Access control Exception - additional file in project

Similar Messages

• Access control exception only on Linux/Debian not on Windows!?

  We have a rmi server application with a webstart rmi swing client that we have been running successfully on Windows. The client is downloaded and running without any problems on Windows platforms (W2003, Win2K, WinXP). The client webstart jar is signed and all permissions is set in the jnlp file.
  As soon as we setup a server on linux/debian sarge we get these access control exceptions when the server tries to send events back to the client. It complains on
  file permssions not being set on the server jar file and the strange thing is that the path separator is backslash on linux?
  I've tried the following:
  1) java.policy. Added All permssions to the server jar file and/or bin the folder.
  2) Running without any security manager, i.e., System.setSecurityManager(null)
  3) Explicitly setting the policy on the server. Policy.setPolicy(...)
  4) Explicitly setting a policy on the client. URL policyUrl = Thread.currentThread().getContextClassLoader().getResource("server.policy");
  5) Building the server and client on debian
  I'm at my wits end... I've searched these forums and it seems that this is might be a common problem but I've not found a solution yet.
  Our system works 100% on Windows without any problems, it's only on linux/debian that we get these access control problems.
  2005-sep-19 09:39:19 se.xxx.xxx.admin.AdminManager change
  ERROR: java.security.AccessControlException: access denied (java.io.FilePermission \\usr\local\XXX\bin\server.jar read)
  java.security.AccessControlContext.checkPermission(Unknown Source)
  java.security.AccessController.checkPermission(Unknown Source)
  java.lang.SecurityManager.checkPermission(Unknown Source)
  java.lang.SecurityManager.checkRead(Unknown Source)
  java.io.File.exists(Unknown Source)
  sun.net.www.protocol.file.Handler.openConnection(Unknown Source)
  sun.net.www.protocol.file.Handler.openConnection(Unknown Source)
  java.net.URL.openConnection(Unknown Source)
  sun.rmi.server.LoaderHandler.addPermissionsForURLs(Unknown Source)
  sun.rmi.server.LoaderHandler.access$300(Unknown Source)
  sun.rmi.server.LoaderHandler$Loader.<init>(Unknown Source)
  sun.rmi.server.LoaderHandler$Loader.<init>(Unknown Source)
  sun.rmi.server.LoaderHandler$1.run(Unknown Source)
  java.security.AccessController.doPrivileged(Native Method)
  sun.rmi.server.LoaderHandler.lookupLoader(Unknown Source)
  sun.rmi.server.LoaderHandler.loadClass(Unknown Source)
  sun.rmi.server.LoaderHandler.loadClass(Unknown Source)
  java.rmi.server.RMIClassLoader$2.loadClass(Unknown Source)
  java.rmi.server.RMIClassLoader.loadClass(Unknown Source)
  sun.rmi.server.MarshalInputStream.resolveClass(Unknown Source)
  java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
  java.io.ObjectInputStream.readClassDesc(Unknown Source)
  java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
  java.io.ObjectInputStream.readObject0(Unknown Source)
  java.io.ObjectInputStream.readObject(Unknown Source)
  sun.rmi.server.UnicastRef.unmarshalValue(Unknown Source)
  sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
  sun.rmi.transport.Transport$1.run(Unknown Source)
  java.security.AccessController.doPrivileged(Native Method)
  sun.rmi.transport.Transport.serviceCall(Unknown Source)
  sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
  sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
  java.lang.Thread.run(Unknown Source)
  sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(Unknown Source)
  sun.rmi.transport.StreamRemoteCall.executeCall(Unknown Source)
  sun.rmi.server.UnicastRef.invoke(Unknown Source)
  se.xxx.xxx.client.XXXApplication_Stub.notify(Unknown Source)
  )

  I have two suggestions. The first is that you didn't indicate the permissions of the file and the directories above it along with the user you're running the program as. In Unix it is easier to get an access issue as you're probably not running as root. In a traditional Windows environment everything runs with admin permission allowing access to anything. While the error comes from the security manager it has nothing to do with traditional J2SE security - it may be an O/S level thing.
  But the second suggestion touches on the other question you have - why is this showing up as backslashes? Is there perhaps an issue with the JNLP file? Is there any code that should be using System.getProperty( "file.separator") and is instead just using the backslash?

