Change in Access Control components on the Service Marketplace

Similar Messages

• Office 2013 SP1 is here - when will Access 2013 Runtime get the service pack?

  Office 2013 SP1 is here - when will Access 2013 Runtime get the service pack? ie. When will we see Access 2013 Runtime Service Pack 1?

  Hi,
  There has no exact information about the Access 2013 Runtime Service Pack 1 now. We can continue to pay attention about it in the Microsoft Official website.
  Regards,
  George Zhao
  TechNet Community Support

• Exchange2013 preparead error: "length of the access control list exceed the allowed maximum"

  Hi,
  when when preparing ad (2008) for exchange 2013 installation, I get this error "length of the access control list exceed the allowed maximum"
  after some searh I found this solution on http://support.microsoft.com/kb/973848/en-us
  which consists on the following steps:
  Click Start, click Run, type ldp, and then click OK.
  In the LDP console, click the Connection menu, click Connect, type domain controller name, and then click OK.
  On the Connection menu, click Bind, type the credentials of the domain administrator, and then click OK.
  On the View menu, click Tree.
  In BaseDN drop-down list, select the appropriate domain context, such as "DC=Contoso,DC=com," and then click OK.
  In the tree view, under DC=<var><domainname></var>,DC=com, locate to the object "CN=Microsoft Exchange System objects,DC=<var><domainname></var>,DC=com".
  Right-click the object in step 6, click Advanced, select Security Descriptor, make sure that the SACL option and the "Text dump" option are
  unchecked and then click OK. 
  This will open a new window with security descriptor details
  In this security descriptor Window, click to select the DACL check box.
  In the middle pane of the Security descriptor Window, select and delete all the access control entries (ACEs) that have “\0ADEL:” in the Trustee column. Multiple ACEs can be selected and then click Delete
  ACE to delete them.
  Close the security descriptor as soon as you delete the corresponding ACE's
  Close the LDP console.
  Force Domain Controller replication.
  Rerun Exchange setup and it will install successfully
  But I didn't find the object ""CN=Microsoft Exchange System objects" since I've removed it before the preparation!!!
  Can anyone help please to solve this issue??
  Thanks

  Hi,
  Please make sure all the access control entries (ACEs) that have “\0ADEL:” in the Trustee column have been deleted in the 'Microsoft Exchange security objects' OU. Also make sure the permissions are not inherited by the root domain
  so go to properties of the domain.com, If there are any unknown accounts listed in ACLs, remove all of them.
  Then follow your original posting of step 10 to 13 to rerun Exchange setup to have a try.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Unable to use the Assign Access Control feature in shared services

  Hi,
  When I try to right click on the essbase applicaiton in Shared Services to assign access control( to assign a new filter) I keep getting the following error
  " Internet cannot display the webpage" message with the following
  This problem can be caused by a variety of issues, including:
  Internet connectivity has been lost.
  The website is temporarily unavailable.
  The Domain Name Server (DNS) is not reachable.
  The Domain Name Server (DNS) does not have a listing for the website's domain.
  There might be a typing error in the address.
  If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section
  All the services are running file and I can create new users/ groups and also perform appication migration.
  I'm using Hyperion 11.1.3.24 on windows 2003 r2.
  Any help is appreciated. Thanks.
  Regards

  vs wrote:
  John,
  I tried the refresh button and nothing appears. I have created a group and gave it filter access. Now I'm trying to attach that filter to the group.
  Appreciate your help.Can we replace backup .sec file for shared services?
  For example: In planning if the .sec file corrupted then we replaced with old .sec file...rite...the same way can we do it in shared services?
  I know if we replace the old sec in planning...it will take old securities only...
  Edited by: Prabhas on Feb 12, 2013 9:27 PM

• Every time I change password access control to allow access, it reverts after saving. How do I get the saved change to "take"?

  Outlook keeps asking me to either use the login keychain or to use confidential information connected with my email password. I went into the keychain passwords in KeyChain Access, changed the access control on each of them to allow Outlook access. I saved the changes, but then they all reverted to their previous setting.
  There is an older Keychain Access file in the Control Panel that will not open because it's either "damaged or corrupted". If I delete that, would it make a difference? What can I do to keep my access control changes when they won't stay saved?

