Built-In Users-group is suddenly gone on folder security tab.

Similar Messages

• Mapping AD groups to built in user groups

  Hi.
  I'm in the process of configuring AD authentication for OBIEE 11g. I've managed to connect to AD and pull users and groups. However, i don't understand how i can map AD groups to built-in access groups such as "BIAuthors" and "BIConsumers". When i open "Membership" tab in the list of available groups i can only see built-in groups.

  Hi,
  You can use dsquery and dsget commands to get all users from the groups from a specific OU in your AD as shown below,
            dsquery group "ou=testou,dc=domain,dc=com" | dsget group -members
  To export the above user information to a CSV file use the below command,
  dsquery group "ou=testou,dc=domain,dc=com" | dsget group -members > c:\Grpmem_testou.csv
  Regards,
  Gopi
  JiJi
  Technologies

• User in 2 user groups always picks the rights from the group with least access -BOBJ 4.1 SP2

  We have BOBJ 4.1 SP2 installed.
  Lets say User1 is in a role1(User group) that has restricted access(no access to design menu for WEBI report in launchpad). Works fine when User1 logs into the launchpad. Cannot see the Design menu in Launchpad.
  User1 is also in another role2(user group) that has Design access for WEBI report (more like Power user access).
  Now when logged into a launch pad via SAP portal, and opening WEBI report on which role2 (user group) is applied that has Design access, user1 cannot see the Design menu of WEBI report. This is probably happening because User1 is also part of role1 that has restricted access. So it looks like it is always picking
  the role with least access and applying it no matter which report I am opening.
  I would expect the role to regulate the authorizations on the report. And one user could be a simple end user for one report and a power user for another report.
  Please advise if this is a Known issue or expected behavior. Is there a work around?
  Thank you very much
  Suman

  Hello Suman,
  Try avoid denial based security rights assignment instead you can specify the  unspecifed. As Greg said
  Denied + Granted = Denied
  Denied + Not Specified = Denied
  Granted + Not Specified = Granted.
  You should not deny rights for HR End User usergroup, Instead make them as unspecified. If you do so the whenever the user part of both the groups , your security rights aggregation would be
  Granted + Not Specified = Granted.
  Make sure you follow the approach as above.  You can refer the blog below for how to structure the folder, report and User group hierarchy and effective maintenance of security
  BusinessObjects Administration - Content Management Plan
  Regards
  Mani

• No provisioning of User Group for authorization field in user master

  We are implementing CUP 5.3 workflows. Both in manual proviosing and automated provisioning based on User Defaults the user group gets only provisioned to the Groups tab in SU01. The field User Group for authorization on the Logon data tab remains empty (field CLASS from system table USLOGOND, filling CLASS field in table USR02).
  In User defaults both under user default as on the user group tab the user groups have been defined. In manual provisioning the correct list of user groups get displayed for selection.
  Under field mapping in the Application field I only find User Group in user master maintenance, but not User group for authorization. However I would assume I do not need to use field mapping, as I want to automate this provisioning based on user defaults.
  Am I missing a configuration setting here? If so, where can I set it?
  I would assume the provisioning of this field is possible. RAR reports the user group also based on the User group for auhtorization and not from the Groups tab.

  S.Pados,
  I can assure you that what I said in my last response does provision the User Group For Authorization Check on the Logon Data tab; in fact, I was having the opposite issue where the Group tab was not being provisioned; however, I am ruunning AE 5.2 and you said you are running 5.3; maybe something did change or got lost in the releases; it probably is good to see what SAP has to say about this; I would hate to lose this capapbility when I upgrade to AE 5.3
  As far as using the custom field for multiple applications, would that field not be usable for any of the applications you would select in the request form?; if you are using the same table names in the different SAP systems (selectable by the application field on the request) would the drop down selections be whatever the table has defined for that system? I may not be understanding something here so I am just asking;
  It would be great to have a Group field automatically filled in by another selection to avoid the user involvement; I agree with you there; because of our concerns on users entering the AE request, our shop has decided to continue with the users submitting the request through normal email and the security administrators perform the AE entering; this way we have a better idea on something like the GROUP field; we have an option to include the original email as an attachment for justification of the request
  Sorry I could not be of more help
  Jerry
  Ryerson,Inc.

