Access level changes captured in Auditing ?

Similar Messages

• Identifying users whose access level changed - 10g R2,

  Hello,
  I need to generate an report, where everytime a change occurrs to existing privileges or roles assigned to users in past one week, the report will be generated and distributed to a group of people reporting the change.
  For e.g.
  If user scott was granted "CREATE ANY TABLE" Privilege last week and also got revoked EXP_FULL_DATABASE role in the same week. Then report should display something like this.
  Change history since June 1st 2010
  The User: SCOTT has been granted 'CREATE ANY TABLE' privilege by SYSTEM user on  June 5th 2010
  The User: SCOTT has been revoked from EXP_FULL_DATABASE role by SYSTEM user on  June 5th 2010Developing such report is doable and not a big deal If I know the DBA view that yields this information
  Is there any auditing or DBA views that would give such information?
  Any Ideas?
  Thank you for reading this post in advance.
  -R

  Rich V wrote:
  Hello,
  I need to generate an report, where everytime a change occurrs to existing privileges or roles assigned to users in past one week, the report will be generated and distributed to a group of people reporting the change.
  For e.g.
  If user scott was granted "CREATE ANY TABLE" Privilege last week and also got revoked EXP_FULL_DATABASE role in the same week. Then report should display something like this.
  Change history since June 1st 2010
  The User: SCOTT has been granted 'CREATE ANY TABLE' privilege by SYSTEM user on  June 5th 2010
  The User: SCOTT has been revoked from EXP_FULL_DATABASE role by SYSTEM user on  June 5th 2010Developing such report is doable and not a big deal If I know the DBA view that yields this information
  Is there any auditing or DBA views that would give such information?
  Any Ideas?
  Thank you for reading this post in advance.
  -RUse Oracle Audit

• 9.2.0.4.0 OracleParameterCollection protection level changed so breaks code

  We've just installed 9.2.0.4.0 to find it breaks our code. The OracleParameterCollection class has had its access level changed which means we cannot instantiate a new OracleParameterCollection.
  Is this is a bug ? Or can we create an OracleParameterColection in some other way ??
  Incidentally the documention still shows the class as public.

