Authorizations for Projects (Restricting Read/Write to users )

Similar Messages

• Authorization for project (table PROJ)

  Hi experts !
  I would like create role for PS modula which is limited to field Object Class equal Investment. Itu2019s impossible. How I can check which field I can use for authorization for project (table PROJ).
  Rgds Stenwa

  Stenwa,
  there are no user fields in the project definition. Instead you will find them in the WBS element. In that case, you can use standard authorization objet C_PRPS_USR to check on the user fields, but, as I say, it will not point to PROJ but to PRPS.
  CNEX0002 is a user exit to enhance authorizations in PS. You can check it in SMOD and create an implementation in CMOD but you will need the help of an abaper to create the necesary coding.
  Rgds
  Martina

• [svn] 4069: Fix for - an inherited read-write property is reported as write-only if an overriding setter is present and getter is absent .

  Revision: 4069
  Author: [email protected]
  Date: 2008-11-11 12:24:53 -0800 (Tue, 11 Nov 2008)
  Log Message:
  Fix for - an inherited read-write property is reported as write-only if an overriding setter is present and getter is absent.
  Constructor for mxml files will now have the default comment "Constructor"
  Also fix for asdoc help details doesn;t show description
  QE Notes: Baselines need to be updated.
  Doc Notes: None
  Bugs: SDK-16091, SDK-17863
  tests: checkintests
  Ticket Links:
  http://bugs.adobe.com/jira/browse/SDK-16091
  http://bugs.adobe.com/jira/browse/SDK-17863
  Modified Paths:
  flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/asdoc/AsClass.java
  flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/asdoc/AsDocUtil.java
  flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/asdoc/TopLevelClassesGenerator.ja va
  flex/sdk/trunk/modules/compiler/src/java/flex2/configuration_en.properties

  Well, running a Windows disk utility on a Mac drive ought to muck things up pretty well. I hope you have backups. If not I suggest you try to backup your files. Then do the following:
  Extended Hard Drive Preparation
  1. Boot from your OS X Installer Disc. After the installer loads select your language and click on the Continue button. When the menu bar appears select Disk Utility from the Installer menu (Utilities menu for Tiger or Leopard.)
  2. After DU loads select your hard drive (this is the entry with the mfgr.'s ID and size) from the left side list. Note the SMART status of the drive in DU's status area. If it does not say "Verified" then the drive is failing or has failed and will need replacing. SMART info will not be reported on external drives. Otherwise, click on the Partition tab in the DU main window.
  3. Set the number of partitions from the dropdown menu (use 1 partition unless you wish to make more.) Set the format type to Mac OS Extended (Journaled.) Click on the Options button, set the partition scheme to GUID (only required for Intel Macs) then click on the OK button. Click on the Partition button and wait until the volume(s) mount on the Desktop.
  4. Select the volume you just created (this is the sub-entry under the drive entry) from the left side list. Click on the Erase tab in the DU main window.
  5. Set the format type to Mac OS Extended (Journaled.) Click on the Options button, check the button for Zero Data and click on OK to return to the Erase window.
  6. Click on the Erase button. The format process can take up to several hours depending upon the drive size.
  Upon formatting completing quit DU to return to the installer. Install OS X. Afterwards you can restore your personal data files and reinstall your third-party software.
  In the future never attempt to use any Windows disk utilities to fix or diagnose a Mac formatted drive.

• Shortcuts for change in read/write (control/indicator)

  Hello,
  I try to find a shortcut for change to read/write a local variable ?
  Thanks
  Sylvain Jourdan
  (Labview 2012 - English)

  Hi,
  Thanks for you quick answer, I'll suggest this idea in the LabVIEW-IdeaExchange.
  An other idea, do you know if we can add a property to the shorcut menu by modifying a configuration file... ?
  Thanks,
  Sylvain
  Attachments:
  option_menu.png ‏53 KB

• Granting read/write to user for SQL agent

  Hi all, I'm new to SQL, SSMS, TSQL etc. How do I grant read/write permission to a user for SQL agent, so they can see the SQL Server Agent part in object explorer?
  Thanks in advance :)

  Hi all, I'm new to SQL, SSMS, TSQL etc. How do I grant read/write permission to a user for SQL agent, so they can see the SQL Server Agent part in object explorer?
  Thanks in advance :)
  Please refer to below two links
  http://msdn.microsoft.com/en-us/library/ms187901.aspx
  http://msdn.microsoft.com/en-us/library/ms188283.aspx
  Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it.
  My TechNet Wiki Articles

• How to hide an webpart for the all members who have access for the this site but visible for the restricted read users?