• WLS: more fine granularity for User, Groups, Roles

  Hi All,
  in order to organize different user, groups in WLS, I need to use/define more condition/attributes than standard WLS User and Groups.
  The Oracle WLS concept and OPSS is clear to me and I need some samples or practical cases.
  - Oracle Fusion Middleware 11.1.1.5, Security Guides http://docs.oracle.com/cd/E21764_01/security.htm
  - Oracle® Fusion Middleware Understanding Security for Oracle WebLogic Server 11g Release 1 (10.3.5) http://docs.oracle.com/cd/E21764_01/web.1111/e13710/toc.htm
  - Oracle® Fusion Middleware Securing Oracle WebLogic Server http://docs.oracle.com/cd/E21764_01/web.1111/e13707/toc.htm
  - Oracle Platform Security Services 11gR1 (White Paper)
  http://www.oracle.com/technetwork/middleware/id-mgmt/opss-tech-wp-131775.pdf
  Any idea?
  Regards,
  Moh

  Hello Suman,
  Try avoid denial based security rights assignment instead you can specify the  unspecifed. As Greg said
  Denied + Granted = Denied
  Denied + Not Specified = Denied
  Granted + Not Specified = Granted.
  You should not deny rights for HR End User usergroup, Instead make them as unspecified. If you do so the whenever the user part of both the groups , your security rights aggregation would be
  Granted + Not Specified = Granted.
  Make sure you follow the approach as above.  You can refer the blog below for how to structure the folder, report and User group hierarchy and effective maintenance of security
  BusinessObjects Administration - Content Management Plan
  Regards
  Mani

• Applying "User Groups" -- What do I get?!

  I am able to assign a user to a user group using the User Admin in Apex.
  I don't know how I would be able to assign a role (that I know how to define that for an individual user).
  The only thing I can see is a name for User Group and a Description!
  My requirement is to define a group of people to be assigned to one group/role, so that every change to that role can be automatically be applied to each user in that group.
  any idea?
  cheers,
  Mehr

  Hi,
  You create groups and assign users to those.
  Then you need develop authorization schema that utilize user group information.
  15.5 Providing Security Through Authorization
  I'm not sure do I understand question/problem correctly.
  Also, it is better post APEX related question in Application Express forum
  Regards,
  Jari

• Nested User Groups (Groups In Groups) to add in Local Built-in Administrators group of a workstation

  Hi,
  I'm a little bit confused with the way Microsoft design the nested groups.
  Scenario:
  We implement Restricted groups group policy to control the members of built-in Administrators group of every workstation in our office. The design was, to make managers domain user account to be member of built-in Administrators group of their subordinates
  workstations if ever they need administrative rights. So, result was there were many group policies created because we have some 30 departments. We come up to the solution that we create a domain global security group and add all the managers account as members
  and corporate help desk group, create a one single policy and join the created global security group, corporate help desk group and domain admins group to the built-in Administrators group of every workstation.
  Problem:
  We test the policy before we implement it, and a member of our created global security group successfully done an administrative action. But when we implement it, some manager user account doesn't recognize as administrator to the workstation. We did a little
  bit of research and supports the idea that nested groups was not good in the implementation of Nested groups.
  http://bittangents.com/2010/07/13/nested-user-groups-groups-in-groups-built-in-local-groups-issue/
  Question:
  Why is there a different effect of the policy? In our testing environment, it was successful, even a member of a nested group successfully done an administrative action, but some members of the global group declared as local Administrator group of the workstation
  was not?
  Appreciate any feedback.
  thanks.

