Can I grant permission to write in specific attributes using security groups

Similar Messages

• Users assigned directly to a SharePoint group can access a site if a user is in a security group that is a member of the SharePoint group, it doesn't work

  I recently installed SharePoint 2013 SP1 and thus far all seems to be going well. I do have one issue concerning permissions to a team site I have created:
  1. If  add a user User1 only to a SharePoint group that has edit permissions to the site, that user can log in successfully.
  2. If  add a user User1 only to a security group that is a member of the aforementioned SharePoint group, the  user gets "the site has not been shared with you. The security group is a global SG, though I tried changing it to universal 
  but that did not help
   I have tried updating the SPSecurityTokenServiceConfig  as briefly described at this link:
  http://macaalay.com/2014/05/27/active-directory-groups-and-access-denied-in-sharepoint-2013/.  I performed the steps and it did not work. I also
  tried rebooting the server after that, and that did not work either.  any thoughts?
  Thanks in advance for your help

  Hi,
  I tested the issue on SharePoint server 2013 without sp installed. It worked and I used global security group. I will test the issue on SharePoint 2013 sp1 later, and please provide more information to narrow down the issue.
  Please go to site settings > site permissions > check permission, type in domain\user1, and post the result here.
  If the user has been granted permission, please try logging on another machine to test if Windows credential casues the issue.
  Did the issue occur to one site collection? Please test on other sites or web applications?
  Please create new user to test the issue again.
  Regards,
  Rebecca Tu
  TechNet Community Support

• How to delegate the users creation permission on OU in active directory using security tab

  hi expert,
  I trying to give user creation permission to a security group on OU using security tab. I have given the following permission :-
  1. Object tab --->  Applies to = this object and all descedent objects ---> permission = User creation object 
  but this is not working. User from this security group are not able to create users. getting permisson related error.
  Please suggest.
  Thanks

  I trying to give user creation permission to a security group on OU using security tab. I have given the following permission :-
  1. Object tab --->  Applies to = this object and all descedent objects ---> permission = User creation object 
  but this is not working. User from this security group are not able to create users. getting permisson related error.
  this isn't really related to GP at all, it's a question for a DS forum:
  https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS
  You need to grant additional permissions - user creation is not enough, on it's own...
  Why not use the Delegation of Control Wizard?
  http://technet.microsoft.com/en-au/library/cc732524.aspx
  http://www.howtogeek.com/50166/using-the-delegation-of-control-wizard-to-assign-permissions-in-server-2008/
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Using security groups to grant Full Mailbox Permissions

  Hi, I've of course found several articles discussing granting full mailbox permissions to universal security groups in Exchange 2010, however, most of them are outdated and provide contradicting information.
  So I figured I'd ask here to generate a more 'current' discussion of this and get the real answers.
  If I do the following:
  1. Create a shared mailbox
  2. Create a Universal Security group (USG)
  3. Add User X to the USG
  4. Grant the USG Full Access Permissions to the shared mailbox
  Q1: Will the shared mailbox automatically show up in User X's mailbox? I've read posts/articles claiming both NO and YES to this question. Some say you have to still go through the 'open additional mailboxes' setting in Outlook.
  Q2: According to the below thread, this is actually still a bug in Exchange 2010 in that when you assign Full Access to a Universal Group, it is supposed to auto-populate, but doesn't. Further, there are claims that USG replication takes a good 12-24 hours
  before showing up in the user's Outlook. Some say you actually need to restart the Information Store before it will take affect. This is in stark contrast to granting full access to an individual user account, which takes affect immediately.
  So what is the real truth here when using USGs to grant Full Access?
  https://social.technet.microsoft.com/Forums/exchange/en-US/9840fd13-daf8-45aa-ab35-4a827f1ba1e0/exchange-2010-unable-to-assign-full-access-permissions-using-a-security-group?forum=exchangesvrgenerallegacy
  Thanks,