  Hi,
  Any help?
  Thanks
  srabon

  Hi Srabon,
  We can set the "Target Audience" property of web part to group maintaining restricted read  users.  By this, the web part will be shown to specific users only.
  Please let us know if this helps.
  Thanks,
  M. Gubendra Raj

• Authorization for project relase

  Hello PS Guru's,
  1. I have a requirement, for a user ID he have authorization to use tcode CJ20N. but in this tcode he should not be able to release the project. I know this can be achived through user status management, but we dont want to implement any user status. Can anyone plz suggest me how to achive this with the help of authorization.
  2. Also User is authorized for X company code, this is maintained at org level in his role, but the system allow him to create the project for Y company code?
  I have also tryed to trace the process but there is no specific object hit during company code assignment as well as for status change.
  Please through some highlights for the same.
  Regards,
  Tushar

  Hi,
  For authorisation b/w company codes you can try with object A_S_ANLKL
  Controlling area authorisation for project def. - C_PROJ_KOK
  Or else use user exit on saving to check the value while saving
  or else try VALIDATION
  regards
  pv

• Blob for binary file, read/write problems

  Hi,
  I am relatively new to this type of development so apologies if this question is a bit basic.
  I am trying to write a binary document (.doc) to a blob and read it back again, constructing the original word file. I have the following code for reading and writing the file:
  private void save_addagreement_Click(object sender, EventArgs e)
  // Save the agreement to the database
  int test_setting = 0;
  // create an OracleConnection object to connect to the
  // database and open the connection
  string constr;
  if (test_setting == 0)
  constr = "User Id=royalty;Password=royalty;data source=xe";
  else
  constr = "User ID=lob_user;Password=lob_password;data source=xe";
  OracleConnection myOracleConnection = new OracleConnection(constr);
  myOracleConnection.Open();
  // create an OracleCommand object to hold a SQL statement
  OracleCommand myOracleCommand = myOracleConnection.CreateCommand();
  myOracleCommand.CommandText = "insert into blob_content(id, blob_column) values 2, empty_blob())";
  OracleDataReader myOracleDataReader = myOracleCommand.ExecuteReader();
  // step 2: read the row
  OracleTransaction myOracleTransaction = myOracleConnection.BeginTransaction();
  myOracleCommand.CommandText =
  "SELECT id, blob_column FROM blob_content WHERE id = 2";
  myOracleDataReader = myOracleCommand.ExecuteReader();
  myOracleDataReader.Read();
  Console.WriteLine("myOracleDataReadre[\"id\"] = " + myOracleDataReader["id"]);
  OracleBlob myOracleBlob = myOracleDataReader.GetOracleBlobForUpdate(1);
  Console.WriteLine("OracleBlob = " + myOracleBlob.Length);
  myOracleBlob.Erase();
  FileStream fs = new FileStream(agreement_filename.Text, FileMode.Open, FileAccess.Read);
  Console.WriteLine("Opened " + agreement_filename.Text + " for reading");
  int numBytesRead;
  byte[] byteArray = new byte[fs.Length];
  numBytesRead = fs.Read(byteArray, 0, (Int32)fs.Length);
  Console.WriteLine(numBytesRead + " read from file");
