Access rights specifically on the repository

Hi,
Is it possibe to have a user id having access right only on the livecycle repository ? If yes then how ?
Somebody please help .

I'm not sure what you are asking.  Rights Management is used to apply encryption, control access (authentication) and to enforce specific permissions (i.e. print, no print) on PDF amd MS Office documents.
It is not used to control access to a repository, but is can protect documents in a repository.
Hope this helps.
Steve

Similar Messages

  • Keep Receiving: Error is: 'Insufficient access rights to perform the operation' When running script

    Hello. I have a powershell script I run in our domain to disable AD accounts. Part of that also removes the users from all AD groups. That part of my script however keeps throwing up this Error is: 'Insufficient access rights to perform the operation'
    error. 
    Now from our Exchange server if I run this script with powershell, things work fine. But running it on the domain controller is when I get this error. Thoughts? 

    Thanks Anna!
    I was able to add this code below in to the script where it kept erroring out and it then worked. I had to point it to a different DC then it was running on. 
    –Server comp1.test.server.com
    Thanks again!

  • Set-aduser : Insufficient access rights to perform the operation

    I am a domain admin, enterprise admin, exchange admin, domain user, and others.
    While running a PS on a DC as the administrator, The commands I'm running are ...
    $expdate = get-date -date '01/01/2014'
    set-aduser -identity testmail5 -accountexpirationdate $expdate
    I get the following error ...
    set-aduser : Insufficient access rights to perform the operation
    At line:1 char:1
    + set-aduser -identity testmail5 -accountexpirationdate $expdate
        + CategoryInfo          : NotSpecified: (testmail5:ADUser) [Set-ADUser], ADException
        + FullyQualifiedErrorId : Insufficient access rights to perform the operation,Microsoft.ActiveDirectory.Management.Comm
       ands.SetADUser
    I then switch to a different DC, the command 'might' work once, but will never run again in the same window.
    Then I tried this ...
    start-process powershell -verb runas
    That gave me an additional PS window, and I then tried running the commands again.
    Same error message.
    So I tried the following command ...
    $expdate = get-date -date '01/01/2014'
    set-aduser -server XXDC03 -identity testmail5 -accountexpirationdate $expdate
    Same error message.
    Is there any way that I can get around this problem?
    Please help.

    Keep in mind that the account used to open the PowerShell session must be the same account you're using to open ADUC. The error message means that Set-ADUser is trying to set the attribute for the account, but it's failing. Make sure to test with multiple
    different accounts, in case the access control list of the object you're trying to modify is the cause of the problem.
    Your PowerShell syntax is valid, so this isn't really a scripting question but a security/directory services question.
    -- Bill Stewart [Bill_Stewart]

  • Lync Server Control Panel : Insufficient access rights to perform the operation;

    Hi team,
    I have a strange problem in managing Lync users through control panel. But I can enable/disable and Manage users through power shell. Am getting an error " Insufficient Rights to perform the operations" when i try through control panel
    Please can someone help me urgently on tihs. I have all the users in a separate OU from where the RTC and CS groups are available. Is there any issue with the delegation?

    Hi,
    You will receive this error message when you attempt to manage Lync users who are members of protected admin groups in Active Directory (such as Enterprise Administrators etc.).
    Typically I use Lync Management Shell, so don't get this error often as it only occurs in the Control Panel.
    Editing the properties of the user object you are attempting to enable / disable in AD, and enabling inheritance on under the security tabs advanced options will also work around the problem, but you may not wish to do this. The inheritance change will revert
    itself in 15 minutes or so I believe.
    Perhaps someone can advise of an alternate solution through group membership / permissions, but as I don't have the issue often I've not looked into it at any great depth.
    Kind regards
    Ben
    Blog:www.gecko-studio.co.uk/ 
    Twitter:
      LinkedIn:
      Facebook:
    Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems
    or queries.

  • My page is split left sidw is the site i am trying to access, right side is the Mozilla fire fox help page how do i remove the right side? How do I make home page? How do i syncranize?

    As above. I can not find any were to close the right side page?

    Opening in the side bar is the default for bookmarks that are created via a link or button on a website.<br />
    You can check the Properties of a bookmark via the right-click context menu in the side bar (Ctrl+B; Cmd+B on Mac).<br />
    In the Bookmarks Manager (Bookmarks > Show All Bookmarks) you can click the More button in the Details pane at the bottom right.<br />
    Make sure that "Load this bookmark in the side bar" is not selected.<br />

  • Allow dashboard to be accessed by users with no access rights to the plateform

    There are some users which would like to access a specific dashboard without having access rights to the platform, and we are searching for a solution. What we want is a scheduled job that would update the dashboard data or make the dashboard accessible in an offline mode, but it seems that these solutions are not applicabale.
    If you have implemented a solution before or find a work-around, please let me know.
    Regards.