  Hi squishmike,
  Thank you for your question.
  Q1: Will the shared mailbox automatically show up in User X's mailbox? I've read posts/articles claiming both NO and YES to this question. Some say you have to still go through the 'open additional mailboxes' setting in Outlook.
  A: By my testing, we still go through the ‘open addition mailbox’ setting in outlook when we open outlook with new profile.
  Q2: According to the below thread, this is actually still a bug in Exchange 2010 in that when you assign Full Access to a Universal Group, it is supposed to auto-populate, but doesn't. Further, there are claims that USG replication takes a good 12-24
  hours before showing up in the user's Outlook. Some say you actually need to restart the Information Store before it will take affect. This is in stark contrast to granting full access to an individual user account, which takes affect immediately. 
  So what is the real truth here when using USGs to grant Full Access?
  A: Question 1 has been answered it. It will show share mailbox by ‘open additional mailbox’, we will add shared mailbox manually.
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim

• Specific layout using Work Groups (Windows Server 2012 R2)

  I'm running Windows Server 2012 R2 in my company and we're interested in using the new Work Groups feature for a specific layout.
  We currently have a shared folder with our personal work folders inside, to which only each respective user has access to. Then we have a public folder for all the people in the company to share files freely. 
  So what do we want? We want to have a local folder that synchs with our server folder and to which only each of us has access. We also want each of the work folders to be encrypted. What's my problem? I haven't understood too much about the new
  feature yet. So far the feature is installed but it seems to me it can only be applied to one network folder (workgroup) entirely at a time. I want to sync each folder INSIDE the workgroup with the same number of local folder, and password-protect both.
  How can this be done?

  Hi,
  Did you check this article?
  Introducing Work Folders on Windows Server 2012 R2
  http://blogs.technet.com/b/filecab/archive/2013/07/10/introducing-work-folders-on-windows-server-2012-r2.aspx
  Regards.
  Vivian Wang

• Grant permission through dynamic parameters entered by user through web app

  This is my code.
  f1=request.getParameter("URL");
  out.println("parameter f1 ===>"+f1);//user name
  f2=request.getParameter("URL1");
  out.println("parameter f2 ===>"+f2);//table name
  f3=request.getParameter("URL2");
  out.println("parameter f3 ===>"+f3);//privilege name
  sql="GRANT f3 to \"" + f1 + "\""+"on \""+f2+"\"";
  st= con.createStatement();
  st.execute(sql);
  out.println("grant succeeded");
  it is giving error that invalid SQL query.please help in writing this code.Any other method for giving dynamic SQL query for granting permission.

  Welcome to the forum!
  >
  Any other method for giving dynamic SQL query for granting permission.
  >
  You should NOT be using dynamic SQL for issuing grants. Security is something that should be taken seriously and grants should ONLY be given to users that need the permission. The necessary grants should be created and reviewed BEFORE they are executed.
  Best practices are to create scripts containing your DDL and place those scripts in a version control system.
  The scripts can then be executed in sql*plus, sql developer or another tool and the results reviewed to ensure that they executed properly.
  If dynamic SQL is needed you:
  1. create a sql statement manually and test it to make sure it works properly
  2. create the code to assemble similar statements and VIEW the output DDL to make sure that it is valid
  3. add exception handling and security handling to the code so that is can only be used for the intended operations and is not subject to SQL injection.
  4. manually execute the DDL produced by the code to make sure there are no syntax errors.
  Clearly you did not even test your SQL before trying to write code to produce it or you would have known your syntax is invalid.
  >
  sql="GRANT f3 to \"" + f1 + "\""+"on \""f2"\"";
  >
  >
  it is giving error that invalid SQL query.
  >
  Of course it is. That code might try to produce the equivalent of:
  GRANT select to "scott" on "hr.employees";There are SEVERAL errors in that code.
  1. You are enclosing the SCHEMA in double-quotes. That means the actual user name will be treated as case-sensitive. So if someone provides 'scott' it will be considered lower-case. There is NO user "scott" in Oracle unless you created that user yourself and used double-qoutes to preserve the case.
  ALL of the schemas created by Oracle, and most users, are UPPER case. So your code will not find any name if the user supplies a LOWER case or mixed-case value.
  2. You are enclosing the target schema and object name in double quotes. There are two things wrong. The same case issue applies again. And the string "hr.employees" will be treated as ONE value. The proper way to quote such a value is:
  "HR"."EMPLOYEES"3. You have the DDL components in the wrong order, hence it is invalid. The ON clause comes BEFORE the target schema.
  GRANT select to on hr.employees to scott;See the SQL Language doc for the GRANT statement
  http://docs.oracle.com/cd/B28359_01/server.111/b28286/statements_9013.htm
  All of the issues you have demonstrate why you should NOT be using dynamic SQL to do DDL. You don't understand the syntax so you can't write code to implement that syntax.
  The syntax is much more complex than the siimple code you are trying to use.
  Grant statements often need to include "SCHEMA.OBJECT" syntax and your code makes no provision for that.
  DDL needs to be tightly controlled and doing it in code can create huge, gaping security holes.
  Abandon your method and use prepared scripts for the DDL commands you need to execute.