  I do not have the disc to reload
  Why not?  You need your system dvds to troubleshoot & to reset/change passwords in view of your current OS listed in your  profile. 
  You can get replacement System Install & Restore CD/DVDs from Apple's Customer Support - in the US, (800) 767-2775 - for a nominal S&H fee. You'll need to have the model and/or serial number of your Mac available.
  If you're not in the US, you may need to go through the regional Apple Store that serves your location to find the contact number. Here's a list of links to all of those - http://store.apple.com/Catalog/US/Images/intlstoreroutingpage.html Another resource:  International Support Phone #s.
  ===============
  I have to have the password, which I cannot remember or find.
  When selecting passwords, make sure it's one that you will NEVER forget AND no one else can figure out. 
  Old school--- > Print it out & keep in a safe place.  A place that ONLY you know about AND never forget.
  New school---> Get a password manager utility.  Highly recommend 1Password which is shareware.  Do a Google search for free password managers.

• Accessing Remote Data Over the Service-Enabled Application Module

  Hi,
  I am trying to access the service enabled module remotely(model project is deployed on different machine) deployed on Integrated WLS server. For that I have done the following step;
  1)     Created simple model project as producer.
  2)     Created the jar of model project(producer) .
  3)     Added the Bc_profileCommon.jar to the Consumer app.
  4)     Changed the connections.xml(Consumer) file accordingly (PFA).
  5)     Created the Entity Objects based on the wsdl in Consumer.
  6)     Created the JNDI on server and added the users with credentials.
  7)     I managed to access service enabled app module locally.
  But I am not able to understand following tags in the connections.xml(for remote access) file such as
  <StringRefAddr addrType="jndiProviderURL">
  <Contents>t3://10.180.190.214:7101</Contents>
  </StringRefAddr>
  <StringRefAddr addrType="jndiSecurityPrincipal">
  <Contents>weblogic</Contents>
  </StringRefAddr>
  <SecureRefAddr addrType="jndiSecurityCredentials">
  <Contents>kiran</Contents>
  </SecureRefAddr>
  Also I am getting a warning for the SecureRefAddr as “No grammer available for the absent namespace contents of element of Contents cannot be validated.”
  Please let me know the significance of the red word. And what value I should set so that it will access the service enabled application module remotely?
  ** I am using Jdev 11.1.1.3.0

  As Bob rightly says you may have a problem if the machine you are trying to access is on a corporate network as you will need the permission and help of the network administrator to achieve this.
  I assume from your post that there is not a VPN connection set up on the remote PC network. Assuming that you have access to the router on the remote network then you will need to set up portforwarding on it at some point so I suggest you go to this page and see if your router is listed as you will need some instructions if you don't use the software suggested by Bob.
  When accessing a remote machine, PC or Mac, I have always used a secure connection to do so and the alternative to a VPN is an SSH tunnel. Unfortunately unlike the Mac Windows doesn't come with SSH server software installed so if you want to go down this route you will have to install and configure this first. I haven't tried this on Windows 7 yet but I have been successful on Windows XP and there are plenty of sites with instructions on how to set this up like this one here. Once the SSH server is set up on the PC and port 22 on your remote router has been forwarded then you can set up a SSH tunnel in the same way as described in my post in this thread http://discussions.apple.com/thread.jspa?messageID=10847513&#10847513
  Message was edited by: Sean Dale1

• Access control: what is the priority of access control entities (ACE)?

