CC Team. Need to change permissions for users

Similar Messages

• When I purchase my iPad I was working for McDonald's and my user ID was my McDonald's email address , I donot work for them now. I need to change my iPad user ID and I don't remember my password for the old user ID

  When I purchae my iPad, my user ID was set up as my email address, now I am not working for the company and my user ID is not working. I need to change my iPad user ID

  You could go to settings/itunes & app store, tap on the ID and then log out.  Tap on create new ID and do that and then log in with that ID.  You would need to turn off  imessage and facetime and turn them back on and activate them with the new ID.  You will need to delete the icloud account save any contents to the device and create a new account.  Remember that all purchases are linked to the old ID and can only be updated etc with that ID

• Export and import change document for user master data

  Dear Gurus,
  I have two queries on change document for user master data:
  1. Are there any approaches to export and import change document for user master data?
  We often do system copy from PRD to QAS for UAT and troubleshooting. Before system copy we export the user master data from QAS and then import after the copy process. We would like to keep the change document for user master data on QAS from being refreshed from PRD for security reason.
  2. Change document for Role change in QAS
  When the role is created or modified in DEV and then transported to QAS, the role change document doen't include this change log. The role change document in QAS only records those role changes directly made in QAS.
  Could you advise this is by SAP design or are there any approaches to record this transported role change  in the role change document in QAS?
  Thanks
  YBY

  1. Perhaps you want to consider a system copy to a "virtual system" for UAT?
  2. Changes in QAS (as with PROD as well) will give you the delta. They should ideally be clean... You need to check the source system.
  Another option is to generate the profiles in the target system. But for that your config has to be sqeaky clean and in sync, including very well maintained and sync'ed Su24 data.
  Cheers,
  Julius

• Change permissions for UME repository

  Dear friends,
         Is it possible to change permissions for the ume repository. By default, it has "Allow" permission for List Children and Read properties. I dont see any options to change permissions under Settings -> permissions. Does anyone here in this forum knows how can I achieve the same? I am actually trying to index the ume repository and the crawler fails. I was wondering if the repository needed to have a full control. So, I am trying to change the permissions.
  We are on EP6 SP13 (all components)
  Any help is appreciated,
  Thanks,
  Mandar

  Hello experts,
  any ideas?
  I need aswell to change the permission in the UME repository...
  Thanks in advance!
  Greets
  Thomas

• FM for Change Documents For User

  Hi all,
  We need a Function Module for tracking the changes of a user account. Is there any function encapsulating the functionality supplied by SU01 -> Information -> Change Documents for User?
  thanks,
  - ferudun

  Hi
      Try this BAPIs
  BAPI_USER_LOCPROFILES_READ
  BAPI_USER_GET_DETAIL
  Regards
  Bala Krishna

• Insufficient SQL database permissions for user 'Name: NT AUTHORITY\IUSR SID: S-1-5-17...

  Hi,
  I have a customized SharePoint page that takes user input data, validate some of the data, then writes the data to a SharePoint list. If an exception occurs, it will write the error to the ULS.
  All was working well in the test environments.
  However, recently we noticed that in the QA environment, when it's trying to write to ULS, it causes another issue:
  Insufficient SQL database permissions for user 'Name: NT AUTHORITY\IUSR SID: S-1-5-17 ImpersonationLevel: Impersonation' in database 'SP_F1_Config' on SQL Server instance 'SQL01'. Additional error information from SQL Server is included below. The EXECUTE
  permission was denied on the object 'proc_putObjectTVP', database 'SP_F1_Config', schema 'dbo'.
  I've traced through the code and found that it fails on the line:
      SPDiagnosticsServiceBase.GetLocal<LoggerError>();
  where LoggerError is the logger class inheritng SPDiagnosticsServiceBase
  I have also googled around today, but the most positive solution provided
  on this page was to manually modify SQL object permission, which I believe we should not do, and would not be supported by Microsoft.
  So the questions are:
  Why is AUTHORITY\IUSER used for SPDiagnosticsServiceBase.GetLocal()? Should that account actually be allowed to access SharePoint databases? (This is an intranet environment and using claim based/Windows authentication, no no anonymous access would be allowed
  anyway).
  I've checked the Application Pool account permissions in SQL, comparing the environment that works and the one that doesn't work, and the permissions/roles/schemas look identical on server and database level. Where else can I check?
  On the environment that works, I logged on as SharePoint administrator, created a new SharePoint Visual Web Part solution in Visual Studio, just to test writing to ULS. Then I press F5 in Visual Studio to debug it. It also has the same problem.
  It just seems like somehow the user's identity (or whatever the identity SharePoint required) was not passed to SPDiagnosticsServiceBase.
  Any suggestions, or even better, solutions would be really really much appreciated!

