AAA & Privilege Levels on Console Session

While configuring users with different privilege levels and using AAA, we've found that the privilege level when logging in via console port will always be level 1, whereas with telnet we're able to log in directly into levels 0 and 2 thru 15. Has anyone experienced this or have an explanation as to why this happens?
TIA.

Console port authorization was not added as a feature until Bug ID CSCdi82030 was implemented. Console port authorization is off by default to lessen the likelihood of accidentally being locked out of the router. If a user has physical access to the router via the console, console port authorization is not extremely effective. However, for images in which Bug ID CSCdi82030 has been implemented, console port authorization can be turned on under line con 0 with the hidden command aaa authorization console in config mode.
If you turn on debug aaa authorization and log into console you will see there is no AAA kicked in.
R/Yusuf

Similar Messages

  • Aaa radius server control privilege level

    I've got radius authentication working on my switch, but I'm trying to allow two types of users login using Windows Active Directory. NetworkUsers who can view configuration and NetworkAdmins who can do anything. I would like for NetworkAdmins to when they login go directly into privilege level 15 but cant get that part to work. Here is my setup:
    Windows 2008 R2 Domain controller with NPS installed.
    Radius client: I have the IP of the switch along with the key. I have cisco selected under the vendor name in the advance tab
    Network Policies:
    NetworkAdmins which has the networkadmin group under conditions and under settings i have nothing listed under Standard and for Vendor Specific i have :
    Cisco-AV-Pair    Cisco    shell:priv-lvl=15
    My switch config:
    aaa new-model
    aaa group server radius MTFAAA
     server name dc-01
     server name dc-02
    aaa authentication login NetworkAdmins group MTFAAA local
    aaa authorization exec NetworkAdmins group MTFAAA local
    radius server dc-01
     address ipv4 10.0.1.10 auth-port 1645 acct-port 1646
     key 7 ******
    radius server dc-02
     address ipv4 10.0.1.11 auth-port 1645 acct-port 1646
     key 7 ******
    No matter what i do it doesnt default to privilege level 15 when i login. Any thoughts

    Have you specified the authorization exec group under line vty? I think it is authorization exec command. Something like that.

  • Enable aaa accounting commands for all privilege levels?

    Here is the command's syntax:
    aaa accounting {auth-proxy | system | network | exec | connection | commands level} {default | list-name} {start-stop | stop-only | none} [broadcast] group groupname
    The "command" accounting type must include the privilege level of the commands you are logging. How do I log ALL commands?
    Take the following example:
    aaa accounting commands 15 default start-stop group mygroup
    If I issue this command will that mean commands the user executes that have a privilege level lower than 15 will not be logged? Or only commands that require exactly privilege level 15 will be logged?
    How can I log all commands regardless of privilege level?

    Hi Red,
    If you customize the command privilege level using the privilege command, you can limit which commands the appliance accounts for by specifying a minimum privilege level. The security appliance does not account for commands that are below the minimum privilege level.
    The default privilege level is 0. So if you don't specify any privilege level then all should be accounted for.
    You can find the command detail at. This is for ASA though.
    http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/command/reference/cmd_ref/a1.html#wp1535253
    Regards,
    Kanwal
    Note: Please mark answers if they are helpful.

  • AAA Local with Privilege Levels

    The goal....
    1. local usernames on a router to control access
    2. Use privilege levels in the username command to reflect what a user is allowed to do
    3. Define a set of commands available to users with privilege level 1
    My trouble here is that I cannot seem to find this exact combination of commands for what I want to do on CCO or Google. I have tried several combinations and here is what I have so far, but its not working.
    aaa new-model
    aaa authentication login default local
    aaa authorization commands 1 default local
    username engineer priv 15 pass XXXX
    username tech priv 1 pass XXXX
    privilege exec level 1 traceroute
    
privilege exec level 1 ping

    Hi,
    This link answers your question.
    http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml
    aaa authori command is not reqd.
    Regards,
    ~JG
    Do rate helpful posts

  • Tacacs AAA and privilege level 7

    I've setup a group on tacacs server called acsrestricted and mapped it to AD security group. I've set this group to privilege level 7 on tacacs server.
    I need this group to view the "show run" config on a router. Privilege level 7 allows the user to use some other show commands but not "show run". How can i configure this on tacacs?

