External sites and access rights
After a search in oracle portal, only results are shown for item of which a user has access rights. That's great.
Ultrasearch is capable of searching other (non-oracle) sites as well, so the result of a search may include both portal and non-portal results.
How to deal with external sites which haver their own access scheme? We have two sites, one oracle portal site, one of a different vendor. In the future, hopefully, usermanagement will be centralized in one LDAP repository.
I'd love to have one integrated search engine for both sites, which is capable of indexing all pages, but give only those results of which a user is authorized to.
Can this be achieved by ultrasearch?
Hi Ton
In iAS 902, Ultra Search supports crawling of only public data from Portal page groups. These Portal page groups be from different portal instances. Currently, there is no support for limiting the data obtained from Portal page groups to that which a specific user may view.
We are currently working on supporting authorized crawls/searches.
This feature will allow you to perform a search as a specific user X. The search results returned for this user X will only contain links to documents that X is explicitly allowed to view. These documents can reside in multiple portal instances as long as all the portal instances have the same user space (i.e. share the same LDAP server).
So, to summarize, in iAS 902 (and Oracle 92), Ultra Search only supports public searches.
Regards
Edward
Similar Messages
-
Ultrasearch, external sites and access rights
After a search in portal, only results are shown for item of which a user has access rights. That's great.
Ultrasearch is capable of searching other (non-oracle) sites as well, so the result of a search may include both portal and non-portal results.
How to deal with external sites which haver their own access scheme? We have two sites, one oracle portal site, one of a different vendor. In the future, hopefully, usermanagement will be centralized in one LDAP repository.
I'd love to have one integrated search engine for both sites, which is capable of indexing all pages, but give only those results of which a user is authorized to.
Can this be achieved by ultrasearch?At the moment, Ultra Search has no notion of Access Control for items that it searches so, in effect, Ultra Search can only crawl public content.
-
I have files on my external harddisk and access is denied because 'I am not authorized?
I have files on my external harddisk and access is denied because 'I am not authorized?
Itunes copy protected files? Login into your Intunes account to access Itunes media that is tied to the account that purchased those audio or video files.
-
AOL mail not updating. Spinning wheel just keeps spinning. It hasn't updated in 5 days. G-mail updates normally. I can use the AOL web site and access it on my android phone too, but not on my MacBook Pro. OS 10.6.8
Hello robe427,
Thanks for using Apple Support Communities.
To troubleshoot this issue where you are unable to receive email from one of your accounts, please follow the steps in the article linked to below.
Mac Basics: Use Mail on your Mac
Take care,
Alex H. -
Our admin crew has just inherited a 4 year old SharePoint site that was developed on SP 2007 and later migrated to SP 2010. We are trying to determine which users and groups have access to the 150+ sub-sites of the site and at what permission levels.
Research tells me SharePoint 2010 has no means to simply list out a user's permission levels over an entire site collection, but that it must be done at each sub-site, list & library that has permission inheritance broken to create a unique permissions
object.
Has anyone found a solution to this issue? Without days of research at each sub-site, list & library, how would one more economically go about such an investigation of a user's permissions on an entire SharePoint 2010 site?Hello,
There is no direct way to see user and group broken permission within a site collection. However you can write powershell script to get the permission. You can modify the below script based on your need and export result in CSV. You may also need to add
code to iterate all subsites within site collection.
http://social.technet.microsoft.com/wiki/contents/articles/14242.sharepoint-2010-export-all-unique-permissions-from-site-collection-using-powershell.aspx
http://en.community.dell.com/techcenter/windows-management/b/weblog/archive/2012/09/25/sharepoint-security-reporting-using-powershell
Codeplex tool is also available to check permission but it is not always fulfill business need. You may also look at this if it suits you.
https://permissionsmanager.codeplex.com/
Hope it could help
Hemendra:Yesterday is just a memory,Tomorrow we may never see<br/> Please remember to mark the replies as answers if they help and unmark them if they provide no help -
Custom object classes and access rights
Hi,
I have added a few object classes to the NDS schema; objects
belonging to one of them should be able to authenticate against the
directory and retrieve some attributes. I managed the login part having
the class inherit from ndsLoginAttributes, but if I login as the object
itself, I can't retrieve any attributes. I can browse the entry (it's a
container), but all I get are DNs and objectclass attributes. Is there a
way to grant the object the right to retrieve its own attributes, or
some of them, through the Java LDAP interface?
