FSL-02007  Unable to set access rights of saploc.

Hello,
I am performing an installation of SAP ERP 6.0 EHP4 on Windows 2008 Server R2 along with MS SQL Server 2005 SP3 on a High Availability cluster.
I have completed the MS SQL Server 2005 into the first Cluster of MSCS. Performed the moving the MSCS groups of database, SAP and Cluster groups with success.
I created a shared file: sapmnt under the directory: E:\usr\sap for Everyone, & administrator with full access. The shared file was created as
SAPCLUSTER\sapmnt.
Then I started to execute the installation of Central Services Instance for ABAP (ASCS).
I logged as DECORCENTER.administrator, executed the command sapinst SAPINST_USE_HOST=DECORSAP
The installation has stopped after an error: 
WARNING[E] 2010-10-25 16:59:51.285 [synxcfsexp.cpp:158]
           CSyFSExportImpl::setACL(acl)
FSL-02007  Unable to set access rights of saploc. SetNamedSecurityInfo: This shared resource does not exist.
Physical hostname of cluster is: SRVSAP01 y SRVSAP02
The cluster has three group resources:
ClusterGroup  -> hostname: CLUSTERGROUP
ClusterSAP     -> hostname:CLUSTERSAP
ClusterDB       -> hostname: DECCENSAP
VIRTUAL SERVER -> hostname: DECORSAP
Let me know what I am doing wrong with this
Regards,
Rodolfo
Edited by: Rodolfo Neuhaus Wiese on Oct 25, 2010 7:26 PM

Ivan Bronner wrote:
Hi
>
> We tried the installation already with or without sapinst SAPINST_USE_HOSTNAME= "virtual hostname".
>
> Ivan
Hi,
Could you try to create "saploc" share manually and set share permissions to "Administrators, sap_localadmin" group, with full access? If you tried this before, did you face with a problem?
You should perform this activity with the same user that you've executed SAPINST
Best regards,
Orkun Gedik
Edited by: Orkun Gedik on Aug 24, 2011 11:33 AM

Similar Messages

  • FSL-02007  Unable to set access rights of services.SAPtmp

    Hello everybody,
    I receive this error message(in the subject) when I am trying to install the WAS640 on my Windows XP sp2.
    I tried to start the installation with the "Administrator" account and I receive the same error (I saw in another post that this is a possible solution). My account also has the administrator rights.
    Please help me,
    Thank you very much,
    Doru Sular

    Hi Doru,
    Check that the user that you are performing the installation with has full administration privileges and the following policy privileges:
    Act as part of the operating system
    Increase quotas
    Replace a process level token.
    Another trick can be to take ownership of the file system with the account you are using.
    Regards
    Daniel

  • Setting access rights at component level

    I have created a component. The business wants to restrict its use to a certain group of users.
    If a user is part of that group, ONLY then the coomponent should be available in sidekick at time of page creation.
    How is setting access rights at component level being achieved?

    As Jorg stated, Group ACL settings are meant to control access at a page
    level.  As he also stated is possible to control access even further, but
    with additional effort and difficulty. But, nearly every client wants this
    done down to the component level and on a group by group basis.  So, what
    I've found, over the years that works is the following:
    - Configure the available components per template type per parsys
    - Further configure the available components at the group level
    For the custom built components, you can remove them at the group level by
    un-checking the 'read' ACL on the dialogs for the given component.  You
    don't want to un-check read for the whole component because then the users
    of that group experience random 'holes' in the content.  But, if you
    un-check 'read' for the dialogs, then the component will not display in
    Side-kick (at least on 5.4 and prior this is the case).
    The only caveat to this is the OOB components.  That is where you will run
    into a lot more difficulty.  Those should mostly be enabled/disabled at the
    design level for the entire page/parsys.
    Hope this helps.
    Todd

  • FSL-02003  Unable to set owner /sapmnt/MHS/global/security/data for 512.

