ACLs and users

Hello,
I want to find out if I can create a custom ACL in which I restrict my users from being able to see the groups or ACLs when the login to the web interface?
i.e. they should just be defaulted to their home folder..
Please, let me know.
null

Hi GB,
take a look at: http://technet.oracle.com:89/ubb/Forum36/HTML/000210.html
this should do ...

Similar Messages

ACL and user with more than one group

I have a (simple) question, but I coudn't find answer in docs :(
My problem is:
I want to have in Tuxedo users, which belong to more than one ACL group. Each
of this group have some special rights, i.e. group A could execute services K,L,M
and group B could execute services M,N,O. If my user belongs to A and B group,
which rights it have? Your rights are sum of rights of group or common part of
them ? I will be very greatful for link to docs talking about it ....
Best regards
Dominik Michniewski

user3715462 wrote:
Hi All,
it's just a question
we're using R12 12.1.3 db: 11Gr2 on OUL5x64
is it possible for an oracle user that can have more than one email address?
i add 2 email addresses in E-MAIL box
and it did not seem to work.
Thanks in advance.
Regards,What email addresses are you referring to? Is this at the OS level or the database/application level? Please elaborate more.
Thanks,
Hussein

XSAN, ACLs and new OD users.

I have xSAN FS with enabled ACLs and OD.
If i create ACL for existing folders and assign groupe(A) permissions to it. Rules work perfect. But only for usesr in this group (A) which was added before ACL was assigned.
If i create new OD user and add it into group A after ACLs was configured. User have no group permisions to this folder.
Anybody meet this issue?

So do you want to have this new server running alongside the old one - or set up the new server for a subset of users and then decommission the SL server? If alongside, is it for redundancy or to provide a sperate set of services for a subset of users?
If alongside for redundancy, thne it makse sense to let it use the existing OD.
If it's for one of the other purposes, you'll need to:
1. Set the new server up in islation from the old one (this allows you to create a new OD master)
2. Configure services
3. If you need to copy/move user data from the SL server, you'll have to take services on the SL server offline for the time it takes to copy/move.

Default acl permissions for root and user?

after running permissions i keep getting acl permissions changed and will repair. Apparently it doesn't. Is their a manual way of resetting to defaults for both root and user.

Turns out they didn't change themselves, but authentication got out of whack. This post fixed it for me, but I just jogged access on ical and blogs. Not sure which or both is needed, but after I toggled them over and back I was up and running again.
<SNIP>
Solution found athttp://michaeljin.wordpress.com/2010/01/05/locked-out-of-mac-os-x-server/
It’s blog update time! Updates have been a little scarce lately, been super busy with getting trophies on PS3
Anyway, recently encountered the following with a Mac mini server running Snow Leopard Server:
Despite being able to ARD / Screenshare the Mac mini, I was unable to get any further than the login window. Authentication credentials are obviously valid. No weird access permissions have been set. However, the weird thing was, I can connect to the server via Server Admin tools (from another Mac) and all other services were running without a hitch.
After much head scratching it turns out to be a sACL (Service Access Control List) issue.
This thread solved the mystery!
http://discussions.apple.com/thread.jspa?threadID=1654864
To save you the trouble, I’ll lay it out here. I cannot take credit for this, but Randall can!
Open Server Admin on a computer (any), and connect with the local admin to the machine.
Select the server and authenticate.
Select Settings, then go to Access. You’ll want to make sure that Login Window and SSH have the local admin account listed if you select the option to “Allow only these users”. For now, I would suggest making sure all services have “Allow all users and groups” selected.
If (as in my case) it was set to Allow All in the first place, simply toggle the settings – back and forth.
Save.
Try logging in again… should be a good one!
</SNIP>

Need help with ACLs and propagating permissions

I'm currently setting up our new server, for which we're moving away from Windows entirely (both on the server and user workstation ends), and I'm currently having some questions about permissions. I've been scouring the OS X Server Advanced Admin pdf, but there are numerous holes in the exposition of permissions from the ACLs down to the proper way to propagate permissions when a manual touch is required. What I'm trying to do is allow one group to have read access only until they get to a certain subdirectory, at which point they can then write to that level; then for the second group, they only need read access for a specific folder down the line from the starting directory. I'll include some example images with a test folder I've created so that it may be a little easier to understand what my goals are with the Server app's permissions. Thank you in advance for all your help.

