"Enable Access Control" for shared directory is grayed out

Similar Messages

• Issue while enabling Access Control for a Coherence server node

  Hi
  Im trying to enable access control for a Coherence server node, using the default Keystore login method shipped with Coherence. When i start the server i get the error "java.security.AccessControlException: Unsufficient rights to perform the operation". Please see below for the sequence of steps I've followed to enable access control. I just need to be enable Authentication (not authorization) at this stage
  1. I have added the following entry in the Coherence Operational override file
  <security-config>
            <enabled system-property="tangosol.coherence.security">true</enabled>
            <login-module-name>Coherence</login-module-name>
            <access-controller>
                 <class-name>com.tangosol.net.security.DefaultController</class-name>
                 <init-params>
                      <init-param id="1">
                           <param-type>java.io.File</param-type>
                           <param-value>keystore.jks</param-value>
                      </init-param>
                      <init-param id="2">
                           <param-type>java.io.File</param-type>
                           <param-value>permissions.xml</param-value>
                      </init-param>
                 </init-params>
            </access-controller>
            <callback-handler>
                 <class-name>com.sun.security.auth.callback.TextCallbackHandler</class-name>
            </callback-handler>
       </security-config>
  2. The following is the entry in the Permissions.xml
  <?xml version='1.0'?>
  <permissions>
  <grant>
  <principal>
  <class>javax.security.auth.x500.X500Principal</class>
  <name>CN=admin,OU=Coherence,O=Oracle,C=US</name>
  </principal>
  <permission>
  <target>*</target>
  <action>all</action>
  </permission>
  </grant>
  </permissions>
  3. The following is the content of the Login configuration file "Coherence_Login.conf"
  Coherence {
  com.tangosol.security.KeystoreLogin required
  keyStorePath="keystore.jks";
  4. The following is the command line tag for starting the server
  java -server -showversion -Djava.security.auth.login.config=Coherence_Login.conf -Xms%memory% -Xmx%memory% -Dtangosol.coherence.cacheconfig=PROXY-cache-config.xml -Dtangosol.coherence.override=FOL-coherence-override.xml -Dcom.sun.management.jmxremote.port=6789 -Dcom.sun.management.jmxremote.authenticate=false -Dtangosol.coherence.security=true -cp "%coherence_home%\lib\coherence.jar" com.tangosol.net.DefaultCacheServer %1
  Following is the output on the Console when running the command. It asks for a username and password for the JKS store (If i provide the wrong password, it gives a different error, which shows that it is able to authenticate aganst the Keystore). After i put in the password, it throws the error as shown below "java.security.AccessControlException: Unsufficient rights to perform the operation"
  D:\Coherence\FOL_CacheServer>fol-cache-server
  java version "1.6.0_20"
  Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
  Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)
  Username:admin
  Password:
  Exception in thread "main" java.security.AccessControlException: Unsufficient ri
  ghts to perform the operation
  at com.tangosol.net.security.DefaultController.checkPermission(DefaultCo
  ntroller.java:153)
  at com.tangosol.coherence.component.net.security.Standard.checkPermissio
  n(Standard.CDB:32)
  at com.tangosol.coherence.component.net.Security.checkPermission(Securit
  y.CDB:11)
  at com.tangosol.coherence.component.util.SafeCluster.ensureService(SafeC
  luster.CDB:6)
  at com.tangosol.coherence.component.net.management.Connector.startServic
  e(Connector.CDB:20)
  at com.tangosol.coherence.component.net.management.gateway.Remote.regist
  erLocalModel(Remote.CDB:10)
  at com.tangosol.coherence.component.net.management.gateway.Local.registe
  rLocalModel(Local.CDB:10)
  at com.tangosol.coherence.component.net.management.Gateway.register(Gate
  way.CDB:6)
  at com.tangosol.coherence.component.util.SafeCluster.ensureRunningCluste
  r(SafeCluster.CDB:46)
  at com.tangosol.coherence.component.util.SafeCluster.start(SafeCluster.C
  DB:2)
  at com.tangosol.net.CacheFactory.ensureCluster(CacheFactory.java:998)
  at com.tangosol.net.DefaultConfigurableCacheFactory.ensureServiceInterna
  l(DefaultConfigurableCacheFactory.java:923)
  at com.tangosol.net.DefaultConfigurableCacheFactory.ensureService(Defaul
  tConfigurableCacheFactory.java:892)
  at com.tangosol.net.DefaultCacheServer.startServices(DefaultCacheServer.
  java:81)
  at com.tangosol.net.DefaultCacheServer.intialStartServices(DefaultCacheS
  erver.java:250)
  at com.tangosol.net.DefaultCacheServer.startAndMonitor(DefaultCacheServe
  r.java:55)
  at com.tangosol.net.DefaultCacheServer.main(DefaultCacheServer.java:197)