    Michael
    I am not sure that I am understanding your post correctly. As I understand it you have created a group for some users who would operate at privilege level 7. I gather that this works and that users in this group do authenticate and are assigned to privilege level 7. You say that some show commands are assigned to them but not the show run command. This would seem to be simple to solve - you make sure that show with a parameter of run is assigned to them. But there is something not simple that makes this not work. Part of the Cisco implementation of privilege levels is that in show run a user can not view any parameter that they do not have permission to change.
    Perhaps it might work for your situation if you give those users access to show config. show config does not have the same restriction as show run.
    HTH
    Rick
    Sent from Cisco Technical Support iPad App

  • Default Privilege Level for ASA users authenticated by Radius or TACACS when using ASDM

    Hello,
    I'm trying to figure out what the default privilege level is for users that are authenticated to the ASA via a remote authentication server when using the ASDM.
    the command "aaa authentication http console TACACS+ LOCAL" is used in the ASA config.
    The remote server is NOT setting any privilege levels for users.  There are also no aaa authorization commands present in the config.
    So what privilege level do the users receive when they login with the ASDM?  I'm being told that the users receive admin access which includes config write, reboot, and debug.  But I cannot find any documentation stating hte default level.
    Please advise.  And providing links to cisco documentation would be great too.
    Thanks,
    Brendan

    Hi Berendan,
    Hope the below exerpt from document clarifies your query. also i have provided the link to refer.
    About Authorization
    Authorization controls access per user after users authenticate. You can configure the security appliance to authorize the following items:
    •Management commands
    •Network access
    •VPN access
    Authorization controls the services and commands available to each authenticated user. Were you not to enable authorization, authentication alone would provide the same access to services for all authenticated users.
    If you need the control that authorization provides, you can configure a broad authentication rule, and then have a detailed authorization configuration. For example, you authenticate inside users who attempt to access any server on the outside network and then limit the outside servers that a particular user can access using authorization.
    The security appliance caches the first 16 authorization requests per user, so if the user accesses the same services during the current authentication session, the security appliance does not resend the request to the authorization server.
    http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/asdm60/user/guide/usrguide/aaasetup.html
    Regards
    Karthik

  • Authorization problem - Privilege level

    Hi,
    Again I'm having some problems with AAA authorization to assign the correct privilege level to the users on my RADIUS server (FreeRadius).
    I am currently updating all routers to do this authorization and I'm having problems because one of them has version 12.0(30)S2, which does not use the same commands.
    This is the AAA configuration that I have working on the other routers:
    aaa new-model
    aaa group server radius RADIUSSERVERS
    aaa authentication login AAA group RADIUSSERVERS local enable none
    aaa authentication login CONSOLE local
    aaa authentication ppp default group radius local
    aaa authorization exec AAA group RADIUSSERVERS local none
    aaa authorization network default group radius local
    aaa authorization network AAA group RADIUSSERVERS local none
    aaa accounting exec AAA start-stop group RADIUSSERVERS
    aaa accounting network default start-stop group radius
    aaa accounting network AAA start-stop group RADIUSSERVERS
    aaa session-id common
    line vty 0 4
    session-timeout 5000
    access-class 99 in
    exec-timeout 5000 0
    password 7 x
    authorization exec AAA
    login authentication AAA
    transport input telnet
    line vty 5 15
    session-timeout 5000
    access-class 99 in
    exec-timeout 5000 0
    password 7 x
    authorization exec AAA
    login authentication AAA
    transport input telnet
    This is the one that does not work (version IOS 12.0(30)S2):
    aaa new-model
    aaa authentication fail-message ^C
    aaa authentication password-prompt Passcode:
    aaa authentication username-prompt UserID:
    aaa authentication login AAA radius local enable none
    aaa authentication login CONSOLE local
    aaa authorization exec AAA radius local none
    aaa authorization network default radius local
    aaa authorization network AAA radius local none
    radius-server host x.x.x.x auth-port 8812 acct-port 8813
    radius-server retransmit 2
    radius-server key 7 X
    line vty 0 4
    session-timeout 5
    access-class 99 in
    exec-timeout 5 0
    password 7 x
    authorization exec AAA
    login authentication AAA
    line vty 5 15
    session-timeout 5
    access-class 99 in
    exec-timeout 5 0
    password 7 x
    authorization exec AAA
    login authentication AAA
    The radius server is configured to be the same, although I use the group command with the new version and "radius-server" with the older version.
    Can anyone tell me what I'm doing wrong?
    Thank you,
    Paulo

    Thanks. Looking at the debugs solved the problem.
    I was so convinced that I had set the right privilege level on the server that I didn't even check it. It worked on the other routers because their commands were set to lower privilege levels.
    That was the problem.
    Thanks for everything and sorry for bugging you with such a simple problem.