• How access control exception is removed

  Pls suggest me how to overcome with this problem .
  I have only this simple code=============>>
  public MyRemoteServer() {
  try {
  MyRemote c = new MyRemoteImpl();
  if (System.getSecurityManager() == null) {
  System.setSecurityManager(new RMISecurityManager());
  Registry r=LocateRegistry.createRegistry(1099);
  Naming.rebind("rmi://192.168.0.60:1099/CalculatorService", c);
  System.out.println("Server is now running ,waiting for client's stimlus");
  } catch (Exception e) {
  System.out.println("Trouble: " + e);
  e.printStackTrace();
  and i got the following exception :============>>
  java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.0.60:1099 connect,resolve)
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
       at java.security.AccessController.checkPermission(AccessController.java:401)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)Trouble: java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.0.60:1099 connect,resolve)
       at java.lang.SecurityManager.checkConnect(SecurityManager.java:1026)
       at java.net.Socket.connect(Socket.java:446)
       at java.net.Socket.connect(Socket.java:402)
       at java.net.Socket.<init>(Socket.java:309)
       at java.net.Socket.<init>(Socket.java:124)
       at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:22)
       at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:128)
       at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:562)
       at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:185)
       at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
       at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:313)
       at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
       at java.rmi.Naming.rebind(Naming.java:160)
       at com.myrmi.server.MyRemoteServer.<init>(MyRemoteServer.java:22)
       at com.myrmi.server.MyRemoteServer.main(MyRemoteServer.java:32)
  what things sud i do.
  how to set code base ???
  pls help

  Thanx Fedrik
  I got it. Thanx a lot for ur co -operation.
  The summary is that we dont need to specify any security manager
  or code base at server side.
  at client side we'll provide the security manager and codepase property
  like
  System.setProperty("java.security.policy","C:/myrmi.policy");
  System.setProperty("java.rmi.server.codebase", "http://192.168.0.11:8080/rmiclientclasses/");
  but the restriction( or drawback) is that we can only specify the url of http server.
  the policy file is like this --->
  grant
  permission java.net.SocketPermission "*:1024-65535","connect,accept,listen,resolve";
  permission java.security.AllPermission;
  once again thanx Fedrik
  Regards
  Manish Agarwal
  [email protected]
  [email protected]

• Webutil in Forms: Access Control Exception

  Hi
  I have a forms application (Developed using DS10g 9.0.4 on Windows) deployed on a Linux Application Server (10g 9.0.4).
  I am trying to incorporate webutil into my application.
  I believe I have configured webutil (release 1.0.5) correctly and have signed the jacob.jar and webutil.jar files and placed them on the AS box as per the release notes.
  On opening the form which uses webutil I get the following error:
  connectMode=HTTP, native.
  Forms Applet version is : 9.0.4.0
  Exception occurred during event dispatching:
  java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.util.PropertyPermission java.home read)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
       at java.lang.System.getProperty(Unknown Source)
       at oracle.forms.webutil.common.VBeanCommon.<clinit>(VBeanCommon.java:130)
       at java.lang.Class.forName0(Native Method)
       at java.lang.Class.forName(Unknown Source)
       at oracle.forms.handler.UICommon.instantiate(Unknown Source)
       at oracle.forms.handler.UICommon.onCreate(Unknown Source)
       at oracle.forms.handler.JavaContainer.onCreate(Unknown Source)
       at oracle.forms.engine.Runform.onCreateHandler(Unknown Source)
       at oracle.forms.engine.Runform.processMessage(Unknown Source)
       at oracle.forms.engine.Runform.processSet(Unknown Source)
       at oracle.forms.engine.Runform.onMessageReal(Unknown Source)
       at oracle.forms.engine.Runform.onMessage(Unknown Source)
       at oracle.forms.engine.Runform.processEventEnd(Unknown Source)
       at oracle.ewt.lwAWT.LWComponent.redispatchEvent(Unknown Source)
       at oracle.ewt.lwAWT.LWComponent.processEvent(Unknown Source)
       at java.awt.Component.dispatchEventImpl(Unknown Source)
       at java.awt.Container.dispatchEventImpl(Unknown Source)
       at java.awt.Component.dispatchEvent(Unknown Source)
       at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
       at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
       at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
       at java.awt.Container.dispatchEventImpl(Unknown Source)
       at java.awt.Component.dispatchEvent(Unknown Source)
       at java.awt.EventQueue.dispatchEvent(Unknown Source)
       at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.run(Unknown Source)
  This to me is indicative of something not being right with the signing process. I have confirmed that both files were signed (using 'jarsigner -verify').
  I have also tried re-signing the f90all.jar file (is this still required, or has the feature present in earlier versions of forms relating to multiple signing identities now been fixed)?
  Any ideas would be appreciated.
  Thanks
  Steve