  It looks like you're just using OracleParameterCollection as a concrete implementation of IDataParameterCollection.
  If so, since ODP no longer has a public, creatable class implementing this interface,you will have to roll your own implementation of IDataParameterCollection.
  Your other option is to switch from using an IDataParameterCollection to an array of IDataParameter, or a paramarray or some such.
  Anyway, were's an example in VB of a simple class implementing IDataParameterCollection.
    Public Class ParameterCollection
      Implements IDataParameterCollection
      Private params As ArrayList
      Public Sub New()
        params = New ArrayList
      End Sub
      Public Sub CopyTo(ByVal array As System.Array, ByVal index As Integer) Implements System.Collections.ICollection.CopyTo
        params.CopyTo(array, index)
      End Sub
      Public ReadOnly Property Count() As Integer Implements System.Collections.ICollection.Count
        Get
          Return params.Count
        End Get
      End Property
      Public ReadOnly Property IsSynchronized() As Boolean Implements System.Collections.ICollection.IsSynchronized
        Get
          Return params.IsSynchronized
        End Get
      End Property
      Public ReadOnly Property SyncRoot() As Object Implements System.Collections.ICollection.SyncRoot
        Get
          Return params.SyncRoot
        End Get
      End Property
      Public Function GetEnumerator() As System.Collections.IEnumerator Implements System.Collections.IEnumerable.GetEnumerator
        Return params.GetEnumerator
      End Function
      Public Function Add(ByVal value As Object) As Integer Implements System.Collections.IList.Add
        Dim p As IDataParameter = DirectCast(value, IDataParameter)
        params.Add(p)
      End Function
      Public Sub Clear() Implements System.Collections.IList.Clear
        params.Clear()
      End Sub
      Public Overloads Function Contains(ByVal value As Object) As Boolean Implements System.Collections.IList.Contains
        Return params.Contains(value)
      End Function
      Public Overloads Function IndexOf(ByVal value As Object) As Integer Implements System.Collections.IList.IndexOf
        Return params.IndexOf(value)
      End Function
      Public Sub Insert(ByVal index As Integer, ByVal value As Object) Implements System.Collections.IList.Insert
        params.Insert(index, value)
      End Sub
      Public ReadOnly Property IsFixedSize() As Boolean Implements System.Collections.IList.IsFixedSize
        Get
          Return params.IsFixedSize
        End Get
      End Property
      Public ReadOnly Property IsReadOnly() As Boolean Implements System.Collections.IList.IsReadOnly
        Get
          Return params.IsReadOnly
        End Get
      End Property
      Default Public Overloads Property Item(ByVal index As Integer) As Object Implements System.Collections.IList.Item
        Get
          Return params(index)
        End Get
        Set(ByVal Value As Object)
          params(index) = Value
        End Set
      End Property
      Public Sub Remove(ByVal value As Object) Implements System.Collections.IList.Remove
        params.Remove(value)
      End Sub
      Public Overloads Sub RemoveAt(ByVal index As Integer) Implements System.Collections.IList.RemoveAt
        params.RemoveAt(index)
      End Sub
      Public Overloads Function Contains(ByVal parameterName As String) As Boolean Implements System.Data.IDataParameterCollection.Contains
        Return (IndexOf(parameterName) <> -1)
      End Function
      Public Overloads Function IndexOf(ByVal parameterName As String) As Integer Implements System.Data.IDataParameterCollection.IndexOf
        For i As Integer = 0 To params.Count - 1
          If DirectCast(params(i), IDataParameter).ParameterName = parameterName Then
            Return i
          End If
        Next
        Return -1
      End Function
      Default Public Overloads Property Item(ByVal parameterName As String) As Object Implements System.Data.IDataParameterCollection.Item
        Get
          Dim i As Integer = IndexOf(parameterName)
          If i <> -1 Then
            Return Item(i)
          Else
            Return Nothing
          End If
        End Get
        Set(ByVal Value As Object)
          Dim i As Integer = IndexOf(parameterName)
          If i <> -1 Then
            Item(i) = Value
          Else
            Throw New Exception("Parameter not found.")
          End If
        End Set
      End Property
      Public Overloads Sub RemoveAt(ByVal parameterName As String) Implements System.Data.IDataParameterCollection.RemoveAt
        Dim i As Integer = IndexOf(parameterName)
        If i <> -1 Then
          params.RemoveAt(i)
        Else
          Throw New Exception("Parameter not found.")
        End If
      End Sub
    End Class

• How to change lookup code  with Access Level as 'System'

  Hi,
  I need to append new lookup codes in a lookup type having access level as 'SYSTEM'. Is there any standard way to do the same or just updating the customization level column will do ? Please let me know if you have any solution for this.
  Regards
  Girish

  You can also change the meaning on that value to something like "*** DO NOT USE***". This will make it obvious to the user that he/she should not choose it.
  You can try to add a when-validate-record personalization to show error if someone selected a disabled value.
  You can also try to modify the list of values associated with the field using personalizations.
  If nothing else works, you can use a SQL to uncheck the enabled flag. The risks involved in this are well known.
  Hope this answers your question
  Sandeep Gandhi
  Independent Consultant
  513-325-9026

• Change Custom Access Level on a personal folder

  Hi All,
  This is about Business Objects XI 3.x
  I'm looking for a solution to change the security settings on a personal folder.
  Within 3.x it isn't possible to "overide"  the user settings on a personal folder with the use of an usergroup.
  So what I'm looking for is a way to overide the user settings Access level (by default this is Full Controll) with a custom Access level so I can take away some privilige on the personal folder.
  Is there a Java script allready be developed by some one that I can use?
  Thanks in advance.
  Cheers,
  Jan

  Hi Jan,
  You can use the following code snippet:
  // folders is IInfoObjexts collection that contains the personal folders.
  folders = oInfoStore.query(query);
            if (folders.size() > 0)
  // query for the user for whom you want to set custom access role over the personal folder.
  query = "select * from ci_systemobjects where si_name ='" + testUser + "' and si_kind ='user'";
  users = oInfoStore.query(query);
  // set the custom role.
  folder = (IInfoObject) folders.get(0);
  user = (IInfoObject) users.get(0);
  IExplicitPrincipals explicitPrincipals = folder.getSecurityInfo2().newExplicitPrincipals();
  IExplicitPrincipal explicitPrincipal = explicitPrincipals.add(user.getID());
  // customRoleID is SI_ID of te custom role. You can retrieve custom role just as you retrieve any other
  //info objet. You can use the query like : select * from ci_systemobjects where si_name='custom role
  //name' and si_kind='customrole'
  IExplicitRole explicitRole = explicitPrincipal.getRoles().add(customRoleID);
  oInfoStore.commit(folders);                         
  I hope this helps.
  Thanks
  Aasavari               }