  • ASDM and privilege level (using TACACS)

    Hi experts,
    Initial question:     How can I force ASDM to ask for the enable password when the user click on Apply ?
    Environment description:
    I have an ASA 5510 connected to an ACS 5.0.
    Security policy:
    I want the user defined on my ACS to be able to gain privilege level 15 but only after using their enable password. But by default the user must be in no privileged mode (<15).
    A SNMP alert is sent when the ASA catches a "User priv level changed" syslog message. (logging customization)
    ACS configuration:
    Maybe I misunderstand the TACACS privilege level parameters on ACS.
    I set a Shell Profile which gives the user the following privilege levels:
    Default Privilege Level = 7
    Maximum Privilege Level = 15
    1st config tested on ASA:
    aaa authentication ssh console grp-tacacs LOCAL
    aaa authentication http console grp-tacacs LOCAL
    aaa authentication enable console grp-tacacs LOCAL
    ! no authorization set
    Results:
         On CLI:     perfect
    My user authenticates with his network password to get EXEC access. Then he gains privilege access using the enable command and his enable password
         On ASDM:     policy security failure
    When the user connects through ASDM, he gains privilege level 15 directly
    It seems that if authorization is not set, ASDM always gives privilege level 15 to any user
    So OK for CLI, but NOK pour ASDM
    2nd config tested on ASA:
    aaa authentication ssh console grp-tacacs LOCAL
    aaa authentication  http console grp-tacacs LOCAL
    aaa authentication enable console grp-tacacs LOCAL
    aaa authorization exec authentication-server
    ! no authorization command set
    Results:
         On CLI:     lose enable access
    I can't gain privilege level 15 access anymore. When I use the enable command, I move to privilege level 7 only. So in this case ASA use the TACACS Default Privilege Level value.
         On ASDM:     policy security failure
    When the user connects through ASDM, he gains privilege level 7 as describe on the bottom of the ASDM window BUT the user has full rights and can change settings.
    So NOK for CLI and ASDM
    Question:    Why do I have more access rights with ASDM as on CLI with the same settings ?
    3rd config tested on ASA:
    aaa authentication ssh console grp-tacacs LOCAL
    aaa authentication  http console grp-tacacs LOCAL
    aaa authentication enable console grp-tacacs LOCAL
    aaa authorization exec authentication-server
    aaa authorization command LOCAL
    ! specific authorization command set for ASDM applied
    Results:
         On CLI:     lose enable access (same as config 2)
         On ASDM:     unenable to gain privilege level 15 --> acceptable
    When the user connects through ASDM, he gains privilege level 7 as describe on the bottom of the ASDM window AND the user really has level 7 access rights.
    So NOK for CLI and Acceptable for ASDM
    Question:     Is there no possibility to move to enable mode on ASDM ?
    4th config tested on ASA:
    aaa authentication ssh console grp-tacacs LOCAL
    aaa authentication  http console grp-tacacs LOCAL
    aaa authorization exec authentication-server
    aaa authorization command LOCAL
    ! no aaa authentication for 'enable access', using local enable_15 account
    ! specific authorization command set for ASDM applied
    Results:
         On CLI:     acceptable
    My user authenticates with his network password to get EXEC access. Then he gains privilege access using the enable command and the local enable password
         On ASDM:     unenable to gain privilege level 15 --> acceptable (same as config 3)
    So Acceptable for CLI and ASDM
    Questions review:
    1 - Is it possible to force ASDM to ask for the enable password when the user click on Apply ?
    2 - Why do I have different access rights using ASDM as on CLI with the same settings ?
    3 -  Is there no possibility to move to enable mode on ASDM when the user is on privilege level 7 whereas he has Maximum Privilege Level = 15 ?
    4 - How may I understand these parameters on TACACS: Default Privilege Level and Maximum Privilege Level ?
    Thanks for your help.

