Changing permissions and user groups in 10.5/10.6

I recently installed a second hard drive into my mac pro. i noticed that the permissions for the volume on this drive and all of the files on it are as follows:
johnhorner (me) "read/write"
staff sometimes "read/write", sometimes just "read only"
everyone "read only"
i don't remember ever setting up a group named staff and can't find it listed anywhere. the startup volume has a different set of permissions listed:
johnhorner (me) read/write
admin "read/write"
everyone "read"
can anyone tell me where "staff" came from and how i can change it to match the same set of permissions on the startup drive?
i would like them to match because i am using some backup software which triggers if the permissions don't match. furthermore, the permissions displayed in the sync software show for example "rwx r-x r-x" or "rw- r-- r--". in setting the permissions in the get info panel for a given file or folder, i don't see how to change the "x" part of the permissions, only the read and write. does anyone know how to change the "x" aspect of the permissions?
any help would be much appreciated.
thanks,
jhorner

Carolyn Samit wrote:
HI,
The only time it's necessary to repair permissions is before and after software updates.
Some permissions can be safely ignored.. http://support.apple.com/kb/TS1448
Which is exactly what I've done since 10.2
These messages are not "errors" that mean anything is wrong. Nothing is wrong, and some future update will likely address the issue. For now they can simply ignore them.
BTW, when you run DU and repair disk permissions, make sure and Quit all other open applications. That can speed things up.
BTDTGT. Under 10.5.6, it used to take about 10 - 15 minutes, so when I passed the 25 minute mark under 10.5.7 with no progress, I stopped DU and tried again with Onyx. After the same amount of delay, I posted my question only to get a snide reply. It finally finished but I don't know what the final elapsed time was as I ignored that computer while I did things on another one.

Similar Messages

  • How does schedule with RESTful API a Webi report for a group of users ("Schedule For" to "Schedule for specified users and user groups" with one or more users/groups)?

    SAB BO 4.1 SP1
    Does it have an RESTful API to schedule a Webi report with the parameter to specify a group of users ("Schedule For" to "Schedule for specified users and user groups" with one or more users/groups)?

    Hello Ricardo,
    have you try a call like this one ?
        <schedule>
          <name>"test"</name>"
          <format type=\"webi\"/>
          <destination>
            <inbox>
             <to>userId1,userId2,userId3,groupId1,groupId12</to>
            </inbox>
          </destination>
        </schedule>
    Regards
    Stephane

  • Migrate Rpd Catalog and User ,Groups from OBIEE 11.1.1.3.0 to 11.1.1.5.0

    hi Guys,
    I have got a setup of OBIEE 11.1.1.3.0 on windows 32bit machine and now i am planning to have a setup of 11.1.1.5.0 on windows 64 bit machine.
    please tell me the Detailed steps for Migrating the Rpd Catalog and User ,Groups from OBIEE 11.1.1.3.0 to 11.1.1.5.0
    Like
    1. Do i have to copy the RPD and Catalog Directly to 1.5 or some Upgrade Assistance is to be done
    2. If i am Using the Export Provided in the myrelam ( in 1.3) and taking it to obiee 1.5 (as it already contains some inbuilt policies and groups) does it going to give me error
    Regards
    Ankit

    Check the Oracle reference I have provided earlier. Concept goes like this:
    Important difference is that upgrading from 10g to 11g is called an "out-of-place upgrade" while upgrading to another 11g is called an "in-place upgrade," because the upgrade operates on existing files. Moving from one 11g release to another 11g release is sometimes referred to as "patching."
    http://download.oracle.com/docs/cd/E21764_01/bi.1111/e16452/bi_plan.htm#BABECJJH
    Follow patching and not out-of-place upgrade as you are required to upgrade component
    http://download.oracle.com/docs/cd/E21764_01/doc.1111/e16793/patch_set_installer.htm#PATCH789
    Hope this is clear now

  • All Users and User Groups member count 0

    I've setup SCCM 2012 R2, configured the AD User Discovery. But my Member count for All Users and User groups is 0, Memebers Visible on Site is 968. 
    I'm not sure how to get the Member count working. 

