Fetch all Subsite for Read-only user
HI,
I have a site collection in which the users have only "Read" access.
I would like to fetch all the sites(incuding root site, subsites), which the user has access. How to achieve this in Javascript client object model?
I have tried using get_web().get_webs(), but since the user has only "Read" access, I am getting access denied error when trying to load the site.
How to fetch all the sites(incuding root site, subsites), in the sitecollection using Javascript client object model?
Thanks
Hi,
Refer to following post:
http://social.msdn.microsoft.com/Forums/en-US/fb318464-916c-4d0a-ae59-8511b58b6309/run-code-with-elevated-privileges-in-client-object-model
It summarizes as below:
The SharePoint 2010 client object model does not support SPSecurity.RunWithElevatedPrivileges.
Since you're code runs on the client, the identity can not be reverted to the application pool account. Running code as system account via the client object model would open a security hole and then everybody could write and execute code as an administrator.
Another possible way is to develop a custom web service on the server which run the code in RunWithElevatedPrivilege() method and then call the web service from the client object model.
you may refer to the this blog post giving a simple example of creating WCF service for SharePoint 2010:
How
to Create WCF Web Service on SharePoint 2010
You would also like to have a brief look at the screencast for Building and deploying a WCF service to SharePoint 2010:
http://www.codefornuts.com/2010/04/building-and-deploying-wcf-service-to.html
Hope it helps!
Avni Bhatt
Similar Messages
-
SharePoint 2010 List View Web Part not showing for read-only users?
Hello all,
I have List View Webparts on my Blank Web Part page, and it's not showing for Read-Only users.
Is this intended by Microsoft or is it a bug?
Thank you!Hi,
According to your post, my understanding is that the read only user could not see the list view web part.
Per my knowledge, the issue may be cause that the user do not have the proper permission for the list.
1. Check whether the user can access the list.
2. Check whether the user can view all the items instead of partial items in the list.
3. Check whether there are some fields refer to other lists or terms, especially the lookup field or managed metadata filed.
If that is the case, make sure the user can access the lookup list.
Thanks,
Jason
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Jason Guo
TechNet Community Support -
How hide ribbon bar for read only users from custom master page.
Hi,
I want to hide the ribbon bar for read only users, on my custom master page I put inside of a SharePoint:SPSecurityTrimmedControl this div: <div id="ms-designer-ribbon">, but when I save the changes the master page does not work
anymore.
<!--MS:<SharePoint:SPSecurityTrimmedControl runat="server" AuthenticationRestrictions="AddAndCustomizePages">-->
<div id="ms-designer-ribbon">
<!--SID:02 {Ribbon}-->
<!--PS: Start of READ-ONLY PREVIEW (do not modify) --><div class="DefaultContentBlock" style="background:rgb(0, 114, 198); color:white; width:100%; padding:8px; height:64px; ">The SharePoint ribbon will be here when your file is either previewed on or applied to your site.</div><!--PE: End of READ-ONLY PREVIEW -->
</div>
<!--ME:</SharePoint:SPSecurityTrimmedControl>-->
I'll appreciate any suggestions in order to solve this.
Regards.did you close browse and open a fresh session?
also authericationrestrictions for add & customize people so its more than read...
check this one
http://msdn.microsoft.com/en-us/library/jj822366.aspx
another blog for same stuff:http://spgurunet00.web707.discountasp.net/post/2012/12/13/Hiding-SharePoint-2013-Ribbon-from-Anonymous-Users.aspx
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog -
Style Code Not Working for Read Only Users !
Hi
Can anyone help us with this issue. We have created some special Styling code in order to hid the Quick Launch on the home page of our main SharePoint site. The Styling works no problem at
all for users with edit rights, however we found that the styling did not work for users with read only access. What we found was that if we switched on the "Edit Items - Edit items in lists, edit documents in document libraries, and
customize Web Part Pages in document libraries." in the List Permissions for the Permission Levels for the Read Access group, the Styling then works no problem at all. HOWEVER it then gives those users the ability to EDIT the site page, as it then
puts the Edit option on the page top right for the user to click and then mess up the web page, which we can not permit.