  Just tried this again (after a gap of about a week), and it works fine.
  The only thing I can think of is that somewhere old versions of the jar files (unsigned) were being cached, probably on the application server (I had tried clearing out the cache on the client previously).

• YAACE (Yet Another Access Control Exception)

  Hi,
  This has got to be the simplest example on record. I created the following "Hello, World" file:
  import java.net.Socket;
  public class HelloWorld
  Socket     socket;
  public HelloWorld() throws Exception
  System.out.println("Hello, World!");
  socket = new Socket("www.fractals.com", 25);
  public static void main(String args[]) throws Exception
  new HelloWorld();
  Compiled it, created a jar:
  C:>jar cvf HelloWorld.jar HelloWorld.class
  added manifest
  adding: HelloWorld.class(in = 650) (out= 415)(deflated 36%)
  C:>
  Signed the jar:
  C:>jarsigner HelloWorld.jar CMalias
  Enter Passphrase for keystore:
  Warning:
  The signer certificate will expire within six months.
  C:>
  Ran appletviewer with following HTML file:
  <html>
  <head>
  <title>Hello World applet</title>
  </head>
  <body>
  <applet code="HelloWorld.class"
       width="650" height="550"
  archive="HelloWorld.jar">
  Your browser is completely ignoring the <APPLET> tag!
  </applet>
  </body>
  </html>
  And got the following:
  C:\CHIARA~1\CHIARA~3\test\tmp>appletviewer hello.html
  Hello, World!
  java.security.AccessControlException: access denied (java.net.SocketPermission www.fractals.com resolve)
  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
  at java.security.AccessController.checkPermission(AccessController.java:546)
  Ay idea what's going on? TIA!
  Bob

  I checked that the jar was signed and it all seems in order:
  C:>jarsigner -verify -verbose -certs HelloWorld.jar
  137 Fri Feb 20 12:01:50 PST 2009 META-INF/MANIFEST.MF
  258 Fri Feb 20 12:01:50 PST 2009 META-INF/CMALIAS.SF
  1091 Fri Feb 20 12:01:50 PST 2009 META-INF/CMALIAS.DSA
  0 Fri Feb 20 11:59:50 PST 2009 META-INF/
  smk 650 Fri Feb 20 11:58:50 PST 2009 HelloWorld.class
  X.509, CN=Robert Uomini, OU=The Fractal Images Company, O=same, L=Kensingt
  on, ST=CA, C=US (cmalias)
  [certificate will expire on 5/21/09 9:27 AM]
  s = signature was verified
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope
  jar verified.
  Warning:
  This jar contains entries whose signer certificate will expire within six months
  C:>
  I noticed that the compiler and runtime were of two different versions:
  C:>java -version
  java version "1.6.0_05"
  Java(TM) SE Runtime Environment (build 1.6.0_05-b13)
  Java HotSpot(TM) Client VM (build 10.0-b19, mixed mode, sharing)
  C:>javac -version
  javac 1.6.0
  C:>
  but that shouldn't make a difference, should it?
  Edited by: uomini on Feb 20, 2009 1:54 PM

• Access Control Exception

  Hi
  i have an applet which prints an image file to printer. When i clicked on print i am getting the following exception ...i set grant all permissions also..but getting the same error ....
  can anybody suggest me
  java.security.AccessControlException: access denied (java.io.FilePermission D:\Tomcat 4.1\webapps\examples\images\testimages\anim-1.tif read)

  Why did you have to start a new thread when you've been given the answer to your problem here. The answer to your problem was sorted out in the reply there and please, when next you get response from people in this forum, always make sure you come back to tell them the outcome of the solution given. The reason is that it allows others to learn from it.
  However, if you do not acknowledge any help given, you are more or less stopping people from helping you again.
  All the best