Thanks,
Juan
jheguia
jheguia's Profile: http://forums.novell.com/member.php?userid=84575
View this thread: http://forums.novell.com/showthread.php?t=415769Hello,
I found a solution which is *almost* the right one. Basically I
deleted the class and created it again with a default ACL:
X-NDS_ACL_TEMPLATES ( '2# subtree#[Self]#[All Attributes Rights]' )
This allows the object to do as it pleases with its own attributes. I'd
prefer it to be only able to read them, but I haven't found a syntax for
ACLs. Is there anything I can read to see how to fine tune the access
rights templates?
Thanks,
Juan
jheguia
jheguia's Profile: http://forums.novell.com/member.php?userid=84575
View this thread: http://forums.novell.com/showthread.php?t=415769 -
Editing Portal Pages and Access Rights
I want to give some specific users the ability to edit certain pages within portal. When I change the page "Access Properties" to "Enable Item Level Security" and then add users under "Change Access" with "Manage Content" as their privilege, I expect Portal to only allow those persons to see the EDIT link for the page. However, I see that ALL users with VIEW privileges can see the EDIT link but nothing is available to them to edit...unless they click on the "Navigator" link and then they can SEE the different page groups. What's more is that there is a link beside each page group to MAKE A COPY of it!
YIKES!!! This is not desirable!
How do I set this up so that only specified users see the EDIT link and only allow these users to edit the page(s)?
Thanks a lot!
JasonHi Jason:
I wondered across a blurb on Metalink just last week that mentions if Item level Security is enabled on a page, all users will see the edit link (assuming you have one on the page). Apparently, this is to prevent a performance hit that would occur if the portal had to go through every item on the page to see if that user had edit rights.
One solution would be to disable item level security. Assuming, that isn't possible (it wasn't for us), you could also remove those users' navigator access. That way they won't see the navigator link in edit mode. Finally, depending on how your users are setup, you can also limit access to the edit link if it is on a nav bar for example. I enabled item level security on the nav bar I use and limited access to the edit link to those users I knew had to see the edit link.
Good luck.
Mark M.
Portal 9.0.2.6 -
How to move users, groups and access rights to new envronment
Hi,
I have existing 9.3.1 shared services, I created new environment with 9.3.3 .
Can some one suggesting me how move the existing 9.3.1 users to another server where it has 9.3.3 shared services.
is there any way move all at a time with some migration or we need to create manually?
thanks,
sudhakarYou can use the cssimportexport utility.
Even though this link is for 11.1.1.3 and states that its only for native users, you can in fact use the utility to migrate the provisioning of users both native and external: http://download.oracle.com/docs/cd/E12825_01/epm.111/epm_security/ch09s08.html
FWIW, I prefer the .csv format because its ease of reading and editing.
Regards,
Cameron Lackpour
P.S. The format is really confusing -- use the export functionality to show you what the format needs to be if you change anything (and I think that at least some of the names of the apps/projects you will have in 9.3.3 will be a little different).
P.P.S. I would imagine there's an upgrade path but that's beyond my expertise.
Edited by: CL on Mar 30, 2011 7:55 AM
I wish OTN had an alert system that indicated when JG was posting on the same subject. I would save my energy as I never get the answer out as fast. :) -
The mini mac is full and I want to be able to use the 2 tb drive as storage and time machine. How do I get the content onto the external drive and access it it and hoe does new content get downloaded and stored to the drive not the mac? Also can I have 1 drive playing storeage and back up or do I need a second? Basic questions I suspect but not to me!
1. Drag the library to the external drive, launch iTunes with the Option key held down, click on Choose Library, and point it there.
2. Get a second. Having the backups on the same drive as the original data won't help when that drive fails.
(66929) -
JAAS requiring re-authentication when returning from external site.
Our Struts web application uses another application for some of its functionality. When the authenticated user clicks on the link, a cookie is set with some user info and the user is redirected to the external site. The user interacts with the external site and then the site redirects the user back to our site (to a previously unvisited, secure action). Unfortunately, the user is being prompted to authenticate again, even though they have already done so. The strange part is that this behaviour only exists the first time a new browser is opened (both IE and Mozilla). Subsequent visits to the site (after properly logging out, and logging back in) do not cause this problem. The other strange part is that when the user returns to the site and is prompted to authenticate, the login module that we are using logs a message that it is checking the user info against the allowed roles, and the user does, in fact, already exist.