    Thanks for your answer jedubois.
    In fact, my security policy is like this:
    A) Authentication has to be nominative with password enforcement policy
         --> I'm using CS ACS v5.1 appliance with local user database on it
    B) Every "network" user can be granted priviledge level 15
         --> max user priviledged level is set to 15 in my authentication mechanism on ACS
    C) A "network" user can log onto the network equipments (RTR, SW and FW) but having monitor access only first.
    D) A "network" user can be granted priviledged level 15 after a second authentication which generates a log message
         --> SNMP trap sent to supervision server
    E) The user password and enable password have to be personal.
    So, I need only 2 priviledged level:
    - monitor (any level from 1 to 14. I set 7)
    - admin (level 15)
    For RTR, SW and FW (on CLI), it works as wanted: the "network" users connect to the equipment in monitor mode. They type "enable" and they use their private enable password to be granted priviledged level 15.
    ASDM interface is requested by the customer.
    For ASDM, as I were not able to satisfy the security policy, I apply this:
    1- I activated Exec Shell Access authorization to get the default user priviledge level value from ACS
         --> Then, when I log onto the ASDM using a "network" user, I have priviledge level 7 but I am able to change the parameter.
    2- I activated LOCAL Command authorization (adding "ASDM defined User Roles")
         --> Then, when I log onto the ASDM using a "network" user, I have priviledge level 7 and I can't push any modification.
         --> The issue is that I can't push any modification on CLI either ... :-( because my user is stuck on "default priviledge level" 7 and can't get access to "max priviledge level 15" as defined on ACS when LOCAL authorization is set
         (ok I go on my ACS and move the default priviledge level to 15 to restore an admin access to the ASA and apply 3- before resetting it to default priviledge level to 7)
    3- I remove "aaa authorization enable console TACACS" to use local enable password
         --> now I can't get admin access on ASDM: OK
         --> and I can get admin access on CLI entering the local enable password
    At the end, I satisfy my policy security tokens A to D but not E. That's a good compromise but do you see a solution to satisfy E either ?
    Thanks

  • Username with privilege level 15 bypass enable

    Hi experts,
    I guess I never really understand the authentication process on Cisco routers and devices lol. Anyway I want users with privilege level 15 to be put in the enable mode right away after login without having to type in "enable" command and enable password. Users with other privilege levels will still be put in the EXEC mode.
    AAA has to be enabled because I'm using it for 802.1x as well.
    The privilege level eventually will be assigned by Radius server but right now the user is created locally on the switch. Right now I have:
    aaa new-model
    username admin privilege 15 secret 5 $1$2bdl$VIp53G4/zpo4f9aHh.t5v0
    username cisco secret 5 $1$NGdD$ehTUzwappJFMxgA7tM/YW.
    line vty 0 5
    access-class 100 in
    exec-timeout 30 0
    logging synchronous
    transport input ssh
    And it's not working lol. No matter I log in with "admin" or "cisco" I'm put in EXEC mode... What do I have to do to achieve this?
    Thanks!

    Hi,
    The with default keyword authorization will get applied on all the lines i.e. CONSOLE, VTY, AUX.
    In case you want it for users who are trying to login to via ssh or telnet use the following:
    EXEC AUTHORIZATION
    Router
    router(config)#aaa authorization exec TEL GRoup radius local
    router(config)#line vty 0 15
    router(config-line)#authorization exec TEL
    ACS
    Interface configuration
    Check  user & group for cisco av-pair.
    User setup à cisco ios/pix 6.x radius attributes àcisco av-pair [ shell:priv-lvl=15]
    OR
    Group setup à ios/pix 6.x radius attributes à shell:priv-lvl=15
    In case of radius if exec authorization is enabled  and if have not specified any privilege level in the ACS server. Then user will fall under the privilege level 1 and if enable authentication is enabled  or enable password is defined  on the router then we can go to enable mode by typing en or en
    Regards,
    Anisha
    P.S.: please mark this thread as resolved if you think your query is answered.