You need the advanced permissions editor. You are trying to convert inherited permissions to explicit. If I understand what you want, you would go about it like this.
You have two groups; GroupA and GroupB. GroupA is the limited group. You want them to be able to read everything and write to limited locations. GroupB can read and write everywhere. So based on your example, you would do this to start:
At the parent folder level, you are defining GroupA to be able to read and GroupB to read and write.
Now to drill down. In Server.app select your server. This is the first item in the side bar. On the right, choose Storage. Drill down to where your shared folder is located and select it. From the Gear menu, chose Edit Permissions as shown here:
You will note that GroupA and GroupB are both gray. This denotes that they are inherited entries at this level. You must break the inheritance and start over. To do this, press the small gear icon on the edit permissions sheet and choose "Make Inherited Entries Explicit." GroupA and GroupB will turn black, allowing you to edit them. Change GroupA from Read to Read Write. Press OK to close the sheet.
Now, if you already have data inside the folder, you can use the large gear menu and choose Propagate Permissions. This will ensure that your data will reset with the new ACL.
Reid
Apple Consultants Network
Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store
Author "Mavericks Server – Control and Collaboration" :: Exclusively available in Apple's iBooks Store

ACL on Users

Hi I have written the following function to create my own ACL and effect the
same on the
groups and a particular folder.Though the ACL object gets createdand gets listed
in the web browser view
, when i click it, i am not able to view the details,but instead , i get a
window saying"Unable to modify the ACL details"...The same
problem persists in the IFSMANAGR console also..
Also the ACL does not really work for the User..
that is, the User who should not view the folder is able to view it ,even though
the ACL is applied.
..I would be very greatful if someone could scrutinize the below code and
explain me the reason for the above behaviour.
public ISecurityPolicy createSecurityPolicy( String[] permissions ,
oracle.ifs.beans.Group aGroup, LibrarySession ifs,String name ){try{
AccessLevel permission = new AccessLevel(permissions);
AccessControlEntryDefinition aceDef = new
AccessControlEntryDefinition(ifs); aceDef.setAccessLevel(permission);
aceDef.setGrantee( aGroup.unWrap() );
AccessControlListDefinition ACLDef = newAccessControlListDefinition(ifs);
ACLDef.addAceDefinition(aceDef); ACLDef.setName(name);
new_acl = (AccessControlList)ifs.createPublicObject(ACLDef);
System.out.println("THE NEW ACL CREATED <Security policy>
:"+new_acl.getName() ); return this; }catch(Exception e) {
System.out.println("Error in the creation of the security policy <SECURITY
POLICY > :"+e); return null; } }
Thanks in advance,
Raja

Which user are you creating the ACL as ?. Which user are using when you try the access the ACL via iFSManager or the WebUI ?
Remember that when an ACL is created it inherits the default ACL of the user who created it. This means that in order to edit an ACL the user attempting to modify the ACL must have permission to update it.
I need much more information in order to be able to determine what you are trying to achieve and why it is not working.
Can you post the complete source to the class that contains the method in your earlier post.
If this class is not ISecurityPolicy please post the code to this class too.
Also where does oracle.ifs.beans.Group come from. The iFS Class which represents a Group is DirectoryGroup. If oracle.ifs.beans.Group is your own class please supply source.
Please post the code that shows how you set up the arguments to createSecurityPolicy. I need to see what permissions contains and where aGroup comes from.
null

Possible to automatize the creation of ACL and subfolders in KM ?

Hi,
I would like to create following folder structure
/root
 /subfolder elec/
 /subfolder user1/
 /subfolder user2/
 /subfolder documents/
 /subfolder LMS/
Subfolder user 1 : only user1 may have autorisations to this folder.
Subfolerd user 2 : only user2 may have autorisations to this folder
I can manage this autorisations by creating an ACL map -> details -> settings -> permissions
This is a good solution if therer were only a few subfolders to manage but I have to create +/- 9000 subfolders, for every user his own subfolder.
Does anybody knows if you there is a possibility to automatize the creation of those ACL and also the creation of the subfolder ?
Kind regards
Pascale Thys