• File structure and Multi-user access/control

  Hi All
  Currently evaluating RH. Our plan is to use RH HTML with RoboServer and either SourceSafe or Team Foundation for source control. We will be producing the "printed" manual (PDF) and publishing online help (hopefully html via RH server) from the single source layout
  Given that we will edit content in RH's XHTML editor, I'm not clear on when we should create new files or the granularity of multi-user access. We have 17 apps and I plan to use a master project and merging (because we need to link to related topics in other apps).
  I'm really not sure what should constitute a file in RH. First off, is access controlled at the file level?
  I want to have multiple authors editing the same manual at the same time, so do I need to break the manual into multiple small files (currently it's a single word doc)?
  If I do break it into multiple files, what's the best approach: 1 file per topic (or is this a requirement)?
  Finally, when I come to generate the PDF, will the files be combined. (i.e. can I have different page-breaks than I have in the RH project)?
  Any pointers greatly appreciated
  Regards
  Mark

  Hi,
  First off, is access controlled at the file level?
  Not sure what you mean by that. In source control, you can check in/out ever file independent. Sometimes dependent files will be automatically checked out, for instance images used in the css when you check out the style sheet.
  I want to have multiple authors editing the same manual at the same time, so do I need to break the manual into multiple small files (currently it's a single word doc)?
  That be the idea. Anyway, it's not a good idea to have an entire RoboHelp project in a single topic. You probably want to cut up your contents into the small chunck: topics.
  If I do break it into multiple files, what's the best approach: 1 file per topic (or is this a requirement)?
  In RoboHelp a topic is a HTML file. RoboHelp doesn't force you to split up content into one or more topics. If you are creating help for the web, you want the information to be organized in relatively small chunck so users can quickly scan through it.
  Finally, when I come to generate the PDF, will the files be combined. (i.e. can I have different page-breaks than I have in the RH project)?
  Not sure what you mean by page breaks. As RoboHelp creates HTML files, there are no page breaks such as in paper manuals. When you create a PDF, you combine the topics you need into a single document.
  If a PDF is required for you, you may want to consider not using RoboHelp for your sources. A PDF created by RoboHelp is useful for internal use, but it never seems to get good enough to give to customers. Personally, when a PDF version of a manual is required, I create the manual in FrameMaker and link or import the book into RoboHelp. You can also link Word documents, so you may want to play around with that before deciding whether to use Word, RoboHelp or FrameMaker for your source.
  Greet,
  Willam

• War file and access control with WebLogic

  I am trying to put some access control on different files in my war-file, but just can't get it to work... It seems like all roles defined in weblogic.properties gives the user access to all files in the war. I just don't understand the connections between the security realm, the weblogicURL.policy file and the web.xml file... If I do not specify a weblogic.security.URLAclFile, no access control is done at all.
  This is how my weblogic.properties file looks like:
  weblogic.security.URLAclFile=e:\\weblogic\\weblogicURL.policy
  weblogic.password.koko=kokokoko
  weblogic.password.arnebelinda=arne1234
  weblogic.security.group.ppuseradmins=arnebelinda
  and my weblogicURL.policy:
  deny Principal weblogic.security.acl.GroupImpl "everyone" {
  Permission weblogic.security.acl.URLAcl "weblogic.url", "/admin/-";
  and finally, my web.xml-file:
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
  "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
  <web-app>
       <session-config>
            <session-timeout>30</session-timeout>
       </session-config>
       <welcome-file-list>
            <welcome-file>index.jsp</welcome-file>
       </welcome-file-list>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>admin</web-resource-name>
                 <url-pattern>index.jsp</url-pattern>          </web-resource-collection>
            <auth-constraint>
                 <role-name>ppuseradmins</role-name>
            </auth-constraint>
       </security-constraint>
       <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>WebLogic Server</realm-name>
       </login-config>
       <security-role>
            <role-name>ppuseradmins</role-name>
       </security-role>
  </web-app>
  it does not matter which user is part of the ppuseradmins group. The user koko is not a member, but is given access to my whole .war anyway (after submitting correct username/password). Omitting the <realm-name> does not seem to work either; the default realm is not used, instead null is used.
  Does anybody have a clue? I would really appreciate it!
  I am using WebLogic 5.1 sp 9
  best regards,
  PJ

  In you pocily file entry, you have specified "/admin/-"
  However, in the <security-constraint> element in web.xml, your <url-pattern> is not set to /admin
  Could that be the problem ?