  myOracleBlob.Write(byteArray, 0, byteArray.Length);
  Console.WriteLine(byteArray.Length + " written to blob object");
  Console.WriteLine("Blob Length = " + myOracleBlob.Length);
  fs.Close();
  myOracleDataReader.Close();
  myOracleConnection.Close();
  This gives the following console output:
  myOracleDataReadre["id"] = 2
  OracleBlob = 0
  Opened D:\sample_files\oly_in.doc for reading
  56832 read from file
  56832 written to blob object
  Blob Length = 56832
  My write to file code is:
  private void save_agreement_to_disk_Click(object sender, EventArgs e)
  string filename;
  SaveFileDialog savedoc = new SaveFileDialog();
  if (savedoc.ShowDialog() == DialogResult.OK)
  filename = savedoc.FileName;
  // create an OracleConnection object to connect to the
  // database and open the connection
  OracleConnection myOracleConnection = new OracleConnection("User ID=royalty;Password=royalty");
  myOracleConnection.Open();
  // create an OracleCommand object to hold a SQL statement
  OracleCommand myOracleCommand = myOracleConnection.CreateCommand();
  myOracleCommand.CommandText =
  "SELECT id, blob_column " +
  "FROM blob_content " +
  "WHERE id = 2";
  OracleDataReader myOracleDataReader = myOracleCommand.ExecuteReader();
  myOracleDataReader.Read();
  Console.WriteLine("myOracleDataReader[id] = " + myOracleDataReader["id"]);
  //Step 2: Get the LOB locator
  OracleBlob myOracleBlob = myOracleDataReader.GetOracleBlobForUpdate(1);
  Console.WriteLine("Blob size = " + myOracleBlob.Length);
  //Step 3: get the BLOB data using the read() method
  byte[] byteArray = new byte[500];
  int numBytesRead;
  int totalBytes = 0;
  FileStream fs = new FileStream(filename, FileMode.OpenOrCreate, FileAccess.Write);
  while ((numBytesRead = myOracleBlob.Read(byteArray, 0, 500)) > 0)
  totalBytes += numBytesRead;
  fs.Write(byteArray, 0, byteArray.Length);
  Console.WriteLine("numBytes = " + numBytesRead + " totalBytes = " + totalBytes);
  Console.WriteLine((int)fs.Length + " bytes written to file");
  fs.Close();
  myOracleDataReader.Close();
  myOracleConnection.Close();
  This gives the following console output:
  myOracleDataReader[id] = 2
  Blob size = 0
  0 bytes written to file
  If I manually add the blob file using the following:
  DECLARE
  my_blob BLOB;
  BEGIN
  -- load the BLOB
  my_bfile := BFILENAME('SAMPLE_FILES_DIR', 'binaryContent.doc');
  SELECT blob_column
  INTO my_blob
  FROM blob_content
  WHERE id = 1 FOR UPDATE;
  DBMS_LOB.FILEOPEN(my_bfile, dbms_lob.file_readonly);
  DBMS_LOB.LOADFROMFILE(my_blob, my_bfile, DBMS_LOB.GETLENGTH(my_bfile), 1, 1);
  DBMS_LOB.FILECLOSEALL();
  COMMIT;
  END;
  COMMIT;
  The write to file works perfectly. This tells me that there must be something wrong with my code that is writing the blob to the database. I tried where possible to following the Oracle article using large objects in .NET but that (along with most things on the internet) focus on uploading text files.
  Thanks in advance.
  Chris.

  myOracleCommand.CommandText = "insert into blob_content(id, blob_column) values 2, empty_blob())";
  OracleDataReader myOracleDataReader = myOracleCommand.ExecuteReader();
  This looks wrong, you shouldn't be using ExecuteReader unless you expect to get a result back. Try using ExecuteNonQuery to do the insert.