Hi Pascale!
Here is a static method to create directories and provide them with permissions. It takes a resource residing in a directory called and creates new sub dirs for every iso language in the array languages. Then it copies the source resource into those new sub dirs.
It has everything you need to know about creation of dirs and files in km via API. Just adapt it to your needs.
 private static void createLanguages(
 IResource resource,
 String[] languages)
 throws ResourceException, WcmException {
 // iterate through languages and create copies of the original document
 // pattern is "com.xxx.<foldername><n>_<language id> with n >= 0
 // Folder of newly created document
 ICollection sourceDir = resource.getParentCollection();
 RID sourceDirRID = sourceDir.getRID();
 // Name (plus extension) of document
 RID resourceRIDName = resource.getRID().name();
 // Name of parent folder
 RID sourceDirRIDName = sourceDirRID.name();
 // source directory of new resource without language shortcut
 String sourceDirRIDNameBase =
 sourceDirRIDName.toString().substring(
 0,
 sourceDirRIDName.toString().length() - 2);
 ICopyParameter copyParams = new CopyParameter();
 RID destination = null;
 for (int i = 0; i < languages.length; i++) {
 String newDir = sourceDirRIDNameBase + languages;
 destination =
 sourceDirRID.parent().addPathSegment(
 sourceDirRIDNameBase + languages);
 // Create language dependend directory parallel to original, if not existing
 ICollection newCollection = null;
 try {
 newCollection =
 sourceDir.getParentCollection().createCollection(
 newDir,
 null);
 } catch (NameAlreadyExistsException e) {
 logger.info(
 "directory "
 + newDir
 + " already exists.");
 // Even if directory exists, add permissions
 try {
 if (newCollection == null) {
 IResourceFactory resourceFactory =
 ResourceFactory.getInstance();
 newCollection =
 (ICollection) resourceFactory.getResource(
 destination,
 sourceDir.getParentCollection().getContext());
 newCollection.setProperty(
 Property.createDisplaynameProp(
 destination.name().toString()));
 // Setting ACLs on newly created directory
 ISecurityManager sm =
 newCollection.getRepositoryManager().getSecurityManager(
 newCollection);
 if (sm != null && sm instanceof IAclSecurityManager) {
 IAclSecurityManager asm = (IAclSecurityManager) sm;
 IResourceAclManager ram = asm.getAclManager();
 // Inheritance has to be broken to include new permissions
 // Get a copy parent ACL
 IResourceAcl ra = ram.getAcl(newCollection);
 if (ra == null) {
 ra = ram.getInheritedAcl(newCollection);
 // Still no acl found? Permissions cannot be set
 if (ra == null) {
 logger.severe(
 " - no ACL found for "
 + newCollection
 + " no permission has been set!");
 } else {
 // Remove old ACL
 ram.removeAcl(newCollection);
 // create new ACL for current directory
 IResourceAcl raNew = ram.createAcl(newCollection);
 // Copy all acl entries from inherited acl to new acl
 IResourceAclEntryList rel = ra.getEntries();
 IResourceAclEntryListIterator it = rel.iterator();
 IResourceAclEntry aclEntry = null;
 while (it.hasNext()) {
 aclEntry = it.next();
 raNew.addEntry(aclEntry);
 IUMPrincipal allCountriesPrincipal =
 WPUMFactory.getGroupFactory().getGroup(
 "XXX_EDITOR_"
 + "ALL");
 // Editor for specific country
 IUMPrincipal thisCountryPrincipal =
 WPUMFactory.getGroupFactory().getGroup(
 "XXX_EDITOR_"
 + languages.toUpperCase());
 raNew.addEntry(
 ram.createAclEntry(
 allCountriesPrincipal,
 false,
 ram.getPermission(
 IAclPermission.ACL_PERMISSION_READ),
 0));
 raNew.addEntry(
 ram.createAclEntry(
 thisCountryPrincipal,
 false,
 ram.getPermission(
 IAclPermission.ACL_PERMISSION_READWRITE),
 0));
 // Now copy permission owners
 IUMPrincipalList permissionOwners = ra.getOwners();
 IUMPrincipalListIterator permissionOwnersIt = permissionOwners.iterator();
 IUMPrincipal principal = null;
 while (permissionOwnersIt.hasNext()) {
 principal = permissionOwnersIt.next();
 raNew.addOwner(principal);
 } catch (AclPersistenceException e) {
 logger.severe(
 "I raised an AclPersistenceException @"
 + (new Date()).toString()
 + ": "
 + LoggingFormatter.extractCallstack(e));
 } catch (ResourceException e) {
 logger.severe(
 "I raised a ResourceException @"
 + (new Date()).toString()
 + ": "
 + LoggingFormatter.extractCallstack(e));
 } catch (NotAuthorizedException e) {
 logger.severe(
 "I raised a NotAuthorizedException @"
 + (new Date()).toString()
 + ": "
 + e.getMessage()
 + "**"
 + LoggingFormatter.extractCallstack(e));
 // } catch (AclExistsException e) {
 // logger.severe(
 // "I raised an AclExistsException @"
 // + (new Date()).toString()
 // + ": "
 // + LoggingFormatter.extractCallstack(e));
 } catch (UserManagementException e) {
 logger.severe(
 "I raised a UserManagementException @"
 + (new Date()).toString()
 + ": "
 + LoggingFormatter.extractCallstack(e));
 } catch (InvalidClassException e) {
 logger.severe(
 "I raised an InvalidClassException @"
 + (new Date()).toString()
 + ": "
 + LoggingFormatter.extractCallstack(e));
 } catch (AlreadyAssignedToAclException e) {
 logger.severe(
 "I raised an AlreadyAssignedToAclException @"
 + (new Date()).toString()
 + ": "
 + LoggingFormatter.extractCallstack(e));
 } catch (PermissionNotSupportedException e) {
 logger.severe(
 "I raised a PermissionNotSupportedException @"
 + (new Date()).toString()
 + ": "
 + LoggingFormatter.extractCallstack(e));
 destination = destination.add(resourceRIDName);
 try {
 IResource newResouce = resource.copy(destination, copyParams);
 } catch (NameAlreadyExistsException e) {
 logger.info("file "
 + destination
 + " already exists.");
Imports needed:
import java.util.Date;
import com.sapportals.portal.prt.logger.ILogger;
import com.sapportals.portal.security.usermanagement.IUMPrincipal;
import com.sapportals.portal.security.usermanagement.UserManagementException;
import com.sapportals.wcm.WcmException;
import com.sapportals.wcm.repository.CopyParameter;
import com.sapportals.wcm.repository.ICollection;
import com.sapportals.wcm.repository.ICopyParameter;
import com.sapportals.wcm.repository.IResource;
import com.sapportals.wcm.repository.IResourceFactory;
import com.sapportals.wcm.repository.NameAlreadyExistsException;