    Hello,
    I got the error "FSL-02003  Unable to set owner /sapmnt/MHS/global/security/data for 512" while installing SM 7.0 EhP 1 on Linux at phase "Create Secure Store". I have tried changing owner of the folder, but no change.
    Can anybody help?
    Thanks for your help
    Kris
    WARNING[E] 2009-07-24 17:54:48.617
               CJSlibModule::writeError_impl()
    FSL-02003  Unable to set owner /sapmnt/MHS/global/security/data for 512.
    TRACE      2009-07-24 17:54:48.618 [iaxxejsbas.hpp:483]
               EJS_Base::dispatchFunctionCall()
    JS Callback has thrown unknown exception. Rethrowing.
    TRACE      2009-07-24 17:54:48.699 [syuxctask.cpp:1382]
               CSyTaskImpl::start(bool)
    A child process has been started. Pid = 18576
    TRACE      2009-07-24 17:54:48.784 [syuxctask.cpp:1382]
               CSyTaskImpl::start(bool)
    A child process has been started. Pid = 18577
    ERROR      2009-07-24 17:54:48.822 [sixxcstepexecute.cpp:950]
    FCO-00011  The step createSecureStore with step key |NW_Doublestack_DB|ind|ind|ind|ind|0|0|NW_CreateDBandLoad|ind|ind|ind|ind|9|0|NW_SecureStore|ind|ind|ind|ind|8|0|createSecureStore was executed with status ERROR .

    Hi Kris,
    Have you tried to change permission of the file as logs are showing ?
    Check SAP Note 1257481 - SAP NetWeaver Inst. Based on Kernel 7.11: IBM DB2 for i which is not for your OS but similar error is described in that which is telling that by changing the permission you can proceed.
    Thanks
    Sunny

  • Unable to set access to allow wiki blog creation

    I enabled the web and web objects including wiki and blog in server admin. I set the domain myserver.domain.org under dns and enabled dns but when i try to enable it on the group level i run into issues. From the server and my mac book pro work group manager does not see the site. From my imac i can enable it but when i hit save and refresh the changes are gone... any ideas? If it helps i am running server 10.5.6 with all the latest updates and my users were imported to opendirectory from Novells nds
    Thank you
    Howard Magnes

    here is the log entry for my error:
    ] [notice] caught SIGTERM, shutting down
    [Fri Nov 21 09:11:30 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:13:27 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:13:27 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:14:45 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:14:45 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:15:42 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:15:43 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:15:55 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:15:55 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:19:22 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:19:22 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:19:34 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:19:34 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:19:45 2008] [notice] caught SIGTERM, shutting down
    [Fri Nov 21 09:19:51 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:22:10 2008] [notice] caught SIGTERM, shutting down
    [Fri Nov 21 09:22:11 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:22:58 2008] [notice] caught SIGTERM, shutting down
    [Fri Nov 21 09:22:59 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:23:11 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:23:11 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:26:47 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:26:47 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:31:05 2008] [notice] caught SIGTERM, shutting down
    [Fri Nov 21 09:31:54 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 11:14:38 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 11:14:39 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 11:14:50 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 11:14:50 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 11:19:07 2008] [notice] caught SIGTERM, shutting down
    [Fri Nov 21 11:20:34 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 12:45:35 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 12:45:35 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 07:04:54 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 07:04:54 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 07:04:59 2008] [notice] caught SIGTERM, shutting down
    [Mon Nov 24 07:05:05 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 07:10:06 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 07:10:06 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 07:11:05 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 07:11:05 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 07:11:24 2008] [notice] caught SIGTERM, shutting down
    [Mon Nov 24 07:12:14 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 07:12:28 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 07:12:28 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 10:43:04 2008] [notice] caught SIGTERM, shutting down
    [Mon Nov 24 10:43:29 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 10:44:22 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 10:44:22 2008] [error] (9)Bad file descriptor: aprpollsetpoll: (listen)
    [Mon Nov 24 10:44:22 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 10:48:01 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 10:48:01 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 10:48:13 2008] [notice] caught SIGTERM, shutting down
    [Mon Nov 24 10:48:20 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 10:50:36 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 10:50:36 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 11:10:32 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 11:10:33 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 11:10:45 2008] [notice] caught SIGTERM, shutting down
    [Mon Nov 24 11:10:50 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 11:13:56 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 11:13:56 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Wed Nov 26 14:40:15 2008] [notice] Graceful restart requested, doing restart
    [Wed Nov 26 14:40:15 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Wed Nov 26 14:47:33 2008] [notice] Graceful restart requested, doing restart
    [Wed Nov 26 14:47:34 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 SVN/1.4.4 configured -- resuming normal operations
    [Wed Dec 03 07:49:17 2008] [notice] Graceful restart requested, doing restart
    [Wed Dec 03 07:49:18 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Wed Dec 03 07:49:23 2008] [notice] Graceful restart requested, doing restart
    [Wed Dec 03 07:49:23 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Wed Dec 03 07:51:09 2008] [notice] caught SIGTERM, shutting down
    [Wed Dec 03 07:51:15 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:05:07 2008] [notice] Graceful restart requested, doing restart
    [Tue Dec 16 08:05:08 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:07:20 2008] [notice] caught SIGTERM, shutting down
    [Tue Dec 16 08:07:42 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:23:46 2008] [notice] Graceful restart requested, doing restart
    [Tue Dec 16 08:23:47 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:25:19 2008] [notice] caught SIGTERM, shutting down
    [Tue Dec 16 08:39:29 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:41:15 2008] [notice] Graceful restart requested, doing restart
    [Tue Dec 16 08:41:15 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:42:02 2008] [notice] Graceful restart requested, doing restart
    [Tue Dec 16 08:42:02 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:42:06 2008] [notice] Graceful restart requested, doing restart
    [Tue Dec 16 08:42:07 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:42:21 2008] [notice] Graceful restart requested, doing restart
    [Tue Dec 16 08:42:21 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:42:46 2008] [error] [client 10.81.101.204] File does not exist: /Library/WebServer/Documents/users, referer: http://pmsdxserve01.pmsd.org/
    [Tue Dec 16 08:42:48 2008] [error] [client 10.81.101.204] File does not exist: /Library/WebServer/Documents/users, referer: http://pmsdxserve01.pmsd.org/groups/
    [Tue Dec 16 08:42:54 2008] [error] [client 10.81.101.204] File does not exist: /Library/WebServer/Documents/users, referer: http://pmsdxserve01.pmsd.org/groups/
    [Tue Dec 16 09:27:59 2008] [error] [client 10.81.101.204] File does not exist: /Library/WebServer/Documents/users, referer: http://pmsdxserve01.pmsd.org/groups/