  Dear Bee-lievers,
  as I had some troubles implementing some special access control, I just read through the admin guide, chapter 13 (Managing Oracle Beehive Access Control).
  Even after that, I'm not clear about priority of ACEs in ACLs: if, for a given accessor, one ACE denies access, while another grants access ... which will win? I'd guess (and it looks like) the deny will win.
  Furthermore: What about inheritance of ACEs, e.g. in team workspaces?
  An explicit ACE on a special folder does seem to imply implicit access for workspace members.
  What I'm trying to implement is the following: within a team workspace, where access is granted on group basis, I want to set up a restricted folder for another group (all members of the restricted group are also members of the team group).
  Regards, Thomas

  Bee-lievers,
  for the time being we found the following workaround, with the help of
  support:
  The privileged members of group group2 are tagged in their user
  attributes with a unique string, say "beehive-grp-wrkrnd-group2" (we
  take the unused, but always non-null field LDAP field gecos, mapped to
  UDS attribute nickname, to minimize GAL visibility of this
  workaround).
  These members are then sorted out in a dynamic group, say
  ZZ_group2_complement with the following query: nickname does not
  contain "beehive-grp-wrkrnd-group2".
  Thus, the following access does what we desire:
  -----------------------------------------+--------------------------------------
  accessor | access_types
  -----------------------------------------+--------------------------------------
  agrp=ALL_USERS |
  -----------------------------------------+--------------------------------------
  grup=ZZ_group2_complement,enpr=enpr | -RWDEO
  -----------------------------------------+--------------------------------------
  We hope that ER 9414428 will be addressed soon. It could be all very
  simple if there was no implicit inheritance of the perms defined at
  workspace level!
  Regards, Tom Beekeeper

• [SOLVED]change default access creation rights for the users

  Hi!
  When a user creating folders or files it will allow full access to all users who are in the same group.
  How can I make the changes to be default instead of using chmod always?
  Last edited by Andy_Crowd (2014-06-11 14:47:29)

  Here is an example with some entries from my smb.conf
  security = share
  guest account = windowstools
  [WT]
  path = /home/Windows/Win-tools
  public = yes
  writeable = yes
  create mask = 0000
  guest ok = yes
  browseable = yes
  read only = no
  Windows XP is connected to my Linux share. I want be able to create folders and have access within Linux and Windows with rwx rights for the group. For now files created from Windows getting default rights 755 (rwx,xr,xr).
  windowstools:andy = is XP username/group
  andy:andy = Arch Linux username/group
  Windows XP is full updated (got problem once with connection to samba after update, got wait until next updates will come -.- , when new windows updates came XP could be connected to samba again, was a bug as I hoped).
  I am starting/restarting samba with script like
  #!/bin/bash
  systemctl stop smbd
  sleep 2
  systemctl status smbd | head -1
  systemctl status smbd | grep 'Active:' | awk -F')' '{print $1}' | sed 's/(//m'
  systemctl stop nmbd
  sleep 1
  systemctl status nmbd | head -1
  systemctl status nmbd | grep 'Active:' | awk -F')' '{print $1}' | sed 's/(//m'
  systemctl start smbd
  sleep 2
  systemctl status smbd | head -1
  systemctl status smbd | grep 'Active:' | awk -F')' '{print $1}' | sed 's/(//m'
  systemctl start nmbd
  sleep 1
  systemctl status nmbd | head -1
  systemctl status nmbd | grep 'Active:' | awk -F')' '{print $1}' | sed 's/(//m'
  and not automatically on boot.
  Windows XP is running in VMware Player on the same PC with Arch Linux.
  Last edited by Andy_Crowd (2014-06-11 12:42:52)

• Looking for documentation of Access Control Batch Jobs-all four components

  Hi,
  We are implementing all (4) components of Access Control. We are at a point in our project, where we are documenting, inventorying and testing all of or Batch Jobs. I'm trying to find One Single, or Four individual documents that provide direction, sequencing, etc..... I've found vague bits and pieces, but am hoping the is some detailed documents out there, that someone can direct me to.
  Any assistance would be greatly appreciated.