    Hi,
    Please check Smsprov.log to see whether there are any errors when you open Device Collections.
    Best Regards,
    Joyce
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Can't boot into OS X.6 after changing permissions and ownership

    Hi,
    I'm in the process of migrating to OS X.7 - booted into Lion I changed permissions and ownership on the other disk that I use to startup into OS X.6. I set it to "ignore ownership on this disk" and granted read and write access to "everybody". Restarting my Mac into OS X.6 now doesn't work anymore - the grey spinning circle spins forever.
    Does anybody know how to fix this so that I can boot back into OS X.6? I'd be real thankful...
    Best
    Jurgen

    Thank you for your reply. I was able to repair permissions on the failing disk using the OS X.7 Lion recovery volume - quite amazing that one can do that.
    However the internal disk of the iMac that has OS X.6 on it still fails to boot.
    Any other suggestions? I'm a bit desperate to use OS X.6 because a few apps that are vital to me do not run under OS X.7 (they need Rosetta).

  • Active Directory Authentication and permissions for user group in APEX 4.0

    Hello,
    I am new to oracle APEX and I have searched the forum for active directory authentication for a user group and I am really confused about all the different threads. Can anyone please provide me the steps to follow; in order to implement AD authentication for a user group in Oracle APEX 4.0.
    These are the threads which i was looking at to get an idea like how AD authentication works but its really confusing for me.
    Help with Authentication (APEX_LDAP.AUTHENTICATE)
    Re: LDAP Authentication Via Groups
    Thanks,
    Tony

    You need to give it more than 30 minutes before bumping your own post. This is not an official support channel, so you need to be patient and wait for people to read, think and respond.