• ATTN Java Gurus: udf.policy - Unable to Grant Read,Write to Specific File

  NOTE: A correct answer to this question will receive the rarely used OTN 25pt <font color="silver" size="3" face="script">Platinum Star</font><font color="silver" size="4" face="script"> &#9733;</font> *
  Essbase 9.3.1
  Using a Java CDF that reads and writes to a file
  I'm trying to grant permission to a specific file in the file system by granting permission in the udf.policy file.
  When I uncomment the line permission java.security.AllPermission; the CDF works fine and interacts with the file correctly. This is just to prove that the CDF works, I need to tighten this up to a single file. I stop and start the app after each edit.(I've also tried bouncing the Essbase server too)
  When I use the following, I get an exception, shown below. Nothing of consequence is being written to the app or essbase logs
  grant {
    permission java.io.FilePermission "C:/test/essbase/CalcProfile.db", "write, read";
  };java.security.AccessControlException: access denied (java.io.FilePermission C:\esstest\Server\PlugIns\Essbase read)
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
       at java.security.AccessController.checkPermission(AccessController.java:546)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
       at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
       at com.hyperion.essbase.calculator.ESecurityManager.checkRead(ESecurityManager.java:80)
       at java.io.File.exists(File.java:731)
       at org.sqlite.Conn.open(Conn.java:98)
       at org.sqlite.Conn.<init>(Conn.java:57)
       at org.sqlite.JDBC.createConnection(JDBC.java:77)
       at org.sqlite.JDBC.connect(JDBC.java:64)
       at java.sql.DriverManager.getConnection(DriverManager.java:582)
       at java.sql.DriverManager.getConnection(DriverManager.java:207)
       at com.accelatis.essbase.calcprofile.cdf.CalcComment.calcComment(CalcComment.java:16)
  >
  I've tried creating the policy using PolicyTool, same result. However, I have no idea what or if I should put in the "CodeBase" field.
  Has anyone had success creating read & write permissions to a single file using the udf.policy file? What is the magic syntax?
  Regards,
  Robb Salzmann
  * <font face="small" size=".2em" color="silver">right after the platinum star award is created</font>

  Hi Robb,
  Never heard of the OTN 25pt Platinum Star award... It sounds appetizing, but I know I won't get it since I've got no Java experience. :)
  I was just gonna ask if you've thought about posting the same question on one of the Java forums?
  https://forums.oracle.com/forums/category.jspa?categoryID=285
  Cheers,
  Mehmet

• How do I change the color of font in a fillable form in Adobe Reader? How can I check if the writer of the document has given permission to edit color and not just add text?

  How do I change the color of font in a fillable form in Adobe Reader? How can I check if the writer of the document has given permission to edit color and not just add text? Please help! I'm technologically challenged.

  Most forms (99% or more) are created for simple text input, where you cannot change anything.
  The creator of the form could allow Rich Text input (which allows you to change font, text size, color, etc.), but frankly I have never seen such a form, and I wouldn't know how they look.  But I'm sure they would show some kind of controls to alter the text appearance.

• How can I correct the error Write Permission Open so that I can finalize a project in I Movie?

  How can I correct the error Write Permission Open so that I can finalize a project in I Movie?

  Post in the iMovie forum.

• Imoive : can not open new projects and kept pop up "you have permission to write projects" . plz help~!