• War file and access control

            I am trying to put some access control on different files in my war-file, but just
            can't get it to work... It seems like all roles defined in weblogic.properties
            gives the user access to all files in the war. I just don't understand the connections
            between the security realm, the weblogicURL.policy file and the web.xml file...
            If I do not specify a weblogic.security.URLAclFile, no access control is done
            at all.
            This is how my weblogic.properties file looks like:
            weblogic.security.URLAclFile=e:\\weblogic\\weblogicURL.policy
            weblogic.password.koko=kokokoko
            weblogic.password.arnebelinda=arne1234
            weblogic.security.group.ppuseradmins=arnebelinda
            and my weblogicURL.policy:
            deny Principal weblogic.security.acl.GroupImpl "everyone" {
            Permission weblogic.security.acl.URLAcl "weblogic.url", "/admin/-";
            and finally, my web.xml-file:
            <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
            "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
            <web-app>
            <session-config>
            <session-timeout>30</session-timeout>
            </session-config>
            <welcome-file-list>
            <welcome-file>index.jsp</welcome-file>
            </welcome-file-list>
            <security-constraint>
            <web-resource-collection>
            <web-resource-name>admin</web-resource-name>
            <url-pattern>index.jsp</url-pattern> </web-resource-collection>
            <auth-constraint>
            <role-name>ppuseradmins</role-name>
            </auth-constraint>
            </security-constraint>
            <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>WebLogic Server</realm-name>
            </login-config>
            <security-role>
            <role-name>ppuseradmins</role-name>
            </security-role>
            </web-app>
            it does not matter which user is part of the ppuseradmins group. The user koko
            is not a member, but is given access to my whole .war anyway (after submitting
            correct username/password). Omitting the <realm-name> does not seem to work either;
            the default realm is not used, instead null is used.
            Does anybody have a clue? I would really appreciate it!
            I am using WebLogic 5.1 sp 9
            best regards,
            PJ
            

  In you pocily file entry, you have specified "/admin/-"
  However, in the <security-constraint> element in web.xml, your <url-pattern> is not set to /admin
  Could that be the problem ?

• Access Security Exception

  Hello,
  I have written an applet and when I upload the applet to the website and open the browser I get an access control exception error.
  Platform: MacOS X
  I.E: 5.1.2
  Error:
  java.security.AccessControlException: access deinied (java.lang.RuntimePermission writeFileDescriptor)
  What can I do about this problem?
  Thanks!

  You are trying to access a file on the local PC, you can't do this with an applet. If you are actually trying to refer to a file on the Server, make sure you are not using File objects. Refer to them as URL objects. Obvisouly I am guessing without knowing what your code looks like or what your are trying to get the applet to do.
  Being it says FileDescriptor in your error try using the Url object as I did below:
       private URL theUrl;
       private Color backColor;
       private String sztemp;
       public void init()
            //????Maybe Make a thread and move all to start???
            //Set All Values to defaults
            filename = "counter.dat";
            fullURL = getCodeBase() + filename;
            displaytype = "text";
            value = 0;
            digits = 5;
            backColor = new Color(255,255,255);
            //Get AppletParameters that were set
            // Create the URL for Counter file
            try{
                 theUrl = new URL(fullURL);
            } catch( MalformedURLException e)
                 System.out.println("Bad URL: " + theUrl );
  then
            try {
                 connect = this.theUrl.openConnection();
                 connect.connect();
            } catch ( IOException e ) {
                 System.out.println("IO Error: " + e.getMessage() );
  and to use the Input Stream
                 DataInputStream stream = new DataInputStream( new BufferedInputStream(connection.getInputStream() ) );
  As far as the output stream, I need answer to my posting.
  Hope that helped.

• Project Admin & Contributor cource code access control

  I am setting up access control on a TFS 2013.2 TFSVC project
  To deny access by default I added the Contributors group in the root of the source tree and set all permissions to deny, then on individual source folders I set the permissions for specific groups. So far so good, members of those groups can see the code
  I want them too and only that code.
  The problem is for project admins.
  All teams are members of the contributors group so that they get team functionality such as team email alerts. If someone in the Project Admin VSO group is added to a team they therefore become part of the contributors group due to inheritence and their
  code access to the top of the source tree is denied by default.
  Is it so that project admins canot be members of teams? This would be a problem because often the project admins also are the leads who define and administer the teams in TFS. If no-one is able to see the top of the source tree, whould be able to create
  a new sub-folder?

