ACE and ANM RBAC - Single user with Admin access

Similar Messages

• Set Single user with reviewer access to multiple conference room calendars

  Want to add a single user with reviewer access to multiple conference room calendars, used the below but it given a below error , Single user i am able to add but single user for multiple confernce room calendars hot happening.
  Import-csv C:\smtp1.csv | foreach-object {Add-MailboxFolderPermission -identity $_mail":\Calendar" -User "Mike" -AccessRights "Reviewer"}
  Smtp1.csv
  mail
  [email protected]
  [email protected]
  Error:--
  [PS] C:\>Import-csv "C:\smtp1.csv" | foreach-object {Add-MailboxFolderPermission -identity "$_mail:\Calendar" -User "Mike" -AccessRights "Reviewer"}
  The specified mailbox "\Calendar" doesn't exist.
      + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : 78C23328,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission
  The specified mailbox "\Calendar" doesn't exist.
      + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : 78C23328,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission
  The specified mailbox "\Calendar" doesn't exist.
      + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : 78C23328,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission
  The specified mailbox "\Calendar" doesn't exist.
      + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : 78C23328,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission

  i tried with that as well but getting the below
  A positional parameter cannot be found that accepts argument ':\Calendar'.
      + CategoryInfo          : InvalidArgument: (:) [Add-MailboxFolderPermission], ParameterBindingException
      + FullyQualifiedErrorId : PositionalParameterNotFound,Add-MailboxFolderPermission
  A positional parameter cannot be found that accepts argument ':\Calendar'.
      + CategoryInfo          : InvalidArgument: (:) [Add-MailboxFolderPermission], ParameterBindingException
      + FullyQualifiedErrorId : PositionalParameterNotFound,Add-MailboxFolderPermission
  A positional parameter cannot be found that accepts argument ':\Calendar'.
      + CategoryInfo          : InvalidArgument: (:) [Add-MailboxFolderPermission], ParameterBindingException
      + FullyQualifiedErrorId : PositionalParameterNotFound,Add-MailboxFolderPermission
  Cannot process argument transformation on parameter 'Identity'. Cannot convert value "" to type "Microsoft.Exchange.Configuration.Tasks.MailboxFolderIdParameter". Error: "Valu
  e cannot be null.
  Parameter name: mailboxFolderId"
      + CategoryInfo          : InvalidData: (:) [Add-MailboxFolderPermission], ParameterBindin...mationException
      + FullyQualifiedErrorId : ParameterArgumentTransformationError,Add-MailboxFolderPermission

• Additional User with admin rights

  Hi all,
  i checked the documentation but i could not found a possibility to create an additional user with admin rights to access the Vibe Management Console.
  Does anybody know if this is possible and how to do this?
  Thanks in advance
  Alex

  Hi Willem,
  thank you for the great post. It did the job very well.
  Alex
  >>> <[email protected]> schrieb am 1.8.2013 um 07:46 AM:
  > arlorenz;2275156 Wrote:
  >> Hi all,
  >>
  >> i checked the documentation but i could not found a possibility to
  >> create an additional user with admin rights to access the Vibe
  >> Management Console.
  >> Does anybody know if this is possible and how to do this?
  >>
  >> Thanks in advance
  >>
  >> Alex
  >
  > Hey Alex,
  >
  > Yes, that's possible. It's somewhat a twofold/threefold process, as
  > you have to give an accounts right to administer the zone, and then also
  > have to give that account rights to the personal workspace root (to be
  > able create/delete user accounts) and any workspaces that need to be
  > administered.
  >
  > I always create an vibe-admins group (local group) that gets the rights
  > to the zone and workspace roots. Then add the needed users to that
  > group.
  >
  > Access for the zone can be set within the administration console:
  > https://www.novell.com/documentation...ata/bk4saug.ht
  > ml
  >
  > Then add the needed rights on the workspace roots, Global, personal &
  > team workspaces.
  >
  >
  > !Do note that admin is the only user that is not allowed to get
  > blocked. Other admin users can be filtered out via ACL's.
  >
  >
  > Cheers,
  > Willem

• Users with direct access to tables

  I need to find out which users have direct access to tables, not through the roles.
  Is dba_tab_privs the right table to query or table_privileges is the correct one.
  Please let me know the difference between these two.
  I have gone through the documentation but I am still not clear about the difference between them.
  Let me know whatever your thoughts are on this.
  Thanks,
  Rushi

  Ah, an opportunity to illustrate the value of COMMENTs:
  SQL> select * from dict where table_name = 'TABLE_PRIVILEGES';
  TABLE_NAME
  COMMENTS
  TABLE_PRIVILEGES
  Grants on objects for which the user is the grantor, grantee, owner,
  or an enabled role or PUBLIC is the grantee
  SQL> select * from dict where table_name = 'DBA_TAB_PRIVS';
  TABLE_NAME
  COMMENTS
  DBA_TAB_PRIVS
  All grants on objects in the database
  SQL>So, TABLE_PRIVILEGES is a view relevant to the user who is currently connected and SELECTing from it.
  DBA_TAB_PRIVS is what you want to use to find users with direct access granted to tables.