SO..... How do we get this styling to work for ALL user types ?Hi,
This usually happens when the CSS file is not published or approved, please check it.
If the CSS files uploaded in the Style Library, please check whether you had to check in those CSS files or not.
Best Regards
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
Best practice for read-only functionality
Hi,
I'm part of the development team of a system with about 100 screens. The customer would like us to add some read-only functionality to the system, so that certain users are able to access the screens but not change any of the data on them. We already have policies in place on the database level that keeps read-only users from saving data, but it's not very user friendly to allow users to change data on a screen, only to tell them that they're not allowed to save those changes once they try to do so. It would clearly be better if all components are rendered as read-only components for read-only users, making them unable to make any data changes in the first place.
User privileges in the system are controlled by roles defined and set in the system (not ADF roles or Weblogic roles). At any given time and place, it's possible to check whether the current user has a certain role. We already use this in a number of places to make it possible to control which user has access to which screens. In a few places we even control which functionality should be enabled for the current user within a screen, but mostly the access control is currently on the screen level. With read-only users getting access to all screens, it seems we will need lot of extra in-screen access control to keep these users from changing anything.
But what's the best practice here? One way to go would be to add some logic to every single active component on every single screen, to determine whether it should be rendered as active or disabled/read-only. But that would require a lot of extra coding.
So my question is: Is there a smarter way to do this? Maybe something done through skinning? Or something else?
(I'm not sure how relevant this is for this sort of question, but we're currently using JDev 11.1.1.4.0, and expect to upgrade to 11.1.1.6.0 within the next 6 months)
Best regards,
AndreasHi Guna, Puthanampatti and Don,
Thanks a lot for your replies. I'm currently looking into implementing something along the lines of what Guna has suggested:
Our application consists of a number of individual work spaces that are deployed as adflibs which have all been added to a "master application work space", and the master application is deployed as an .ear file. Most of the individual work spaces are for all the different functional areas of the application, with their own task flows, page fragments etc. The rest are work spaces with common functionality, like datamodel (entity definitions), utility methods, page templates, and framework extensions. In the latter, we have defined custom classes for all the base classes (somewhat similar to what Don describes, I believe).
In our custom class for ViewRowImpl, I have added an isAttributeUpdateable method, and in our custom class for ApplicationModuleImpl I have added an isReadOnlyUser method. The isAttributeUpdateable method uses the isReadOnlyUser method to determine if the current user is a read-only user or not; if the user is a read-only user the isAttributeUpdateable method will return false, otherwise true. The isReadOnlyUser method in our base class is just a dummy method that always returns true. But in the ApplicationModuleImpl classes of our individual work spaces, i've written an override for isReadOnlyUser, giving the answer that is relevant for the work space in question (for instance, whether or not the current user has the role "User Administrator").
That pretty much takes care of all input fields in tables and forms, which is a big step in the right direction. This still leaves some work to be done for components that are not directly linked to view object attributes (like buttons), but I guess that can't be helped. Also, there are a few of the work spaces that contain a number of pages that are related to different user privileges (as in: page 1 requires user privilege A, and page 2 requires user privilege B); in these cases I will have to do something different than just writing an override in the "local" ApplicationModuleImpl class.
@Don: What you describe seems to be pretty close in functionality to what we already have, though your implementation is different from ours. You have used your custom base ApplicationModuleImpl class to keep read-only users from committing changes. We use Virtual Private Database and database policies to the same end: If a user without the required full-access role tries to commit data it will cause a database error, which we then handle in the application (so the user gets a message like "You don't have the required privileges to changes this data", rather than an ORA message). Unfortunately, our customers are not content with this. They want a solution where all input fields and most of the buttons etc. are disabled for read-only users, and that's why I'm looking into the best/smartest way to do this.