    Hi Sawaf,
    This can be done using "Widgets" which is one of the BO BI Platform client Tools.
    1. You need to create a separate user id for the user and provide view access rights only for the required dashboard that has been saved in BI Launchpad.
    2. User need to install widgets on his local machine, create a new host for the required BI Platform by entering the Server IP address and Login Credentials as below.
    3. After entering all the details, it shows a message that "server logged in successfully". Right click on the widgets icon from the taskbar, click on document list explorer. It shows the documents in the BI Platform, select the dashboard and double click on it. after the dashboard is opened in the Widgets window drag it onto the user desktop and run it.
    4. In this way user can view dashboards or reports on his desktop without any access to BI platform.They can keep the file opened on their desktop all the day also.. Session does not expire in this method.
    5. If you want data to be refreshed for every 1 hour or so.. keep a query refresh button in the dashboard, select all the queries in it and select a trigger cell. You can write a excel function in that trigger cell so that the cell value changes every 1 hour (OR) select refresh every 1 hour option from the bex query properties in the dashboard.

  • Using BV stored in the repository brings up ODBC(RDO) dialog box

    Post Author: matthewh
    CA Forum: Data Connectivity and SQL
                                                      Hi - not sure if this is the right forum - tried elsewhere on this site with no joy, and been struggling with this for 2 days now, and I really need it sorted,  so here goes:I'm trying
    to get a report designed on my desktop PC with Crystal XI  connecting
    to my remote server running Crystal Server XI R2 & MySQL 5.  I have
    a business view created and I can access it fine via the repository, but when I go to
    create the report or browse the data in the fields I get the ODBC (RDO)
    dialogue box asking for a DSN!  Surely the point of the server is that it
    handles all the connectivity?  I have the password stored with the
    connection in the repository on the server - have I set up something
    incorrectly at the server end?  I've used all bog-standard settings,
    nothing fancy or different and using Enterprise authentication.  I've tried using single sign-on but couldn't get it to work.  This
    is my first proper report against a data warehouse I'm building and my
    first use of Crystal Server in anger, so it's possible I've missed
    something. Also - is the Data Connection user name and password the Enterprise user name or the database user name? 

    Hi Houffle,
    You need to provide more details. For example, I cannot reproduce the behavior you describe by doing the following:
    1. Create a "minprivs" user on a 10g XE database
    2. Grant connect, resource to minprivs;
    3. Create a connection for minprivs of type=Basic with Host/Port/SID=localhost/1521/xe
    4. Connect to minprivs
    5. Create a procedure in minprivs (without any dependencies on any other schema):
    create or replace PROCEDURE secure_dml
    IS
    BEGIN
      IF TO_CHAR (SYSDATE, 'HH24:MI') NOT BETWEEN '08:00' AND '18:00'
            OR TO_CHAR (SYSDATE, 'DY') IN ('SAT', 'SUN') THEN
         RAISE_APPLICATION_ERROR (-20205,
              'You may only make changes during normal office hours');
      END IF;
    END secure_dml;Running this procedure either normally or in debug mode works without an additional password prompt. It does not matter whether the Save Password check box was ticked or not in the New / Select Database Connection dialog.
    Regards,
    Gary
    SQL Developer Team

  • Access rights in case of a tree-like structure, with inheritance

    Hello,
    the project I've just started to work on should include an easy way (from the user's point of view) to grant/revoke access rights on a tree-like structure with inheritance.
    Basically we are working for several international companies who want to use our application to watch/manage some of their web projects - each project belongs to one company and consisting of several 'campaigns' in several countries (there can be several campaigns per country, but each campaign belongs to exactly one country).
    From our point of view this is a tree-like structure, with a 'root' node at the top level, 'companies' at the first level, 'countries' at the second level, 'campaigns' at the third level, and modules of our application (for example a module to display overall stats of the campaing, and so on) at the fourth level. There could be (and probably will be) some more levels, but that's not important at this point - it will always be a tree-like structure.
    The customer's reqirements are natural - the administrators should be able to grant/revoke access to 'subtrees' of this structure. For example the top managers should be able to see all the data related to their company, the local managers should be able to see all the data related to their company in the country they work in, etc. On the other hand the relular employees should not see some of the modules (with details about clients of the company).
    I wonder whether this can be solved using JAAS in an elegant and flexible manner - from the documents / whitepapers / tutorials I've seen till now it seems to me it seems to me not too suitable.
    All the data will be stored in relational database (Oracle, and in some cases PostgreSQL), and it would be nice to have the access rights stored in the same way (but it's not required). We have some ideas how to solve that using a single table containing paths in the tree, but at this point it's only an idea (not a single line of code written).
    We are sure somebody has already to solve such a problem - maybe using JAAS, maybe some other technology - and we don't want to reinvent a wheel. Do you have an idea how to solve this (using JAAS or something else)?