  Hi Smith,
  Check "Operations Guide - SAP GRC Access Control 5.3" at Service Marketplace-->Installations and upgrade->Access Control 5.3 It contains the list of jobs.
  For firfighter, there are background jobs in Config Guide.
  Regards,
  Sabita

• Error while turning on Access control for web proxy

  When I try turning on access control setting for the service (using web-based server admin page: sever preferences->restrict access), i got this pop-up error message:
  System Error:
  The POST variables could not be read from stdin.
  Environment:
  Windows2000 SP2
  Sun ONE WebProxy 3.6 SP1
  File-System NTFS
  Thx

  Hi,
  Please mention on which platform you have installed the iplanet web proxy server. If it is on NT then make sure it must on NTFS partition.
  refer the following link for more details
  http://docs.iplanet.com/docs/manuals/proxy/36/adminnt/contents.htm

• Access control in workflow

  Do we need to change any access control information in the workflow builder while making a copy of the existing seeded oracle workflow?
  Thanks
  KK

  Possibly :)
  To copy a process from one item type to another, then your access level only needs to match that of the target item type. If you are copying within the same item type, then you may need to change your access level so that you can paste the new version into the item type.
  Either way, once you have copied the process, then you will probably need to change your access level so that you can modify the process.
  HTH,
  Matt
  Edited by: rukbat on Jul 4, 2011 1:26 PM

• The service name is invalid When starting the Database Control

  Dear Oracle Expert,
  I have installed Oracle database 11g on Windows Professional x64 Edition Version 2003 Service Pack 2..
  When I try to start the Database control after renaming the IP_address to the local machine name which is robert. It prompts back with an error.
  C:\>emctl status dbconsole
  Environment variable ORACLE_SID not defined. Please define it.
  C:\>set ORACLE_SID=ocp11g
  C:\>emctl status dbconsole
  Oracle Enterprise Manager 11g Database Control Release 11.1.0.6.0
  Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
  https://192.168.1.67:1158/em/console/aboutApplication
  Oracle Enterprise Manager 11g is not running.
  C:\>emctl start dbconsole
  Oracle Enterprise Manager 11g Database Control Release 11.1.0.6.0
  Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
  https://192.168.1.67:1158/em/console/aboutApplication
  Starting Oracle Enterprise Manager 11g Database Control ...The service name is i
  nvalid.
  More help is available by typing NET HELPMSG 2185.
  C:\>hostname
  robert
  C:\>emctl status dbconsole
  OC4J Configuration issue. C:\app\Administrator\product\11.1.0\db_1/oc4j/j2ee/OC4
  J_DBConsole_192.168.1.67_ocp11g not found.
  C:\>set ORACLE_SID=ocp11g
  C:\>emctl status dbconsole
  OC4J Configuration issue. C:\app\Administrator\product\11.1.0\db_1/oc4j/j2ee/OC4
  J_DBConsole_192.168.1.67_ocp11g not found.
  C:\>emctl start dbconsole
  OC4J Configuration issue. C:\app\Administrator\product\11.1.0\db_1/oc4j/j2ee/OC4
  J_DBConsole_192.168.1.67_ocp11g not found.
  C:\>SET ORACLE_HOME= C:\app\Administrator\product\11.1.0\db_1\oc4j\j2ee\OC4J_DBC
  onsole_robert_ocp11g
  C:\>set ORACLE_SID=ocp11g
  C:\>emctl status dbconsole
  OC4J Configuration issue. C:\app\Administrator\product\11.1.0\db_1/oc4j/j2ee/OC4
  J_DBConsole_192.168.1.67_ocp11g not found.
  C:\>emctl start dbconsole
  OC4J Configuration issue. C:\app\Administrator\product\11.1.0\db_1/oc4j/j2ee/OC4
  J_DBConsole_192.168.1.67_ocp11g not found.
  C:\>
  Thanks in advance.
  Rlee

