Access list of iBooks w/ user's permission

Similar Messages

• Getting a list of users and permission from a folder

  I run this command to get a a list of users and permission from a folder
  $project_folder = "\\servername\foldername"
  get-acl $project_folder | %{ $_.Access  } | ft -property IdentityReference, AccessControlType, FileSystemRights > folder.csv.
  This only lists information for 1 folder.
  If i have multiple folders how should the code be modified?

  this is the code i am looking for 
   $project_folder
  = "\\servername\foldername\foldername1"
  get-acl $project_folder | %{ $_.Access  } | ft -property IdentityReference, AccessControlType,
  FileSystemRights > folder.csv.
  I  run this code and this gives me the information for only the folder 'foldername1'.
  Ex. i need a list of users who have permmission in \\servername\foldername\foldername2.
  i run the code and it gives me the permissions and list of users in foldername2.
  This is the issue
  IF there are multiple folders \\servername\foldername\foldername2, \\servername\foldername\foldername1,
  i need to run the code each time for 1 folder. 
  is there a command where i can combine the path of these 2 or more folders and export
  it to csv
  Ex.  $project_folder
  = "\\servername\foldername\foldername1",
  "\\servername\foldername\foldername2"
  get-acl $project_folder | %{ $_.Access  } | ft -property IdentityReference, AccessControlType,
  FileSystemRights > folder.csv.
  This will give me the list of users and the type of access they have in foldername1 and
  foldername2

• SharePoint C# Get list of sites on which user has permission (Read, Contribute, Owner, Admin, Visitor)

  HI,
  I wants to get list of sites on which user has permission, all permission name like (read, visitor, contribute, owner)
  using (SPSite oSite = new SPSite(SPContext.Current.Site.Url))
  foreach (SPWeb oWeb in oSite.RootWeb.GetSubwebsForCurrentUser())
  permission = string.Empty;
  foreach (SPGroup group in oWeb.Groups)
  foreach (SPUser u in group.Users)
  if (u.Name == (userName))
  foreach (SPRole role in u.Roles)
  permission += role.Name.ToString() + ", ";
  } // Taking All Permission details of user
  permission = " [" + permission.TrimEnd(", ".ToCharArray()) + "]";
  my final string variable will have values like [Read, Visitor] or [Read] or [visitor, Read]
  I wants to have all permission names and also geting error on u.Roles [Roles is absolute now],
   Help me to get permission by using SPRoleDefination etc
  SPRoleDefinitionCollectionroleDefinitions
  = oWeb.RoleDefinitions;
  SPRoleDefinitionroleDefinition
  foreach(SPRoleAssignmentroleAssigment
  inoWeb.RoleAssignments)
   Thanks
  Praveen

  Depending on how large your farm is and how many webapplications / site collections you need to enumerate to build this list, you might be better off using search to get the list of sites/webs that the user has access to (search results are security trimmed).
  You could then enumerate just the list of sites returned to determine the exact permissions.
  E.g. Code for getting a list of sites the user has access to:
  var ssaProxy = (SearchServiceApplicationProxy)SearchServiceApplicationProxy.GetProxy(SPServiceContext.GetContext(SPContext.Current.Site));
  var keywordQuery = new KeywordQuery(ssaProxy);
  keywordQuery.RowLimit = 200;
  keywordQuery.SelectProperties.Clear();
  keywordQuery.SelectProperties.Add("Title");
  keywordQuery.SelectProperties.Add("Url");
  keywordQuery.ResultsProvider = SearchProvider.Default;
  keywordQuery.QueryText = String.Format("contentclass:STS_Site OR contentclass:STS_Web");
  keywordQuery.ResultTypes |= ResultType.RelevantResults;
  ResultTableCollection searchResults;
  searchResults = keywordQuery.Execute();
  if (searchResults.Exists(ResultType.RelevantResults))
  var searchResult = searchResults[ResultType.RelevantResults];
  var results = new DataTable { TableName = "SearchResults" };
  results.Load(searchResult, LoadOption.OverwriteChanges);
  if (results.Rows.Count > 0)
  var resultsText = new StringBuilder();
  foreach (DataRow dataRow in results.Rows)
  var urlToWeb = dataRow["Url"] as String;
  //Perform your checking to determine the exact permissions
  Regards, Matthew
  MCPD | MCITP
  My Blog
  Please remember to click "Mark As Answer" if a post solves your problem or "Vote As Helpful" if it was useful.
  I just added a webpart to the TechNet Gallery that allows administrative users to upload, crop and format user profile photos. Check it out here:
  Upload and Crop User Profile Photos