• Access Levels to change Universe

  Hi
  I have created a WebI template (with formated layout) based on a kind of 'dummy universe'.
  The goal is that some 'power users' should be able to copy this template to their favorites and then change the universe to one they are allowed to use.
  These 'ad hoc ' universes are accessible when you create a new webi report but when you want to change it to one of the other adhoc univereses then they are not viewable.
  The current access levels let the power users choose an universe to work with. So that's OK.
  But rights in the Access levels should be set on the universe (sub) folder where these adhoc Univ's are stored?
  I assigned already these rights to the universe folder:
  System - Connection   => Data Access   
  System  - Connection   => Use connection for Stored Procedures   
  System  - Connection   => View objects   
  System  - Universe       =>  Create and Edit Queries Based on Universe   
  System  - Universe       =>  Data Access   
  System  - Universe       => View objects
  We're working with BOE XI R3.1 sp 3 fixpack 5
  Thx in advance for your answers
  JP - BO Admin

  Hi Jean-Pierre,
  The only thing that comes to mind is the possibility that the universes are in a different domain, meaning different repository, etc. Do you all log into the exact same CMS/Infoview server?
  If that is not the issue, then try creating a new user with the same access rights as yours, the one that can access the other universes, and see how that works, then change theirs to match, and then restrict them as necessary.
  Hope that helps.

• Record column level changes of table for audit.

  Hi Experts,
  I need  suggestion on recording column level changes in table for internal aduit purposes, our company policy does not allow us to enable CDC and CT on database levels so I am looking for whar are other the best ways for doing the same ?
  I know we can use triggers and OUTpUT clause to record the changes on tables but Is there any other light weight solution for recording changes on transactions tables which very gaint tables. 
  Seeking your guidnace on solution side ?
  Shivraj Patil.

  OUTPUT should be the best choice for your case as this would be much lighter than Trigger.

• Authentication on local SQL Server 2008 R2 Express server fails after Lan Manager authentication level changed to "Send NTLMv2 response only\refuse LM & NTLM"