import com.sapportals.wcm.repository.Property;
import com.sapportals.wcm.repository.ResourceException;
import com.sapportals.wcm.repository.ResourceFactory;
import com.sapportals.wcm.repository.manager.IAclSecurityManager;
import com.sapportals.wcm.repository.manager.ISecurityManager;
import com.sapportals.wcm.repository.security.IResourceAcl;
import com.sapportals.wcm.repository.security.IResourceAclEntry;
import com.sapportals.wcm.repository.security.IResourceAclEntryList;
import com.sapportals.wcm.repository.security.IResourceAclEntryListIterator;
import com.sapportals.wcm.repository.security.IResourceAclManager;
import com.sapportals.wcm.util.acl.AclPersistenceException;
import com.sapportals.wcm.util.acl.AlreadyAssignedToAclException;
import com.sapportals.wcm.util.acl.IAclPermission;
import com.sapportals.wcm.util.acl.IUMPrincipalList;
import com.sapportals.wcm.util.acl.IUMPrincipalListIterator;
import com.sapportals.wcm.util.acl.InvalidClassException;
import com.sapportals.wcm.util.acl.NotAuthorizedException;
import com.sapportals.wcm.util.acl.PermissionNotSupportedException;
import com.sapportals.wcm.util.logging.LoggingFormatter;
import com.sapportals.wcm.util.uri.RID;
import com.sapportals.wcm.util.usermanagement.WPUMFactory;
This is my .classpath variable for this projekt (for the necessary JARs):
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
 <classpathentry kind="src" path="src.api"></classpathentry>
 <classpathentry kind="var" path="JRE_LIB" sourcepath="JRE_SRC"></classpathentry>
 <classpathentry kind="src" path="src.core"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/prtapi.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/prttest.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/com.sap.portal.runtime.application.soap_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.tssap.ext.libs.j2ee_1.3.0/lib/activation.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.security_2.0.0/lib/com.sap.security.api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ext.libs.webservices_2.0.0/lib/jaxm-api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.tssap.ext.libs.j2ee_1.3.0/lib/mail.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ext.libs.webservices_2.0.0/lib/saaj-api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.tssap.sap.libs.xmltoolkit_2.0.0/lib/sapxmltoolkit.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.engine.webservices_2.0.0/lib/webservices_lib.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.crt_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/prtapi.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/logging.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.exception_2.0.0/lib/exception.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.rf.common_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/com.sap.security.api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/com.sap.security.api.ep5.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.util.public_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.sf.framework_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.rf.util_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.rf.runtime_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.rf.repository.service.serviceacl_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.rf.mi_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.rf.global.service.urlgenerator_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.rf.global.service.urimapper_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.rf.global.service.rtr_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.rf.global.service.relation_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.rf.global.service.pipeline_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.rf.global.service.oth_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.rf.global.service.notificator_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.rf.global.service.mime_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.rf.global.service.appproperties_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.rf.framework_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.util.kmmonitor_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.netweaver.bc.uwl.plugin_1.0.0/lib/bc.uwl.service.api_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.tc.ap_2.0.0/comp/CAF/DCs/sap.com/caf/api/_comp/gen/default/public/default/lib/java/sap.com~caf~eu~gp~api~default.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.tc.ap_2.0.0/comp/CAF/DCs/sap.com/caf/api/wd/_comp/gen/default/public/default/lib/java/sap.com~caf~eu~gp~api~wd~default.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/bc.wdf.ui.framework_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.base_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.enum_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.event_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.generic_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.util_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/com.sap.portal.htmlb_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.command_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.flex.base_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.flex.screenflow_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.flex.uicommand_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.flex.util_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/htmlb.