• Performance on Select Single&Write  AND Select*(For All Entries)&Read&Write

  Hi Experts,
  I got a code review problem & we are in a argument.
  I need the best performance code out of this two codes. I have tested this both on 5 & 1000 & 3000 & 100,000 & 180,000 records.
  But still, I just need a second opinion of experts.
  TYPES : BEGIN OF ty_account,
          saknr   TYPE   skat-saknr,
          END OF ty_account.
  DATA : g_txt50      TYPE skat-txt50.
  DATA : g_it_skat    TYPE TABLE OF skat,       g_wa_skat    LIKE LINE OF g_it_skat.
  DATA : g_it_account TYPE TABLE OF ty_account, g_wa_account LIKE LINE OF g_it_account.
  Code 1.
  SELECT saknr INTO TABLE g_it_account FROM skat.
  LOOP AT g_it_account INTO g_wa_account.
    SELECT SINGLE txt50 INTO g_txt50 FROM skat
      WHERE spras = 'E'
        AND ktopl = 'XXXX'
        AND saknr = g_wa_account-saknr.
    WRITE :/ g_wa_account-saknr, g_txt50.
    CLEAR : g_wa_account, g_txt50.
  ENDLOOP.
  Code 2.
  SELECT saknr INTO TABLE g_it_account FROM skat.
  SELECT * INTO TABLE g_it_skat FROM skat
    FOR ALL ENTRIES IN g_it_account
        WHERE spras = 'E'
          AND ktopl = 'XXXX'
          AND saknr = g_it_account-saknr.
  LOOP AT g_it_account INTO g_wa_account.
    READ TABLE g_it_skat INTO g_wa_skat WITH KEY saknr = g_wa_account-saknr.
    WRITE :/ g_wa_account-saknr, g_wa_skat-txt50.
    CLEAR : g_wa_account, g_wa_skat.
  ENDLOOP.
  Thanks & Regards,
  Dileep .C

  Hi Dilip.
  from you both the code I have found that you are selecting 2 diffrent fields.
  In Code 1.
  you are selecting SAKNR and then for these SAKNR you are selecting TXT50 from the same table.
  and in Code 2 you are selecting all the fields from SAKT table for all the values of SAKNR.
  I don't know whats your requirement.
  Better you declare a select option on screen and then fetch required fields from SAKT table for the values entered on screen for SAKNR.
  you only need TXT50 and SAKNR fields.
  so declare two types one for SAKNR and another for TXT50.
  Points to be remember.
  1. while using for all entries always check the for all entries table should not be blank.
  2. you will have to fetch all the key fields in table while applying for all entries,
      you can compare key fields with a constant which is greater than initial value.
  3. while reading the table sort the table by the field on which you are going to read it.
  try this:
  TYPES : BEGIN OF ty_account,
  saknr TYPE skat-saknr,
  END OF ty_account.
  TYPES : begin of T_txt50,
        saknr type saknr,
        txt50 type txt50,
  end of t_txt50.
  DATA: i_account type table of t_account,
        w_account type t_account,
        i_txt50 type table t_txt50,
        w_txt50 type t_txt50.
  select SAKNR from SKAT into table i_account.
  if sy-subrc = 0.
  sort i_account by saknr.
  select saknr txt50 from SKAT into table i_txt50
  for all entries in i_account
  where SAKNR = i_account-SAKNR
  here mention al the primary keys and compare them with their constants.
  endif.     
  Note; here you need to take care that, you will have to fetch all the key fields in table i_txt50.
  and compare those fields with there constants which should be greater than initial values.
  they should be in proper sequence.
  now for writing.
  loop at i_account into w_account.
  clear w_txt50.
  sort i_txt50 by saknr.
  read table i_txt50 into w_txt50 with key SAKNR = w_account-saknr
  if sy-subrc = 0.
  write: w_txt50-saknr, w-txt50-txt50.
  clear w_txt50, w_account.
  endif.
  endloop.
  Hope it wil clear your doubts.
  Thanks
  Lalit

• Internal Optical for DVD-RAM read/write

  I want to buy an internal DVD multidrive to install in my MacPro. I have old Type 1 DVD-RAM media from my trusty Sawtooth G4 that I want to keep using and I want to continue archiving my freelance jobs, photos and video to DVD-RAM, using more current cartridge type disks.
  Though I've searched quite a bit on the Internet for something I'm having trouble determining whether drives I'm finding accept the Type 1 cartridge and whether the drive will be compatible with my MacPro.
  Does anyone have personal experience with installing a DVD-RAM drive on a MacPro? Any suggestions for selecting a drive or for installation?