  Hi，
  Thanks for your sharing, it will be userful to the people who stuck with the same issue.
  Best regards
  Patrick Liang
  TechNet Community Support

• I have 2 point security for AppleID. My iPhone 4S is listed as my trusted phone to text. No tel. no. is given. I am updating to iPhone 6Plus with same tel. no. Do I need to change anything for the sign in verification?

  I have 2 point security for AppleID. My iPhone 4S is listed as my trusted phone to text. No tel. no. is given. I am updating to iPhone 6Plus with same tel. no. Do I need to change anything for the sign in verification?

  Of course You can also add your iPhone telephone # as a trusted device.
  This way when you insert your SIM card into any phone, Apple will automatically recognize your cell phone # as a
  trusted device (may be handy if iphone breaks but you insert SIM card into another phone).
  HOWEVER:
  Having also your iPhone as a trusted device, is convenient if you travel and use a different SIM card
  at destination. This way you can still use the iphone for verification, even though you are using a different
  phone #.
  Regards

• Search account got - Insufficient sql database permissions for user. EXECUTE permission was denied on the object proc_Gettimerrunningjobs

  Dear all,
  I am troubleshooting a critical error showed up on Event log.  It said:
  Insufficient sql database permissions for user 'Name:domain\wss_search ....... EXECUTE permission was denied on the object 'proc_GetTimerRunningJobs', database 'SharePoint_Config', schema 'dbo'
  domain\wss_search is the default content access account. According to
  http://technet.microsoft.com/en-us/library/cc678863.aspx I should not grant it the Farm Administrators permission.
  In the Search Center I am able to search out documents as expected so I think the search service is fine.   However I have no clue why this account is trying to access 'proc_GetTimerRunningJobs'.
  Mark

  Hi Mark,
  This issue was caused by the search account’s permission. For resolving your issue, please do as the followings:
  Expand your SharePoint Configuration database 'SharePoint_Config' and navigate to ‘proc_GetTimerRunningJobs’ under Programmability ->Stored Procedures
  Right-click proc_GetTimerRunningJobs and choose Properties
  Click on Permission on the left launch
  Select the Search button and browse for ‘WSS_Content_Application_Pools’
  Provide ‘Execute’ permissions for ‘WSS_Content_Application_Pools’
  Click OK
  Here are some similar posts for you to take a look at:
  http://adammcewen.wordpress.com/2013/03/01/execute-permission-denied-on-sharepoint-config-db/
  http://technet.microsoft.com/en-us/library/ee513067(v=office.14).aspx
  I hope this helps.
  Thanks,
  Wendy
  Wendy Li
  TechNet Community Support

• Changing permissions for _QTSS user

  Trying to change my streaming media directory from the default to another hard disk. Apparently I need to make the internal user qtss the owner of that directory, but am unable to do so. It does not appear in list of users when I try to change permissions on the new streaming folder. Unable to change it using get info, workgroup manager or even chmod. We are using an external active dir and only those users show up. Any idea how to do this?

  Found the same trouble.
  Try XRay. This utility allow easily change permissions via GUI interface.