  > when we implement it, some manager user account doesn't recognize as
  > administrator to the workstation.
  How many group memberships does this account have?
  run "dsquery user -samid <userid> | dsget user -memberof -expand" to
  enumerate.
  If the number is above 80 or 100, you might experience token bloat:
  http://blogs.technet.com/b/shanecothran/archive/2010/07/16/maxtokensize-and-kerberos-token-bloat.aspx
  Greetings/Grüße,
  Martin
  Mal ein
  gutes Buch über GPOs lesen?
  Good or bad GPOs? - my blog…
  And if IT bothers me -
  coke bottle design refreshment (-:

• Firefox has suddenly gone wrong. I was successfully running both Firefox and Internet Explorer 8 on Windows 7. I auto-accept upgrades including the most recent Firefox upgrade and the suggested upgrade to Adobe Flash 10.1. But after this, Firefox stopped

  Firefox has suddenly gone wrong. I was successfully running both Firefox and Internet Explorer 8 on Windows 7. My laptop is new and has plenty of RAM and HDD. I auto-accept upgrades including the most recent Firefox upgrade and the suggested upgrade to Adobe Flash 10.1. But after this, Firefox stopped working and does not work when I re-load Firefox 3.6. Also IE8 now works very slowly and does not locate major websites like Microsoft without a 'can't find the website message' and having to pressing Return a second time. When I do get to the Mozilla website and click on the button to try to download Firefox 3.6.6, I get this message "Oops! Internet Explorer could not find mozilla3.snt.utwente.nl". Can you help with what has gone wrong? As it stands, I can't use Firefox at all. Note: because Firefox did not work after the upgrade, I've downloaded the IE8 version of the Adobe Flash 10.1. What I really want is to be able to use both Firefox and IE8. But is this possible if they use different versions of Adobe Flash?
  == This happened ==
  Every time Firefox opened
  == About 2-3 days ago ==
  == User Agent ==
  Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB6.5; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; .NET4.0C)

  I have been having the same problem as the original poster. After upgrading to Ffx 3.6.6, the program asks you to upgrade to Flash Player Plugin 10.1. I download and installed 10.1 only to find videos weren't loading.
  In my case, the problem is the previous installation of Flash Player (9.0.47) was somehow messing things up. To fix this, because I already had Flash plugin 10.1 installed I had to uninstall 10.1 using the uninstaller from adobe and then manually remove any files related the old flash player plugin 9.0.47
  Here is a run-down of my process:
  0. To check if you have a previous installation of the Flash Plugin lurking around, in Firefox go to Tools -> Add-ons -> Plugins (tab). At this point you may seen both Flash plugins.
  1. Proceed to uninstall Flash Plugin 10.1. Adobe provides an uninstaller here: http://kb2.adobe.com/cps/141/tn_14157.html
  ( you have to make sure you have nothing running when you execute the installer).
  2. On my Mac (sorry I don't know what it is in Windows) I searched the hard drive for any files/folders with "Shockwave". I found a folder called "Shockwave 10". It wasn't removed by Adobe's uninstaller. For safety I deleted it and then emptied the trash.
  3. I then went to My HD -> Library -> Internet Plugins.
  Remove the file and folder named "Flash player.old"
  4. Restarted; ran the Adobe Flash Player 10.1 installer. Restarted again.
  5. Opened up ffx and double checked the plugins list (see step 1). Version 10.1 is installed and available. Went to problem sites to test it out and Success!
  Hope this helps.

• User Login(s) / Account gone - BUG - thread overview - summary - solutions?