  • Enabling Privilege Levels when ACS is Down

    Hi,
    I have a requirement to fall back to local accounts when ACS is down. These accounts will have specific privilege levels. I have two local users - adminro and adminrw.
    adminro is read only and will have a privilege level of 7.
    adminrw is a full access account with a priv level of 15.
    I can login with adminro when ACS is down, but when I attempt to enable using "enable 7" I receive the following ouput:
    PPD-ELPUF5/pri/act> en 7
    Enabling to privilege levels is not allowed when configured for
    AAA authentication. Use 'enable' only.
    If I login using "enable", my read only account now has full configuration access which is not desireable.
    My AAA configuration is as follows:
    aaa authentication ssh console ADMIN LOCAL
    aaa authentication enable console ADMIN LOCAL
    aaa authentication http console ADMIN LOCAL
    aaa authentication telnet console ADMIN LOCAL
    aaa authentication serial console ADMIN LOCAL
    aaa authorization command ADMIN LOCAL
    aaa accounting ssh console ADMIN
    aaa accounting command privilege 15 ADMIN
    aaa accounting enable console ADMIN
    aaa accounting serial console ADMIN
    aaa accounting telnet console ADMIN
    aaa authorization exec authentication-server
    username adminro password <REMOVED> encrypted privilege 7
    username adminrw password <REMOVED> encrypted privilege 15
    enable password <REMOVED> level 7 encrypted
    enable password <REMOVED> encrypted
    Is there anyway to enable the user or automatically elevate the user to privilege 7 post login like you can with a router? I cannot have the adminro account to be able to run configuration commands on the device. Running ASA version 8.2(3).
    Thanks!

    PPD-ELPUF5/pri/act# sh curpriv
    Username : adminro
    Current privilege level : 7
    Current Mode/s : P_PRIV
    Server Group:    ADMIN
    Server Protocol: tacacs+
    Server Address:  1.150.1.80
    Server port:     49
    Server status:   FAILED, Server disabled at 15:02:37 EDT Wed Oct 12 2011
    Number of pending requests              0
    Average round trip time                 2ms
    Number of authentication requests       38
    Number of authorization requests        373
    Number of accounting requests           149
    Number of retransmissions               0
    Number of accepts                       307
    Number of rejects                       19
    Number of challenges                    0
    Number of malformed responses           0
    Number of bad authenticators            0
    Number of timeouts                      234
    Number of unrecognized responses        0
    PPD-ELPUF5/pri/act(config)# name 1.1.1.1 TEST description TEST CHANGE
    PPD-ELPUF5/pri/act(config)# sh run name
    name 1.1.1.1 TEST description TEST CHANGE
    As you can see above, my user was able to perform a change even though it should not be allowed.
    PPD-ELPUF5/pri/act(config)# sh run privilege
    privilege cmd level 7 mode exec command show
    privilege cmd level 7 mode exec command ping
    privilege cmd level 7 mode exec command traceroute

  • Privilege level - ASDM

    Hi,
    I have defined on the RADIUS server a profile with privilege level 0 with the
    "shell:priv-lvl=0" command on the server. The problem is that when
    the user logs into the firewall it is always given privilege level 1 (if SSH)
    or 15 (if ASDM).
    The AAA configuration on the firewall is the following:
    aaa-server RADIUS protocol radius
    aaa-server RADIUS (outside) host x.x.x.x
    retry-interval 1
    key *
    authentication-port 8812
    accounting-port 8813
    aaa authentication http console RADIUS LOCAL
    aaa authentication ssh console RADIUS LOCAL
    aaa authentication enable console RADIUS LOCAL
    Can you tell me what I need to do to authenticate using RADIUS, but assigning
    the correct privilege levels?
    I have been refered to bug ID CSCsh17346, but although i've updated the image to 7.2.2.22 it still does not work.
    Thanks in advance.
    (in attachment is the output of the radius debug).

    Hi Paulo,
    What I think is, you are looking for something like this,
    Limiting User CLI and ASDM Access with Management Authorization:
    http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_80/conf_gd/sysadmin/mgaccess.htm#wp1070306
    Go through what setting with what protocol, will give you what level of access. This might help.
    And what you originally looking for is, might be related to this,
    Configuring Command Authorization
    http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_80/conf_gd/sysadmin/mgaccess.htm#wp1042034
    Go through complete heading, but to be specific interesting part is "Configuring Local Command Authorization"
    Above links worth a read.
    This might help.
    Regards,
    Prem

  • ASDM Privilege Level default 15 for Radius users

    So this may be a bit of a dumb question...
    I stumbled upon an ASA today that is configured to authenticate against a Radius server for SSH and HTTPS connections. If I log in via SSH, I can't gain a privilege level of more than 1 (tried login command, etc).
    However, if I log in with ASDM, I always have privilege level 15.
    Command authorization is not enabled.
    Is this default behavior. If so, why? Do I need to enable command authorization to override this behavior?
    FYI, the system in question is running ASA 8.3(1)
    Thanks much

    aaa-server RADGR protocol radius
    aaa-server RADGR host 10.2.2.2
    timeout 4
    key cisco123
    aaa authentication enable console RADGR LOCAL
    After logging in, use the enable command with your user password.
    http://www.cisco.com/en/US/partner/docs/security/asa/asa83/configuration/guide/access_management.html#wp1145571