  Hi QualityJanitor,
  Thanks for your reply.
  In your scenario, if you add the team project admin user in team group, he can view the source structure in Source Control Explorer, but he cannot open any file to read. He can create new sub-folder in Source Control Explorer, but he cannot check-in this
  sub-folder. 
  We suggest you create a custom team group in your team project, and add all the users(which you want deny the code access by default, exclude team project admin) in this custom group, then use this custom group instead of Contributors group in the root of
  source tree, and set all permission to deny for this custom group.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Cannot sort in file/folder access control list in 8 or Server 2012

  I use Windows 8 and Server 2012 Datacenter (with GUI).  In 7/2008R2, I was formerly able to get properties on a file or folder, go to Security tab, click Advanced, and sort the access control list by type, access, inherited from, etc.  Now, it
  doesn't do anything when I click on the headings.   I know I did not find this during the Beta or Release Preview periods, but I do wish this feature would be added back.
  I tried to send this through MS Connect, but they said it was a Server 2008 issue.  Does that mean that it was never supposed to sort?  But I argue that 8 and Server 2012 have the bug.  Here is an image of the window I am referring to, for
  clarification:

  This is really frustrating. Just got 2012 R2 management server and a week after, I noticed the same issue. The only difference is that I'm sorting AD delegation, with 150+ ACEs. While having huge lists of ACEs, it is a must of being able to sort them
  by different columns. Sad that it is considered a bug - it's usually an opposite, when a bug is offered as a feature...
  I still hope this will be fixed with time to come, else - it will be more practical to use PowerShell than such handicapped GUI.
  MCSE, MCITP

• Composition of business team in GRC Access control project

  Hi
  Can I get any information about the composition of business team in a GRC access control project?
  What type of people form this team?
  Please provide some clarity on the role of business people in this type of projects.
  Regards
  Abhijeet

  Hi,
  Idealy the team should comprise of
  1] A representative of the IT Governance team -he ensures that the IT delivers value to the business,the risks have been analysed and fully addressed to.
  2] The Buiness process owners -these people only define the access restrictions for various activities like purchase,payment,etc.
  3] Application specialist -in charge of SOD-he defines the roles and profiles for the access control.
  4] If required a member from "Assurance" - these will be auditing the "access control " on a regular basis after the implementation.
  5] The configuration team.-they configure the controls in the Appln.sysytem
  Regards.
  Ramesh.

• SAP Access Control Project

  Dear All,
  I am preparing a proposal for SAP GRC Access Control.
  At the moment, I am having some trouble with the cleansing part.
  I want to know if role cleansing is a part of the project? If it is, then how one can estimate the time to do this activity?
  I thought it would depend on the number of roles, number of users and the rulet set.
  I am told by some that cleansing in not actually a part of the project. Maybe the effort analysis for cleansing can be assessed after roles and user's analysis.
  Please help. Thanks in advance
  Aj

  Hi,
  I am new to SAP GRC AC, and would like to know about SAP GRC AC implementation proposal.
  How do we prepare the proposal, scope for GRC AC, and procedure for effort estimation.
  Do we have any standard guidelines or check list in preparing the same.
  As you mentioned you are preparing proposal for GRC AC(By this time you could have prepared already) can you knidly share me the procedure you followed  for your project.
  I would like to know it for SAP GRC AC 5.3.
  Regards,
  Krishna R

• Oracle ASM file access control ?

  dear all,
  i'm confuse about oracle ASM file access control, so can anyone more explain clear for me?
  thanks,

  really this is only if there are many user groups on the server. if so then you can limit the users on the server to who can actually do anything with the diskgroups. If you are using OEM follow below. hope that helps
  To manage Oracle ASM File Access Control:
  1.Access the Oracle Automatic Storage Management Home page.
  See "Oracle Automatic Storage Management Home Page" for instructions.
  2.Click the Disk Groups link to display the Disk Groups property page.
  3.Click a link in the Name column to select a disk group.
  4.Click the Access Control tab to display the Access Control page.
  On this page, you can add or remove users from a user group and create or delete user groups.