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/com.sap.workflow.wcm_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.actioninbox_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.cachecontrol_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.checkout_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.collaboration_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.crawler_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.efp_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.expimp_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.ice_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.indexmanagement_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.propertyconfig_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.propertystructure_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.quickpoll_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.reporting_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.resourcefilter_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.resourcelistfilter_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.template_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.xcrawler_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.service.xmlforms_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.acl_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.actioninbox_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.applog_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.cache_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.classification_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.classificationtest_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.collaboration_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.config_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.crawler_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.crawlerindexmon_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.demo_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.edit_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.flex.collaboration_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.flex.collection_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.flex.component_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.flex.config_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.flex.control_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.flex.detailsoverview_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.flex.detailsproperties_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.flex.expimp_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.flex.property_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.flex.resource_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.flex.uicommand_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.ice_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.indexadmin_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.layout_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.navigation_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.oth_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.quickpoll_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.reporting_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.scheduler_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.search_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.security_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.settings_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.statemanagement_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.subscription_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.user_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.websiteimport_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.xcrawler_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.appl.ui.xmlforms_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.rep.util.rfadapter_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.actioninbox_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.cachecontrol_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.checkout_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.collaboration_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.crawler_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.efp_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.expimp_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.ice_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.indexmanagement_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.propertyconfig_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.propertystructure_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.quickpoll_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.reporting_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.resourcefilter_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.resourcelistfilter_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.template_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.xcrawler_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.service.xmlforms_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.fields_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.flex.collection_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.flex.control_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.flex.detailsoverview_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.flex.detailsproperties_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.flex.enum_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.flex.layout_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.flex.property_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.flex.readymades_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.flex.resource_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.released_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.ui.search_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/com.sap.portal.usermanagementapi.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/com.sap.security.api.ep5.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/org.eclipse.tomcat_4.0.6.2/servlet.jar"></classpathentry>
 <classpathentry kind="lib" path="dist/PORTAL-INF/lib/commons-lang-2.4.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/km.shared.ui.event_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.portal.runtime.config/lib/bc.cfg_api.jar"></classpathentry>
 <classpathentry kind="var" path="KMC_LIBS/km.appl.ui.flex.control_api.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.km.cm.ui.flex/private/lib/km.appl.ui.flex.control_core.jar"></classpathentry>
 <classpathentry kind="var" path="ECLIPSE_HOME/plugins/com.sap.ep.applicationDevelopment_7.00/libs/km.shared.repository.service.layout_api.jar"></classpathentry>
 <classpathentry kind="output" path="classes.api"></classpathentry>
</classpath>
You probably don't need all of them.
Cheers,
Jürgen