• Regd:UAL(user access list) access assumptions

  Hi All,
  We are using UAL(user access list) in our application and during that we have come up with some queries regarding the access.
  we are using ps3 and we are testing this from web
  Assume that User1 is coming with (RWDA) and User2(RWD) access on the particular Security group(SG)for which we have enabled the ACL
  Creation
  1.User1 has created a folder with user2 being added under ACL and given (RWDA) with author metadata field being entered as user1.
  a) user2 will not be able to add the new content directly as he is getting the following error(Content item <undefined> was not successfully checked in. You have insufficient privileges to assign the content item to user 'test1')
  b)user2 can create a folder inside user1 folder and can create content under it.
  2.If user1 has created a folder with user2 being added under ACL and given (RWDA) access with author field being left blank.
  a)user2 will be able to create the content as well as folder under the user1 folder itself.
  Deletion
  1.user2 can delete any content item in the ablove scenarios as his effective permission would be intersection of (RWD) from ucm and (RWDA) from UAL irrespective of the author field who has created it.
  Now the point is
  When the user2 can't create the content when the author field is being set then how can he delete the content .
  Ideally the user2 shouls be able to add the content as well as he is granted (RWDA) permission on that particular folder.
  Can you please tell us if we are missing something
  Thanks,
  Yashwanth

  OK I have just read your scenario and the ACL security is working correctly/as designed.
  Permissions granted via ACL and security group DO NOT override one another. The user will get the resulting INTERSECTION of the two.
  SO in this case you describe that the user has RWDA permissions set via the ACL and has RWD permissions on the Security Group to which the ACL applies.
  This means the user has RWD permissions on this resource!
  So quite simply they can delete as they are allowed to BUT can not 'check in as another user' in the dDocAuthor field as this requires Admin privileges.
  Please ask if you have further Q's
  Hope that helps
  Tim
  Edited by: Tim Snell on 12-Apr-2011 03:30
  Corrected UNION to INTERSECTION - how embarassing! ;-)

• Getting a list of users and permission from a folder including nested groups

  $project_folder = "\\servername\foldername\foldername1"
  Get-Acl $project_folder | 
      ForEach-Object { 
          $_.Access | Add-Member -MemberType NoteProperty -Name Path -Value $_.Path -PassThru  
      } | 
      ft -GroupBy Path -Property IdentityReference, AccessControlType, FileSystemRights > foldertst.csv
  The above command gives me a list of all the users who have access to foldername1. (including users and groups).
  How do i modify this code to get the information of the nested groups for this folder

  Sorry, I won't be providing a complete solution, just a few suggestions and comments.
  first thing will be to determine for each ACE (access control entry) whether the IdentityReference refers to a user account or a group. If a group, you will then need to process each of its members, each of which will share the FileSystemRights of the current
  ACE.
  But... if any of the members are other groups, you will need to process them recursively as well. Recursively.
  There are a few gotcha's, though:
  you need to recognize and avoid infinite recursion when, for example, group A is a member of group B which is a member of group A. One way to do this is to keep a list of all groups encountered, processing each only once.
  if one ACE belongs to group C, another belongs to group D, group A is a member of C, and group B is a member of D, you must ensure that all members of A and B are listed with ACE C and ACE D.
  Once you have identified all user accounts you might find that some have multiple records. For example, user AA might belong to group A, and get unlimited access through the ACE owned by group C, but deny read access through the ACE owned by group D. If
  the first mention of this user in your output shows he has unlimited access, that will, of course be incorrect. at the very least the output should be sorted by username. You could attempt to amalgamate all of his various accesses (like the effective permissions
  tab) into a single one. But it would be difficult to show which group memberships contributed which aspects of his access permissions in any kind of simple or intuitive way.
  security configurations can easily become overly complex. The best solution is to simplify and standardize how permissions are applied and how groups are nested. I have had to do this on occasion, and the problem of determining how things should be permitted
  from how they actually are is probably the most complicated part of the job.
  good luck.
  Al Dunbar -- remember to 'mark or propose as answer' or 'vote as helpful' as appropriate.