  I'm upgrading my organisation's Active Directory environment and I've created a replica of our environment in a test lab.
  One medium-priority application uses a SQL server express installation on the same server that the application itself sits on.
  The application itself recently broke after I changed the following setting in group policy:
  "Send LM & NTLM - use NTLMv2 session security if negotiated"
  to
  "Send NTLMv2 response only\refuse LM & NTLM"
  The main intent was to determine which applications will break if any - I was very surprised when troubleshooting this particular application to find that the issue was actually with SQL Server express itself.
  The errors I get are as follows (note that there are hundreds of them, all the same two):
  Log Name:      Application
   Source:        MSSQL$SQLEXPRESS
   Date:          1/19/2015 2:53:28 PM
   Event ID:      18452
   Task Category: Logon
   Level:         Information
   Keywords:      Classic,Audit Failure
   User:          N/A
   Computer:      APP1.test.dev
   Description:
   Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: 127.0.0.1]
   Event Xml:
   <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
     <System>
       <Provider Name="MSSQL$SQLEXPRESS" />
       <EventID Qualifiers="49152">18452</EventID>
       <Level>0</Level>
       <Task>4</Task>
       <Keywords>0x90000000000000</Keywords>
       <TimeCreated SystemTime="2015-01-19T22:53:28.000000000Z" />
       <EventRecordID>37088</EventRecordID>
       <Channel>Application</Channel>
       <Computer>APP1.test.dev</Computer>
       <Security />
     </System>
     <EventData>
       <Data> [CLIENT: 127.0.0.1]</Data>
       <Binary>144800000E00000017000000570053004C004400430054004D00540052004D0053005C00530051004C0045005800500052004500530053000000070000006D00610073007400650072000000</Binary>
     </EventData>
   </Event>
  Log Name:      Application
   Source:        MSSQL$SQLEXPRESS
   Date:          1/19/2015 2:53:29 PM
   Event ID:      17806
   Task Category: Logon
   Level:         Error
   Keywords:      Classic
   User:          N/A
   Computer:      APP1.test.dev
   Description:
   SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure.  [CLIENT:
  127.0.0.1].
  Event Xml:
   <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
     <System>
       <Provider Name="MSSQL$SQLEXPRESS" />
       <EventID Qualifiers="49152">17806</EventID>
       <Level>2</Level>
       <Task>4</Task>
       <Keywords>0x80000000000000</Keywords>
       <TimeCreated SystemTime="2015-01-19T22:53:29.000000000Z" />
       <EventRecordID>37089</EventRecordID>
       <Channel>Application</Channel>
       <Computer>APP1.test.dev</Computer>
       <Security />
     </System>
     <EventData>
       <Data>8009030c</Data>
       <Data>14</Data>
       <Data>AcceptSecurityContext failed. The Windows error code indicates the cause of failure.</Data>
       <Data> [CLIENT: 127.0.0.1]</Data>
       <Binary>8E4500001400000017000000570053004C004400430054004D00540052004D0053005C00530051004C004500580050005200450053005300000000000000</Binary>
     </EventData>
   </Event>
  All of the documentation that I have followed suggests that the errors are caused by incorrect SPN configuration- I figured that they were never correct and it has always failed over to NTLM in the test environment (I can't look at production - we couldn't
  replicate the setup due to special hardware and also RAM considerations), but only NTLMv2 has issues.
  So I spent some time troubleshooting this.  We have a 2003 forest/domain functional level, so our service accounts can't automatically register the SPN.  I delegated the write/read service principle name ACEs in Active Directory.  SQL Server
  confirms that it is able to register the SPN.
  So next I researched more into what is needed for Kerberos to work, and it seems that Kerberos is not used when authenticating with a resource on the same computer:
  http://msdn.microsoft.com/en-us/library/ms191153.aspx
  In any scenario that the correct username is supplied, "Local connections use NTLM, remote connections use Kerberos".  So the above errors are not Kerberos (since it is a local connection it will use NTLM).  It makes sense I guess - since
  it worked in the past when LM/NTLM were allowed, I don't see how changing the Lan Manager settings would affect Kerberos.
  So I guess my question is:
  What can I do to fix this? It looks like the SQL server is misconfigured for NTLMv2 (I really doubt it's a problem with the protocol itself...).  I have reset the SQL service or the server a number of times.  Also - all of my other SQL applications
  in the environment work.  This specific case where the application is authenticating to a local SQL installation is where I get the failure - works with LAN Manager authentication set to "Send LM & NTLM - use NTLMv2 session security if negotiated",
  but not "Send NTLMv2 response only\refuse LM & NTLM".
  Note also - this behaviour is identical whether I set the Lan Manager authentication level at the domain or domain controller level in Active Directory - I did initially figure I had set up some kind of mismatch where neither would agree on the authentication
  protocol to use but this isn't the case.

  Maybe your application doesn't support "Send NTLMv2 response only. Refuse LM & NTLM".
  https://support.software.dell.com/zh-cn/foglight/kb/133971

• How to include group access level in a ws call

  I want to include a Group Access Label in a Permission for a Course using an iTunes web service call.
  I don't see how to do this in the docs.
  (The example in iTunesUAdministratorsGuide.pdf at page 111 doesn't include the Group Access Label.
  And it's not in the schema for the ws xml document at http://deimos.apple.com/iTunesURequest-1.0.xsd)
  Is this an obvious omission or am I missing something? Anyone know how to do this?
  Background:
  We're creating most Courses programmatically.
  Obviously, we'd strongly prefer not to require an administrator to go into every Course and manually add a common Group Access Label to the Permission. (This manual piece is essentially what's now missing from the ws call or at least from my understanding of it.)
  Either way -- manually by an administrator or programmatically -- our instructors would then be able to set Permissions themselves on any Group they create -- doing this themselves and without the help of an administrator.