  • Having multiple problems with script - NTFS Permissions and AD Groups

    Hi, all!  I'm having multiple problems with my first script I've written with Powershell.  The script below does the following:
    1. Prompts the user for a corporate division under which a shared folder will be created, and adjusts variables accordingly.
    2. Prompts if the folder will be a global folder or an office/location-specific folder, and makes appropriate adjustments to variables.
    3.  If a global folder, prompts for the name.  If an office/location-specific folder, prompts for each component of the street address, city and state and an optional modifier.  I've prompted for this information in this way because the information
    is used differently later on in the script.
    4.  Verifies the entered information and requests confirmation to proceed.
    5.  Creates the folder.
    6.  Creates an AD OU and/or security group(s).
    7.  Applies appropriate security groups to the new folder and removes undesired permissions.
    Import-Module ActiveDirectory
    $Division = ""
    $DivAbbr = ""
    $OU = ""
    $OUDrive = "AD:\"
    $FolderName = ""
    $OUName = ""
    $GroupName = ""
    $OURoot = "ou=DFS Restructure Testing OU,ou=Pennsylvania Camp Hill 4410 Industrial Park Rd,ou=Locations,ou=Camp Hill,dc=jacobsonco,DC=com"
    $FSRoot = "E:\"
    $FolderPath = ""
    $DefaultFolders = "Archive","Customer Service","Equipment","Inbounds","Management","Outbounds","Processes","Projects","Quality","Reports","Returns","Safety","Schedules","Time Keeping","Training"
    [bool]$Location = 0
    do {
    $userInput = Read-Host "Enter CLS Division: (W)arehousing, (S)taffing, or (P)ackaging"
    Switch ($userInput)
    W {$Division = "Warehousing"; $DivAbbr = "WHSE"; $OU = "ou=Warehousing,"; break}
    S {"Staffing is not yet implemented."; break}
    P {"Packaging is not yet implemented."; break}
    default {"Invalid choice. Please re-enter."; break}
    while ($DivAbbr -eq "")
    write-host ""
    write-host ($Division + " was selected.")
    $FolderPath = $Division + "\"
    write-host ""
    $choice = ""
    do {
    $choice = Read-Host "Will this be a (G)lobal folder or (L)ocation folder?"
    Switch ($choice)
    G {$Location = $false; break}
    L {$Location = $true; $FolderPath = $FolderPath + "Locations\"; $OU = "ou=Locations," + $OU; break}
    default {"Invalid choice. Please re-enter."; $choice = ""; break}
    while ($choice -eq "")
    write-host ""
    write-host ("Location is set to: " + $Location)
    write-host ""
    if ($Location -eq $false) {
    $FolderName = Read-Host "Please enter folder name:"
    $GroupName = $DivAbbr + " " + $FolderName
    } else {
    $input = Read-Host "Please enter two-letter state abbreviation:"
    $FolderName = $FolderName + $input + " "
    $input = Read-Host "Please enter city:"
    $FolderName = $FolderName + $input + " "
    $input = Read-Host "Please enter street address number only:"
    $FolderName = $FolderName + $input
    $GroupName = $DivAbbr + " " + $FolderName
    $FolderName = $FolderName + " "
    $input = Read-Host "Please enter street name:"
    $FolderName = $FolderName + $input
    $input = Read-Host "Please enter any optional information to appear in folder name:"
    if ($input -ne "") {
    $FolderName = $FolderName + " " + $input
    $OUName = $FolderName
    write-host
    write-host "Path for folder: "$FSRoot$FolderPath$FolderName
    write-host "AD Path: "$OUDrive$OU$OURoot
    write-host "New OU Name: "$OUName
    write-host -NoNewLine "New Security Group names: "$GroupName
    if ($Location -eq $true) { write-host " and "$GroupName" MGMT" }
    write-host
    $input = Read-Host "Please confirm creation of new site/folder: (Y/N) "
    if ($input -ne "Y") { Exit }
    write-host
    write-host -NoNewLine "Folder exists: "; Test-Path ($FSRoot + $FolderPath + $FolderName)
    if (Test-Path ($FSRoot + $FolderPath + $FolderName)) {
    Write-Host "Folder already exists! Skipping folder creation..."
    } else {
    write-host "Folder does not exist. Creating..."
    new-item -path ($FSRoot + $FolderPath) -name $FolderName -itemtype directory
    Set-Location ($FSRoot + $FolderPath + $FolderName)
    if ($Location -eq $true) {
    $tempOUName = "ou=" + $OUName + ","
    write-host
    write-host $OUDrive$tempOUName$OU$OURoot
    write-host
    write-host -NoNewLine "OU exists: "; Test-Path ($OUDrive + $tempOUName + $OU + $OURoot)
    if (Test-Path ($OUDrive + $tempOUName + $OU + $OURoot)) {
    Write-Host "OU already exists! Skipping OU creation..."
    } else {
    write-host "OU does not exist. Creating..."
    New-ADOrganizationalUnit -Name $OUName -Path ($OU + $OURoot) -ProtectedFromAccidentalDeletion $false
    $GroupNameMGMT = $GroupName + " MGMT"
    if (!(Test-Path ($OUDrive + "CN=" + $GroupName + "," + $tempOUName + $OU + $OURoot))) { write-host "Normal user group does not exist. Creating..."; New-ADGroup -Name $GroupName -GroupCategory Security -GroupScope Global -Path ("OU=" + $OUName + "," + $OU + $OURoot)}
    if (!(Test-Path ($OUDrive + "CN=" + $GroupNameMGMT + "," + $tempOUName + $OU + $OURoot))) { write-host "Management user group does not exist. Creating..."; New-ADGroup -Name $GroupNameMGMT -GroupCategory Security -GroupScope Global -Path ("OU=" + $OUName + "," + $OU + $OURoot)}
    $FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
    $FolderACL.SetAccessRuleProtection($True,$True)
    # $FolderACL.Access | where {$_.IdentityReference -eq "BUILTIN\Users"} | %{$FolderACL.RemoveAccessRuleAll($_)}
    $BIUsers = New-Object System.Security.Principal.NTAccount("BUILTIN\Users")
    $BIUsersSID = $BIUsers.Translate([System.Security.Principal.SecurityIdentifier])
    write-host $BIUsersSID.Value
    # out-string -inputObject $BIUsers
    $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($BIUsersSID.Value,"ReadAndExecute,AppendData,CreateFiles,Synchronize","ContainerInherit, ObjectInherit", "None", "Allow")
    $FolderACL.RemoveAccessRuleAll($Ar)
    Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
    get-acl ($FSRoot + $FolderPath + $FolderName) | fl
    $FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
    $ADGroupName = "JACOBSON\" + $GroupName
    $objUser = New-Object System.Security.Principal.NTAccount($ADGroupName)
    $objUser.Translate([System.Security.Principal.SecurityIdentifier]).Value
    write-host $ADGroupName
    write-host $objUser.Value
    $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($ADGroupName,"ReadAndExecute","ContainerInherit, ObjectInherit", "None", "Allow")
    Out-String -InputObject $ar
    $FolderACL.AddAccessRule($Ar)
    $ADGroupName = "JACOBSON\" + $GroupNameMGMT
    $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($ADGroupName, "Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
    Out-String -InputObject $ar
    $FolderACL.AddAccessRule($Ar)
    Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
    } else {
    $tempOUName = "cn=" + $GroupName + ","
    write-host
    write-host $OUDrive$tempOUName$OU$OURoot
    write-host
    write-host -NoNewLine "Group exists: "; Test-Path ($OUDrive + $tempOUName + $OU + $OURoot)
    if (Test-Path ($OUDrive + $tempOUName + $OU + $OURoot)) {
    Write-Host "Security group already exists! Skipping new security group creation..."
    } else {
    write-host "Security group does not exist. Creating..."
    New-ADGroup -Name $GroupName -GroupCategory Security -GroupScope Global -Path ($OU + $OURoot)
    $FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
    $ADGroupName = "JACOBSON\" + $GroupName
    $FolderACL.SetAccessRuleProtection($True,$True)
    $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($ADGroupName,"Modify","ContainerInherit, ObjectInherit", "None", "Allow")
    $FolderACL.AddAccessRule($Ar)
    $FolderACL.Access | where {$_.IdentityReference -eq "BUILTIN\Users"} | %{$FolderACL.RemoveAccessRuleAll($_)}
    Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
    My problems right now are in the assignment/removal of security groups on the newly-created folder, and the problems are two-fold.  Yes, I am running this script as an Administrator.
    First, I am unable to remove the BUILTIN\Users group from the folder when this is an office/location-specific folder.  I've tried to remove the group in several different ways, and none are having any effect.  Oddly, if I type in the lines directly
    into Powershell, they work as expected.  I've tried the following methods:
    $FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
    $FolderACL.SetAccessRuleProtection($True,$True)
    $FolderACL.Access | where {$_.IdentityReference -eq "BUILTIN\Users"} | %{$FolderACL.RemoveAccessRuleAll($_)}
    Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
    $FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
    $FolderACL.SetAccessRuleProtection($True,$True)
    $BIUsers = New-Object System.Security.Principal.NTAccount("BUILTIN\Users")
    $BIUsersSID = $BIUsers.Translate([System.Security.Principal.SecurityIdentifier])
    $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($BIUsersSID.Value,"ReadAndExecute,AppendData,CreateFiles,Synchronize","ContainerInherit, ObjectInherit", "None", "Allow")
    $FolderACL.RemoveAccessRuleAll($Ar)
    Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
    In the first case, the script goes through and has no apparent effect because afterwards, I do a get-acl and the BUILTIN\Users group is still there, although when looking through the GUI, inheritance appears to have been broken from the parent folder.
    In the second case, I get the following error message:
    Exception calling "RemoveAccessRuleAll" with "1" argument(s): "Some or all identity references could not be translated."
    At C:\Users\tesdallb\Documents\FileServerBuild.ps1:110 char:5
    +     $FolderACL.RemoveAccessRuleAll($Ar)
    +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : IdentityNotMappedException
    This seems strange that the local server is unable to translate the SID of a BUILTIN account.  I've also tried explicitly putting in the BUILTIN\Users SID in place of the variable in the New-Object line, but that gives me the same error.  I've
    also tried the solutions given in this thread:
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/ad59dc58-1360-4652-ae09-2cd4273cbd4f/remove-acl-issue?forum=winserverpowershell and at this URL:
    http://technet.microsoft.com/en-us/library/ff730951.aspx but these solutions also failed to have any effect.
    My second problem is when I try to apply the newly-created security groups, I also will get the "Some or all identity references could not be translated."  I thought I had found a workaround to the problem by adding the -PassThru option to
    the New-ADGroup commands, because it would output the SID of the group after creation, however a few lines later, the server is unable to translate the account to apply the security groups to the folder.
    My first Powershell script has been working well up to this point and now I seem to have hit a showstopper.  Any help is appreciated.
    Thanks!