  My old Type 1 disks are double-sided and I also want to use Type 2 and 4 double-sided cartridges if I buy a DVD-RAM drive. I like having archival data on disks inside the cartridges. These are like glorified ZIP disks. For my intended use, I think they're much superior to a non-cartridge disk.
  I found some Panasonic drives that are billed as capable of playing cartridge disks, the one directly below even specifying Type 1.
  http://www.usb-ware.com/panasonic-lf-m821-oem.htm
  http://www.cwol.com/dvd-burners/panasonic-lf-m821-oem.htm
  The above sites feature almost identical product pages, along with a few other sites I landed on. That fact made me a little wary, since I don't understand the reason to have multiple sites with the same pages but a different name in the site header. I also don't find this drive on any sites other than these with the identical product pages. I wondered if it is a non-U.S. market drive. When I wrote the company they responded affirmatively about the drive working on my Mac and playing the Type 1 disks, but they didn't respond to an inquiry about it being a U.S. vs. non-U.S. drive and whether that mattered for my hardware. The Panasonic USA web site also didn't feature this drive, so that concerned me.
  The Panasonic drives below show cartridge capability but don't specifically say that they're Type 1-compatible:
  http://logicalplus.stores.yahoo.net/padvddlsumud1.html
  http://logicalplus.stores.yahoo.net/answ5xdvdram.html
  http://logicalplus.stores.yahoo.net/pasw8xdufodv.html
  It seems that Panasonic is the company making drives that may be suitable for my particular needs. I'm just a little wary and am hoping someone else has had some experience with these drives on G4s/G5s and/or Intel MacPro computer.

• How do you create default Read/Write Permissions for more than 1 user?

  My wife and I share an iMac, but use separate User accounts for separate mail accounts, etc.
  However, we have a business where we both need to have access to the same files and both have Read/Write permissions on when one of us creates a new file/folder.
  By default new files and folders grant Read/Write to the creator of the new file/folder, and read-only to the Group "Staff" in our own accounts or "Wheel" in the /Users/Public/ folder, and read-only to Everyone.
  We are both administrators on the machine, and I know we can manually override the settings for a particular file/folder by changing the permissions, but I would like to set things up so that the Read/Write persmissions are assigned for both of us in the folder for that holds our business files.
  It is only the 2 of us on the machine, we trust each other and need to have complete access to these many files that we share. I have archiveing programs running so I can get back old versions if we need that, so I'm not worried about us overwriting the file with bad info. I'm more concerned with us having duplicates that are not up to date in our respective user accounts.
  Here is what I have tried so far:
  1. I tried to just set the persmissions of the containing folder with us both having read/write persmissions, and applied that to all containing elements.
  RESULT -> This did nothing for newly created files or folders, they still had the default permissions of Read/Write for the creating User, Read for the default Group, Read for Everyone
  2. I tried using Sandbox ( http://www.mikey-san.net/sandbox/ ) to set the inheritance of the folder using the methods laid out at http://forums.macosxhints.com/showthread.php?t=93742
  RESULT -> Still this did nothing for newly created files or folders, they still had the default permissions of Read/Write for the creating User, Read for the default Group, Read for Everyone
  3. I have set the umask to 002 ( http://support.apple.com/kb/HT2202 ) so that new files and folders have a default permission that gives the default group Read/Write permissions. This unfortunately changes the default for the entire computer, not just a give folder.
  I then had to add wife's user account to the "Staff" group because for some reason her account was not included in that. I think this is due to the fact that her account was ported into the computer when we upgraded, where as mine was created new. I read something about that somewhere, but don't recall where now. I discovered what groups we were each in by using the Terminal and typing in "groups username" where username was the user I was checking on.
  I added my wife to the "Staff" group, and both of us to the "Wheel" group using the procedures I found at
  http://discussions.apple.com/thread.jspa?messageID=8765421&#8765421
  RESULT -> I could create a new file using TextEdit and save it anywhere in my account and it would have the permissions: My Username - Read/Write, "Staff" or "Wheel" (depending on where I saved it) - Read/Write, Everyone - Read Only, as expected from the default umask.
  I could then switch over to my wife's account, open the file, edited it, and save it, but then the permissions changed to: Her Username - Read/Write, (unknown) - Read/Write, Everyone - Read Only.
  And when I switch back to my account, now I can open the file, but I can't save it with my edits.
  I'm at my wits end with this, and I can believe it is impossible to create a common folder that we can both put files in to have Read/Write permissions on like a True Shared Folder. Anyone who has used windows knows what you can do with the Shared folder in that operating system, ie. Anyone with access can do anything with those files.
  So if anyone can provide me some insight on how to accomplish what I really want to do here and help me get my system back to remove the things it seems like I have screwed up, I greatly appreciate it.
  I tried to give as detailed a description of the problem and what I have done as possible, without being to long winded, but if you need to know anything else to help me, please ask, I certainly won't be offended!
  Thanks In Advance!
  Steve