  • I install IDES 4.7 in VMware, Why "unable to set time for file...."

    system     Windows2003
    database   Oracle 9
    disk space : C(50G)D(80G)E(40G)
    "Copying file C:/DOCUME1/ADMINI1/LOCALS~1/Temp/SAPinst/bootstrap_keydb.1.xml to: C:/SAPinst ORACLE SAPINST.
    INFO 2014-01-26 16:22:47
    Copying file C:/DOCUME1/ADMINI1/LOCALS~1/Temp/SAPinst/bootstrap_keydb.xml to: C:/SAPinst ORACLE SAPINST.
    INFO 2014-01-26 16:22:47
    Copying file C:/DOCUME1/ADMINI1/LOCALS~1/Temp/SAPinst/CONTROL.DTD to: C:/SAPinst ORACLE SAPINST.
    ERROR 2014-01-26 16:22:47
    FSL-02010  Unable to set time for file C:/SAPinst ORACLE SAPINST/CONTROL.DTD.
    ERROR 2014-01-26 16:22:47
    FJS-00012  Error when executing script."
    who can help me ..please.....

    Hello Matthew,
    You should also change your temp directory to something woth no spaces, something like C:\temp.
    Sapisnt sometimes has problems with the spaces in the temp path, and the Universal Installer nearly always
    has a problem with this.
    Regards,
    David

  • Bpf - package access rights

    Dear Xperts,
    i have created a bpf templete say bpf1 & created instance say my process.
    there are 5 companies for consolidation,for specific user say user1 i have given right of comapny xyz only.
    bpf runs correctly by showing only company xyz in bpf web main menu for user1.
    problem is when i run a package,in criteria selection box requiring to select entity,time,category etc details for running package,it shows all 5 company in entity selection box. so user1 is in position to run package for other company for which it does not have right.
    so can anyone tell me how to greyout entity selection box so that user1 can run only company xyz or is there any way i can set access rights while running package in criteria selection box.also i m working on nw 7.5 version
    thanks
    kashyap.

    Dear Raju,
    i have given secondry admin rights to user1 with bpf excution tasks .
    i was able to allow access to this user only to one company by mentioning his domain name in owner property of entity dimension.
    do i need to make any further changes?
    thanks
    kashyap.