  New mac mini OS X Lion
  I have problem with Imoive. When I try to open new projects for imovie....
  Imovie can not create new projects and message pops up "Please check there is enough space or you have permission to write new projects".
  I have no clue and Disk has more than 300GB now.
  Can anyone help me....?

  I found a similar problem and the instructions said to check a permission box in the "Get Info" tab.
  This applies only when the Library is on an external drive. You cannot ignore permissions on the system drive.
  I was deleting files trying to make space on my hard drive
  What were you deleting?
  and noticed as I was deleting files more data was being added to the iPhoto Library.
  Hard to see how deleting files can add data to the iPhoto Library. Can you explain why you thought this?
  I would really like to keep these pictures.
  Make a back up now.
  Most Simple Back Up:
  Drag the iPhoto Library from your Pictures Folder to another Disk. This will make a copy on that disk.
  Slightly more complex: Use an app that will do incremental back ups. This is a very good way to work. The first time you run the back up the app will make a complete copy of the Library. Thereafter it will update the back up with the changes you have made. That makes subsequent back ups much faster. Many of these apps also have scheduling capabilities: So set it up and it will do the back up automatically.
  Example of such apps: Chronosync - but there are many others. Search on MacUpdate or the App Store

• No permission to write files from applets

  Dear All,
  I wrote one applet for displaying a live video and able to capture a single frame and cine loops. It's working properly.
  Now i plug in this applet into my .jsp page. After this I'm facing so many problems.Initially i can't able to store anything
  from my applet (after plug in to .jsp). So i edit the java.policy file. Now i can store the single frames captured via my applet. But I'm not able to store the cine loops.
  _Following is my java.policy file contents,_
  grant codeBase "file:${{java.ext.dirs}}/*" {
       permission java.security.AllPermission;
  grant {
       permission java.lang.RuntimePermission "stopThread";     
       permission java.net.SocketPermission "localhost:1024-", "listen";
       permission java.util.PropertyPermission "java.version", "read";
       permission java.util.PropertyPermission "java.vendor", "read";
       permission java.util.PropertyPermission "java.vendor.url", "read";
       permission java.util.PropertyPermission "java.class.version", "read";
       permission java.util.PropertyPermission "os.name", "read";
       permission java.util.PropertyPermission "os.version", "read";
       permission java.util.PropertyPermission "os.arch", "read";
       permission java.util.PropertyPermission "file.separator", "read";
       permission java.util.PropertyPermission "path.separator", "read";
       permission java.util.PropertyPermission "line.separator", "read";
       permission java.util.PropertyPermission "java.specification.version", "read";
       permission java.util.PropertyPermission "java.specification.vendor", "read";
       permission java.util.PropertyPermission "java.specification.name", "read";
       permission java.util.PropertyPermission "java.vm.specification.version", "read";
       permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
       permission java.util.PropertyPermission "java.vm.specification.name", "read";
       permission java.util.PropertyPermission "java.vm.version", "read";
       permission java.util.PropertyPermission "java.vm.vendor", "read";
       permission java.util.PropertyPermission "java.vm.name", "read";
       permission java.lang.RuntimePermission "accessClassInPackage.sun.jdbc.odbc";
       permission java.util.PropertyPermission "file.encoding", "read";
            <security>
       <all-permissions/>
       </security>
  grant codeBase "file:/D:/Raja/Java/MyProject/AppletEx/build/web/WEB-INF/classes/-" {
  permission java.io.FilePermission "<<ALL FILES>>", "read";
  permission java.io.FilePermission "<<ALL FILES>>", "write";
  I can also sing my applet (self certified). But the problem is not solved.
  In my log file i found the following is preventing to write the files.
  com.sun.media.JMFSecurityManager.checkFileSave(JMFSecurityManager.java:250)
  Can anyone help me to solve this issue..
  Regards
  ChennaiBee.

  To access files (read and write) from an applet, the applet needs to be signed.
  There is a forum here to discuss signed applets:
  http://forum.java.sun.com/forum.jspa?forumID=63
  These instructions (in Part III) for signing applets work:
  http://java.sun.com/javase/6/docs/technotes/guides/plugin/developer_guide/contents.html

• Grant Permission in Applet

  I am writing an applet which needed to read and write files with user's local machine, so i need to grant the permissions.
  It seem the only way to grant the permissions for applets is needed user have some manually setup before running the applet. (Either modify the security policy
  file or and add trust cert. ).
  but i see some applets in the web and grant permission by a pop-up dialog
  and user only need to answer "yes" or "no". how can they do this? is this supported by Java Plug-in? and How can i do it ??