  Thanks again, V.K., for your assistance and especially for the very prompt responses.
  I was unaware that I could create a volume on the HD non-destructively using disk utility. This may then turn out to be the better solution after all, but I will have to free up space on this HD and try that.
  Also, I was obviously unaware of the special treatment of file creation by TextEdit. I have been using this to test my various settings, and so the inheritance of ACLs has probably been working properly, I just have been testing it incorrectly. URGH!
  I created a file from Word in my wife's account, and it properly inherited the permissions of the company folder: barara - Custom, steve - Custom, barara - Read/Write, admin - Read Only, Everyone - Read Only
  I tried doing the chmod commands on $TMPDIR for both of us from each of our accounts, but I still have the same behavior for TextEdit files though.
  I changed the group on your shared folder to admin from wheel as you instructed with chgrp. I had already changed the umask to 002, and I just changed it back to 022 because it didn't seem to help. But now I know my testing was faulty. I will leave it this way though because I don't think it will be necessary to have it set to 002.
  I do apparently still have a problem though, probably as a result of all the things I have tried to get this work while I was testing incorrectly with TextEdit.
  I have just discovered that the "unknown user" only appears when I create the a file from my wife's account. It happens with any file or folder I create in her account, and it exists for very old files and folders that were migrated from the old computer. i.e. new and old files and foders have permissions: barara - Read/Write, unknown user - Read Only, Everyone - Read Only
  Apparently the unknown user gets the default permissions of a group, as the umask is currently set to 022 and unknown user now gets Read Only permissions on new items, but when I had umask set to 002, the unknown user got Read/Write permissions on new items.
  I realize this is now taking this thread in a different direction, but perhaps you know what might be the cause of this and how to correct or at least know where to point me to get the answer.
  Also, do you happen to know how to remove users from groups? I added myself and my wife to the Wheel group because that kept showing up as the default group for folders in /Users/Shared
  Thanks for your help on this, I just don't know how else one can learn these little "gotchas" without assistance from people like you!
  Steve

• ECC 6.0 and BI Authorizations in Project Implementation Phase for Dev only

  I ) ECC 6.0 Authorizations for Project Team
       I have browsed through SDN and gone through several documents and perhaps trying to post our senario as clearly as possible for better answers
  Aim : 1) To give appropriate authorizations to
        a) Functional Consultants
        b) ABAP developers
        c) BI consultants 
        in Development environment only on Customizing client,
        sandbox client and unit testing client
  There is no inhouse security consultant in house at this time.
  Type of Oragnization : Midsize
  project Life cycle phase : Bluprint-Realization
  Question1:
       What role and profile should I assign to functional consultants by preparing a role from the SAP standard role and what is the best way to restrict functional consultants from sensitive areas.
  eg: Modifying SAP_ALL option and assigning it to functional consultants.
  II.
  BI 7.0 Authorizations for BI consultants in Development environment
  Aim: 1) To give authorizations to BI 7.0 consultants (using only ABAP          stack)
    Question: I have read through some forum and wiki answers in sdn and many explain that give SAP_ALL and SAP_NEW to BI consultants and in addition give 0bi_all, SAP_BW_DEVELOPER and much more.
      Can some body list what are the needed Roles for this kind of users ?
  I know in theory many talk, do not assign SAP_ALL, but the person who advice this never explained the best alternative, and none of them I know have practially told that they have not assigned SAP_ALL.
  Please explain . I think asnwering my question will bury many questions in this fourm .