  • Access Right for Minimum stock level

    Hi all,
    I would like to know if there is a way to set access right to enalbe or disable user from modify the minimum stock level in the item master data.
    Thank you.
    Regards

    I would like to know if there is a way to set access right to enalbe or disable user from modify the minimum stock level in the item master data.
    as I have said, you can use SP_TN to disable some certain users to modify the minimum inventory level value. here is an example:
    IF @transaction_type IN ('A', 'U') AND
    @Object_type = '4'
    begin
    if exists (SELECT distinct t0.docentry FROM oitm T0 INNER JOIN oUSR T1 ON T1.internal_k
    = t0.usersign
    WHERE isnull(t0.minlevel,'') <> '0' and t1.user_code = 'manager')
    begin
    select @Error = 10, @error_message = 'Min level can not be updated by user manager'
    end
    end
    but I also said that you can use SDK code i.e. SAP B1 addon to disable the users to modify the minimum inventory level field. It is more complicated because you need to use programming language e.g. VB.Net to do that. The programming language will use the B1 DI API as project reference.
    You must have SDK development license to develop such addon.
    JimM

  • I am unable to see, access, or navigate to, the far right side of iTunes 11.3.1.2 home screen on Dell Inspiron 3000 Windows 8.1 w/64-bit Pentium Processor.

    I am unable to see, access, or navigate to, the far right side of iTunes 11.3.1.2 home screen on Dell Inspiron 3000 Windows 8.1 w/64-bit Pentium Processor.

    Try dragging the window away from its location, resizing it, then maximizing it.  There's been a bug since iTunes 11 that doesn't always size the window correctly if set to run maximized automatically (which I've notice most particularly on dual-screen systems).

  • I set up a passcode to ensure the security of my iPhone 5 but, when I enter it on the home screen, I repeatedly receive an error message and my phone locks. Is there a way to reset the passcode when I am unable to gain access to my phone?

    I set up a passcode to ensure the security of my iPhone 5 but, when I enter it on the home screen, I repeatedly receive an error message and my phone locks. Is there a way to reset the passcode when I am unable to gain access to my phone?

    I figured that was the case, but I've used the same passcode for years and I can't seem to figure out how I managed to screw it up when I set up my phone. Without being able to access my phone for a restore, how would I accomplish this? iTunes? Thank you very much for you help!

  • Setting Item level access rights on sharepoint list item in ItemAdding event handler

    Hi ,
    I am using sharepoint 2013. I am trying to set item level access rights when a list item is added using the following code snippet,
    public override void ItemAdding(SPItemEventProperties properties)
    base.ItemAdding(properties);
    ConfigureItemSecurity(properties);
    private void ConfigureItemSecurity(SPItemEventProperties properties)
    var item=properties.ListItem;
    SPSecurity.RunWithElevatedPrivileges(delegate()
    using (SPSite site = new SPSite(properties.SiteId))
    using (SPWeb oWeb = site.OpenWeb())
    item.ParentList.BreakRoleInheritance(true);
    oWeb.AllowUnsafeUpdates = true;
    var guestRole = oWeb.RoleDefinitions.GetByType(SPRoleType.Reader);
    var editRole = oWeb.RoleDefinitions.GetByType(SPRoleType.Editor);
    SPGroup HRGroup = oWeb.SiteGroups.Cast<SPGroup>().AsQueryable().FirstOrDefault(g => g.LoginName=="HR Team");
    SPRoleAssignment groupRoleAssignment = new SPRoleAssignment(HRGroup);
    groupRoleAssignment.RoleDefinitionBindings.Add(guestRole);
    SPUserCollection users = oWeb.Users;
    SPFieldUserValueCollection hm = (SPFieldUserValueCollection)item["HiringManager"];
    SPFieldUserValueCollection pm = (SPFieldUserValueCollection)item["ProjectManager"];
    SPFieldUserValueCollection pmChiefs = (SPFieldUserValueCollection)item["ProjectManagerChief"];
    item.BreakRoleInheritance(true);
    item.RoleAssignments.Add(groupRoleAssignment);
    foreach (SPFieldUserValue staffMember in hm)
    SetRightsOnItem(item, staffMember, editRole);
    foreach (SPFieldUserValue staffMember in pm)
    SetRightsOnItem(item, staffMember, guestRole);
    foreach (SPFieldUserValue staffMember in pmChiefs)
    SetRightsOnItem(item, staffMember, guestRole);
    item.Update();
    private void SetRightsOnItem(SPListItem item, SPFieldUserValue staffMember, SPRoleDefinition role)
    SPUser employeeUser = staffMember.User;
    var userRoleAssignment = new SPRoleAssignment(employeeUser);
    userRoleAssignment.RoleDefinitionBindings.Add(role);
    item.RoleAssignments.Add(userRoleAssignment);
    Nothing is happening though... Is the event handler the right place to do this?
    thank you