  Without policy file in your own class you can do this (i think NS only):
  (import netscape.security.PrivilegeManager;)
  try {
                 PrivilegeManager.enablePrivilege("UniversalLinkAccess");
                 System.out.println("\tUniversalLinkAccess Success!");
                 PrivilegeManager.enablePrivilege("UniversalPropertyWrite");
                 System.out.println("\tUniversalPropertyWrite Success!");
                 PrivilegeManager.enablePrivilege("UniversalPropertyRead");
                 System.out.println("\tUniversalPropertyRead Success!");
            } catch (netscape.security.ForbiddenTargetException e) {
                 System.out.println(
                      "\tFailed! Permission to read system properties denied by user.");
            } catch (Exception e) {
                 System.out.println("\tFailed! Unknown exception while enabling     privilege.");
                 e.printStackTrace(System.out);
            }

• Granting an admin write permissions on admin shares through GPO

  Hello,
  I am currently faced with the challenge of domain admins not being able to write to a folder on the C: drive through admin share. We have an application that requires write permissions on the Windows folder in C: but each time the admin account assigned
  for this task tries to write to the Windows folder, an access denied error pops up or the "you do not have permission" error.
  Please note that the domain admin is a member of the local admins on all machines in the network too but still fails to write on the specified folder and generally drive C:
  How can I grant this domain admin account to have the write permissions please. Anyone?
  Thanks

  Hi,
  If a user account belong to local Administrators account, when only Administrators group has permission on a folder, all admins except Administrator account will not have permission to access it.
  This is because all accounts in local Administrators group are working as standard accounts. When an Administrator action need to be performed, a prompt will occurs for permission to promote to admin permission. As only Administartors group has permission on
  a folder and the account we are using is working like a standard account, we will be denied from accessing.
  A workaround is to create a new group for all admins and give the group enough permission for accessing the target folder.
  Or you could run all accounts in Administartors group in Admin mode. See this article:
  UAC Group Policy Settings and Registry Key Settings
  http://technet.microsoft.com/en-us/library/dd835564(WS.10).aspx
  If you have any feedback on our support, please send to [email protected]

• IMovie import trouble. "The import was cancelled. You may not have permission to write to ..."

  I recently purchased a Sony Handyman camcorder and just attempted to import a test video. A window popped up with the message  "The import was cancelled. You may not have permission to write to ..." I am not super tech-savy, so please explain how to remedy this with very simple and specific directions. Thank you.

  OK then you must have imovie 9 or earlier.
  Is your camcorder listed as supported by iMovie 9?  see:  http://help.apple.com/imovie/cameras/en/index.html?lang=en_US
  Can you transfer your clips from the camcorder to your hard disk using Finder then transfer these to iMovie as a second step.
  Geoff

• Grant permission within code

  Hi, guys,
  I have to modify the java.policy file before I run my applet for the first time.
  How can I grant permissions from within my code rather
  than manually editing the file (I don't want the client to do anything other than run my applet).
  Anybody can help? Thank you in advance.
  Janet

  Hi, guys,
  I have to modify the java.policy file before I run my
  applet for the first time.
  How can I grant permissions from within my code
  rather
  than manually editing the file (I don't want the
  client to do anything other than run my applet).
  Anybody can help? Thank you in advance.
  Janet
  What you can do for a file permission:
  FilePermission p = new FilePermission("/tmp/*", "read, write");
  You can find out yourself other types of permissions,right?
  To get the policy:
  Policy currentPolicy = Policy.getPolicy();
  To find out all the permissions:
  cPermissionCollection permissions = currentPolicy.getPermissions(codeBase);
  In fact, each class has a protetion domain, an object that encapsulates both the code source and the collection of permissions of the class. Teh getProtectionDomain method of the "Class" class returns that domain:
  ProtectionDomain domain = anObject.getClass().getProtetionDomain();
  Have fun.
  Burt