    I was hoping to stay with strictly Powershell, but unless I can find a Powershell solution, I may resort to ICACLS.
    As for the problems with my groups not being translatable right after creating them, I think I have solved this problem by using the -Server parameter on all my New-ADGroup commands and this example code seems to have gotten around the translation problem,
    again utilizing the -Server parameter on the Get-ADGroup command:
    get-acl ($FSRoot + $FolderPath + $FolderName) | fl
    $FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
    # Add the new normal users group to the folder with Read and Execute permissions
    $GroupSID = Get-ADGroup -Identity $GroupName -Server chadc01.jacobsonco.com | Select-Object -ExpandProperty SID
    $SIDIdentity = New-Object System.Security.Principal.SecurityIdentifier($GroupSID)
    $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($SIDIdentity,"ReadAndExecute","ContainerInherit, ObjectInherit", "None", "Allow")
    $FolderACL.AddAccessRule($Ar)
    # Add the management users group to the folder with Modify permissions
    $GroupMGMTSID = Get-ADGroup -Identity $GroupNameMGMT -Server chadc01.jacobsonco.com | Select-Object -ExpandProperty SID
    $SIDIdentity = New-Object System.Security.Principal.SecurityIdentifier($GroupMGMTSID)
    $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($SIDIdentity, "Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
    $FolderACL.AddAccessRule($Ar)
    Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
    Going this route seems to ensure that the Domain Controller I'm creating my groups on is the same one that I'm querying for the group's SID to use in the FileSystemAccessRule.  It's been working fairly consistently.
    Still having issues with the translation of the BUILTIN\Users group, though. 