    Hi ,
    You can refer to the code working in my environment:
    using System;
    using System.Security.Permissions;
    using Microsoft.SharePoint;
    using Microsoft.SharePoint.Utilities;
    using Microsoft.SharePoint.Workflow;
    namespace ItemLevelSecurity.ItemSecurity
    /// <summary>
    /// List Item Events
    /// </summary>
    public class ItemSecurity : SPItemEventReceiver
    /// <summary>
    /// An item was added.
    /// </summary>
    public override void ItemAdded(SPItemEventProperties properties)
    SPSecurity.RunWithElevatedPrivileges(delegate()
    try
    using (SPSite oSPSite = new SPSite(properties.SiteId))
    using (SPWeb oSPWeb = oSPSite.OpenWeb(properties.RelativeWebUrl))
    //get the list item that was created
    SPListItem item = oSPWeb.Lists[properties.ListId].GetItemById(properties.ListItem.ID);
    //get the author user who created the item
    SPFieldUserValue valAuthor = new SPFieldUserValue(properties.Web, item["Created By"].ToString());
    SPUser oAuthor = valAuthor.User;
    //assign read permission to item author
    AssignPermissionsToItem(item,oAuthor,SPRoleType.Reader);
    //update the item
    item.Update();
    base.ItemAdded(properties);
    catch (Exception ex)
    properties.ErrorMessage = ex.Message; properties.Status = SPEventReceiverStatus.CancelWithError;
    properties.Cancel = true;
    public static void AssignPermissionsToItem(SPListItem item, SPPrincipal obj, SPRoleType roleType)
    if (!item.HasUniqueRoleAssignments)
    item.BreakRoleInheritance(false, true);
    SPRoleAssignment roleAssignment = new SPRoleAssignment(obj);
    SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetByType(roleType);
    roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
    item.RoleAssignments.Add(roleAssignment);
    Thanks,
    Eric
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected].
    Eric Tao
    TechNet Community Support

  • Using PowerShell to set Custom Access Rights on a Calendar Does not set Free/Busy Permissions

    We recently discovered an issue where, if you use Exchange Management Shell to configure custom access rights, the Free/Busy permissions do not get set at all (they remain as "None"):
    $temp = [Microsoft.Exchange.Management.StoreTasks.MailboxFolderAccessRight[]]("ReadItems","EditOwnedItems","DeleteOwnedItems","EditAllItems","DeleteAllItems","FolderVisible")
    Add-MailboxFolderPermission -Identity "conf-company-test:\calendar" -User "Company Calendar Management" -AccessRights $temp
    Add-MailboxFolderPermission -Identity "conf-company-test:\calendar" -User "mpinkston" -AccessRights Editor
    If you use a pre-defined "role" such as Editor given to mpinkston6 in the above example it sets the Free/Busy permission to Full Details. It would appear that using Add-MailboxFolderPermission or Set-MailboxFolderPermission is generic for folder
    objects, and doesn't explicitly set the Free/Busy permissions. In the case of the pre-defined roles either the command is doing something special/different, or the permission checks later accept pre-defined roles for determining Free/Busy permissions. No idea
    which is going on. If Free/Busy permissions can be fixed through PowerShell by some other mechanism/command, that would be great. If not, how do we go about requesting a fix/feature change in Exchange?
    http://technet.microsoft.com/en-us/library/dd298062%28v=exchg.150%29.aspx
    (Please expand Parameters and read AccessRights to get a better understanding for what I'm describing.)

    Did you try adding AvailabilityOnly or LimitedDetails in your $temp variable for Calendar folder? These would set it to "Free/Busy time, subject, location" or "Free/Busy time" respectively....
    Add-MailboxFolderPermission - http://technet.microsoft.com/en-us/library/dd298062(v=exchg.150).aspx
    The following roles apply specifically to calendar folders:
    AvailabilityOnly   View only availability data
    LimitedDetails   View availability data with subject and location
    Amit Tank | Exchange - MVP | Blog:
    exchangeshare.wordpress.com 

  • AD - SunDS 5.2 minumal access rights required to set passwords in DS

    Hi,
    I am doing Identity Integration for one of our clients with MIIS 2003.
    Among other connections we will have:
    MS Active Directory -> Sun DS 5.2
    I have already set up password synchronization pushed out from AD to DS and it works just fine.
    What I need to accomplish though, is to state minimum access requirements for access to DS.
    Client will not give us a user with administrative priveleges so we need to recommend a user with minumum access rights.
    Obviously this user must have a 'write' for userPassword.
    What else?