  • ASDM AAA privileges

    I am trying to set up AAA for managment on my ASA. I have the admin users up and working fine. Now I need to set up access so that my help desk users have the ability to monitor VPN sessions and log them out via the ASDM. I don't want them to be able to get the configuration tab at all and I don't want these users to have access to the CLI at all.
    I created the local user I wanted and set the privilege level to 3 (selected "YES" to the "create predefined admin, read-only, monitor-only" prompt). I then went logged in as this user and the configuration tab was gone like I wanted. I then clicked on "Monitor" and "VPN". I could see the ssessions but the "logout" button was not available. I expected this so I modified the privilege levels for the vpn-sessiondb commands to a privilege level of 3. I tried logging in again but the logout button was still not available.
    Can anyone tell me if this is possible?
    Thanks.

    Hi,
    Not sure what is the ASDM version you are using but you might running into BUG CSCsz83205
    Symptom:
    Users with privilege level below 15 unable to logoff VPN sessions from ASDM.
    Conditions:
    ASA is not configured for 'command authorization'.
    Workaround:
    Use Command Line Interface to logoff VPN sessions.
    I have ASDM 6.3 and I am able to see logout with priv level 3
    Thanks
    Waris Hussain.

  • Local aaa privileges

    I want to be able to set up
    read only access to one of our cisco routers while letting the other users still be able to get into enable and config mode.
    My current config ( without the read only access user) is as follows
    aaa new-model
    aaa authentication login default local-case
    aaa authentication login NO_AUTHENT none
    aaa authorization exec default local
    username x password y
    Thank you.

    Hi,
    I tried that on a test router logging into the console port and I could not log in with a privilege level of 1.  I could log in with a privilege level of 3.  However, it let me make changes to the router in config mode. My goal is to allow the account to run show commands on the router and have read only access.
    Thoughts?

  • Setting privilege level for logging into ASA through ACS

    Hi!,
    In my environment i implemented AAA for logging into switches, routers, asa etc through ACS which is being configured TACACS+.
    I have set different privilege levels like readonly, readwrite etc into ACS. There are working fine when i try to login into switch or router.
    But in ASA i am unable to restrict the privilege levels of different users.
    Can someone plz guide me with ASA & ACS setting to solve this issue!!!!!

    Hi!!
    I tried this option. It is working fine with routers & switches. But for ASA privilege access it is not functioning.
    I created 3 profiles in "Shared Profiles" & added 1 of them in Group setting & added users to this group with mentioning group authentication. This way i am able to control access to the switches & routers with proper privilege. But the same way when i tried to impolement ASA it's not happening.
    Can u plz check it out...

Maybe you are looking for

  • Problem with SQL Server Reporting Services 2012 SP1 (SSRS) and SharePoint 2013 in a Multi-tenanted environment

    Hi All, I'm working on what appears to be a permissions issue with SSRS in a multi-tenented SharePoint 2013 environment. As part of my troubleshooting I've ignored the multitenented web application for the time being and stood up a dedicated web appl

  • How to convert a workflow background task into a  general task ??

    Dear Experts , I am working om std SAP workflow for invoice document parking : I have done the following activities : 1. Activate Work flow Template for Document Completion     Here i activated the event   "Complete the Parked Log. IV Document"--> In

  • Loading an external clip(swf) and removing existing one

    Hi All, I am tearing my hair out; I simply want a button when clicked, to load an external swf. But I just can't seem to get my head around it. Here is my code: butt1_btn.addEventListener(MouseEvent.CLICK, swf1); function swf1(evt:MouseEvent):void lo

  • File too large error message

    I have an iBook G4 and I am running Numbers '08. I tried to open my budget document today and got an 'The document can't be opened because it is too large' error message. I just opened it a few days ago and it was fine, and my other Numbers documents

  • Should itemCreationPolicy be inherited by default?

    Hello, I'm new to the forum and I have been toying around with Gumbo for a while now. I tend to use states a lot and did notice that setting itemCreationPolicy to immedate is the new way to go if you want to have your controls initiated in order to w