  Hello everyone...
  Time to open a new thread... Seems there is a serious bug going on since a while with 10.6 randomly, hit me saturday. After working late switched off my iMac and next morning all my user accounts were gone, not able to login with my account... instead I got a "other" account.
  Took me a day to get that fixed. Thanks Apple!
  Same problems here:
  http://discussions.apple.com/thread.jspa?threadID=2750969&tstart=0
  http://discussions.apple.com/thread.jspa?messageID=13050110&#13050110
  http://discussions.apple.com/thread.jspa?threadID=2747165&tstart=0
  http://discussions.apple.com/thread.jspa?messageID=12880505&#12880505
  http://discussions.apple.com/thread.jspa?messageID=12932314&#12932314
  http://discussions.apple.com/thread.jspa?messageID=12754295&#12754295
  http://discussions.apple.com/thread.jspa?messageID=12802769&#12802769
  http://discussions.apple.com/thread.jspa?messageID=12640182&#12640182
  http://discussions.apple.com/thread.jspa?messageID=12836318&#12836318
  http://discussions.apple.com/thread.jspa?messageID=12840608&#12840608
  http://discussions.apple.com/thread.jspa?messageID=12726662&#12726662
  This one has a interesting solution from user Illude
  http://discussions.apple.com/thread.jspa?threadID=2644133&tstart=0
  This one's from cNet:
  http://forums.cnet.com/7723-6126_102-505918.html
  There are quite some possible solutions (from threads) that seem to help, here are some of the popular ones:
  SOLUTION 1:
  1 - boot up using your SL disk.
  2 - select 'change password'
  3 - reset the root password
  4 - restart the mac from the system drive
  5 - log in as root
  6 - open system preferences
  7 - create an account with the SAME FULL NAME and ACCOUNT NAME as your 'lost' account
  8 - you will be prompted that "a folder with said name already exists - would you like to use the existing folder?" - SELECT OK
  9 - log out of root
  10- log into your account
  SOLUTION 2 for those without TM backup:
  Material needed: Snow Leopard DVD
  1. Boot from DVD: restart at log in menu you're stuck in. Otherwise hard restart. Press "C" while booting.
  2. Change password: in my case only System Administrator (root) and guest appeared. Change the password on System administrator.
  3. log in as "System Administrator" with your new password.
  4. Check to see if the folder with your user name is still there under "User"
  5. Go to System Preference>Account>add account: Set same account name. That will link the new user account with old username account folder. You can also adjust the login window option. For now I checked automatic log in.
  6. Restart. You should be able to log in to your old account.
  SOLUTION 3 with TERMINAL (from illude - thanks!):
  ... I had this exact problem. I installed the 10.6.5 update and when I finally rebooted several days later, all non-system users on my machine were deleted. Only "Other" showed up in the login screen. While the users were removed from the Directory Services, their data was still intact though, as their home directories in /Users were unchanged. This is of course a big relief...
  After reading this thread and the pages mentioned here, I came up with the following solution. Please replace "username" with the short (Unix) name of your user account (i.e. the one without spaces).
  1. Start the computer in Single-User Mode, by holding down Command+S as it boots up. You end up in a terminal as the root user.
  2. As suggested on the screen, do the following to check and mount your filesystem:
  /sbin/fsck -fy
  /sbin/mount -uw /
  3. Find out which accounts have been deleted (here I assume 'username' is one of them):
  defaults read /Library/Preferences/com.apple.preferences.accounts
  4. Convince yourself that the user data is still safe:
  ls /Users/username
  5. I noticed that the 10.6.5 update made backups of the Directory Services and shadow passwords in /private/var/db as the xar archives 'dslocal-backup.xar' and 'shadow-backup.xar', respectively. If you also have these files, you are in luck! Restore the settings for each deleted user, as well as all shadow passwords, as follows:
  cd /private/var/db
  xar -xf dslocal-backup.xar dslocal/nodes/Default/users/username.plist
  xar -xf shadow-backup.xar
  6. For good measure, remove the record of deleted users (not sure if this is necessary, but seemed like a good idea at the time):
  rm /Library/Preferences/com.apple.preferences.accounts.plist
  7. Restart the computer:
  shutdown -r now
  I restored the settings for all deleted users in Step 5, and everyone was back after the reboot. The great thing is that all settings are restored the way they were, including the password, user GUID (which should prevent Time Machine from redoing a full backup as mentioned in this thread) and the login picture (which was stored in the JPEGPhoto field in the plist file and would have been lost otherwise).
  Of course, this solution might not apply to your specific problem, so please take care when you tamper with system settings via Single-User Mode.
  SOLUTION 4 using a TimeMachine Backup:
  If you have a backup with time machine, reinstall with original OSX DVD.
  For that type "C" when booting and hold until system boots from DVD.
  Go trough necessary steps, then when asked if you want to restore from a TimeMachine Backup, do so. Will take some hours depending on how big your TM backup is and what kind of interface you use (GBit Network, USB, Firewire etc).
  After that your system should be restored. However you proably have to update back again to the latest OSX update you were using with that TM backup, as OSX Mail will crash if it doesn't have that exact update environment. Example: your TM backup was done with 10.6.6., mail will crash often if you restore to 10.6.5...
  ATTENTION: there may be some side effects after a restore regarding external volumes, they could be locked out as your old user settings are gone...
  After restore I could not access two external drives on my system,
  1) a firewire 2TB Lacie drive that was "locked". I did not have the rights to access it, and CTRL+I and setting the permissions did not work. permissions were not stored. The OSX Harddisk tool also did not work because the "owner" of that drive could not be set.
  Solution: A tiny app called "BatChmod" saved the day, it allowed me "unlock" the permissions of that drive, without being a Unix superfreak knowing all the tweaks.
  http://www.macchampion.com/arbysoft/BatchMod/Download.html
  2) I could not access my TimeCapsule TM after restore to refresh the backup. Quite interesting because my system just had restored from that drive. The TimeMachine Volume was locked with that little "lock" symbol left of the volume symbol. CTRL+I and setting permissions did not work too... Within OSX Harddisk Tool a TimeCapsule does not show up so you can't fix permissions there either...
  Solution: With Airports TimeCapsule Manual Settings there is a option to delete the volume or folders on it. deleted the sparsebundle and voila the TC could be used again.
  If there are any other solutions that worked out for you to recover from lost logins/accounts, please post them here, and do not forget to notify apple about that bug at
  http://www.apple.com/feedback/macosx.html
  so that it hopefully finally get's fixed with 10.6.7... it seems to be around since 10.5..., emerged again with 10.6 SL, and now came back with 10.6.6. so that should have been quite a long time to fix it.
  Thx
  Chris
  Message was edited by: vertrider
  Message was edited by: vertrider