ACL and posix conflict? Can't get folder access to work properly

We have a folder on our website that all employees need to be able to write to, but they do not need to be able to create folders or delete anything. There is a second group with full permissions to the folder.
ACLs:
Upload Full Access - R&W
Company Access - Custom (full read, write does not include: create folder, delete, delete subfolders and files)
POSIX:
O: _www : R
G: Company Access : R
E: None
The full access group is easy and works perfectly.
The limited group is a pain and the permissions don't work 100% the way needed.
With that setup, they cannot create new files at all.
If I set G: R&W, then they have free reign as the ACL is being ignored.
If I set G: R, then they have no write abilities as the ACL is being ignored.
With either group setting if I grant "create folder" permission in the custom ACL, then users can create folders and they have full create/delete permissions within the new folders, but this is what I need to prevent not allow.
I've never had problem setting up a share with strange ACL access permissions before. Does this directory hate me? I'd like to do this without having to create another user group.
Suggestions?

Hi,
Yes, the GUI of ServerAdmin won't add the <Directory> config sections to the apache config file. Read about that <Directory> config section, look at /etc/apache2/httpd.conf and /etc/apache2/sites/0000SOMETHING.
The good news is once you put the <Directory> config sections in there, it will stay there.
In someways the GUI of ServerAdmin is bad, in that it is just adding text lines to your apache config file, and it doesn't alway know what to add, whereas if one must do one's own typing in the config file, then one is aware of what is in there, what it is doing.
I ran into a similar issue. But do read the config files, and the apache.org documentation. It is good documentation, and the config files are pretty clear to follow.

Issueswith permissions and user's home subfolders.

How do I fully unlock a folder which belongs to a different account?? Ive set permissions for the specific folder correctly. ALL users should be able to edit the folder
and it's files, but it doesnt work. In Adobe Flash I get the error: +File is locked, the swf file can't be changed.+ But sure enough it's unlocked for admin, this user and everyone else! I'm having similar issues
with other applications and sometimes I can't even copy/paste files between different users (home subfolders)
If all users are admins, how come I get these annoying permission issues all the time? I;ve setup two accounts for the sake of easyness. I'm the only user of this computer
and I would like to edit and change everything from within all my user accounts! How do I do that? Everything seems to be locked and if I change permissions, I'm still having problems
as mentioned above.
<Edited by Host>

Even an administrative account doesn't automatically have access to everything. You may be running into issues related to trying to change a file that your current owner doesn't own. You can have the owner of the item change the permissions to allow others access, or you can use an *Access Control List*.
An ACL entry can provide additional access, for example your user's *Drop Box* folder has entries to allow additional access to items dropped in it by others. The normal way to set this up would be to create a shared folder in an area accessible by everyone (for example, /Users/Shared), and then add ACL entries to the folder for the desired access. From the Terminal, the command to give everyone access to do about anything to a contained file would be something likechmod -R +a "everyone allow list,addfile,search,delete,add_subdirectory,delete_child,chown,file_inherit,directoryinherit" /path/to/your/shared/folder
Once the folder is set up, items created or copied (not dragged) there will have the additional access permissions applied. If you are not comfortable with using the Terminal, TinkerTool System is a handy utility to manipulate ACLs and/or see what access your user has.

ACL and Discover Permissions

Can someone give me some advice regarding the removal of Discover permissions - it doesn't seem to work as I would expect it to.
My requirement is quite simple. Out of the box I am attempting to enable a folder only to be seen/accesible by a one set of users and not be visible by all others. In order to do this I have done the following:
Created a group containing the users to are to see the folder('Secure Users').
Created a ACL that has 'Secure Users' at the bottom of the list (grant all) and above it 'World' (revoke all).
Applied ACL to the appropriate folder.
However when I log in (thru WEBUI) using 'normal' user (not in Secure Users group) I can still see the folder. When I click on it I get the following error:
'java.lang.Exception: The Folder you specified does not exist'.
I was under the impression that the 'ALL' permission bundle contained 'Discover' permissions. I actually want to make this folder invisible to all users that are not in the Secure Users group. Is this possible?
Thanks
Chris

Essentially Posix permssions are old and limited to three people: an owner, a group, and "everyone else". For each of these you have the option to set combinations of "read", "write", or "execute". Ultimately this is very limited, and ACLs expand on this with a vast array of possibilities (too many to list here). One example, though, is that ACLs would allow you to create only files within a specific directory and not create folders, whereas Posix permissions do not allow for this specification. You can also set these for multiple groups and multiple owners with ACLs, and also have numerous inheritance options for directory trees so files and folders within hierarchies get specific permissions properties when they are created.

Downloadable ACL for users only?

Hello all,
in ACS 5.4 I need customized ACL for users only.
My scenario:
There is a way to use some "Downloadable ACLs" in authorization profile but I want to define specific ACLs for some exeptions. For example: User A and user B get autorization profile "X". But user B is not allowed to access on a host. This "Deny rule" I will configure with custom attributes in the internal user store.
Is that possible? How can I implement this rule?
best regards,
Stefan

Hi,
You can do this by following these steps:
1. Set a user defined dictionary attribute under System Administration > Dictionary > Identity >Internal Users name it what you want and make sure the value is string
2. Create the DACL in Named Permission Objects under the policy elements section
3. Under the user account you will now see a filed for the dictionary name you called in step 1, make sure the filed matches the dacl you created in step 2
4. Create your authorization profile under "common tasks" Set Dynamic as the DACL drop down select Internal Users and set the value to the attribute you created in step1.
5 map the authorization policy to the access policy using the conditions that will give you these results.
6. test and you should have what you are looking for.
Thanks,
Tarik Admani
*Please rate helpful posts*