@Puthanampatti: We already use something similar to what you're suggesting. The challenge I'm currently facing is how best to disable/enable components based on the current user's roles, not how to determine and store those roles.
Best regards,
Andreas -
How to configure read only user on IAP?
Requirement:
In environments, such as enterprises and campus universities, there are instances where few administrators only monitor the IAP clustered networks. For such users, a read only user can be configured on IAP.
Solution:
In IAP software, a provision is given is to configure a read only user in the system settings, under "Admin" tab.
Configuration:
Follow the below steps to configure radius authentication in IAP:
Login to IAP web interface
Select "System" from the main menu and then click on "Admin" tab
Under View Only settings, enter the username and password.
Verification
Logout of the IAP web interface and try logging in using the username and password created for read only user.
This read only user will no longer be able to see configuration options. Below screenshot shows the difference of menu options between an administrator and read-only user:HG,
Please check this link.
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml
We need to set up command authorization.
Regards,
~JG
Do rate helpful posts. -
Read only user creation for Oracle EM Console 11.1.1.5
Dear All.
I have created Read only user for Oracle EM Console.
I have followed below link to do the same
http://moshe-soa.blogspot.com/2011/09/blog-post.html.
I have noticed with read only user is that TEST button in EM Console is active means user with read only user can create a trans, in Prod scenario it is a risk.
Raised a CR with Oracle and found that it is a bug
Bug 14082464 - CANNOT DISABLE TEST/TEST WEB SERVICE BUTTON IN SOA EM COSOLE is there in Metalink.
So my question is there any way by which i can disable the TEST button in EM Conasole.
I think there are some WLST script or servlet java class available to resolve this issue.
Can any one confirm this and please suggest if any one aware of any alternative method.
Thanks,Hi, have you got any solution to this problem? I am having exact the same issue in 11.1.1.6.
-
Want to create a Read Only user for a given app owner user
Hi Folks,
We have an application owner schema, lets call it OWNER, which has different objects living under it.
Now, for certain reasons, the app group wants a read only user which should be able to view objects living only in OWNER. It would only be able to read things, and have no create or alter types of priv to be able to change anything.
The first idea was to create a new user (e.g. RO) and give this explicit grants (select only) for all objects in OWNER. Though this works, is a maintenance havoc, since everytime there is a new object in OWNER, you have to remember to give explicit grants to all RO (or RW ) kind of users.
What i am looking forward to is, some sort of privilege or role concept that apply on the user level, and not on object level. something that allows me to say, all objects of this schema (e.g. OWNER) are visible to user RO. Other restrictions on RO would control read or write behaviour.
Does this thing exist ? please point me to the documentation/example..
regards
raghav..CREATE OR REPLACE TRIGGER myTest.trg_mytest
AFTER DDL
ON myTest.SCHEMA
DECLARE
lv_obj_type VARCHAR2(20) := TRIM(UPPER(ora_dict_obj_type));
lv_evt_type VARCHAR(20) := TRIM(UPPER(ora_sysevent));
lv_obj_name VARCHAR2(30) := trim(UPPER(ora_dict_obj_name));
lv_role_name VARCHAR2(30) := 'myTest_RO';
lv_stmt VARCHAR2(4000) := NULL;
ln_job_nr NUMBER;
BEGIN
IF lv_evt_type != 'GRANT' --lv_obj_type <> 'OBJECT PRIVILEGE' --
THEN
DBMS_JOB.SUBMIT(ln_job_nr,'begin execute immediate ''grant ' || ' select on ' ||
lv_obj_name || ' to ' || lv_role_name || '''; END;');
END IF;
INSERT INTO TB_EVT_LOG(d_date, description)
VALUES(SYSDATE, lv_obj_name || '~~~~ created ' || lv_obj_type || '~~~~' || lv_evt_type );
EXCEPTION
WHEN OTHERS THEN
RAISE;
END trg_mytest;
/This works. But, my problem is that it is not able to filter out the Grant statement itself, Its logging an entry for the grant (as a ddl operation as well).
what am I doing wrong here ?
regards
raghav.. -
Read-only user for Weblogic 6.1 sp2 console
Is there a way to restrict a user to read-only priv. on the weblogic
console? Either by using acl's or other means.