  Hi Nick,
  Did you get the answer? I'm lookinf for the same information about profiles.
  Thanks!!

• Can't open unlocked file I have read & write privileges for

  My nephew emailed me an RTF (created using iWork Pages on a Mac running 10.5.8). When I try to open it, I get "The document “x.rtf” could not be opened. You do not have appropriate access privileges."
  Get Info shows the file isn't locked, plus:
  You have custom access
  dp (Me)  Read & Write
  (unknown) Read only
  everyone Read only
  His parents use Parental Controls, so I thought I might be encountering an ACL problem. But the Terminal command "chmod -a# 0 x.rtf" yields "No ACL present".
  I tried changing the privileges for "everyone" to Read & Write but -- as I expected -- it makes no difference. (OSX won't let me change the privileges for "unknown.")
  For that matter, he attached 2 other files as well -- they behave the same ways.
  It's useless to try fixing the problem on his end unless I can provide his parents with super-simple step-by-step directions, so I'd prefer to fix it myself if possible, but I'm stumped as to what's wrong.

  According to http://www.freebsd.org/doc/handbook/permissions.html, in the case of directories, the execute bit controls whether they may be traversed. So it's normal for this bit to be set for a directory.
  To clarify where I'm at now: ls -l for the directory containing the file shows
  drwxrwxrwx   9 dp  dp         306 Jun 17 20:33 x.rtf
  and CDing to the file itself shows
  drwxrwxrwx  3 dp  dp    102 Jun 15 17:17 Contents
  -rw-rw-rw-  1 dp  dp  10156 Apr 17 22:45 H4835.jpg
  drwxrwxrwx  3 dp  dp    102 Jun 15 17:17 QuickLook
  -rw-rw-rw-  1 dp  dp   8363 Jun 15 17:17 imgres.jpg
  -rw-rw-rw-  1 dp  dp  31077 Jun 15 17:17 index.xml.gz
  -rw-rw-rw-  1 dp  dp  47231 Apr 17 19:01 macbookair.jpg
  -rw-rw-rw-  1 dp  dp  36191 Apr 17 21:14 unknown.jpg
  Get Info still says I have "custom access" to the RTF. Get Info for each file and directory (and their contents) it contains, however, says "You can read and write." I've searched the web and our KB but find very little about exactly what "custom access" means. As near as I can tell, it should mean it has an ACL, but as I reported earlier, that's apparently not so.

• ECC6: Authorizations for GOS

  In ECC6, I should give two different levels authorization into generic object services Toolbox.
  I have two type of users:
  1. Administrator
  2. Accountant
  The Administrator should be able to create, edit, display and delete notes.
  The Accountant should be able just to create and display notes.
  Administrator users were given the S_OC_ROLE athorization object .
  Accountant users were given the S_GOS_ATT authorization object, though this doesnu2019t work since the accountant users are still able to edit and delete notes.
  My question is: how can I remove the edit and delete authorizations for accountant users?
  Thanks,
  Kind Regards

  A concrete scenario I have to deal with:
  The scope for all business partners and transactions should be limited to central Europe.
  The relevant field for this authorization is the id (number range) respectively the business partner grouping.
  - I would use ACE rules to filter the relevant business partners by their ID or grouping and relevant transactions by their account-assignment
  - I would set up ACE rights to limit access for the actions read, write and delete
  - to handle the create authorization, I have to define a PFCG role and limit access to certain CRM components
  The user should be allowed to read Corporate Accounts,
  to read, edit, create Contacts,
  is not allowed to deal with Opportunities,
  is allowed to create, read all activities and to read, edit, delete own activities (if he is the creator),
  is not allowed to deal with any report or pipeline performance.
  - ACE role/right to read Corporate Accounts
  - PFCG role to restrict create access for the BP_HEAD component
  - (ACE role/right to limit search results for opportunities)
  - PFCG role to restrict create, search, overview access for the BT111M component
  - Business role without Work Centers or Logical Links to opportunities
  - ACE role to limit access to read activities
  - ACE role to limit access to read, edit, delete activities which the user has created
  - PFCG role to restrict access to all pipeline performance components
  - remove PFCG roles for report access (e.g. SAP_CRM_OR_USER)