Nevermind. This was a stupid mistake on my part. I was accessing the site from localhost but the external site was returning to the actual URL. My bad.
-
About a year ago I got my iphone, and I had some free ringtones downloaded on my PC. I did some research, and was able to get those ringtones on my phone. I had recenlty downloaded some new ringtones from the same external site, and when I went to try and put them in my itunes I couldn't figure out how and have not been able to find anything to help me. Can anyone assist?
Connect & select iPhone in iTunes Sudebar (iTunes > View > Show Sidebar), in Music tap (right pane top), select Sync Music and the music you want on iPhone then click Apply button (bottom right).
http://support.apple.com/kb/VI72 -
I have managed to somehow partly corrupt the access rights on my iMac/SnowLeo system.
Getting a lot of failure messages at the start up and some applications are just not working properly anymore.
iTunes for instance does not longer recognize my iPhone - just doesn't - and again I get some strange messages.
Tried to repair access rights be starting OS x from DVD and used hard disk tools (not sure whether it is called exactly this in English - have a German system installed) and used "repair access rights" on the OS volume - seemed to work because a lot has been repaired but after starting iMAC again - same problem.
Now - what can I do to get this fixed on the access rights? Re-install Mac OS x- what would happen with all applications, e-mails etc?
Any idea - help - would be very much appreciated
RobertThanks - tried it (and seemed to make a lot of sense) but didn't help at the end :-(
Still same issues
Am not a Mac OS X specialist or UNIX or whatever - actually I am not very familiar with the details of the OS and all its settings etc etc.
However, following some messages, Internet, other sources ---- here's what I have managed to find out:
1) Mac OS starts up - all fine
2) after the desktop / dock is visible I get some similar but in general the following message (trying to translate since they are in German on my installation)
"insecure start objects disabled" - ../Library/StartUpItems/Executor" has not be started since the object does not have the correct security settings
.. I usually get about 10 of them with different "names"(objects) - e.g. "/Executor","/EyeConnect" etc etc.
Now - this all happens on my iMac; I also have a similar configured MacBook and just checked the security setting for exactly these objects on it - the difference is in "share and access rights" on the MacBook has "System" read and write and all others only read - funnily enough - I can not find "System" within "Share and Access rights" on the iMac!!!!
So - next idea: let's add "System" as a user to these folders/shares with "Share and Access rights" - can find a user named "System".
Uh - it seems I have managed to "kill" something on my iMac ..... just don't know how (but that's not so important) and just don't know how to repair - re-installation of Mac OS X on iMac didn't make a lot of changes.
Help appreciated!!!
Robert -
Access rights , privileges on XML DB
Hello,
I would like to know where can I find information about implementing security and access rights. I have 5 folders under SCOTT/TIGER schema and would like to asign access rights to different user , ie user A can access folder A only, user B can see folder A & Folder B , so on so .
I will appreciate your help.
Thanks
Syed.I did and here is the result
1 select r.res.getClobVal()
2 from resource_view r
3* where equals_path(res,'/home/SCOTT')=1
SQL> /
R.RES.GETCLOBVAL()
<Resource xmlns="http://xmlns.oracle.com/xdb/XDBResource.xsd" Hidden="false" Inv
alid="false" Container="true" CustomRslv="false" VersionHistory="false" StickyRe
f="true">
<CreationDate>2003-09-11T15:53:42.672000</CreationDate>
<ModificationDate>2003-10-01T09:08:15.456000</ModificationDate>
<DisplayName>SCOTT</DisplayName>
<Language>en-US</Language>
<CharacterSet>UTF-8</CharacterSet>
<ContentType>text/plain</ContentType>
<RefCount>1</RefCount>
<ACL>
R.RES.GETCLOBVAL()
<acl description="Protected:Readable by PUBLIC and all privileges to OWNER"
xmlns="http://xmlns.oracle.com/xdb/acl.xsd" xmlns:dav="DAV:" xmlns:xsi="http://w
ww.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/x
db/acl.xsd http://xmlns.oracle.com/xdb/acl.xsd">
<ace>
<principal>dav:owner</principal>