• APEX Pages - User Access List with NTLM

  Hi,
  I'm building several APEX Applications, and using NTLM as its Authentication Scheme. With this, the users won't have to type any user and password. And their user name stated in top right screen.
  I'd like to build another application to administer users of all created APEX Applications. So I'd like to build 3 tables:
  1. users (hold user name, and user data)
  2. pages (hold APEX Applications pages)
  3. access_list (hold combined data of users and pages and access flag)
  The last table will give me an SQL that can be used to create page level Authorization Scheme.
  The problem is:
  I cannot find a way to get a list of user ids to pre-populated the table users. Is there a way that an administrator user use an LOV of all NTLM user instead of typing domain\user to this application? OR is there a better and elegant way to create User Access List with NTLM.
  Your helps will really help me, and thanks in advance.
  Regards,
  Aulia

  This is kind of a followup to Scott's post. Instead of using your own tables to map user accounts to permissions etc, why not simply use LDAP to query the NT domain global catalog?
  You can tell what users are members of particular AD groups and control access to functions based on AD group membership. Then you would only need one table that maps Apex functionality to AD groups.
  That's what we do. Our account management people add users to different security groups and they get access to our apex app based on those groups. The type of access is controlled by the group to which they belong.
  If you try to capture a list of all users, you'll be constantly trying to keep your list of users in sync with your AD/NTLM accounts.
  Or I guess you could simply use LDAP queries inside the database to get a list of ALL your users in a nightly batch. Wouldn't help for people added in the middle of the day, but maybe that doesn't happen often in your company.
  I have posted code on using Active Directory LDAP with dbms_ldap inside the database. Shouldn't be too much trouble to modify that code to scan your directory for users every night. Search for "dbms_ldap" in this forum.

• Access list of user worklist display columns

  Hi all,
  Is anyone aware of a way to access the list of columns a user has selected to display in their work item list?
  Typically the list of columns is simply the project variables, however using the "Add/Remove Columns" link, a user is able to customize the columns being displayed. We are looking for a way to access the list of columns the user is currently looking at through code.
  Any suggestions would be greatly appreciated.
  Thank you!

  could not understand the what you are looking for?
  list of columns that the user configured to view .... can u elaborate

• With Timed Access List on, Guest users cannot access Guest network.

  I have a ABS with 7.5 version. In the Timed Access window i have default set to "no access". Then, all the computers that are allowed access to the main network are on the list. Then i have the main network hidden. My guest network is broadcasting but when a user tries to connect to it, they get a "Unable to connect". If I change the default access in Timed Access to "Everyday", users are then able to connect to the Guest network again.
  Obviously, this is a bug. I don't want people accessing the main network that aren't on the timed access list. However, I still want guest users to access the Guest Network.
  It looks to me that the Timed Access window is controlling the restriction of the Guest and Main network, when it should only be controlling the Main only.
  Hopefully, apple has noted this issue and will be fixed on the new update. If other people are experiencing this problem, Please let me know.
  -Ghost

  Apple just updated the airport to 7.5.1. But there is still a problem with the the guest network not allowing access. If the "Unlimited" is set to "No Access" in the access list it prevents anybody from accessing the guest network. It should only deny your Main wireless Network.
  In other words, the Access List is controlling the access for both wireless networks(Guest and Main network)
  Either apple needs to create two Access Lists, One for Main network, and One for guest network. Or just have to option to choose which Network you want to restrict leaving the second one open for all.
  -Ghost

• Assign personal access list to user in ACS 5.1

  Hello.
  Is there any way (in ACS 5.1) to assign personal access list to each user instead of assigning it to Authorization profile and Authorization profile to user?
  Thanks for any help.

  This should be possible
  You need to do the following:
  1) Goto
  System Administration >
  Configuration >
  Dictionaries >
  Identity >Internal Users >
  CreateCreate a user attribute that will store the DACL name of type string. We wil call this attribute DACL
  2) When you create a user (
  Users and Identity Stores >
  Internal Identity Stores > Users >
  Create) you will now see the attribute "DACL" that can be created as part of each user record
  3) Create an authorization profile: (
  Policy Elements >
  Authorization and Permissions >
  Network Access > Authorization Profiles >
  Create)In "Common Tasks" tab, for "Downloadable ACL Name" select "Dynamic" option followed by "Internal Users"  and then select the name of attribute you seelcted in step 1)
  You can now use this authrization profile as a result in policies. When a user authentications the string from the DACL attribute in the user record will be used as the name of the attribute to download

• Root cause of error " Access denied. You do not have permission to perform this action or access this resource" - workflow - SharePoint 2013