    I found out the answer:
    Basic access rights resulting from standard SunDS behaviour (from Sun manuals):
    All users have anonymous access to the directory for search, compare, and read operations.
    Bound users can modify their own entry in the directory, but not delete it. They cannot modify the aci, nsroledn,and passwordPolicySubentry attributes, nor any of their resource limit attributes, password policy state attributes or account lockout state attributes.
    In order to be able to synchronize passwords we must have (in addition to standard access rights):
    �Write� access right for �userPassword� attribute for a particular dc.
    In order to make password synchronization more secure, we can limit workstations (by selecting IP pool), which can originate password synchronization.

  • FSL-02013  Unable to access file sapevents.dll

    Hi,
    I am applying patch SP 12 to SAP WAS 640 Java.During the third step..that is SP system installation i get error as FSL-02013  Unable to access file ....sapevents.dll
    I am login as <SAPSID>adm which is member of administrator group.
    Do i have to be administrator user to run the installation?
    Can some one helpout in this?
    Deepti Patil

    Hi Anada,
    SP19 update...
    Had the same problem first with sapevents.dll and after a system restart with saposcol.exe
    Renamed saposcol.exe and after the error it was there again so the copy process should have worked? Anyway, after copying saposcol.exe manually like you posted did the trick...
    Regards.

  • How can we set Admin rights to access all user mailboxes in IMAP server exchange 2010?

    Hi,
    IMAP is in exchange 2010..
    as per guide:
    http://technet.microsoft.com/en-us/library/jj200730%28v=exchg.150%29.aspx
    CSV Files for IMAP Migration Batches`
    Use super-user or administrator credentials.   This requires that you use an account in your IMAP messaging system that has the necessary rights to access all user mailboxes.
    In the CSV file, you use the credentials for this account for each row. To learn whether your IMAP server supports this approach and how to enable it, see the documentation for your IMAP server.
    How can we set Admin rights to access all user mailboxes in IMAP server exchange 2010?
    thanks?

    Hi,
    Do you mean assigning a user full access permission to all other mailboxes? If so, we can try the following command:
    Get-Mailbox -Server “Exchange 2010” | Add-MailboxPermission -User AdminUserName -AccessRights FullAccess
    Thanks,
    Winnie Liang
    TechNet Community Support

Maybe you are looking for

  • Wake on Lan works on my MacBook Pro, not on my iMac...

    Hello everyone, with all these threads about the problem, I wanted to start a new one to make it clear, with all information you may need in order to help me out. I've got a MacBook Pro '15 and an iMac 21.5', both are running (clean install) OS X Mou

  • Airport Express vs. D-Link Dir-655 = no xbox connection

    I cant seem to get my airport express to connect to m exisisting network. it just wont work. it keeps asking me to find apple devices at the end of the setup. Meaning it was me to find a airport extreme or time capsule. which i do not own . I own a D

  • When I upgraded to Fire Fix 7X or higher some PHP pages I programmed do not work properly. Please see details below.

    I have some PHP pages I have programmed that do database inserts and updates. I am using Dreamweaver and an extention package called InterAkt MXKollection to enhance some features on the web page. In particular some fields on the page use what is cal

  • LOSING CONNECTION WHILST IMAC SLEEPS

    PLEASE NOTE THAT I NEVER PLANNED TO HAVE THAT MUCH GIBBERISH ON MY POST, I APOLOGIZE....I AM REFERRING TO ALL THAT IS WRITTEN UNDERNEATH MY QUESTION..PLEASE IGNORE! 15 pbg4   Mac OS X (10.4.7)   imac intel core duo& pbg4/MM/ISIGHT/IPOD5TH/FIRELITE60G

  • Cant update itunes

    I get an activeX controls message at the top of the window and a message asking if I want to allow nonsecure items but whenever i click yes I get routet back to the main page and it starts all over again. im stuck in a loop. Can I do something in my