  this symptom caught me by surprise just the other day - luckily I had the root account enabled, which is not the default.  With the root account enabled, and an available Time Machine backup, recovery is really simple, straightforward and quick.
  For my situation, which may not be identical with those for all who may read this thread, the plist files which define for DirectoryService the users I have created, including my admin accounts, and the password hash files were deleted.
  if the root account is not enabled on your system, then I suppose you will have to go through either booting in Single User mode or from a System Install disk that will let you run the Terminal application.  However it is done, once you have the ability to write to the database directories, and access to a Time Machine backup, the recovery process is thus:
  Step 1. Verify that the user account home directories still exist, both for peace of mind and to determine whether this recovery method is appropriate for your situation.
  ls -l /Users/
  This should show account directories for all the users you have created in the past.  If not, then a restore of the user directories from a Time Machine backup, as well as the user DirectoryService files is indicated.  And, I would propose that the cause of your particular difficulties is other than most in this thread have experienced.
  also, just for fun, open the Accounts Preference Pane in the System Preferences, and see that none of your user accounts are listed.  What I found interesting is that the groups that I had created were still defined, it was just the user accounts that were deleted.
  Step 2.  now, for the meat of the recovery.  I recommend opening a pair of Terminal windows, one in which to look at the database directories, the other to look at the Time machine directories.
  in the "database" window, change directory to the user accounts area.  This is read-write-execute for root only, so if you are not able to cd to this directory, you'll need to wrap the commands in sudo.
  cd  /var/db/dslocal/nodes/Default/users/
  ls -l
  [non-root version of commands:  cd /var/db/dslocal/nodes/;  sudo ls -l Default/users/ ]
  the result should show a number of plist files, with many system users starting with an underscore, and only a few others:  daemon.plist, nobody.plist, root.plist
  Step 3. in  the "TimeMachine" window, change directory to the user accounts area from a recent backup, such as this one for my computer "Odin", backed up to TimeMachineDrive (this is a long path, not a two line entry):
  cd /Volumes/TimeMachineDrive/Backups.backupdb/Odin/2011-04-20-002126/Odin/var/db/d slocal/nodes/Default/users/
  then perform a directory listing:
  ls -l
  [non-root version of command is similar to that in Step 2, only need to get to the dslocal/nodes/ directory on the TimeMachine volume]
  you should see all the same plist files as in Step 2, along with the additional user accounts definitions for those accounts you originally created.
  to restore the definitions to your system, copy the missing plist files to the database directory used in Step 2. For a missing account file "test.plist", this would be:
  cp -X test.plist /var/db/dslocal/nodes/Default/users/
  [non-root version of command:  sudo cp -X Default/users/test.plist /var/db/dslocal/nodes/Default/users/ ]
  the command option "-X" keeps the extended attributes from being copied along with the file
  do the same for each missing plist file.
  Step 4. this step restarts DirectoryService, so it becomes aware of newly restored account definitions.
  killall HUP DirectoryService
  [non-root version:  sudo killall HUP DirectoryService ]
  note:  DirectoryService will recognize the new accounts after a reboot, even without the killall command being issued.  I just like to avoid unnecessary rebooting....
  now comes the fun part - open up the Accounts Preference Pane in the System Preferences, or close and reopen if already open, and voila, the missing accounts should all be shown again!  If you perform a listing of the /Users directory, you'll see the account names instead of UID numbers shown as owner of the account directories once again.
  ls -l /Users/
  Great!  ready to go, right?  Almost, but we have to fix the ability to log in for these accounts first, by restoring the shadow password hash files.
  Step 5. to restore the hash files, we need to know which ones belong to which account, and which directories to restore from and to.  So, in the 'database' window
  cd /var/db/shadow/hash/
  ls -l
  [non-root version:  cd /var/db/;  sudo ls -l shadow/hash/ ]
  in the "TimeMachine" window, assuming you are still in the var/db/dslocal/nodes/Default/users/ directory:
  cd ../../../shadow/hash/
  ls -l
  [non-root version, assumes you are in the var/db/ directory:  sudo ls -l shadow/hash/ ]
  you should see a bunch of files with filenames consisting of uppercase letters, numbers, and dashes.  To determine which file(s) belongs to which account, here is an example for the account "test":
  dscl . -read /Users/test GeneratedUID
  [non-root version:  same as root version of command ]
  result should look like:
  GeneratedUID: E7FBADC6-CFCB-4B31-88F9-BB6BD1FAEB52
  this long string identifies which hash file(s) belongs with the account "test"
  from the "TimeMachine" window, copy the hash file back to the system location:
  cp -X E7FBADC6-CFCB-4B31-88F9-BB6BD1FAEB52* /var/db/shadow/hash/
  [non-root version, all on one line: sudo cp -X shadow/hash/E7FBADC6-CFCB-4B31-88F9-BB6BD1FAEB52* /var/db/shadow/hash/ ]
  once this is completed for all the missing accounts, your system should be restored to exactly the condition it was in prior to the user accounts disappearing.
  in Solution 3 above, from illude, the file  /Library/Preferences/com.apple.preferences.accounts.plist is mentioned.  I believe this is a file that was generated in Mac OS X 10.4, and maybe 10.5.  I'm pretty sure that a clean fresh install of Mac OS X 10.6, on a new partition for example, will *not* have this file.  Therefore, it a) may not be present, and b) if present, may have contents that don't represent any accounts created since the installation of Snow Leopard on that machine.
  be that all as it may - I wish I'd found this thread topic when this first occurred for me. But since I managed a solution, I thought I'd share, in case anyone finds these methods useful.
  cheers,
  Roy