  Good evening, technet community
  I hope you are doing well.
  When configuring my SharePoint workflow, I encounter the problem below:
  Problem Description:
  Let's say my domain is: test.com, my group user is: test\group , my user is: test\user1
  Except an admin account with full control at both "Web Application" and "Site Collection", all others account all have problem when creating a list item. After creating a list item, the workflow status is "cancelled" immediately
  with the following message:
  RequestorId: 262a35e4-99f4-40f0-929b-5d04b415f147. Details: System.ApplicationException: HTTP 401 {"Transfer-Encoding":["chunked"],"X-SharePointHealthScore":["0"],"SPClientServiceRequestDuration":["10"],"SPRequestGuid":["262a35e4-99f4-40f0-929b-5d04b415f147"],"request-id":["262a35e4-99f4-40f0-929b-5d04b415f147"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"MicrosoftSharePointTeamServices":["15.0.0.4420"],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1;
  RequireReadOnly"],"Cache-Control":["max-age=0, private"],"Date":["Thu, 06 Nov 2014 12:14:28 GMT"],"Server":["Microsoft-IIS\/7.5"],"WWW-Authenticate":["NTLM"],"X-AspNet-Version":["4.0.30319"],"X-Powered-By":["ASP.NET"]}
  {"error":{"code":"-2147024891, System.UnauthorizedAccessException","message":{"lang":"en-US","value":"Access denied. You do not have permission to perform
  this action or access this resource."}}} at Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context) at System.Activities.CodeActivity.InternalExecute(ActivityInstance instance, ActivityExecutor executor,
  BookmarkManager bookmarkManager) at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor executor, BookmarkManager bookmarkManager, Location resultLocation)
  - The workflow is still fail even I assign "full control" to my users group "test\group" – at Site Collection level.
  Surprisingly, I have successfully found a solution for this error message. However, I still have some points that I do not clearly understand. Let's start with my solution first.
  Solution:
  *** i. Assign permission policy at Web Application level – Central Admin site ***
  1. Central Administration ==> Application management
  ==> Manage Web application 
  2. Go to "permission policy", then create a new permission level. This permission level contains all "edit item" permission.
  3. Select "user policy", then I assign it directly to my user account: test\user1.
  *** ii. Assign "edit item" permission at Site Collection level ***
  1. Site Setting ==> Site permission
  2. Assign "Edit" permission to my test\group.
  (Actually I removed all permissions of my user group at Site Collection level. It seem my group has inherited permission from Web Application level, is that correct? )
  *** iii. Create a new list item and workflow runs ……. ***
  ==> My question is:
  1. Why I cannot assign permission to my users group - "test\group" -
   at "Web Application" level? Instead I have to assign permission policy for each users, one by one?
  2. Could you please let me know how to collect full detail error message of workflow status?
  Thank you very much! Have a nice weekend.

  Thank you for your very detail response.
  Point 1: Yes my 2 service: user profile & profile sync service are running. I performed "full synchronization" as well. Actually i've tried 3 another action plans before coming up with the solution i posted:
  *** Actions completed ***
  1. Activate the feature: workflow can use app permissions.
  Site actions > Site Settings > Site features >activate the feature below:
   Workflows can use app permissions
  2.
  Refresh trusted security token services metadata feed
  Get-SPTimerJob
  "RefreshMetadataFeed"
  | Start-SPTimerJob
  - then restart the machine.
  3. Start full user profile synchronization.
  Point 2:
  - Yes my user had Edit permission at workflow task list + list affected by workflow.
  I have just remove all permissions of my user at "Site Collection" level. However, when i show my user permissions at my workflow task list and my users still have "Edit" Permission ( assigned at Web Application level. These permissions
  still exist even after my workflow task list stop inheriting permission).
  ==> the problems probably belongs to "permission" at "Site Collection level". It seems "permission level at my Site Collection does not work". All users accounts are also suffer from the same issues except farm admin account
  ( which has full control at Web Application level).
  I would appreciate if your guys can guide me how to make "permission" at my "Site Collection level" work again?
  Thank you very much.

• How to restrict access to views for some users in the app?