  Did you create the weblogic domain with the Oracle Webcenter Spaces option selected? This should install the relevant libraries into the domain that you will need to deploy your application. My experience is based off WC 11.1.1.0. If you haven't, you can extend your domain by re-running the Domain Config Wizard again (WLS_HOME/common/bin/config.sh)
  Cappa

• Shared Services Assign Access Control for Essbase

  Hi we have a used who has his provisioning in form of filters in essbase group. I tried assigning his filter to thim through Assign Access Control in shared services. I'm able to see the user and also the the filter I created for the user but when I try to assign it to him and save it is really not getting assigned. It still stays the user doesnot have any filters assigned to his account. Am I missing anything.
  Thank you.

  Have you given maxl a try:
  grant filter appname.dbname.filtername to user;
  Cheers
  John
  http://john-goodwin.blogspot.com/

• How do I set up timed access control for a time past midnight

  I would like to set up timed access control for a number of my devices that would stretch past midnight...   An open network from 6AM to 2AM - effectively only blocking access from 2AM tp 6AM in the morning....
  Any notion on how to do this?  the timed factily does not like the setting to enable 6A to 2A, says the times are invalid. 
  Setting up timed access from 6AM to 11:59P, then doing another from 12A to 2A causes a service "hiccup" of 1 Minute.

  Set up each device as follows:
  Everyday........Between.......6:00 AM and 11:59 PM
  Add a second rule for each device that will state....
  Everyday.....Between.......12:00 AM and 2:00 AM
  You might think that there would be a one minute break between 11:59 PM and 12:00 AM, but that will not be the case, at least on every AirPort that I have ever programmed..  Reason.....11:59 is really 11:59:59:59 turning off at 12:00 AM.  But, you have a second rule to allow access at 12:00 AM, so the AirPort will be "on" at the same time the first rule ends, so there will be no break.
  If you really want the second rule to turn the AirPort "off" at 2:00 AM.......then set that time for 1:59 AM. If you set the rule for 2:00 AM, then AirPort will really turn off at 2:01 AM.

• Cannot enable parental controls for Guest if FileVault enabled

  FileVault is enabled on my Mac.  When I subsequently enabled Find My Mac, the Guest User account was automatically enabled, as it is required for Find My Mac's theft recovery feature. When I accessed the Guest User in the Users & Groups Preferences panel, the "Enable parental controls" option for Guest User was greyed out.  Thus, anyone with physical access to my computer, such as my kid, can gain unfettered access to the Internet without a password. 
  I did find a solution.  I unchecked the "Allow guests to log in to this computer" box in the Preferences panel.  This caused the "Enable parental controls" box to become checked (seems to be a bug).  I then checked the "Allow guests to log in to this computer" box, which caused the "Enable parental controls" box to become unchecked.  At this point, the "Enable parental controls" box was no longer greyed out, and I was able to check it. 
  System: Late 2014 Retina iMac with 3.5 GHz Intel Core i5, 8 GB memory, OS 10.10

  Update: Although the method above appeared to enable parental controls, they do not work.  When I log in as Guest (causing the computer to reboot into Safari-only mode), I am able to access a very well-known adult website (play*** dot com). 