• Security batch job to evaluate users with SAP_ALL access:

  Hello,
  I need to run some kind of batch report or program that runs for users that have SAP_ALL access.
  Basically we need to run a report or program that shows what these users that currently have SAP_ALL are executing on a daily basis.
  Do you have or know of a report/program that we can schedule nightly to find this information out ?
  Thanks,
  Steve

  Hi Steve,
  I don't think any SAP standard report or query is available for this. You probably have to design your own Z report/query to achive this.
  However since SAP_ALL is a restricted access and you will have very few users with this access, if you want to find it out programs/transation being executed by these users, it can be done manually from ST03, through "Memory Use Statistics", probably this may help to identify the tables using which you can design your own report.
  Regards,
  Sanujit
  Edited by: Sanujit Purohit on Jul 20, 2010 2:25 AM

• Why the apple store is so expensive and why the apple users can't access for free after spending huge amount in apple phone ?

  Why the apple store is so expensive and why the apple users can't access for free after spending huge amount in apple phone ?

  The Apple store is correct. The warranty is not international, and Apple will not accept or return iPhones shipped from a different country.  You need to ship the phone to somebody in Hong Kong who can take it in to Apple for repair, or pay a third party repair shop in the Philippines to fix it.

• Second user with admin, but blocked copying from hard drive

  I noticed today that my new iTunes will not drag and drop songs into playlists. I can do it if I right click on highlighted songs, right click and select the appropriate playlist. Its a pain doing this and not too intuitive as just drag and drop. I searched and found many people have this issue.
  I also realized that can't copy anything from my external drive (iTunes library is also located here) I press command I and realized its locked and after entering password the lock is open. However I still cannot copy songs out of the drive. What the **** is happening? I have used iTunes for over 6 years now and never had this problem. Can someone let me know how I can unlock the external hard drive?
  Just to let you know this laptop is originally installed by my wife with her user. I added my own later so we both have admin access. So not sure why this is happening.
  Cheers for all advice.
  Thanks

  I used my own account to start copying all my songs onto this MBP. I need this for my djing, so it helps if I can custom my playlists and organize my music.
  I could try deleting the other user but not sure how to do this.
  I am not getting any error messages. I can drag songs but when I put them in the playlist folder or out onto the desktop, the highlighted songs bounce back to its original position. No "+" signs either.
  I have the same setup on another mac with the same iTunes latest version. This is the first time its happened to me after many years of using iTunes.

• How to add user with admin priviledges to  multiple machines

  Hi all,
  I would like to be able to create a local ARD user on each machine on the network, with admin privileges on the machine. Is this possible?
  The custom client installer seems to only allow adding standard users. Is there away I can create a Unix command that I could send to each machine, to add an administrator user? Your advice would be greatly appreciated.

  Since machines ship with ARD 2 already installed, rather than go through the hassle of creating a Client package and having to edit that, you can simply run a shell script to take care of everything.
  We utilze a BASH script to create the ARD user, set the password of the user, hide it in the login window, add the user to the sudoers file (just to make sure the user can sudo), and add the path to kickstart to the PATH variable in the default .profile (/etc/profile) so that you can use kickstart without having to type the entire path.
  Script follows:
  #!/bin/bash
  # add kickstart to path
  echo "PATH="\"/bin:/sbin:/usr/bin:/usr/sbin:/System/Library/CoreServices/RemoteManag ement/ARDAgent.app/Contents/Resources:/Developer/Tools"\"" >> /etc/profile
  export path
  # add ARD user
  niutil -create . /users/arduser
  niutil -createprop . /users/arduser gid 499
  niutil -createprop . /users/arduser uid 499
  niutil -createprop . /users/arduser shell /bin/bash
  niutil -createprop . /users/arduser home /private/var
  niutil -createprop . /users/arduser realname ard
  niutil -createprop . /users/arduser shadowpasswd
  niutil -appendprop . /groups/admin users arduser
  # now set the passwd for the ard user
  dscl . -passwd /Users/arduser ardpass
  # now add to the sudoers file
  echo "arduser ALL=(ALL) ALL" >> /etc/sudoers
  # now hide the ARD user from the loginwindow process
  mkdir /var/temp/
  cp /Library/Preferences/com.apple.loginwindow.plist /var/temp/com.apple.loginwindow.bak
  defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add arduser
  /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/ki ckstart -configure -users arduser -access -on -privs -all
  exit 0
  Just copy that into a text file, chmod it to 755 and you can then run it on the machine. We will put it at the root of the hard drive, run it, and then remove it. If you want the script to delete itself, just put the following before "exit 0":
  rm $0
  That will delete the file.
  Hope that helps out.
  Steve
  XServe G5, XServe RAID (1TB), MacBook Pro Mac OS X (10.4.6)