Thanks in advance,
Brown"Seb" <[email protected]> wrote in message news:3f33c3e2$[email protected]..
>
Hello,
I'd like to create a read-only user for a customer that gives him acces tothe
Console only for reading all the configuration. I don't him to modifyanything
Is there a simple way to do this ?A previous post mentioned that this is not possible in 6.1.
Brown,
This functionality is not available in 6.1. The newest version of wls
8.1 has this feature depending on the role that the user is in.
~satya -
Read only user for Weblogic Server Console (6.1)
Hello,
I'd like to create a read-only user for a customer that gives him acces to the
Console only for reading all the configuration. I don't him to modify anything
Is there a simple way to do this ?
Thanks in advance.
--Seb"Seb" <[email protected]> wrote in message news:3f33c3e2$[email protected]..
>
Hello,
I'd like to create a read-only user for a customer that gives him acces tothe
Console only for reading all the configuration. I don't him to modifyanything
Is there a simple way to do this ?A previous post mentioned that this is not possible in 6.1.
Brown,
This functionality is not available in 6.1. The newest version of wls
8.1 has this feature depending on the role that the user is in.
~satya -
Best way to make all the items read-only in many pages for a resposibility?
Hi,
We have the following requirement:
We need to make all the fields read-only in 5 standard self-service pages for a particular responsibility. One way is to personalize these pages at responsibility level. Is there any other quick/better way to do it?
Highly appreciate your suggestions on this.
thanks,
HemHem,
Personalisation is easiest and fastest way of doing this. The same requirement can be acheieved by extensions of CO by setting the bean properties rr by SPEL binding by extending VO.
But when I can get something done without coding at all that approach is best, I am sure u agree :)!
--Mukul -
I've added a pdf to itunes and i want to change it so its visible with an album (digital booklet). But for some reason, when i click get info, its all greyed out and the little box for read only is unticked. please help - urgent! thanks
Hi
My first thoughts are
• iMovie ill behaving - Trash the iMovie pref file - use to set things right
• in reg. to Photos - Did You change iPhoto Photo Library - Then iMovie get's lost as it peeks into iPhoto on start up to see where photos are stored. Set iPhoto back to first Photo Library (when iMovie is not running) then start iMovie.
Yours Bengt W -
Enter event not triggering for read-only checkbox
I have some objects in a form that get "locked" when the user signs the form. I'm not using the digital signatures. Instead, when the user types their name into the signature text field, a script runs on the change event that makes all of the fields in the form read only. It also unlocks the fields if the signature is deleted.
I was worried that we would get a lot of phone calls with users that didn't understand that the form had locked ("Why doesn't this form work?!"), so I added some code to the enter event for all of the fields that would pop up a messagebox to explain to people trying to edit a signed form that the form was locked and that they would need to delete the signature to edit the form.
This plan works perfect for my text fields and decimal fields. It does NOT work at all for my checkboxes. For some reason, the enter event is never triggered for read-only checkboxes. I don't see any other events that would obviously work for me though. Any ideas?
ThanksThanks, those are reasonable suggestions.
In the first suggestion, I'm unclear about one aspect of how I would accomplish this. I assume I would allow people to modify fields in the form, but that when they did, a msgbox would pop up that would inform them that, if they continued with this modification to a signed form, the signature would be removed. I'm all good to that point. But if they answered that they do not want to continue modifying that field and removing the signature, how can I code it to set the value back to what it was before the change? Is there some method that will give me access to the value of the field BEFORE the attempted modification? I went looking for something like $.previousvalue, but found nothing.