    Well, I forgot to explain what the 'inheritance' means ...
    We do not want to set the access right on each node of the tree - we prefer (as well as the users) to set/store only as much information as needed. We'd like the nodes to inherit the access rights from their parent nodes. For example we'd like granting access to particular project to mean granting access to all campaigns in all countries (related to the project), without the need to set and store these rights for each of the campaigns/countries.

  • Insufficient Access Rights when trying to modify send as permissions on a public folder

    Where I work, we have 2 mailbox database servers and 2 cas servers on Exchange 2010, upgraded from Exchange 2003. We are finding that when trying to grant a user send as rights to a publlic folder we are getting an Insufficient Access Rights error. The
    bizzare thing is for one particluar folder we can amend the send as rights with no issue on one of the cas servers but not the other cas or either db servers.
    You would have thought if it was a user permissions issue i.e the adminsitrator not having sufficent rights it would fail on every server and likewise if it was a problem with the folder itself, why is it working on one of the cas servers? Also on
    the one server this particluar folder does allow us to amend the rights, when we try to amend others we get the same error 
    If anyone has come accross this before and knows a fix please share it.
    Thanks

    Hi,
    Please check the ownership of the affected public folder to make sure it points to the right server.
    Here is a similar thread which may help you, please following the suggests in this thread to check result.
    https://social.technet.microsoft.com/Forums/office/en-US/0960b944-82b2-42f1-b438-a7d57b7ab783/insuffaccessrights?forum=exchangesvrgenerallegacy
    Best regards,
    Belinda Ma
    TechNet Community Support

  • Canos EOS 60D: file access rights differ, dependant on mode of import

    I have stumbled upon the most stupefying and inexplicable inconsistency when importing photos from the Canon EOS 60D into iPhoto 09 via USB cable. I then move these files into a new empty folder on my desktop. Some files have access rights allocated to the user group "staff", and some do not. I discovered that pictures taken in portrait mode (camera rotated 90 degrees) have the "staff" access enabled, and those taken in horizontal mode do not. But this gets better still: when I take the very same Transcend 16 GB SDHC card and import these very same pics via the built-in SD slot and iPhoto on the iMac and move these pics to a new empty folder, ALL of them have "staff" access rights. Strange, right?
    Interestingly, this does not happen when I use a Canon EOS 20D. All pics get the "staff" group allocated with the 20D via USB.
    This is really bothersome, because I usually import via USB and move these pic folders to a 10.4 server. No "staff" means that the ACL´s don´t work properly, and I have to manually change access rights for other users.
    Anyone out there have an idea or an explanation for this? I really am at a loss this time.....
    Harald

    Haven´t tried image capture yet, will do so on Monday. Will also try copying files directly off of the card, into a new folder (bypassing iPhoto) to see what happens.
    Thing is that users on the network rely on the simplicity of the iPhoto import, which is why I am keen to find the cause of this anomaly. Any other ideas out there on what the cause might be?

  • I have a requirement where I have to give the list of users who can access a specific computer. I am new with PS. Do you have a script to list users that can access a computer object of AD ?

    I have a requirement where I have to give the list of users who can access a specific computer define in AD.
    I am new with PS.
    Do you have a script to list users that can access a computer object of AD ?
    I have executed the following script  but it does not give me the access rights of who can access the computer 'computername'
    How can i have this information. please help
    Import-Module activedirectory
    $computer=get-adcomputer "computername" -properties ntSecurityDescriptor
    $omputer.ntsecurityDescriptor.Access | select-object -expandproperty IdentityReference | sort-object -unique

    I would say that, since the OP has so little info, there are no policies in use.  It there were then this question would never be asked the way it is being asked.
    I had a client call with a letter from their insurance company; an accountant with malpractice insurance.  THey asked the same question inmuch the same way.  "What computer can you users access?"  The question should be more like
    "Do you have a policy that restricts access to computers and do you audit for compliance?"
    I have had other clients whose insurance asked the question in that way.  It produces a better view of what should be happening and how to show compliance.
    I recommend that companies being asked these questions by their legal departments or insurance companies should contract with a god computer security consultant to assist with answering these very tricky questions.  Of course if it is just you boss's
    curiosity  then you may need to discuss his requirements with him in more depth.
    ¯\_(ツ)_/¯