<grant>true</grant>
<privilege>
<all/>
</privilege>
</ace>
R.RES.GETCLOBVAL()
<ace>
<principal>XDBADMIN</principal>
<grant>true</grant>
<privilege>
<all/>
</privilege>
</ace>
<ace>
<principal>PUBLIC</principal>
<grant>true</grant>
<privilege>
R.RES.GETCLOBVAL()
<read-properties/>
<read-contents/>
<read-acl/>
<resolve/>
</privilege>
</ace>
</acl>
</ACL>
<Owner>SCOTT</Owner>
<Creator>SYS</Creator>
<LastModifier>SCOTT</LastModifier>
R.RES.GETCLOBVAL()
</Resource>
and for /home/SCOTT/1999
SQL> select r.res.getClobVal()
2 from resource_view r
3 where equals_path(res,'/home/SCOTT/1999')=1;
R.RES.GETCLOBVAL()
<Resource xmlns="http://xmlns.oracle.com/xdb/XDBResource.xsd" Hidden="false" Inv
alid="false" Container="true" CustomRslv="false" VersionHistory="false" StickyRe
f="true">
<CreationDate>2003-09-25T11:56:18.910000</CreationDate>
<ModificationDate>2003-09-25T11:56:21.023000</ModificationDate>
<DisplayName>1999</DisplayName>
<Language>en-US</Language>
<CharacterSet>WINDOWS-1252</CharacterSet>
<ContentType>application/octet-stream</ContentType>
<RefCount>1</RefCount>
<ACL>
R.RES.GETCLOBVAL()
<acl description="Private:All privileges to OWNER only and not accessible to
others" xmlns="http://xmlns.oracle.com/xdb/acl.xsd" xmlns:dav="DAV:" xmlns:xsi=
"http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.ora
cle.com/xdb/acl.xsd http://xmlns.oracle.com/xdb/acl.xs
d">
<ace>
<principal>dav:owner</principal>
<grant>true</grant>
<privilege>
<all/>
</privilege>
R.RES.GETCLOBVAL()
</ace>
</acl>
</ACL>
<Owner>SCOTT</Owner>
<Creator>SCOTT</Creator>
<LastModifier>SCOTT</LastModifier>
</Resource>
===========================End====================
Hope this helped.
Syed -
How crm visit the external website and return the value to crm
how crm visit the external website and return the value to crm?
AwenCan you elaborate the question? I assume that you are looking for some sort of mechanism to validate a customer's web site?
Regardless of the scenario, the way to validate or retrieve a value from an external web site is to write a plugin that executes a WebRequest to the external site and reads the response. -
Defining roles and access for OWB Designer
Hi,
Can i Define roles and access rights to different on 1 OWB Designer repository?
I want to send my mappings for code review but i dont want them to log into the OWB designer with write access.
How can i achieve this in the same OWB designer repository as the one i am using?
I am using OWB 10.1.
I found some table - WMP_USER_ROLES,WMP_GROUP_ROLES,WMP_GROUP_REPOSITORIES
when i logged into the designer schema through sqlplus
Thanks
SagarHi Sagar,
Yes you can do that. Basically you can create a db user, and then register the user with a repository. By default that user has all privileges, however it now is audited per user as to what he/she did. How to do this look at the doc (find SecurityHelper)
To enable you to protect metadata there are a couple of strategies (implemented via a simple PL/SQL API). For an example (this one works with policies on the module level) take a look here (http://www.oracle.com/technology/sample_code/products/warehouse/files/Dev_Status_Policy.SQL)
This would work as follows:
- Create user REVIEW
- Register user REVIEW to repos QA
- For a module you want review for, set the status to QA
Now the REVIEW user logs in and he can look at QA but cannot touch.
Hope this helps,
Jean-Pierre
In your situation
Maybe you are looking for
-
How to make recursive query.Please help
Dear Experts: I want to retrieve all employees located in a department in addition to all other employees located in the child's nodes of this department too. Problem Details: I have "Employees" table and "Departments" Table The structure of Dept Tab
-
I will be using FMS for a training application for a client. The app simulates a telephone conversation. Users hear audio which is pulled down from the FMS, then record themselves. The app streams the audio to the FMS using RTMP. My question: If ther
-
Disk drive will not click or accept disks ?
Disk drive will not click or accept cd's or DVD's
-
hi, i think i erased the utility folder of my macbook and now every time i try to open it the computer just freezes...? help!
-
Hello in trying to restore from backup to my new phone I'm receiving a 'restore failed' message which I can't get rid off to start again. Any ideas please?