  • I have a Mac Pro using Lion, with a SSD for system.  Restored drive from backup.  Now logon password doesn't work.  Account password still works.  Changing password in user group preferences no longer works to change logon password.

    I have a Mac Pro using Lion, with SSD for system drive.  Drive stopped booting, but otherwise appeared healthy.  Restored from system backup.  Now drive seems to work properly, BUT my logon password no longer works.  Password OK for account; can access system preferences, and change user password there BUT logon still refuses to accept password.  No luck changing password for that account after adding new administrator account and logging on from that account.  Suggestions?  Thanks.

    If you redirect Accounts to another location (not on the Boot Drive) you need to direct them back there again after a restore.
    SystemPreferences > Accounts/User&Groups > ...
    ... Unlock the lock, then hold down Control as you click on an Account to get access to the Advanced Options pane.

  • Issueswith permissions and user's home subfolders.

    How do I fully unlock a folder which belongs to a different account?? Ive set permissions for the specific folder correctly. ALL users should be able to edit the folder
    and it's files, but it doesnt work. In Adobe Flash I get the error: +File is locked, the swf file can't be changed.+ But sure enough it's unlocked for admin, this user and everyone else! I'm having similar issues
    with other applications and sometimes I can't even copy/paste files between different users (home subfolders)
    If all users are admins, how come I get these annoying permission issues all the time? I;ve setup two accounts for the sake of easyness. I'm the only user of this computer
    and I would like to edit and change everything from within all my user accounts! How do I do that? Everything seems to be locked and if I change permissions, I'm still having problems
    as mentioned above.
    <Edited by Host>

    Even an administrative account doesn't automatically have access to everything. You may be running into issues related to trying to change a file that your current owner doesn't own. You can have the owner of the item change the permissions to allow others access, or you can use an *Access Control List*.
    An ACL entry can provide additional access, for example your user's *Drop Box* folder has entries to allow additional access to items dropped in it by others. The normal way to set this up would be to create a shared folder in an area accessible by everyone (for example, /Users/Shared), and then add ACL entries to the folder for the desired access. From the Terminal, the command to give everyone access to do about anything to a contained file would be something likechmod -R +a "everyone allow list,addfile,search,delete,add_subdirectory,delete_child,chown,file_inherit,directoryinherit" /path/to/your/shared/folder
    Once the folder is set up, items created or copied (not dragged) there will have the additional access permissions applied. If you are not comfortable with using the Terminal, TinkerTool System is a handy utility to manipulate ACLs and/or see what access your user has.

  • UPS Service Account Replicate Directory Changes Permissions through AD group?

    I am trying to configure the UPS.
    Is it possible to grant the sync account SP-UPS Replicate Directory Changes permissions through an AD group or do these permissions need to be granted exclusively using ADSI edit?

    you can add a group or user name using the ADSI, that's what you want to know or something else?
    check the page 11 to 13 from the below white paper.
    http://download.microsoft.com/download/3/5/4/354670EE-4E80-4932-B1B6-CBCC3CD66444/oit2010-whitepaper-plan-deploy-user-profiles-mysites.doc
    Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

  • Trash and user group help!

    why do i need to type in password when i delete things? how do i remove it?
    and i can't delete items directly from the dock as well. like opening from the downloads folder and dragging the file to trash. i have to bring open up Finder and delete from the folder directly.
    another issue is that am i able to remove the gues user from my start up screen? i've already disabled it from the user groups but i still see it in my login screen.
    one last problem, is it a norm to have current leakage for the MBP? i've been having frequent shocks from the 2 bottom corners of it when i plug it in to a power source. i bought it from an authorized retailer and using it in the country where i've gotten it from. i've just gotten my mbp about 3 weeks back.
    thanks for replying my queries!