  To resume with a little progress made:
  I have a Section
  * with Access Level == Edit for Credential == Instructor@...${IDENTIFIER} with no Group Access Label, and also
  * with Access Level == Download for Credential == Student@...${IDENTIFIER} with Group Access Label == Student.
  I'm doing ws calls to add a Course including an identifier. This is successful, and I can then go into the iTunes client as Instructor@...${IDENTIFIER} (substitution made) and manually add Groups and change Access to each individually. (I'm adding Groups "Download", "Shared Uploads", and "Drop Box", changing the Access Level accordingly for Group Access Label "Student".
  But naturally I want to do the manual part programmatically, to save n instructors from having to learn how to do this same thing and then to do it.
  So I'm trying to change my ws call to add the Groups, including Permissions. Schema http://deimos.apple.com/rsrc/xsd/iTunesURequest-1.1.xsd doesn't include Group Access Label for Permission. What does this mean?
  I've tried the actual Credential == Student@...${IDENTIFIER} (with IDENTIFIER substitution made before the call) and also Credential == Student (to see if I'm supposed to match the Group Access Label, instead).
  For either of these trials, the ws call successfully adds the Groups and a ShowTree includes the Permissions for the Groups. But in the iTunes client user interface, it's as if I gave no Permissions in adding the Groups.
  Am I approaching this wrong or is there a bug here?
  (I haven't tried yet a separate call to add the Group Permissions, not wanting to suffer the processing wait of getting handles for the three Groups.)
  Anyone else doing this? (successfully or not ) Thanks.

• Help creating apple script to create folder and set access levels

  I'm trying to create folders in FileMaker Pro using apple script and need some help in setting the access level for the folders.  I want to set both Staff and everyone to Read and Write access.   Secondly I would like to have a function key set on the desktop to create new folders and set that same access level.  The default access is Read and I can not find a way to change that.
  Thanks

  I'm trying to create folders in FileMaker Pro using apple script and need some help in setting the access level for the folders.  I want to set both Staff and everyone to Read and Write access.   Secondly I would like to have a function key set on the desktop to create new folders and set that same access level.  The default access is Read and I can not find a way to change that.
  Thanks

• Problem with user access level

  David,
  I have so far succesfully implementend your tutorial on users registering and having to validate their emailaddress (both part I and II).
  Part I: http://cookbooks.adobe.com/post_Registration_system_that_requires_the_user_to_vali-16646.h tml
  Part II: http://cookbooks.adobe.com/post_Registration_system_that_requires_the_user_to_vali-16649.h tml
  When creating a login form however, I don't get it to work based on the access level verified = y. The database is set up exactly as you described in the above tutorials.
  This is the HTML for the log in form (index.php):
  <form ACTION="<?php echo $loginFormAction; ?>" method="POST" id="logon">
  <label for="user">Username</label>
  <input type="text" id="user" name="username" />
  <br />
  <label for="pass">Password</label>
  <input type="password" id="pass" name="password" />
  <br />
  <label for="done"> </label>
  <input type="submit" value="Log On" />
  </form>
  Below the code that is found above the <html> tag in the index.php file:
  <?php require_once('../Connections/conn.php'); ?>
  <?php
  if (!function_exists("GetSQLValueString")) {
  function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
    if (PHP_VERSION < 6) {
      $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
    $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
    switch ($theType) {
      case "text":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;   
      case "long":
      case "int":
        $theValue = ($theValue != "") ? intval($theValue) : "NULL";
        break;
      case "double":
        $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
        break;
      case "date":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;
      case "defined":
        $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
        break;
    return $theValue;
  ?>
  <?php
  // *** Validate request to login to this site.
  if (!isset($_SESSION)) {
    session_start();
  $loginFormAction = $_SERVER['PHP_SELF'];
  if (isset($_GET['accesscheck'])) {
    $_SESSION['PrevUrl'] = $_GET['accesscheck'];
  if (isset($_POST['username'])) {
    $loginUsername=$_POST['username'];
    $password=$_POST['password'];
    $MM_fldUserAuthorization = "verified";
    $MM_redirectLoginSuccess = "overview.php";
    $MM_redirectLoginFailed = "index.php";
    $MM_redirecttoReferrer = false;
    mysql_select_db($database_conn, $conn);
    $LoginRS__query=sprintf("SELECT username, password, verified FROM users WHERE username=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
    $LoginRS = mysql_query($LoginRS__query, $conn) or die(mysql_error());
    $loginFoundUser = mysql_num_rows($LoginRS);
    if ($loginFoundUser) {
      $loginStrGroup  = mysql_result($LoginRS,0,'verified');
      //declare two session variables and assign them
      $_SESSION['MM_Username'] = $loginUsername;
      $_SESSION['MM_UserGroup'] = $loginStrGroup;          
      if (isset($_SESSION['PrevUrl']) && false) {
        $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];    
      header("Location: " . $MM_redirectLoginSuccess );
    else {
      header("Location: ". $MM_redirectLoginFailed );
  ?>
  On the overview.php page, I applied the restrict access to page behaviour, which results in the following code:
  <?php require_once('../Connections/conn.php'); ?>
  <?php
  if (!isset($_SESSION)) {
    session_start();
  $MM_authorizedUsers = "y";
  $MM_donotCheckaccess = "false";
  // *** Restrict Access To Page: Grant or deny access to this page
  function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
    // For security, start by assuming the visitor is NOT authorized.
    $isValid = False;
    // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
    // Therefore, we know that a user is NOT logged in if that Session variable is blank.
    if (!empty($UserName)) {
      // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
      // Parse the strings into arrays.
      $arrUsers = Explode(",", $strUsers);
      $arrGroups = Explode(",", $strGroups);
      if (in_array($UserName, $arrUsers)) {
        $isValid = true;
      // Or, you may restrict access to only certain users based on their username.
      if (in_array($UserGroup, $arrGroups)) {
        $isValid = true;
      if (($strUsers == "") && false) {
        $isValid = true;
    return $isValid;
  $MM_restrictGoTo = "index.php";
  if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {  
    $MM_qsChar = "?";
    $MM_referrer = $_SERVER['PHP_SELF'];
    if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
    if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
    $MM_referrer .= "?" . $QUERY_STRING;
    $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
    header("Location: ". $MM_restrictGoTo);
    exit;
  ?>
  Any idea/thoughts on what I'm not adding to the page in order to work?