• Table to look for change documents for users

  Hi friends,
  Is there any standard table to look for change documents for a user?change document through SUIM does not give the correct log.
  Thanks for you support.

  Julius
  Looking at another of Tracy's other post (http://scn.sap.com/thread/3598947) she's trying to use ACL. Hence needing to know the tables to write joins/queries to hit tables within ACL
  I've seen ACL used and have had the fun experience of Auditors using Google to find tables to perform checks on without context of what has actually been implemented in their particular system.
  Regards
  Colleen

• I Changed permissions for every enclosed folder in my Library (not Home)

  I wanted to change permissions on a fiie in my root Library (not Home Library) and clicked apply to enclosed items for the entire Library folder. Once I realized what happened (after the fact) I tried to repair permissions but things aren't working right obviously. I have a backup of the Library on my Time Machine drive that is before the snafu.
  Is is possible to restore just this Library folder, and if I restored just this folder using Time Machine would it also restore the permissions as they were before I screwed up.
  I'm backing up the altered Library folder to another drive just to be safe if I do need to restore.
  Always learning,
  Thanks
  Message was edited by: Thor Stevens

  Thor Stevens wrote:
  I wanted to change permissions on a fiie in my root Library (not Home Library) and clicked apply to enclosed items for the entire Library folder. Once I realized what happened (after the fact) I tried to repair permissions but things aren't working right obviously. I have a backup of the Library on my Time Machine drive that is before the snafu.
  Is is possible to restore just this Library folder, and if I restored just this folder using Time Machine would it also restore the permissions as they were before I screwed up.
  no, that's not possible because many of those items are in use while you are booted normally. you need to do a full system restore from TM from before you did this. from your last post you seem to be doing just that. and in the future NEVER ever use "apply to enclosed items" on ANY system created folders. that applies btw to things like your home folder, the library in your home folder, your desktop folder etc. use it only on folders you made yourself. apart from messing up permissions on system files like those in the root library, many system created folders like your home folder have hidden ACLs and using 'apply to enclosed items" propagates those ACLs to everything inside.
  I'm backing up the altered Library folder to another drive just to be safe if I do need to restore.
  Always learning,
  Thanks
  Message was edited by: Thor Stevens

• Changing permissions for /home

  Hi,
  I have a problem with my /home directory. It has no write permissions and I can't change that. The owner of the directory is root but even if login as root I can't change the permissions for the /home directory. When looking at the properties for the /home directory in the File Manager it says that the file is a NON_WRITABLE_FOLDER. When trying to remove the directory I get a message saying that the "Directory is a mount point or in use".
  Does anyone know what I have to do to be able to change the permissions of the /home directory.
  Thankful for all help!
  /Johan

  Hi,
  It seems to be /home directory is a NFS mounted directory from the other system. To change its ownership you need to login to the system as root and change the permission for mount options as -rw.
  Hope it helps !
  Regards,
  Dharani
  SlashSupport india Pvt Ltd.
  Hi,
  I have a problem with my /home directory. It has no
  write permissions and I can't change that. The owner
  of the directory is root but even if login as root I
  can't change the permissions for the /home directory.
  When looking at the properties for the /home directory
  in the File Manager it says that the file is a
  NON_WRITABLE_FOLDER. When trying to remove the
  directory I get a message saying that the "Directory
  is a mount point or in use".
  Does anyone know what I have to do to be able to
  change the permissions of the /home directory.
  Thankful for all help!
  /Johan

• Changing role for users

  Hi,
  in forms 10g , it's possible to change the role for user
  REVOKE role_name FROM :USERNAME;

  This should work, but the user revoking a role from a different user needs to have the admin option of this role.
  When creating a role, by default the "Admin option" for that role should be enabled for the user creating the role.
  Normally, this would be the schema-owner of the application objects ...
  A user holding the "admin option" may grant a role to a different user and grant the other user "admin option" on this role...