EJB ACLs and permissions, help needed urgently

Hello,
I am using WL6.1. I need to use weblogic.security.acl.Security.checkPermission
to check if a user has permission to acess an EJB method. I know one can call
the method and check the exception to see yes or no. But that requires knowing
the method signature (parameters and return types etc.).
I read the documentation and here is what I got:
ACLs and permissions for WebLogic EJBs differ from ACLs and permissions for other
kinds of WebLogic Server resources in the following ways:
1. EJB ACLs are configured in the access control properties of the EJB's deployment
descriptor.
2. Permissions are granted on individual methods of a bean; there are no predefined
permissions.
3. Permissions on EJBs are granted to Roles, which map to groups in WebLogic Server.
So if I read it correctly:
1. One does not need to use WL console to configure EJB ACLs? If otherwise, how
do we do it?. There is no documentation for it.
2. What is the ACLName to use when I call the method weblogic.security.acl.Security.checkPermission(java.security.Principal
principal, java.lang.String aclName,
java.security.acl.Permission permission,
char sep)?
I tried with JNDI name and EJB name and nothing seems to work.
Can anyone help me out?
Thanks.
Ling Wang

It all depends on where do you want to keep your ACLs and the rest of security.
Simplest will be fileRealm, but it has limited capability (10k ACLs I recall).
You do not heed console to set it up. Here is an excert from ACL file:
acl.read.OT_INTEGRATIONOBJREF=everyone
acl.read.OT_ORGTRANSPORT=OrgAdmin,AppAdmin
acl.read.OT_ORGUNITOFMEASURE=OrgAdmin,AppAdmin
# from nonWorkflowEvents.template
acl.execute.ET_QUERY=everyone
acl.execute.ET_BATCH=everyone
read/execute is action. Caps keep resource (name). On the right hand is a list
of roles. The security call will be lokking like:
boolean result = Security.hasPermission("ET_BATCH",
new PermissionImpl("read"), '.');
It does not throw, just returns a boolean.
Now, this is all about programmatic security. If you are up to declarative, you
need to assign role names to method names in deployment descriptor of your bean
and map them to actual roles.
Also you may have problems while asking security question about another principal
(nto the one currently logged in). Not that it does not work -- just needs caution.
Hope it helps.
"Ling Wang" <[email protected]> wrote:
>
Hello,
I am using WL6.1. I need to use weblogic.security.acl.Security.checkPermission
to check if a user has permission to acess an EJB method. I know one
can call
the method and check the exception to see yes or no. But that requires
knowing
the method signature (parameters and return types etc.).
I read the documentation and here is what I got:
ACLs and permissions for WebLogic EJBs differ from ACLs and permissions
for other
kinds of WebLogic Server resources in the following ways:
1. EJB ACLs are configured in the access control properties of the EJB's
deployment
descriptor.
2. Permissions are granted on individual methods of a bean; there are
no predefined
permissions.
3. Permissions on EJBs are granted to Roles, which map to groups in WebLogic
Server.
So if I read it correctly:
1. One does not need to use WL console to configure EJB ACLs? If otherwise,
how
do we do it?. There is no documentation for it.
2. What is the ACLName to use when I call the method weblogic.security.acl.Security.checkPermission(java.security.Principal
principal, java.lang.String aclName,
java.security.acl.Permission permission,
char sep)?
I tried with JNDI name and EJB name and nothing seems to work.
Can anyone help me out?
Thanks.
Ling Wang

My 3GS will not accept my correct password and user name to start using the Cloud. It just spins while "verifying."

My 3GS will not accept my correct password and user name to start using the Cloud. It just spins while "verifying." How can I make it stop so I can activate iCloud ?

try using @me.com instead of your service address, i mean hotmail or yahoo or else, thanks.

Diff b/w "Customer exits" and "User-exit"

Hi,
What is the difference b/w customer exits and user-exit and also please explain me what are the various types of customer and user-exits.
Thanks in advance.
Ramana