• Has anyone else encountered a situation where images suddenly gone missing?

  i've had files suddenly gone missing on me several times. i was so sure that this might be a bug but now i think it's user error. at least my error.
  a few times i wanted to delete one image and then found that several other images disappeared on me. here i realize that i forgot to deselect all of the other images before deleting the one image i intend to delete.
  another time for some unexplained reason, so it seemed, several images disappeared on me. poof! i couldn't find them anywhere, but i didn't think to look in the Rejected library. later on i realize that i've pressed the zero key by mistake while the images were selected. the zero key rejects the images and placed them in the Rejected library. i've found some of my missing images in this library. phew!
  for those of you who have some missing images, and haven't taken a look inside your Rejected library, take a look and maybe you'll find some of your missing images in there.
  dual 2.7 ghz powerpc g5   Mac OS X (10.4.6)   8 gb ram, xt800 card.

  You might just need to clear your search by selecting
  the "x" in the search field.
  Not quite the same as going into the search field and changing the rating slider and selection to show only deleted as by just clearing the search field does not change the slider rating and you'll still not see the rejected files.

• Anyone know why uploads contacts disappear from the iPhone 5? Half of my number is suddenly gone, and this happens over and over again? Kata-*******-stroff! Grateful for answers?

  IPHONE 5
  Anyone know why uploads contacts disappear from the iPhone 5?
  Half of my number is suddenly gone, and this happens over and over again?
  Kata-*******-stroff! Grateful for answers?

  do you sync your contacts with an application in your computer? or use iCloud?
  I can't tell you why the contacts disappear but you can get them back without much hassle by syncing through iTunes with your computer.
  do you regularly make backups?  if so, you can restore your iPhone using the backups and get your contacts back in your iPhone.
  It is strange that half of your contacts are gone over and over again.  Do you have Groups that are unchecked in your iPhone?  If so, the contacts in those groups will not appear in your contacts list but they are in your iPhone and be recovered by re-checking the group name.

• Sharing Only Accounts don't show in Users & Groups

  Hi,
  I've done a fresh install of Maverick yesterday.
  And I created a "Sharing Only" account so I can access my iMac from another PC (so it doesn't show up at logon time)
  When I went back in Users and Groups this morning, my newly "Sharing Only" account had gone.
  So I thought I'd forgotten it and tried to create it again: to my surprise at creation time, Mac OS reports: "Name is used by another user", when in fact it's not listed in the left sidebar (I can only see my accout and the guest account)
  I tried the same with a "Standard user" and all is fine.
  I tried with a second "Sharing Only" account and it disappeared too (after a logoff)
  I've found this article: http://support.apple.com/kb/TS4404 but I don't wanna screw up my fresh install
  Can anyone help?

  here also the same ... totally fresh out of the box Mac Mini with update to 10.9.2 ... create a share only user called "conf_share", add this user to a existing share ... go back to the User & Groups and paaaaaaaaaaaaaaaaaaaaaaaahhh it's disappear (but still existing of course)
  I found this "hint" but this is only usefull if you want to delete this user without going crazy... this hint will convert the sharing only user to a standard user
  Just type the following two commands in terminal:
  Quit and reopen System preferences and the sharing account will show up:
  sudo dscl . create /Users/root GeneratedUID FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000
  and then:
  sudo dscl . create /Users/accountname UserShell /bin/bash
  Replace "accountname" in the commands above with the missing account name.

• Planner provisioning for user groups lost in Shared services

  Hi All,
  Everything was fine. All of a sudden, no users were able to login in to planning.
  On investigation it was found that all the planner/planning provision to the groups is lost in the shared services.
  Digged into log for a while and couldnt find out any issues.
  What could be the reason we lost user group security provisioning only to planning?
  Could anyone please help on this?
  Regards,
  GG