  Hi SDN!
  I have an WD application wich embedded in the portal. Appication has 2 iViews (and 2  pages respectively). These iViews consist several views connected with each other (e.g. one view provide list data, second view is add/edit form for this data). I need to restrict access for some users for view with add/edit form. I can't make separate page for this view.
  What I've done:
  1) create yet another UIContainer for this view in main window and embed view to this container. It was be done for create separate iView for form.
  2) in the portal I create iView for this form but don't embedd in any page.
  When I try to call my form from list data (that is one iView from another) I get exception:
  <b>com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: duplicate usage of view .MyCarRentalAddCity</b>
  Is there a way to get needed functional?
  Thanks,
  Lev

  Hi,
  do you need to remove the IView from the portal menu or do you just want to make a View container in your WD application invisible if the user doesn't have the rights to see it.
  If so, you could create your own roles on the app server:
  You need to create a new class that extends NamePermission like:
  import com.sap.security.api.permissions.NamePermission;
  public class ApplicationAccessPermission extends NamePermission {
             * @param name
            public ApplicationAccessPermission(String name) {
                 super(name);
             * @param name
             * @param action
            public ApplicationAccessPermission(String name, String action) {
                 super(name, action);
  Also, you have to create an Action.XML file that looks like this:
  <BUSINESSSERVICE
       NAME="com.vendor.administration">
       <DESCRIPTION
            LOCALE="en"
            VALUE="actions view usage"/>
       <ACTION
            NAME="View Permission">
            <DESCRIPTION
                 LOCALE="en"
                 VALUE="Show view"
                 />
            <PERMISSION
                 CLASS="com.vendor.utilities.ApplicationAccessPermission"
                 NAME="ShowView"
                 />
       </ACTION>
  </BUSINESSSERVICE>
  If you have created these to files in your packages, you can access this function like:
  IUser user ;
  try {
            user = WDClientUser.getCurrentUser().getSAPUser();
            if(user.hasPermission(new ApplicationAccessPermission("Show view"))){
                 wdContext.currentV_UIElement().setViewVisibility(WDVisibility.VISIBLE);
            }else{
                 wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
       }catch (WDUMException e1) {
            wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
                  e1.printStacktrace();
  You have to bind the ViewVisibility attribute of the context to the View Container you want to hide.
  The applicationAccessPermission you defined in the XML File will be visible in the UME Manager of you J2EE engine. With this action you can create a new role and group that you can map to the users that should see you view.
  But, the exception you get is because you have embedded one view twice, which is not possible.
  Hope this helps.
  Regards,
  Dennis

• Removed user from group, user no longer has access to documents even though user is owner of documents

  I'm running a server 2012 std domain and I'm in the process of rebuilding our fileserver after we had some pretty serious permission issues. Bad permissions (Everyone had full access to user documents share) were migrated when we move to the new server and
  then by some strange Monday morning freak out all users lost access to their documents. I restored from backups, redirected everyone's folders back to local computer and started to reconfigure the share permissions. I moved our administration group back to
  the server after securing proper permissions for folder redirection (permissions copied from https://technet.microsoft.com/en-us/library/jj649078.aspx?f=255&MSPPError=-2147217396 table 1, only difference is instead of creating a new security group
  for redirection users, I used the everyone group) to test and everything went perfectly. The GPO created the users folders under the root and redirection was good to go. Along with that, other users cannot access other users documents anymore which was the
  intended outcome. 
  Last night I was looking at security groups and see that our administration group (back office group: accounting, HR, etc..) was a member of the domain admins. I removed them from the domain admins group and added them to the administrators group (they do
  need regular admin access) then went on like normal. This morning, all users in that group can no longer access their documents on the server. I immediately think that permissions were broken again and started to get angry, but then realize that all the files
  are still accessible on the server (no lost permissions like before) and the user is still shown as the owner with full permissions, but the files are inaccessible to those users. I re-added them to the domain admins group, logged out, logged back in and documents
  are back and accessible by the user. Remove them from the domain admins group, log out, log back in and the documents are inaccessible again. Re-add to the domain admins group and back to normal. 
  Which leads me to now. If the users are part of the domain admins group, they have access to their files. If they are removed from the domain admins group, they lose access. When they lose access, they are still the owners of the files/folders with full
  permissions, yet they can't access their documents. Also, just to add, the domain admins group has no specified permissions on the files or folders. See screenshots below..
  Here is the root share. 
  And the user's desktop folder. The folder is owned by the user with full permissions. This is the folder the redirection GPO created.
  Any ideas why removing the group from domain admins would drop access to their files? They are still the owners of the files and should have full access but they don't. Is there something I'm not seeing here?