  • Repository Access Rights

    There are several right you can grant on a workarea
    -Administrate Grant, revoke or delete access rights on a repository
    object
    -Compile Refresh a workarea
    -Delete Delete an object (or perform force delete or purge if they have
    the necessary repository privileges)
    -Insert Create an object
    -Select Query an object
    -Update Modify an object
    -Update Spec Redefine a workarea
    -Version Check out/check in an object
    What Access Rights are usually applied to a developer in a shared
    workarea?
    null

    Hi,
    Typically, you would want to grant all of those except administrate and delete/purge. But it depends on your own team's security policies (for example, you might decide that developers are not allowed to alter the spec of a shared workarea so that other team members are not affected by changes).
    Brian

  • Overload the default access right policies?

    Hello,
    We want to use Oracle Content Database to implement a DMS for a bank, who has complex access rights (as an example, imagine that the access rights become more restrictive after 8 PM).
    Hence our question: is it possible to overload the standard access rights of Oracle Content Database with our own hand-crafted policies, e.g. provided in a stored procedure?
    Thanks for any help
    Pascal Sartoretti

    Hi Pascal,
    I understand.
    I think what you wrote is enough for me to get a better understanding of what you're trying to do: each document in CDB may map to a transaction in an external banking application, each of which may imply its own security policy in some way.
    You are correct -- there is no way to override the security model of CDB with another implementation.
    However, you can change the security configuration for folders or documents in CDB programmatically with the CDB API. Therefore, it is possible to update a security configuration in CDB to match a security policy defined by an external application, as long as you can set up a "trigger" mechanism that is invoked when changes are made to the external application that need to be applied to CDB.
    Of course, you will need to come up with a mapping from your external application's security model to CDB's model that is based on users, groups, and roles. Given that you are able to create custom roles and ad-hoc groups in CDB, this should be possible, depending on the complexity of your external application's security model.
    You can also use the CDB EventHandler feature to implement a time-based custom "trigger" that can be implemented to make changes to CDB security at various intervals based on the rules you want to enforce.
    I have another question about the application you are planning:
    - Do you envision end-users accessing CDB directly, and using the built-in user interfaces, such as the Web GUI and ODrive?
    - Or do you think it will be more likely that end-users will access the external "banking application" directly, which would have a custom user interface and specific features for banking?
    In the second scenario, the banking application would use CDB "behind the scenes" to store and retrieve documents required by the banking application. (CDB would not need to have users and passwords for the end-users -- only one (or a few) "application" users that would be used to provide access to the banking application.)
    - Luis

  • HT201304 Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?

    Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?

    you might be able to block it if the app uses Internet access
    and depending on your wireless you might be able to block a specific user
    accessing the backend host that the app uses
    some firewalls offer application filtering but I'm not aware of any that work with ios apps

  • How to define a new user in Enterprise manager with Specific access rights?

    Hi,
    I want to create a new user in OEMS 11g who should be able to access only the scheduler jobs section.
    How can this be acheived?

    You can create new administrators via the Setup --> Administrators page
    You can grant certain access rights to targets, you can not however grant priv to only access the job system
    Take a look at http://download.oracle.com/docs/cd/E11857_01/em.111/e14586/security3.htm#sthref235
    Regards
    Rob
    http://oemgc.wordpress.com

Maybe you are looking for

  • Change Workflow-Instance-Container values

    Hi Experts, I would like to ask you how to change a value in a container of a Workflow-"Instance". For e.g.: I have a workflow-instance which contains a (bor-) Object "Switchdocument". This switchdocument contains also a (Bor-) Object "serviceprovide

  • Material ledger price difference

    Hi experts, I am getting price difference in material ledger. the difference is in beginning inventory and cumulative inventory. Any suggestion why this is happening. Pls help. Regards, Vivek

  • Purpose of Adobe PDF Link Helper

    I have an idea of what this browser add-on does. AcroPDF.dll Adobe PDF Browser Control AKA  Adobe Acrobat Sharepoint OpenDocuments Component AKA PDF Browser Control Apparently if I disable it PDFs embedded in a page with the <embed> tag fail to funct

  • How do I remove a message that keeps automaticly when I try to send a new sms.

    how do I remove text that auto fills when trying to send a new sms

  • New keynote is extremely sluggish

    Yikes...you've broken keynote!  I am having a great deal of difficulty with the new Keynote...working on an iMac.  Moving objects results in multiple twirling disks of wait time...multiple tweaks when '09 keynote presentations are 'converted'...and t