  Hello Oracle experts,
  I have to managed to Configure the Database Control by configuring a Microsoft Network adapter on my laptop but
  right now I can't access it within the URL.
  Tests of the running Database control include:
  C:\Documents and Settings\Administrator>emctl status dbconsole
  Environment variable ORACLE_SID not defined. Please define it.
  C:\Documents and Settings\Administrator>SET ORACLE_SID=ocp11
  C:\Documents and Settings\Administrator>emctl status dbconsole
  Oracle Enterprise Manager 11g Database Control Release 11.1.0.6.0
  Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
  http://robert:1158/em/console/aboutApplication
  Oracle Enterprise Manager 11g is running.
  Logs are generated in directory C:\app\Administrator\product\11.1.0\db_2/robert_
  ocp11/sysman/log
  C:\Documents and Settings\Administrator>
  When I try to access the database control, I am un able to.
  The page cannot be found
  The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
  Please try the following:
  If you typed the page address in the Address bar, make sure that it is spelled correctly.
  Open the robert:1158 home page, and then look for links to the information you want.
  Click the Back button to try another link.
  Click Search to look for information on the Internet.
  HTTP 404 - File not found
  Internet Explorer
  Is this something related to Internet Explorer.
  Kindly rescue me out.
  Regards,
  RLee

• How can I have different access control for the guest network (different than the main network)?

  I am trying to control my main wireless network with access control via mac id with no password. I wanted a separate guest network with password access and no access control. However, the only way that the guest network works is if I specify unlimited access as the default. Is what I am trying to do possible.

  I am trying to control my main wireless network with access control via mac id with no password.
  Definitely not a recommended method for security. MAC addresses are easily cloned by anyone who wants to do so with free tools available on the Internet. An unwanted guest will be on your network in less than a minute if they want to be.
  Strongly recommend that you use WPA2 Personal security with a non-dictionary password to protect your network.
  I wanted a separate guest network with password access and no access control. However, the only way that the guest network works is if I specify unlimited access as the default. Is what I am trying to do possible.
  Unfortunately, Apple does not allow separate Access Control for the "main" and "guest" networks. It's all or nothing, I am afraid.
  Likely, the  "best" way to set up Access Control is change the default rule to No Access, Then you will need to enter in the details for every device that you want to allow to connect for both the "main" and "guest" networks with the time limits for each device.

• Cannot remove the access control entry object on the object because the ACE isn't present

  Hello,
  I am very new to using Powershell and Exchange Management Shell, and have no prior experience using either of these tools. However, the software I am installing requires me to use the EMS tool in order to set certain permissions for a user in Exchange, which
  will be like the admin account. 
  The command I am attempting to run follows as:
  Get-ExchangeServer | Remove-ADPermission -User $newusername -Deny -ExtendedRights Receive-As -Confirm:$False 
  This throws me an error saying:
  cannot remove the access control entry on the object because the ACE isn't present. I've done some research, and have found that this error is quite common, but the solutions do not apply to what I am specifically trying to accomplish. I am simply trying
  to remove the Receive-As permission for the admin user that I just created.
  Once again, I am very new to Exchange and Powershell, but if there is any advice anyone has, it would greatly appreciated.

  I ran this command, and a very long list was displayed, it looks like everything is there.
  The weird thing is that I was able to run a previous command which granted Receive-As access to the user I am creating: 
  Get-ExchangeServer | Add-ADPermission -User $newusername -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin -Confirm:$False 
  The description for the commands to run read to 'grant permissions and to revoke denies, if present'. I'm not sure what this means, but the second part of this pertains to the second command that I am having trouble with:
  Get-ExchangeServer | Remove-ADPermission -User $newusername -Deny -ExtendedRights Receive-As -Confirm:$False

• Assign access control,http 404 error

  Hi,
  when i right click on assign access control,i receive the following error:
  The page cannot be found
  The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
  Please try the following:
  If you typed the page address in the Address bar, make sure that it is spelled correctly.
  Open the server111:19000 home page, and then look for links to the information you want.
  Click the  Back button to try another link.
  Click  Search to look for information on the Internet.
  HTTP 404 - File not found
  Internet Explorer
  Can you help me in this regard ?
  Thanks,
  ColDFire

  ak123 wrote:
  Its the same when I try from both port 28080 and 9000.So are you running the embedded http server on port 9000? if not and you are using OHS then try accessing Shared Services through that port e.g. http://<sharedservices>:19000/interop/index.jsp
  Actually I am not sure that matters with HFM and you can go direct through 28080 or 19000, worth a try, if not maybe it just needs registering again as Pablo said.
  Cheers
  John
  http://john-goodwin.blogspot.com/