• User with admin rights can't access files through the command prompt

  I have a strange situation where I have 2 users both setup exactly the same with admin rights on a 2003 (32 bit) server through an AD group membership, but one can do everything as expected but the other can't.
  The one that can't is trying to execute a program is a command prompt and keeps getting access denied or invalid directory when trying to cd into the folder.   I double and tripled check the permissions and they are correct, this person should have
  full admin.  In fact I did a effective permissions through explorer and it states full rights.  Along those lines this person can also access the folder in question through explorer just not a command prompt. 
  Has anyone seen this before ? and if so what can be done about it.
  Thanks

  Hi,
  Can the user execute the program through explorer? In Windows Server 2003, the Users group does not have Read and Execute permissions to the command processor (Cmd.exe). 
  You could refer to the article below to resolve the issue:
  "Access is denied" error message when you run a batch job on a Windows Server 2003-based computer
  http://support.microsoft.com/kb/867466
  Best Regards,
  Mandy 
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• To create new user for rpd with Admin access in obiee 10g

  Hi All,
  I need to create a user in RPD which has equivalent privileges as Administrator in RPD.Please note that this is for accessing RPD Admin not for Dashboard admin access.Can anyone please let me know of how we shall implement this?..
  Regards,
  Vengatesh.

  Hi,
  Create a user and give the check box for 'Administrators' group and check.
  If required give 'Presentation Service Administrator'group too.
  In Settings->Manage Privileges you can restrict the user to the Answers.
  Hope this helped/ answered
  Kind Regards
  MuRam

• Users with Admin Rights

  I've been looking through the Admin Ref Manual and Admin Guide (9.0.42) to see if there is a way to list the users that have been given Administrative rights on any given node within the node network on our server. I thought I remember seeing this documented somewhere but now I can't find it.
  Does anyone know if it's possible and if so where is it documented?
  Thanks in advance for you words of wisdom! :)
  -Gail

  In the BASIC web browser login popup there is a read-only field called
  "Realm". This is what is specified in the tab. It is merely there for
  informational purposes for the user logging in.
  Neil Smithline
  WLS Security Architect
  BEA Systems
  "veena" <[email protected]> wrote in message
  news:3ae5ab86$[email protected]..
  does weblogic support different security domains for different web
  applications ? if not, what is the purpose of the Auth Realm Field in the
  Other Tab when installing a web application ?
  Veena.
  "Neil Smithline" <[email protected]> wrote in message
  news:3ae563d4$[email protected]..
  This is not possible in current WLS releases. Each "administrativedomain"
  (referred to simply as a "domain" in WLS doc) corresponds to one andexactly
  one "security domain". Users have the same permissions throughout the
  domain.
  We are currently considering various options for how to support this inthe
  future.
  Neil Smithline
  WLS Security Architect
  BEA Systems
  "Nick Roberts" <[email protected]> wrote in message
  news:[email protected]..
  Can anyone provide information about how to have different users
  have admin rights to different servers in a domain ?
  Is there any documentation on the different resources defined in
  the ACLs list of the default server ?
  Nick

• User with admin priviliges

  Hi,
  I have a user created from EM.
  However, this user have limited priviliges (cannot create a table, cannot create within a tablespace).
  How to create a user with DBA priviliges?
  thx

  Hi.
  You do this by granting the DBA role to them.
  SQL> GRANT DBA TO user;
  Remember, DBA is a very powerful role. Only grant it if you are sure it is necessary, otherwise it is a massive security blunder.
  Cheers
  Tim...

• No User, No Admin Access -- Clean install?