• Enable Shadow Copies for Shared Folders in a Failover Cluster (2012 R2)

  I cannot find a reference on how to Enable Shadow Copies for Shared Folders in a Failover Cluster
  using separate disks for Data and Shadow Copies, using Windows Server 2012 R2.  I found an article for Server 2003, but that doesn't solve my issue. 
  Enable Shadow Copies for Shared Folders in a cluster.  Can someone point me to documentation on how to setup properly?
  I have a 3 server failover cluster, a single fileserver role with a 2 TB data storage drive and a 200 GB disk for shadow copy drive.  The 2 TB is ReFS and being used by Home Directories.  The 200 GB is also ReFS, but I didn't have a letter
  assigned, but it is associated with the fileserver role.
  Any help is appreciated.
  Find this post helpful? Does this post answer your question? Be sure to mark it appropriately to help others find answers to their searches.

  As mentioned above I spotted Shadow Copy configuration problems in clustered environment on Windows 2012 R2 with latest updates.
  Enabling Shadow Copy via Cluster Manager on disk will enable schedule and snapshots but schedule is not-cluster aware (is created locally on node) and "Previous Versions" are visible only locally but not via shared folders (UNC path accesible by
  clients)
  When I spotted this behavior I tried different way going via Computer Management and cluster resource name but console always hangs for me when using "Configure Shadow Copies". After many minutes configuration window is opened (Hurray!) but any
  action there will hang whole console again. Enabling Shadow Copies will fail with "0x80004005: Unspecified
  error" for creating scheduled task but "Next Run Time" column still shows "Disabled". Checking disk resource via Cluster Manager shows it is enabled and ?local? scheduled task is created.
  Computer management console still shows DISABLED and any action freezes whole console (only when cluster resource name is used).
  This fix I found, unfortunately, is not applicable to 2012 R2 OS: https://support.microsoft.com/en-us/kb/2894464
  To sum up there is a major bug in MS implementation in Shadow Copies for Shared Folders when clustering is used or it is still not supported in 2012 R2? Doing it outside cluster works as it should (without freezes and Previous Versions are available via
  UNC)
  There is no documentation about FileServer Clustering on 2012(R2) unfortunately.
  Could someone from MS clarify it?
  Many thanks
  Filip
  EDIT:
  Ok, one correction:
  Scheduled task is not created in "Failover Clustering" hive of Scheduled tasks as user may expect but failover of fileshare to other node will unregister/reregister it on active node only.

• Access control for different user groups in APEX 4.0

  Hi guys,
  in Apex 4.0, is there any way to use the access control page to configure access control for different user groups?
  The access control page currently only has an access control list by users with 3 privileges namely, Administrator, Edit & View where Administrator has the highest access level & View the lowest. Therefore 1 user cannot have more than 1 different privilege, however if the user belongs to 2 or more different groups then we can control what access he can have in a more fine grained manner. We also want to have more than the 3 privileges given.
  Can we assign different groups to different users and let them have different privileges to be configured by page, region, process or item level?
  Now Apex will create 2 tables, Apex_Access_Control & Apex_Access_Setup to store the application access control mode & access control list. It will also create 3 authorization schemes "access control - administrator", "access control - edit" & "access control - view" based on the 2 tables.
  Does this mean we have to change the table structures & edit the authorization schemes to suit our usage? We are reluctant to do this because if we upgrade to a newer version of Apex then we would have to merge our pl/sql coding with Apex's updated code.
  How can we auto-configure more than the 3 authorization schemes in the access control page? Is there any way to achieve a finer grain of access control based on the current access control administration page given by Apex without writing it ourselves?
  We are afraid that we may have missed something on Apex access control & do not want to reinvent the wheel.

  Hi Errol,
  to build your own application authorization scheme around the security model supplied by Apex for administration of the Apex environment would be a bad idea.
  This was never intended for authorization scheme management in custom built Apex applications, it was solely intended to control access in the Apex environment overall. The API for it is not published, and making changes to it, such as adding more roles, would run the risk of breaking the overall Apex security model. It would not be supported by Oracle and Oracle would not guarantee the upwards compatibility of any changes you make in future versions of Apex.
  In short, you should follow Tyson's advice and build your own structure. As he indicated, there are plenty of examples around and provided your requirements are not too complicated, it will be relatively simple.
  Regards
  Andre

• How can I have different access control for the guest network (different than the main network)?