  David,
  Thank you for that insight, I figured it would be something like that and when I woke up this morning, it all made sense. I changed somthing from the tutorial (part I) you wrote and now it works fine.
  I had trouble with the validation link in the email that is sent automatically. In your tutorial, section "generating and sending the validation email", you write:
  $message .= urlencode($_POST['username']);
  $message .= '&amp;t=';
  $message .= urlencode($token);
  When using the code like this, it wouldn't set the verified column to y. However, when I changed the middle $message to
  $message .= '&t=';
  it updated the verified column to y. The URL that displayed from the original code displayed the & sign as &amp; in the URL itself.
  Next to that, whenever I try to add something to the e-mail, the validation link becomes not clickable anymore.
  As the login problem concerns, encrypting indeed did the trick.
  if (isset($_POST['username'])) {
    $loginUsername=$_POST['username'];
    $password=sha1($_POST['password']);
  Putting the $_POST['password'] between brackets, adding sha1 in front of it. It works just fine now.
  Hopefully no further problems on this anymore! Thanks a lot for your insights!
  EDIT: I can't mark this thread as answered anymore?

• Access level in lookup table

  I'm using Dreamweaver CS4. It seems that access levels can
  only be applied (at least through Server Behaviors) to a field
  within the same table that host the users and their associated
  passwords. I have adopted a database which contains a table which
  contains the users and their passwords but the access levels are
  stored in a lookup table. Aside from hand coding this or changing
  the table structure to include access levels, users and passwords
  in the same table, can anyone provide some insight as to how to
  handle this?

  OK i have successfully achieved the JOIN...I think. I clicked
  "Test" on the Recordset dialog and I can see records from the table
  but not the JOIN table.
  Here is the SQL statement I used:
  SELECT authuser_id, firstname, lastname, uname, passwd
  FROM authuser INNER JOIN user_access ON
  authuser.authuser_id=user_access.userID
  So once this is done, I'm not sure how to proceed. I added
  the "Log In User" server behavior but the JOIN field is not
  displayed under the "Restrict access based on:".
  I obviously have a lot to learn about how Dreamweaver helps
  streamline this process. Any help (detailed as possible) would be
  much appreciated.

• Security and access levels

  I have created 4 users access levels, however, when I try to implement, when I keep inheritence, default security keeps coming up,   e.g. try changing everyone to my new access level and I get the new access level, but I also get view (inherited) - how can I "clean out" the old security settings??