  The only user on my laptop does not have admin access so i tried to run this to get admin rights:
  +I lost my admin user (Mac OS X 10.4 and earlier)+
  +If you are unfortunate enough to delete your only admin user, or remove his admin capability, then as long as you have another user with login capability, you can give that user admin rights as shown below. You can then re-create the original user or reinstate the admin capability using NetInfo Manager.+
  +Print this post out in a mono-spaced font, and type carefully, paying attention to spaces and punctuation, since you cannot copy/paste in Single User mode.+
  +Caution: in single user mode you have root privileges. Be careful! Substitute the name of 'youruser' below.+
  +Boot into single user mode (Command-S) at startup which will eventually get you a shell prompt (ending in #). Then type the following:+
  +fsck -fy+
  +Repeat the above until it says your disk is OK. Then continue with+
  +mount -uw /+
  +nicl -raw /var/db/netinfo/local.nidb -merge /groups/admin users youruser+
  +If you get a message saying "invalid path", then type these two commands first:+
  +nicl -raw /var/db/netinfo/local.nidb -create /groups/admin gid 80+
  +nicl -raw /var/db/netinfo/local.nidb -create /groups/admin passwd '*'+
  +and then repeat the "nicl ... -merge" command. Then:+
  reboot
  +You will now be able to login as 'youruser' and have administrative privileges.+
  +Membership of the 'admin' group is the only thing that distinguishes administrative users from ordinary users.+
  Now the computer will boot up but NEVER comes to the desktop. I think my best option is to just clean install. however, the computer will not let me boot from a CD (nor did it before i messed up the user). Is there a way i can wipe the harddrive another way or some other way to reinstall the OS?
  thanks

  I ran the 10.3.9 combo as a stand alone update

• Users with read access to the site unable to view Managed Metadata Navigation

  Hi everyone,
  I created a Managed Metadata service and created group, term-set and terms
  I gave read access to users
  I set up navigation to use Managed Navigation
  I am logged in as farm admin and able to view the navigation when i browse site. But user are not seeing navigation.
  One thing i noticed is when i give users full access or designer access to site they will be able to see the navigation. but i don't want to give users full access or designer access to the site.
  How can users with read only access to site can view Managed Metadata Navigation...Please help?

  Hi Sunil,
  Have you given your users permissions to actually read the MMS data from the service application?
  http://technet.microsoft.com/en-us/library/ff625176.aspx covers permissions on the MMS.
  Regards
  Paul.
  <<edit>> On reflection you might be hitting the issue in this Stackexchange post..
  http://sharepoint.stackexchange.com/questions/75636/permissions-and-managed-metadata-in-navigation Is yours behaving the same way?
  Please ensure that you mark a question as Answered once you receive a satisfactory response. This helps people in future when searching and helps prevent the same questions being asked multiple times.

• User with Full Access to mailbox cannot view calendar

  I have a user who one of several users that manages the schedules for several conference rooms using regular mailboxes on Exchange Server 2007.  She (and she alone), has lost the right to manage the mailbox calendar.  When she tries to access the
  calendar she gets the error message, "You do not have permission to view this calendar".
  I verified her rights as Full Access and even ran the cmdlet below which says, "Appropriate ACE is already present on object ".
  [PS] C:\Windows\system32>Add-MailboxPermission -Identity "mailbox" -User user -AccessRights FullAccess -InheritanceType All
  WARNING: Appropriate ACE is already present on object "CN=mailbox
  49,OU=Service Accounts,OU=  xxx,OU=xxxxx),OU=xxx,DC=xxx,DC=xx,DC=xxx" for
   account "user".
  Identity             User                 AccessRights        IsInherited Deny
  Domaim      domain\user       {FullAccess}        False       False
  When I get the permissions on the mailbox she has the following:
  AccessRights    : {FullAccess}
  Deny            : False
  InheritanceType : All
  User            : domain\user
  Identity        : domain/OU/OU/OU/mailbox
  IsInherited     : False
  IsValid         : True
  ObjectState     : Unchanged
  Any help out there?
  [email protected]

  Hi,
  According to your post, the permission seems to be configured properly in your Exchange server. This user has full access permission to Domaim’s mailbox.
  Please try to open shared mailbox in OWA to check whether she can access the calendar. In Outlook, we can open shared calendar in Calendar panel by clicking Open Calendar > Open shared calendar. If it fails, please try the following steps:
  1. Click File > Account Settings > Change > More Settings > Advanced.
  2. Add the Shared mailbox that you want to open and click OK.
  If there is any updates, please feel free to let us know.
  Best Regards,
  Winnie Liang
  TechNet Community Support