  I am trying to control my main wireless network with access control via mac id with no password. I wanted a separate guest network with password access and no access control. However, the only way that the guest network works is if I specify unlimited access as the default. Is what I am trying to do possible.

  I am trying to control my main wireless network with access control via mac id with no password.
  Definitely not a recommended method for security. MAC addresses are easily cloned by anyone who wants to do so with free tools available on the Internet. An unwanted guest will be on your network in less than a minute if they want to be.
  Strongly recommend that you use WPA2 Personal security with a non-dictionary password to protect your network.
  I wanted a separate guest network with password access and no access control. However, the only way that the guest network works is if I specify unlimited access as the default. Is what I am trying to do possible.
  Unfortunately, Apple does not allow separate Access Control for the "main" and "guest" networks. It's all or nothing, I am afraid.
  Likely, the  "best" way to set up Access Control is change the default rule to No Access, Then you will need to enter in the details for every device that you want to allow to connect for both the "main" and "guest" networks with the time limits for each device.

• Why is the music list for my ipod classic grayed out in itunes?

  why is the music list for my ipod classic grayed out in itunes?

  I have a similar problem.  Originally, my iTunes advanced setting was set such that a shortcut to the song was copied into my music library so sometimes copying songs to my iPod resulted in them being grayed out.  I changed that setting some time ago and haven't had the problem until recently.
  I don't know what to do.  here's the situation:
       1.  I have a song that is stored on my file system within My Documents. (it was purchased via Amazon)
       2.  Through iTunes I choose the File | Import file to library (or some text like that)
       3.  I navigate to the location of the song
       4.  I import it.
       5.  I can play the tune from the music library or from an internal PC playlist.
       6.  I then attempt to copy the song to my iPod.  When I do, it appears in the iPod's playlist grayed out.
  I have done those steps countless times for dozens of songs without a problem.  Even others that I've purchased through Amazon.  What is so different this time?  I should mention that this problem NEVER happens if I buy the song through the iTunes store.  Only if I buy it from another source (e.g. Amazon).  WHY ???

• Oracle EPM 11.1.1.3 - Assign Access Control in Shared Services for filters

  We are using 11.1.3 version of EPM.
  We have configured Essbase with Shared Services.
  When I try to click Assign Access Control , it gives "loading.." thats it. Nothing else.
  I have registered the application from EAS with Shared Services
  Could you pelase suggest what I can do assign filters to users.
  cheers,

  Hi,
  Provision the user with which you are logging into shared services as an Esssbase User and try.May this will solve your issue
  Thanks.
  Edited by: user9976039 on Oct 23, 2009 12:57 PM

• Acrobat XI will not access contacts for shared review

  I started having this problem yesterday after updating to Acrobat DC and then realizing we weren't ready for DC, so I  uninstalled DC and re-installed XI.
  When I try to send for shared review, collecting on our internal server, as soon as I click on the "To:" or "CC;" buttons, a window pops up like normal where Acrobat is trying to connect to Google (we manage our email through Gmail) to access my contacts. However, neither the "allow access" or "no thanks" buttons are clickable. I have to manually close the window which then kicks back an Authentication Failed message.
  I did a full uninstall of Acrobat DC and a full re-install of XI a couple times, but still get the same errors and have the same issues.
  I am on a networked environment, newer MacPro, 10.10.3 Yosemite, as I said before, using Gmail to manage company email.
  Please help - Our process relies heavily on Shared Review, and without it, I am dead in the water.
  -Stephen

  This is the error I am now receiving and I cannot click the Allow access or No Thanks buttons...