• Authorizations for Adobe Interactive forms

  Hi,
  During Adobe configuration I encounter serious trouble in determining the needed authorizations. We implement basic Adobe forms initiated by managers.
  Can anyone please instruct which SAP ECC roles are needed for executing Adobe Interactive forms?
  Situation
  We assigned the Adobe roles:
  SAP_BC_CM_USER
  SAP_ASR_MANAGER
  The manager has also assigned authorizations to view PA objects for subordintes.
  With extended authorizations I can start new process. However, when the process is started with same user but with the authorization mentioned above I receive the following error:
  "No Adobe Form Is Assigned to the Scenario"
  com.sap.pcuigp.xssfpm.java.FPMRuntimeException: No Adobe Form Is Assigned to the Scenario
       at com.sap.pcuigp.xssfpm.java.MessageManager.raiseException(MessageManager.java:111)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.raiseExceptions(FcISRProcessEvent.java:1980)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.callRFCIsrGetFormUrl(FcISRProcessEvent.java:1042)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.setTemplateSource(FcISRProcessEvent.java:459)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.callRFCIsrProcessEvent(FcISRProcessEvent.java:798)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.callIsrProcessEvent(FcISRProcessEvent.java:380)
       at com.sap.pcui_gp.isr.isrprocessevent.wdp.InternalFcISRProcessEvent.callIsrProcessEvent(InternalFcISRProcessEvent.java:1234)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEventInterface.callIsrProcessEvent(FcISRProcessEventInterface.java:127)
       at com.sap.pcui_gp.isr.isrprocessevent.wdp.InternalFcISRProcessEventInterface.callIsrProcessEvent(InternalFcISRProcessEventInterface.java:409)
       at com.sap.pcui_gp.isr.isrprocessevent.wdp.InternalFcISRProcessEventInterface$External.callIsrProcessEvent(InternalFcISRProcessEventInterface.java:577)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.VcISRShowForm.onBeforeOutput(VcISRShowForm.java:215)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.wdp.InternalVcISRShowForm.onBeforeOutput(InternalVcISRShowForm.java:435)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.VcISRShowFormInterface.onBeforeOutput(VcISRShowFormInterface.java:137)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.wdp.InternalVcISRShowFormInterface.onBeforeOutput(InternalVcISRShowFormInterface.java:136)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.wdp.InternalVcISRShowFormInterface$External.onBeforeOutput(InternalVcISRShowFormInterface.java:212)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.callOnBeforeOutput(FPMComponent.java:603)
  Help is greatly appreciated and will be rewarded when useful!
  Regards,
  Thomas

  Hi Tom,
  When you are familiar with authorizations in PFCG trabsaction you are finaliar with S_DEVELOP if not ask the authorization team on your project.
  Basically this authorization object handles the read/write etc authorization related to devlopment objects. If you implement Adobe forms you will probably develop your own forms or at least copy the SAP forms to customer namespace.
  For Adobe you will therefore have 2 custom development objects (1 for the form and 1 for the interface that is automatically generated). The end-user shoulf have at least READ access to these objects. If not the portal will trow an error on this.
  To determine the tech names of the objects find the form and related interface in transaction SFP. These should be inserted in the object S_DEVELOP in the role for the end users.
  You may want to consider to put the value Z* in the object which will give authorization for all the custom developed objects.
  If you can't find the object reply again and i will send a screenshot.
  Finally, make use of the splended transaction ST01!! It will make your life a lot more easy in portal! It traces all the authorizations needed and missing for any user you specify. After activating the trace and running a portal scenario the log will tell you want went OK and what not on an authorization object level.
  Good luck,
  Thomas