are using PowerShell, I recommend to run SharePoint Management Shell as administrator.
I'm able to run the backup with the account that is in the Farm Admin group. as I have that setup as the PowerShell account to run under.
If you are using Central Administration, I recommend to run Internet Explorer as administrator.
I still get this error when I run IE as the log in to the server who is in the build in and the SPS Farm Admin Security group:
You are not a local administrator. You must be a member of the Administrators group on the server that is running Central Administration to perform most backup and restore operations. -
Hi I would like to be able to check if the logged in user is a member of the administrator group programatically through c#
I know that I can get the user's GUID / check if they are actually a user in project server (resource table in reporting DB) but I am having trouble finding out how to programatically check if they are a member of the "Administrators" group.
Could somebody please provide a code sample of how to check if a user is in the administrators group when you have their GUID or username or name?
I did not see a table in the reporting DB that has this so I am guessing this has to be done through the PSI..
Thanks in advance!
BTW.. i am just wondering is there a way to check each groups permission levels? was wondering that if it is possible, what is the best way to implement a similar security model to that of the actual project server 2010hi Amit :) I ended up finding the answer myself before you posted here but thank you for your reply anyways, it is basically the same thing that I did.
This is what I ended up doing :) Basically I have three different types of users configured in my web.config - admins, readwrite users, and read only users. In my code here I loop through and find out who the person is. Based on what group they are in I
can later show/hide different options in my application :)
SvcSecurity.SecurityClient security = new SecurityClient(ENDPOINT_PROJ_SECURITY);
string adminGroupsString = ConfigurationManager.AppSettings["adminGroups"];
string readWriteString = ConfigurationManager.AppSettings["readWriteGroups"];
string readOnlyString = ConfigurationManager.AppSettings["readOnlyGroups"];
List<string> adminGroups = new List<string>(adminGroupsString.Split(';'));
List<string> readWriteGroups = new List<string>(readWriteString.Split(';'));
List<string> readOnlyGroups = new List<string>(readOnlyString.Split(';'));
List<Guid> adminGroupIDs = new List<Guid>();
List<Guid> readWriteGroupIDs = new List<Guid>();
List<Guid> readOnlyGroupIDs = new List<Guid>();
List<Project> projectList = new List<Project>();
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["RDB"].ConnectionString);
con.Open();
SqlCommand command = new SqlCommand("SELECT * FROM MSP_EpmResource where ResourceNTAccount = @username", con);
command.Parameters.AddWithValue("@username", this.User.Identity.Name);
SqlDataReader reader = command.ExecuteReader();
if (reader.Read())
string resourceID = reader["ResourceUID"].ToString();
//Get a list of security groups
SvcSecurity.SecurityGroupsDataSet sgds = security.ReadGroupList();
//Get the IDs of the required groups
foreach (SvcSecurity.SecurityGroupsDataSet.SecurityGroupsRow ds in sgds.SecurityGroups)
if (adminGroups.Exists(group => ds.WSEC_GRP_NAME == group))
adminGroupIDs.Add(ds.WSEC_GRP_UID);
else if (readWriteGroups.Exists(group => ds.WSEC_GRP_NAME == group))
readWriteGroupIDs.Add(ds.WSEC_GRP_UID);
else if (readOnlyGroups.Exists(group => ds.WSEC_GRP_NAME == group))
readOnlyGroupIDs.Add(ds.WSEC_GRP_UID);
bool isAdmin = false;
//Go through each group using the id and check if the current
//user is in that group (for example here check if the user is an admin)
foreach (Guid id in adminGroupIDs)
SecurityGroupsDataSet group = security.ReadGroup(id);
foreach (SvcSecurity.SecurityGroupsDataSet.GroupMembersRow member in group.GroupMembers)
if (member.RES_UID.ToString().Equals(resourceID))
isAdmin = true;
Session["createReport"] = "true";
break;
//If the user is not an admin then continue checking who they are
if (!isAdmin)
bool readWrite = false;
//Check if the user is a read write group member
foreach (Guid id in readWriteGroupIDs)
SecurityGroupsDataSet group = security.ReadGroup(id);
foreach (SvcSecurity.SecurityGroupsDataSet.GroupMembersRow member in group.GroupMembers)
if (member.RES_UID.ToString().Equals(resourceID))
Session["createReport"] = "true";
readWrite = true;
break;
//If the user is not a read write group member either then check if they are a team member
if (!readWrite)
foreach (Guid id in readOnlyGroupIDs)
SecurityGroupsDataSet group = security.ReadGroup(id);
foreach (SvcSecurity.SecurityGroupsDataSet.GroupMembersRow member in group.GroupMembers)
if (member.RES_UID.ToString().Equals(resourceID))
Session["createReport"] = "false";
break;
Cheers! :) -
What is the lpadmin group?
After a new harddrive installation last week, I migrated my account back onto the system from a Time Machine backup. The folks at the Apple shop had set the default user to the name I had been using before, but the TM migration wouldn't overwrite this with my settings and forced me to create a new user account. All fine so far, if a little irritating.
Today I went to use my printer for the first time, and realised that it wasn't installed. When i selected it, I was prompted to enter the User Name and Password for a member of the 'lpadmin' group. Although my preferred user account is an admin, it wouldn't accept those details. The user name and password for the 'other' account worked, but I can't track down where this lpadmin group exists, and how to add my preferred username to it.
Anyone know what's going on here?
thanks.Lpadmin group is a system group used by the CUPS printing system that is integrated into OS X. For more detail you can Google "lpadmin" which will provide numerous informative links. If you open the Terminal application in your Utilities folder then enter the following:
man lpadmin
Press RETURN.
You will get the Unix documentation for the lpadmin command that you may find helpful. You can also access the CUPS system via your browser using http://localhost:631/. -
When I send a Group message from my address book, the entire group gets listed in the "To" line. How do I get each member to receive the message individually without listing all members? Its just messy is all. Any help is greatly appreciated.
Hey Grupo Castillo,
Thanks for the question. You can actually configure this behavior from Mail preferences:
1. Choose Preferences from the Mail menu.
2. Click Composing.
3. Deselect the checkbox for "When sending to a group, show all member addresses".
When you send an email to the group, only the groups name will be seen.
Mac OS X: Mail - How to Hide Address Book Group Member Names When Sending an Email
http://support.apple.com/kb/TA21082
Thanks,
Matt M.
Maybe you are looking for
-
ERROR: Key Figure Planning
Hi All, Im very new to SEM-BPS, can someone help me in resolving the following issues. I want to do Key Figure Planning for Marketing & Campaign Planning in CRM. I created few planning areas with all the required elements in BW-SEM-BPS.
-
Lost my registration info for qt pro
I opened qt today to discover that my app is no longer registered and I don't know where the registration code is. Anyone know how to go about retrieving registration info?
-
How do I get my G5 to recognise my second HDD?
I was messing with my second HDD permissions and have managed to lose the HDD from my system. I inadvertantly clicked the ownership and permissions to 'no access'. How do I reverse this process? Disk Utility won't let me do this. I am a mac newbie, s
-
User exit in RPCEMDU0_CALL
Hello I need to do the coding in the user exit in the standard program RPCEMDU0_CALL. This progam creates idoc, in which I need to discard a segment from being created, but i could not find any user exit, please help if you can find any user exit in
-
Read this : ejb , cocoon and jboss
Integrating cocoon with jBoss Download cocoon-war-2.1.7.war and then we have to deploy that to the jboss server , to deploy that , we started jboss server in standard mode and then copied the cocoon war file to /usr/local/jboss-4.0.0/server/standard/