• Solved - How to take ownership and change permissions for blocked files and folders in Powershell

  Hello,
  I was trying to take ownership & fix permissions on Home Folder/My Documents structures, I ran into the common problem in PowerShell where Set-Acl & Get-Acl return access denied errors. The error occurs because the Administrators have been removed from
  file permissions and do not have ownership of the files,folders/directories. (Assuming all other permissions like SeTakeOwnershipPrivilege have been enabled.
  I was not able to find any information about someone successfully using native PS to resolve the issue.  As I was able to solve the issues surrounding Get-Acl & Set-Acl, I wanted to share the result for those still looking for an answer.
  Question: How do you use only Powershell take ownership and reset permissions for files or folders you do not have permissions or ownership of?
  Problem: 
  Using the default function calls to the object fail for a folder that the administrative account does not have permissions or file ownership. You get the following error for Get-Acl:
  PS C:\> Get-Acl -path F:\testpath\locked
  Get-Acl : Attempted to perform an unauthorized operation.
  + get-acl <<<< -path F:\testpath\locked
  + CategoryInfo : NotSpecified: (:) [Get-Acl], UnauthorizedAccessException
  + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetAclCommand
  If you create a new ACL and attempt to apply it using Set-Acl, you get:
  PS C:\> Set-Acl -path F:\testpath\locked -AclObject $DirAcl
  Set-Acl : Attempted to perform an unauthorized operation.
  At line:1 char:8
  + Set-Acl <<<< -path "F:\testpath\locked" -AclObject $DirAcl
  + CategoryInfo : PermissionDenied: (F:\testpath\locked:String) [Set-Acl], UnauthorizedAccessException
  + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand
  Use of other functions like .GetAccessControl will result in a similar error: "Attempted to perform an unauthorized operation."
  How do you replace owner on all subcontainers and objects in Powershell with resorting to external applications like takeown, icacls, Windows Explorer GUI, etc.?
  Tony