I'd suggest that I could use a two-stage solution, in which I store the previous value on the enter event, and save it just in case they do not want to change the field when prompted by the msgbox, but since the enter event does not exist for checkboxes (my original problem), that seems like it won't work.
As far as radio button suggestion, I like radio buttons very much except for one fatal flaw: they aren't (as far as I can tell) clearable. That is a shame. Clearly some people (like me) want both exclusivity AND clearability. And we'd like the controls to have an enter event. But I know I'm demanding Anyway, as it is, I just end up having to use checkboxes and create a boatload of silly code to make them exclusive.
Emily -
Authorization RADIUS - read-only user on FWSM
Hi support community,
I am experiencing an issue while trying to create some read-only users on my FWSM.
I've setup the authentication on my RADIUS Server, which works fine, and put the aaa authorization command LOCAL command.
I've also set the commands - associated priviege :
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
All this things works great when i authenticate locally on the FWSM.
However, this is not working whe authenticating via the RADIUS server:
aaa authentication enable console MY_RADIUS LOCAL
aaa authentication http console MY_RADIUS LOCAL
aaa authentication ssh console MY_RADIUS LOCAL
And i set up the authorization locall, because i dont run any TACACS server :
aaa authorization command LOCAL
I managed to make this work on ASA, by sending RADIUS attributes (cf a document that i can't find anymore...).
So what are exactly the differences between asa and FWSM ?
On my ASA there was a command i could not run on the FWSM :
aaa authorization exec authentication-server
(i am running version 4.1 on FWSM and 8.4 on ASA).
Thank you for your help.
FlorianYou really need to see the example given here,
[Read only user for a schema|http://arjudba.blogspot.com/2008/09/create-read-only-user-for-schema.html]
[Global read only user|http://arjudba.blogspot.com/2008/09/how-to-make-global-read-only-user.html] -
ADF: Read only user access to application role on BTFs
Hi,
My JDeveloper version is 11.1.1.5
I am trying to create read only users in my adf application. But I am unable to give read only permissions to the user on bounded task flows/ .jssf page which have editable tables and forms.
I have searched for the information, I did not find any solution.
Could some one please help me?
Many thanks in Advance
--Anil
Edited by: 977652 on Apr 5, 2013 6:50 AMIf you are using ADF BC, you can protect fields at EO level or protect the entire EO (check the security tab). The frontend will then render fields as read-only if your user is only allowed read permissions.
If you are not using ADF BC, you can implement a custom resource permission as described here (ignore the fact that this is for an entity, the principle remains the same) http://www.oracle.com/technetwork/developer-tools/adf/learnmore/76-insert-update-entity-protection-334421.pdf
You must then add an el expression to each fields readOnly attribute or you can implement a phaselistener that traverses all fields enclosed within a form and make them readonly.
Maybe you are looking for
-
My iphone 4s is terrible after the 0s6 upgrade, can I downgrade?
Everything was working fine with my 4s before the fateful day I accepted the upgrade to the new os6. Since then, not only does a fully charged battery only last a matter of hours but the phone "crashes" constantly. I'll fully charge my battery befo
-
I try to setup Xellerate /JBoss and Oracle and I got folowing error. 17:51:46,927 INFO [STDOUT] javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NameNotFoundException: jdbc not bound] 17:51:46,931 INFO [STDOU
-
Is there a way to sync facebook events or a palm profile to iCal?
i want to sync my facebook events into iCal so that i can have all of my events there in one convenient location. i also have the palm pre until iphone comes to my network. is there a way that i can sync my palm profile to ical so that i can get my c
-
Development without Business Components
We have to support two other databases beside Oracle. 1) Is it possible to develop applications and EJB's with JDeveloper 3.1 without using Business Components for Java ? 2) Is it possible to use the infobus enabled Swing components without BC4J ? Or
-
I just put snow leopard 10.6.8 on my macbook pro and I was told that I could purchase Apature for photo management- now its says I need a different version.... is there an older version I could get? so frustrating.