Hi,
Types of Exits
There are several different types of customer exits. Each of these exits acts as hooks where you can attach or "hang" your own add-ons.
Menu Exits
Menu exits add items to the pulldown menus in standard SAP applications. You can use these menu items to call up your own screens or to trigger entire add-on applications.
SAP creates menu exits by defining special menu items in the Menu Painter. These special entries have function codes that begin with "+" (a plus sign). You specify the menu items text when activating the item in an add-on project.
Screen Exits
Screen exits add fields to screens in R/3 applications. SAP creates screen exits by placing special subscreen areas on a standard R/3 screen and calling a customer subscreen from the standard screens flow logic.
Function Module Exits
Function module exits add functions to R/3 applications. Function module exits play a role in both menu and screen exits. When you add a new menu item to a standard pulldown menu, you use a function module exit to define the actions that should take place once your menu is activated. Function module exits also control the data flow between standard programs and screen exit fields.
SAP application developers create function module exits by writing calls to customer functions into the source code of standard R/3 programs. These calls have the following syntax: CALL CUSTOMER-FUNCTION 001.
User exits:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/abap/abap-code-samples/userexits%20in%20a%20transaction.doc
In order to find out the user exits for any tcode,
1. get the developement class of the tcode from SE93.
2. Now goto transaction SMOD and press F4,
3. give in the Deve class in the dev class and Press ENTER
this will show u the exits for any tcode.
or execute this report
http://www.erpgenie.com/sap/abap/code/abap26.htm
which gives the list of exits for a tcode
http://help.sap.com/saphelp_nw04/helpdata/en/bf/ec079f5db911d295ae0000e82de14a/frameset.htm
For information on Exits, check these links
http://www.sap-img.com/abap/a-short-tutorial-on-user-exits.htm
http://www.sapgenie.com/abap/code/abap26.htm
http://www.sap-img.com/abap/what-is-user-exits.htm
http://wiki.ittoolbox.com/index.php/HOWTO:Implement_a_screen_exit_to_a_standard_SAP_transaction
http://www.easymarketplace.de/userexit.php
http://www.sap-img.com/abap/a-short-tutorial-on-user-exits.htm
http://www.sappoint.com/abap/userexit.pdfUser-Exit
http://www.sap-img.com/abap/a-short-tutorial-on-user-exits.htm
http://www.ficoexpertonline.com/downloads/User%20ExitsWPedit.doc
http://www.easymarketplace.de/userexit.php
http://help.sap.com/saphelp_nw04/helpdata/en/c8/1975cc43b111d1896f0000e8322d00/content.htm
Check out these links too...
http://www.sap-img.com/abap/a-short-tutorial-on-user-exits.htm
http://www.sapgenie.com/abap/code/abap26.htm
http://www.sap-img.com/abap/what-is-user-exits.htm
http://wiki.ittoolbox.com/index.php/HOWTO:Implement_a_screen_exit_to_a_standard_SAP_transaction
http://www.easymarketplace.de/userexit.php
http://www.sap-img.com/abap/a-short-tutorial-on-user-exits.htm
http://www.sappoint.com/abap/userexit.pdfUser-Exit
http://www.planetsap.com/userexit_main_page.htm
http://wiki.ittoolbox.com/index.php/HOWTO:Implement_a_screen_exit_to_a_standard_SAP_transaction
USER EXITS
https://forums.sdn.sap.com/click.jspa?searchID=672084&messageID=312792
https://forums.sdn.sap.com/click.jspa?searchID=672084&messageID=1320078
https://forums.sdn.sap.com/click.jspa?searchID=672084&messageID=2669896
****Reward points if helpful.
All the best

Excel Services and User Specific Data

Hello,
I am new to Excel Services.
I want to retrieve data to Excel Services (at this phase, to prevent it in Excel Web Part) from SQL Server.
The SQL might hold big amount of data so I think about fetching only the data relevant to each user.
I configured a pivot table over a data connection with Windows Authentication, and when I refresh it I get the following message "The data connection uses windows authentication and user credentials could not be delegated". I think the Windows
Authentication is required in order to pass information about the user to the SQL query so it can filter for the relevant data.
My questions are as follows:
Can I pass user information from the Excel model file to the SQL server in a way different from Windows Authentication?
Alternatively, if I retrieve the data unfiltered to Excel Services, and filter only the pivot, will I get the same performance?
Would the answers change if Excel and/or SharePoint version is changed from 2010 to 2013 or Online/365?
Any other idea?
Regards,
Barak

Hi,
According to your post, my understanding is that you wanted to filter Excel Services Data.
You can you can connect the Excel Web Access Web Part to a Current User Web Part or a Filter Web Part to pass user information. Please refer to:
Personalized Data in Excel Services
You will get the same performance.
You can connect the Excel Web Access Web Part to a Current User Web Part in all versions.
More information:
Connecting Dashboard Filters to Excel Services Pivot Table Report Filters
Thanks,
Linda Li
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Linda Li
TechNet Community Support

ACLs and users

Similar Messages

Maybe you are looking for