  Hello,
  Last, here is the script I used to reset permissions on the "My Documents" tree structure that admins did not have access to:
  Example:  Powershell script to parse a directory of User-owned "My Document" redirection folders and reset permissions.
  #Script to Reset MyDocuments Folder permissions
  $domainName = ([ADSI]'').name
  Import-Module "PSCX" -ErrorAction Stop
  Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions
  Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking
  #Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeSecurityPrivilege", $true) #Optional if you want to manage auditing (SACL) on the objects
  Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership
  $Directorypath = "F:\Userpath" #locked user folders exist under here
  $LockedDirs = Get-ChildItem $Directorypath -force #get all of the locked directories.
  Foreach ($Locked in $LockedDirs) {
  Write-Host "Resetting Permissions for "$Locked.Fullname
  #######Take Ownership of the root directory
  $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
  $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
  $Locked.SetAccessControl($blankdirAcl)
  ###################### Setup & apply correct folder permissions to the root user folder
  #Using recommendation from Ned Pyle's Ask Directory Services blog:
  #Automatic creation of user folders for home, roaming profile and redirected folders.
  $inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
  $propagation = [system.security.accesscontrol.PropagationFlags]"None"
  $fullrights = [System.Security.AccessControl.FileSystemRights]"FullControl"
  $allowrights = [System.Security.AccessControl.AccessControlType]"Allow"
  $DirACL = New-Object System.Security.AccessControl.DirectorySecurity
  #Administrators: Full Control
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators",$fullrights, $inherit, $propagation, "Allow")))
  #System: Full Control
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM",$fullrights, $inherit, $propagation, "Allow")))
  #Creator Owner: Full Control
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("CREATOR OWNER",$fullrights, $inherit, $propagation, "Allow")))
  #Useraccount: Full Control (ideally I would error check the existance of the user account in AD)
  #$DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("$domainName\$Locked.name",$fullrights, $inherit, $propagation, "Allow")))
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("$domainName\$Locked",$fullrights, $inherit, $propagation, "Allow")))
  #Remove Inheritance from the root user folder
  $DirACL.SetAccessRuleProtection($True, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
  #Set permissions on User Directory
  Set-Acl -aclObject $DirACL -path $Locked.Fullname
  Write-Host "commencer" -NoNewLine
  ##############Restore admin access & then restore file/folder inheritance on all subitems
  #create a template ACL with inheritance re-enabled; this will be stamped on each subitem to re-establish the file structure with inherited ACLs only.
  #$NewOwner = New-Object System.Security.Principal.NTAccount("$domainName","$Locked.name") #ideally I would error check this.
  $NewOwner = New-Object System.Security.Principal.NTAccount("$domainName","$Locked") #ideally I would error check this.
  $subFileACL = New-Object System.Security.AccessControl.FileSecurity
  $subDirACL = New-Object System.Security.AccessControl.DirectorySecurity
  $subFileACL.SetOwner($NewOwner)
  $subDirACL.SetOwner($NewOwner)
  ######## Enable inheritance ($False) and not copy of parent ACLs ($False)
  $subFileACL.SetAccessRuleProtection($False, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
  $subDirACL.SetAccessRuleProtection($False, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
  #####loop through subitems
  $subdirs = Get-ChildItem -path $Locked.Fullname -force -recurse #force is necessary to get hidden files/folders
  foreach ($subitem in $subdirs) {
  #take ownership to insure ability to change permissions
  #Then set desired ACL
  if ($subitem.Attributes -match "Directory") {
  # New, blank Directory ACL with only Owner set
  $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
  $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
  #Use SetAccessControl to reset Owner; Set-Acl will not work.
  $subitem.SetAccessControl($blankdirAcl)
  #At this point, Administrators have the ability to change the directory permissions
  Set-Acl -aclObject $subDirACL -path $subitem.Fullname -ErrorAction Stop
  } Else {
  # New, blank File ACL with only Owner set
  $blankfileAcl = New-Object System.Security.AccessControl.FileSecurity
  $blankfileAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
  #Use SetAccessControl to reset Owner; Set-Acl will not work.
  $subitem.SetAccessControl($blankfileAcl)
  #At this point, Administrators have the ability to change the file permissions
  Set-Acl -aclObject $subFileACL -path $subitem.Fullname -ErrorAction Stop
  Write-Host "." -NoNewline
  Write-Host "fin."
  Write-Host "Script Complete."
  I hope you find this useful.
  Thank you,
  Tony
  Final Thought: There are great non-PS tools like
  Set-Acl and takeown which are external to PS & can also do the job wonderfully.  It may be much simpler to call those tools than recreate the wheel in pure
  code.  Feel free to use whatever best suits your time, scope & cost.

• Correct permissions for user home folders?

  I recently installed a new Mac Mini with Server 10.10.2
  I have about 10 clients running off the server (an open directory master), they are setup as local network users and have home folders on the server.
  I had to copy contents of the home folders from a previous (crashed) server and I can't seem to get the permissions right.
  A couple of the users use home directory syncing, so they have a local copy of their home folder on the computer they usually use, but changes aren't getting synced across the network to the server. An example is the dock, I keep removing and replacing icons in the dock, but logging out and logging back in returns the dock to its old configuration (presumably bringing the old config back from the server).
  Is there a tool which resets user directory permissions for network home folders? Or can someone give me any guidance how to sort this out?
  Thanks
  James

  In the sidebar of the Server.app window, select the icon at the top with the name of the server. Then select the Storage tab in the main window pane.
  Navigate to the folder in question and select it. From the popup menu at the bottom with a gear icon, select
            Edit Permissions...
  Verify that the permissions are what they should be, and make changes if necessary. Then, from the same menu, select
            Propagate Permissions...
  Check all applicable boxes, including Access Control List. If in doubt, check all boxes. Click OK.