  I used to have same experience every time migration happens from dev to UAT or prod etc.
  After migration, registering with shared service will be successful. When i try to sync, migrate user identities (provisionusers.cmd) from shared service all user group info vanishes in planning (Add/Edit access page). i.e hsp_access_control table is truncated or all rows are dropped.
  Then i have to set it up correctly. Guess this happens because usergroups have different id between different environments. When sync'g planning at target, it will not be able to recognize the wrong usergroup id of source system.
  My assumption:
  When provisionusers.cmd is run, planning fetches the usergroup provisioning information from shared services in to hsp_access_control planning repository table. could someone confirm the same?
  Is there any other way to overcome this issue recurring on every time migration happens?
  But the problem today was different: the provisioning is lost in the shared services itself which i havent witnessed so far. We didnt migrate recently, everything was file till 8 AM, but screwed around 8.10 AM. everything was up and running.
  Cheers,
  GG

• Database Account and User Groups

  Hello,
  Currently, I am using DATABASE ACCOUNT for an authentication scheme for all of my applications but, I would like to setup User Groups as well to limit users to thier prospective pages and/or objects within the application for easy maintenance of users. I have read that, in order to apply user groups in an application, you must use APPLICATON EXPRESS ACCOUNT credentials.
  Another developer has modified the "APEX_ACCESS_CONTROL" table with an additional column(s) that would allow access to specific pages. I am not sure if this is good practice to modify Apex tables.
  Is there a way to create user groups while using DATABASE ACCOUNT for authentication? What is the best practice in a case like this?
  Can anyone please shed some light on this? Thanks.
  - Dee

  Dee,
  I would like to setup User Groups as well to limit users to thier prospective pages and/or objects within the application for easy maintenance of users.I'm not clear on what your purpose is, just runtime authorization, or something more?
  Another developer has modified the "APEX_ACCESS_CONTROL" table with an additional column(s) that would allow access to specific pages. I am not sure if this is good practice to modify Apex tables.Those tables belong to your application's parsing schema and they are accessed only by code in applications you develop. The Application Express machinery knows nothing about them.
  Is there a way to create user groups while using DATABASE ACCOUNT for authentication?You can create your own tables to define groups and to keep track of which named accounts belong to which groups. And you can write an API for applications to use to query this information and to maintain it from custom applications built for that purpose.
  All

• Access control for different user groups in APEX 4.0

  Hi guys,
  in Apex 4.0, is there any way to use the access control page to configure access control for different user groups?
  The access control page currently only has an access control list by users with 3 privileges namely, Administrator, Edit & View where Administrator has the highest access level & View the lowest. Therefore 1 user cannot have more than 1 different privilege, however if the user belongs to 2 or more different groups then we can control what access he can have in a more fine grained manner. We also want to have more than the 3 privileges given.
  Can we assign different groups to different users and let them have different privileges to be configured by page, region, process or item level?
  Now Apex will create 2 tables, Apex_Access_Control & Apex_Access_Setup to store the application access control mode & access control list. It will also create 3 authorization schemes "access control - administrator", "access control - edit" & "access control - view" based on the 2 tables.
  Does this mean we have to change the table structures & edit the authorization schemes to suit our usage? We are reluctant to do this because if we upgrade to a newer version of Apex then we would have to merge our pl/sql coding with Apex's updated code.
  How can we auto-configure more than the 3 authorization schemes in the access control page? Is there any way to achieve a finer grain of access control based on the current access control administration page given by Apex without writing it ourselves?
  We are afraid that we may have missed something on Apex access control & do not want to reinvent the wheel.

  Hi Errol,
  to build your own application authorization scheme around the security model supplied by Apex for administration of the Apex environment would be a bad idea.
  This was never intended for authorization scheme management in custom built Apex applications, it was solely intended to control access in the Apex environment overall. The API for it is not published, and making changes to it, such as adding more roles, would run the risk of breaking the overall Apex security model. It would not be supported by Oracle and Oracle would not guarantee the upwards compatibility of any changes you make in future versions of Apex.
  In short, you should follow Tyson's advice and build your own structure. As he indicated, there are plenty of examples around and provided your requirements are not too complicated, it will be relatively simple.
  Regards
  Andre