    Hi,
    Yeah in ACS 3.1 its under the Shared Profile Components page. In ACS 4.1 its directly under the user groups or under SPC page.
    You need to check the box for "define ip based access restriction" and deny access for all other groups to the wireless access points network device group.
    ACS 3.X)
    1. Denied Calling/Point of access restrictions
    2. AAA Clients =UPS_PDU (Power Supplies)
    3. Port = just put a * for all
    4. Src IP address = just put a * as well
    SUBMIT to SAVE
    Create a second one for the other group like so:
    1. Denied Calling/Point of access restrictions
    2. AAA Clients =Routers_Switches
    3. Port = just put a * for all
    4. Src IP address = just put a * as well
    Click submit to save it.
    Go to the ACS User groups section and select the Network Administrators Group " that don't need access to the UPS's" and apply the NAR you created to that group. Do the same for the other grouping.
    (ACS 4.X)
    Go directly under the "user groups" and create the NAR under there. No need to go under the Shared Profile Components section
    Hope this helps and let me know if you need further assistance or explanation.
    Craig

  • Unique item permissions per user/group of ListItems

    Hello,
    i have following scenario:
    1.) Sharepoint group named "(Adminstrator) Company A" <-> Has Add/Edit rights on the list
    2.) Sharepoint group named "Company A" <-> Has only Add/read access to the list
    3.) .....many many other groups (50+) with same schema.
    Each pair of groups (Company A) should "only" see their own entries in the sharepoint list.
    My Logical approach and research on how to accomplish this ended up in writing a ItemEventHandler.
    The problem i ran into now is that whenever i try to use "currentListItem.BreakRoleInheritance(false);" i get a access denied
    message whenever the limited user group is trying to add a item to the list even when i use the SPSecurity.RunWithElevatedPrivileges(delegate().
    So i wonder what is wrong. Isn't RunWithElevatedPrivileges ignoring the currentUsers rights ?
    Any help would be highly appreciated.

    Thank you all for the replies.
    Meanwhile i was able to figure out myself what the problem was.
    Both of your replies actually didn't solve my problem. I kept getting ACCESS_DENIED exceptions.
    But the problem is that all of this happened inside of a
    public override void ItemAdded(SPItemEventProperties properties)
    of a SPItemEventReceiver class.
    The root of the problem was that i was still trying to modify the initial "properties" object.
    After i made a complete copy and re-retrieved the item from the list INSIDE of the elevatedPrivilege method i was finally able to make my desired modifications.
    So for everyone who runs into this problem too:
    Make sure you re-retrieve EVERYTHING(ListItem,DocumentItem etc) you want to modify with elevated privileges inside of the 
    SPSecurity.RunWithElevatedPrivileges(delegate()
    Thank you again,
    Ralf

  • Database Account and User Groups

    Hello,
    Currently, I am using DATABASE ACCOUNT for an authentication scheme for all of my applications but, I would like to setup User Groups as well to limit users to thier prospective pages and/or objects within the application for easy maintenance of users. I have read that, in order to apply user groups in an application, you must use APPLICATON EXPRESS ACCOUNT credentials.
    Another developer has modified the "APEX_ACCESS_CONTROL" table with an additional column(s) that would allow access to specific pages. I am not sure if this is good practice to modify Apex tables.
    Is there a way to create user groups while using DATABASE ACCOUNT for authentication? What is the best practice in a case like this?
    Can anyone please shed some light on this? Thanks.
    - Dee

    Dee,
    I would like to setup User Groups as well to limit users to thier prospective pages and/or objects within the application for easy maintenance of users.I'm not clear on what your purpose is, just runtime authorization, or something more?
    Another developer has modified the "APEX_ACCESS_CONTROL" table with an additional column(s) that would allow access to specific pages. I am not sure if this is good practice to modify Apex tables.Those tables belong to your application's parsing schema and they are accessed only by code in applications you develop. The Application Express machinery knows nothing about them.
    Is there a way to create user groups while using DATABASE ACCOUNT for authentication?You can create your own tables to define groups and to keep track of which named accounts belong to which groups. And you can write an API for applications to use to query this information and to maintain it from custom applications built for that purpose.
    All