• Error while turning on Access control for web proxy

  When I try turning on access control setting for the service (using web-based server admin page: sever preferences->restrict access), i got this pop-up error message:
  System Error:
  The POST variables could not be read from stdin.
  Environment:
  Windows2000 SP2
  Sun ONE WebProxy 3.6 SP1
  File-System NTFS
  Thx

  Hi,
  Please mention on which platform you have installed the iplanet web proxy server. If it is on NT then make sure it must on NTFS partition.
  refer the following link for more details
  http://docs.iplanet.com/docs/manuals/proxy/36/adminnt/contents.htm

• Default Keychain Access Control for Safari

  For the Keychain item Safari Forms Autofill, what are the default settings for Access Control? Mine are set to Confirm Before Access, and Ask For Keychain Password and no applications are listed. How it is out of the box?

  Hmmm... if I open Keychain Access, I do not see separate keychains for each browser - just one for "System", "Login", "scott" and "X509Anchors" - and all of my internet passwords are stored in "scott". Also, if I open an internet item, I get a window that shows a tab for "Access Control" - where I can give access to all applications, or I can specify any specific application to have access to that info.
  So, from that I had assumed that when I add Camino to the list of applications under "Always allow access to these applications" for an internet password item, that it would automatically be pulled from there by Camino when needed (and I was pretty sure that's what had happened when I was dealing with this yesterday).
  However, after testing a couple more by adding Camino to that list, and changing another to allow access by any application, the username and passwords did not automatically come up in Camino. I must have been dreaming it. :?
  Are the "Internet Password" and "Web form password" items in Keychain Access not what the browsers draw from? Do they maintain their own "keychains" as part of their "Application Support" files?

• E-Recruiting: Enabling accessibility mode for HRRCF_START_INT with Portal

  All,
  We are currently using E-Recruiting 6.0 SP9.  Our start pages use the BSP technology.  Our internal jobseekers use SAP Portal 7 to open their start page.  I am trying to figure out how to enable the accessibility option for the internal jobseeker BSP pages going through portal.
  Has anyone else enabled E-Recruiting accessibility through the Portal?
  I have tried adding the parameter SAP-ACCESSIBILITY=X to the Application Parameters property of the iView.  I have also attempted to turn on the accessibility setting on the Portal personalize link.  Neither of these settings had any effect on how the BSP was displayed.
  Do I need to enable the accessibility check box on the logon page in SICF for the service HRRCF_START_INT?
  Thank you,
  Brian Snyder

  Hi Karthi,
  Yes, You have to use BSP iView for integrating BSP applications in portal. Give application name , which is hrrcf_start_int in your case and BSP start page, which is the url of the BSP application.
  Now as far as internal and external users are concerned,  first make sure like what is the iView or the content they will be seeing , so that you seperate your iViews based on the user.
  Like create two roles, one for internal and one for external user.
  Assign iViews to page, page to workset and workset to the role.
  Now, when an internal user logs into the portal, he will see the content that is assigned to him according to his role and external user will see different content.
  Hope you find this answer useful. Please reward points, in case if you find this useful.
  Thanks,
  Sai Iyer

• Access control for a noob

  SurveillanceWizard wrote: ...Cat5 or any cat cable is only good for the main controller most of local "door" controllers use RS232 or something similar back to one or two main controllers. so you may have just wasted cat cable although I would use that cable for cameras since its there....and if you use a lanyard be careful where you punch the hole though the card.Yeah it's RS-485, depending on the distance you can run it over a CAT5 cabling but shielded RS-485 purpose made cable will provide better performance and reliability. Unless you plan to integrate ID cards with the access cards, I'd use the key fob style, they already have a hole in them and are much more durable and you can still put them on a lanyard if you want to.

  I have been tasked with building a ground up access control system for a new 63,000 sq ft building my company is moving to. I have no experience in this field whatsoever. I have been given the following requirements by the company owner:1.) The card readers will need to be proximity based, that is he would like the door to unlock when a user with an access card passes within a few feet of the card reader.2.) 13 access points will need to be controlled by card reader with an additional being controlled by a button behind a desk that a receptionist can press to grant entry. 3.) The system needs to log data for times/dates of individual employees entering/exiting each access point. At the moment I have a CAT5e cable run to each door that will need card reader access. I assume the first step is to determine the system that can handle those...
  This topic first appeared in the Spiceworks Community