  Effective Access shows the user has full control of the Desktop folder
  This is a problem with the Effective Access tab when using CREATOR OWNER.  As you have noticed, the user doesn't really have the access that the tab says it does.  This is because of how CREATOR OWNER works.
  CREATOR OWNER is only evaluated when a file/folder is created. 
  IF a user can create a file/folder, then the permissions assigned to CREATOR OWNER are copied to a new permissions entry for that user.
  To see this:
  Logon as an administrator and create a file in the Desktop folder in your screenshot.
  Examine the permissions of the new file.
  You'll see that there is a new entry for the account you logged on with.
  CREATOR OWNER is gone.  CREATOR OWNER would still be there if you created a folder (because of "subfolders and files").
  In the Desktop folder (in your screenshot), only SYSTEM and Administrator can create/access files.
  To fix this, you need to grant the users the ability to list the directory contents and create new files/folders.  This corresponds with the suggestion of Table 1 in the document you found.
  I see what you're saying about Administrators domain group. I'll just add them as local admins via GPO and that should solve that issue. 
  No, scary!  This will grant those users administrative permission on your server.  They will be able to see any file anywhere on that server.
  If your goal is to provide a place that is private for each user, then the simplest approach is to grant each user permission to their own folder.  Like this for Test User:
  Notes for above:
  I set the user's permission to Modify because there is no good reason why the user should change these permissions
  The owner of this folder is unimportant.  I leave it set to Administrators
  You can, and I do, remove CREATOR OWNER.  It adds no value in this situation and just causes confusion.
  As for the second screen shot, the *-Admins folder is the root to which Everyone has special permissions on and can create folders. The folder for M* was created by the GPO, which makes M* the owner to which they have Full control of subfolders and files.
  The GPO also created the Desktop folder, giving owner full permissions of subfolders and files. Inside the Desktop folder, permissions remain Full control for owner for subfolders and files. Even if it was the case that they only had permissions on subfolders
  and files, wouldn't each subfolder under that one be considered a subfolder and file of the top folder?
  If this works as you say, then Yes, it should work.  But, I don't see the entries for use M*.  Remember, there should be entries for the M* user that is a duplicate of CREATOR OWNER.
  I suspect that Group Policy is creating the directories (elevated) and then changing the owner to M* afterward.  This does not duplicate the CREATOR OWNER entries as needed.  If this is the case, I consider it a flaw because your permissions do
  not allow user M* to create files/folders, and group policy shouldn't bypass security.
  I'm not saying your wrong, I'm just curious why the technet article would advise Creator/Owner giving full control of subfolders and files only if that were not correct. I can add the permissions for the users easily, I just don't see why I need to give
  explicit permissions to access something when the GPO created those folders for me, which Microsoft recommends you allow. If the GPO can create folders and the folders are owned by the user, then the user can obviously add/create/modify/view those files and
  folders. 
  When I restored the data, no permission were reset. Permissions were restored to the wonky version where the Everyone group has full access to everything. Ownership of the files/folders remained the same.
  A couple things:
  The article instructed the use of Folder Redirection Users group that had permissions to create files.  Your examples didn't have that.  Because of this, your user could create new files.
  The article assumes that the directories you are creating will be empty.  Existing files will be unreadable to everyone except Admins.
  If you follow the directions in the article, then anyone in the Folder Redirection Users group can write files to anyone else's directory.
  One benefit of the document's approach is that all the users could be redirected to the same folder using the article, and it would work.  A benefit, I guess.
  But, I like my user's separate and unable to see each other's files -- at all.  This is why I recommend replacing CREATOR OWNER with the specific user.
  I believe this document is a "how to get it done" document, not necessarily a best practices document.  I see it as a starting point, and that's why I didn't follow it exactly.
  Lastly, CREATOR OWNER permissions are useful but confusing.  I avoid them unless I have the rare circumstance where they are perfect.
  When I restored the data, no permission were reset. Permissions were restored to the wonky version where the Everyone group has full access to everything. Ownership of the files/folders remained the same.
  To summarize:
  In the user's directory, you need to provide permission to list and create new files/folders, and you need grant the user permission to the existing files.
  -Tony

• We can figure this standard access list

  We can figure this standard access list that's important remember that we use a standard access list  want to block all traffic or permit all traffic from a particular
  source or destination let's take a look at this machine right here   that  is IP address say
  640-554 we want to stop him from going into the Ethernet interface I'm the ad man he made me midsummer block callers traffic he can get out anymore maybe this is even the internet out
  here we know people like their Internet access so to get back at them I'm a block it what I can do is I can use deny statement in my access list access list
  one did not .
  http://640-554cisco.com/