  • Developer Center and Users Group Speakers

    Two questions:
    1.  Who is responsible for keeping the SAP PowerBuilder Developer Center home page current?  About 50% of the links point to Not Found pages.
    2.  Who at SAP would be the contact for getting someone to come speak at a PowerBuilder users group meeting?  In the past, I had many of the Sybase representatives contact information but I have 0 contacts at SAP.
    It's been an uncertain path to chart for PowerBuilder development efforts at our company not knowing if this product is going to be supported.
    Thanks,
    -Allen

    Hi Allen,
    >>My manager "heard" that PowerBuilder was no longer being supported after 2015.<<
    I hear that very often! And I am very sad about it, because these rumors come from people right out of our community.
    I spend a lot of my spare time in fighting this fire that is lit again and again without any proof!
    I spoke with senior SAP managers and saw and heard what they said at our PBUGG Meeting last year. From this I can say that PowerBuilder is now a SAP product and has the same support and maintenance that SAP gives to all their other products!
    I just spent 4 hours in supplying material to one of our UserGroup Members who is in the same trouble as you!
    If you go to Bruce’ blog http://brucearmstrong.blogspot.de/ the first video More video from the PowerBuilder User Group Germany  http://vimeo.com/81870887  you find after 13:00 min Robyn Chan speaking of 8 years maintenance.
    SAP has a general paper about their release and maintenance strategy called “SAP Release Strategy” See: http://scn.sap.com/blogs/sapreleasestrategy (but you need a S-Id).
    If you don’t have a S-Id you can look at  what’s public for Business Objects. http://scn.sap.com/docs/DOC-31244 and Chrystal products http://scn.sap.com/docs/DOC-44670?rid=/webcontent/uuid/c018fb0e-8724-2b10-c489-9b8333e5e0f9. I think you can expect at least the same for PowerBuilder.

  • How to create secutiry filters and users, groups in system 9

    HI,
    Could you please help me how to create security filters and groups, users in system 9. I need it very ugent. i am very much thankful to you.. if you respond immediatly.
    Thanks,
    sudhakar.

    In short here's how I did it in 9.3.1 but there are multiple ways to do it.
    I'm using MSAD external authentication.
    Using EAS right click on database, Edit, Filters. Create your filters.
    Then go to Shared Services.
    Find the MSAD user/group and provision them to the Essbase database that you have your filters on. Access level is "Filter".
    Then go back to EAS and Refresh Security From Shared Services.
    Then go back to Shared Services.
    Navigate to Projects & then your Essbase server. Find your Essbase database and click on it. To the right it'll populate a list of all the users/groups you provisioned to above. Select all of them and click Next.
    Now you should see a drop down at the top showing your filter(s). Click the checkbox(s) next to the users/groups you want to apply that filter to. Click the green checkmark to apply the filter, and repeat for your various filters that you want to apply. Only 1 filter per user/group.
    Then go back to EAS and Refresh Security From Shared Services again.
    Good luck, hope this helps.

Maybe you are looking for

  • Manual cheque wrongly assigned to payment doc.

    Hi, User wrongly assigned cheque number 111 to payment doc#15-1 via F-53,  it should be assigned to doc#15-211. Manual cheque 111 was already issued to vendor.   How can i correct the assignment of cheque from payment doc# 15-1 to 15-211?  Seems no w

  • _TARGET_PRODUCT_VERSION_ and _TARGET_FILE_VERSION_ bug

    CVI 2010 has two new predefined macros: _TARGET_PRODUCT_VERSION_ and _TARGET_FILE_VERSION_ From CVI help: _TARGET_FILE_VERSION_ is defined as the value in the File Version option of the Version Info dialog box. This macro does not include increment

  • Keyboard and touchpad not working after Windows 10 update

    after udating windows 10 on my probook 4440s keyboard and touchpad not working. if i press a key for 10seconds the key then shows up in the screen. and touchpad is worst. it freezes all the time barely moves. but with usb mouse it works fine 

  • Spry and prototype in jetspeed

    Hi! I have the same problem as some others with spry and prototype. I want to use spry in a portlet in liferay. Liferay use prototype.js. I have tried to put the spry before and after the prototype and I have tried it with prototype.js versions 1.4 1

  • Can't reload nidaq

    loader requests cd but it's already in