  Sorry for the delay!
  OK, here's our situation - it's pretty straight forward;
  1500 users
  1500 (all) users in Everyone
  Of the 1500 users in Everyone;
  1200 in subgroup A
  200 in subgroup B
  90 in subgroup C
  10 users in Administrators
  4 universes
  1 connection
  Goal:
  Everyone and subgroups, same as admin, exception: can't delete or save to "corp" doc's.  My thought is to use same access level, then use the advanced configuration on the folders to prevent everyone from deleting any "corp docs"
  I have applied this access level to everyone and admin at;
  application > infoview, webi. cmc, deski, discussions, search
  universes > all 4
  connections > the 1
  folders > root folder,  level 1, denied access to everyone accordingly on level 2
  I have also added this access level to the top level security for users and groups
  Issues; 
  1. When I check the access level for everyone on folders, level 1 and below, I get the custom access level as inherited, but also view aslo as inherited.
  2. The users added to the admin group do not have same rights as the "administrator - for example, administrator can delete objects in the folders, but other users (within admin group) can not?  if I manually add the users to the folders, I can get this to work,  but doesn;t make sense, why would a user within a group have different rights, than any other user within the same group, with the same rights???
  Hope this helps!
  Edited by: Michael Bujarski on Jun 5, 2009 3:56 PM

• Problem with Restrict Access to Page with access level using ASP

  I'm using Dreamweaver CS3 with ASP-VBScript and an Access
  database. The pages were created from scratch for this project,
  using those tools all the way through.
  I've created a login page, an admin homepage, and add, edit,
  and list records pages for three tables. The login page uses the
  Server Behavior "Log in User", all other pages use the Server
  Behavior "Restrict Access to Page". All of these are based on an
  Access Level.
  Login seems to work correctly, and redirects to the admin
  homepage. From the admin homepage, I can open any other page as
  expected, and they initially display correctly. On the add and edit
  pages, however,
  submitting the form often results in getting logged out, but
  not always.
  Once this happens, I can log back in, but other problems will
  sometimes occur during that second login session. Sometimes,
  logouts will occur on pages that worked fine during the first login
  session. Sometimes, another session variable that I've setup
  manually will change when it shouldn't...as if there were two
  values stored for my session variable, and reloading the page
  changes to the other value.
  This
  post seems closest to my experience, but it doesn't look like
  there was really an answer beyond "I had to fight with it for a bit
  to get it to work":
  I suspected that there is some problem with session settings
  on the server. We have an almost identical tool on the same server
  that was developed with an older version of DW that works more
  reliably; it sometimes has problems with the initial login, but
  never has a problem after that.
  Has anyone experienced problems like this? Any suggestions
  for what to check? I'm really pulling my hair out since it's so
  unreliable...the kind of problem that goes away when you try to
  show someone and comes back when they leave.

  Hello,
  I was thinking that all I would need would be the username, although username and paswsword would be more secure.  There are about 50 users and no groups or levels.  They are all equal ... same level.
  The website is private and there is a general content area for all users and then there will be private areas for each user where proprietary documents will be held.  I need to be able to ensure that user 'A' can only see the user 'A' pages, user 'B' can only see user 'B', etc.
  I don't really understand what the Dreamweaver script is doing, but the overview sounded like it was the right tool to accomplish what I'm trying to do.
  Any assistance greatly appreciated.
  thanks.

• Kernel security level changes on its OWN?

  Hi...
  using OS 10.3.9 on a G4 dual 533mhz with a gig of ram. It is wired into an Airport Extreme that firewalls for a wireless laptop as well, yes it is set encrypted and unauthorized NIC card addresses are excluded in the Airport Administration software...
  I dont have Little Snitch set to run automatically, but it appears as having launched before the last kernel panic. (so says Crashreporter_
  The kernel panic happened between the time this computer was put in user log in window Sleep Mode yesterday and when I woke it up today to log into one of the user accounts (I am the only one to have maintenance/Full Admin. access)
  The typical user log in screen with the names was up, but a kernel panic had overlaid the visual... parts that made me perk up was the last line said it was waiting for debugging to occur... the NIC address of the network card was shown, and the IP number that is set in the Network panel...
  I checked through Onyx into the System log Crashreporter and found the stream of log info during the 'wake up' mode:
  Jan 22 22:28:16 localhost init: kernel security level changed from 0 to 1
  Jan 22 22:28:16 localhost loginwindow[205]: Sent launch request message to DirectoryService mach_init port
  I have never seen a kernel security change in any of the logs in the past... No new user accounts were made, and no new levels of access have been assigned to existing users...
  What does this mean, a level 1 setting of a kernel? Should I Admin Panic along with the kernel?

  Basically, the change means that the kernel is going from insecure to secure mode, which prevents the sappnd and schg flags from being turned off. More information is available on this page.
  (19398)