  Hi Suresh,
  ad 1) according to the documentation ( http://docs.oracle.com/cd/E28280_01/doc.1111/e26692/securityacls.htm#BEIIHJAH )
  "At least one of the following must be true for a user to be granted a particular permission:
  The user's name appears in the xClbraUserList metadata field with the appropriate permission.
  The user belongs to a group that appears in the xClbraAliasList metadata field with the appropriate permission.
  The user is part of an Enterprise role that appears in the xClbraRoleList metadata field with the appropriate permission."
  meaning that OOTB a user will be granted both Read permission as per user-granted permissions and RWD as per group-granted permissions (resulting into RWD because at the same level a union operation is used).
  I'd say that conceptually, the group assignment should not be used in your use-case, because you don't want to assign permissions to group's users, do you? You could create new groups, or use assignment of permissions per user.
  ad 2) check this: http://docs.oracle.com/cd/E28280_01/doc.1111/e26692/securityacls.htm#BEIIDCGD
  Using ACLs, regardless User or Group Access Lists, always impacts the performance. And, it is difficult to maintain. From the information at the link you may understand how it is implemented - basically, the execution of the query will be affected by: a) how many items have to be evaluated b) the length of strings (xClbraUserList, xClbraAliasList) to be evaluated.

• Add list item using anonymous user in public website of shareopint 2013 office 365

  Can any body know the solution to over come of following error while add list item using anonymous user using CSOM in shareopint 2013 office 365 public website.
  I have tried following solution to narrow down the error from "Access permission"
  http://sharepointtaproom.com/2014/08/28/anonymous-api-access-for-office-365-public-sites/#comment-2304

  Try below:
  http://www.codeproject.com/Articles/785099/Publish-a-Form-for-Anonymous-Users-on-a-Public-Sit
  http://blogs.technet.com/b/sharepointdevelopersupport/archive/2013/06/13/how-to-allow-anonymous-users-to-add-items-to-sharepoint-list-using-client-object-model.aspx
  // Allows AddItem operation using anonymous access
  private
  static voidAllowAnonAccess(){
  Console.WriteLine("Enabling Anonymous access....");
  SPWebApplication webApp =
  SPWebApplication.Lookup(new
  Uri(webAppUrl));
              webApp.ClientCallableSettings.AnonymousRestrictedTypes.Remove(typeof(Microsoft.SharePoint.SPList),
  "GetItems");
              webApp.ClientCallableSettings.AnonymousRestrictedTypes.Remove(typeof(Microsoft.SharePoint.SPList),
  "AddItem");
              webApp.Update();
  Console.WriteLine("Enabled Anonymous access!");  
  // Revokes Add/Get Item operation using anonymous access
  private static
  voidRemoveAnonAccess(){
  Console.WriteLine("Disabling Anonymous access....");
  SPWebApplication webApp =
  SPWebApplication.Lookup(new
  Uri(webAppUrl));
              webApp.ClientCallableSettings.AnonymousRestrictedTypes.Add(typeof(Microsoft.SharePoint.SPList),
  "GetItems");
              webApp.ClientCallableSettings.AnonymousRestrictedTypes.Add(typeof(Microsoft.SharePoint.SPList),
  "AddItem");
              webApp.Update();
  Console.WriteLine("Disabled Anonymous access!"); 
  http://www.fiechter.eu/Blog/Post/12/Create-a-survey-for-anonymous-users-on-Office-365
  If this helped you resolve your issue, please mark it Answered

• We have a long list of disabled/deleted users in AD Somehow, they are still appeared as active user in Sharepoint Online. How do we get rid of those list? Hope you can advice. Thanks.

  we have a long list of disabled/deleted users in AD
  Somehow, they are still appeared as active user in Sharepoint Online.
  How do we get rid of those list?
  Hope you can advice. Thanks.

  SharePoint does not remove users from SharePoint permissions just because they were deleted/disabled in AD. This is to maintain referential integrity. In fact, when you delete a user from SharePoint, that user remains in the SharePoint content database,
  just marked as deleted.
  They do not have access to SharePoint given their account is deleted/disabled. But as far as automatically managing this, I'm not aware of a tool. On-prem there is Metalogix ControlPoint which does a great job of this, I haven't explored the O365 options.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.