Filesharing and privileges

Similar Messages

• Error in reconcilation Function - Job "Reconcile roles and privileges"

  SAP NW 7.0 SP2 Patch 3
  Roles contain Privileges
  Help file says: "If you are using roles and privileges, you will need to perform a reconciliation of the roles/privileges assigned to the users in the identity store after the roles are modified. "
  Job imported as described.
  When I let the job run on the ID-Store, for each entry, the following error message occurs:
  runFunctionsInString($FUNCTION.reconcile( MSKEY )$$) got exception
  org.mozilla.javascript.NotAFunctionException: reconcile( MSKEY )
  ...where MSKEY is, of course, the MSKEY of the entry.
  If I let run the job with the Windows-Dispatcher and as a VB-script, it produces no error; however, in the output file, there are a lot of Messages like
  "!ERROR: Invalid use of Null"
  Only some entries (of Type MX_PERSON) show the "Priviliege added: (...)" output. But the job does not add the Privileges assigend to the role, as it should.
  So, I would suggest that one redefines the SQL-Query of the Job so that it runs only on MX_PERSONS. But then, still, in my case, it does nothing.
  Has anyone better experiences with the Job?
  Edited by: Thomas P. Felder on Sep 25, 2008 10:32 AM

  The job when imported by default uses java runtime engine but the script is written in vbscript syntax so you have to change the engine or the script syntax.
  When you did your select statement did you use SELECT DISTINCT.  That will also cause errors.  I do not narrow the entry type to MX_PERSON.
  I'm installing the patch now;  I will see if I get any errors.

• Export and Import of Roles and Privileges

  Hi,
  We're nearing the end of our development phase and are now preparing for initial load in our QA / Test environment.
  Is there a way to export the Roles and Privilege metadata from one environment to import them into the other. The Staging guide states you need to create them before importing your Identity Stores. I was hoping we didn't need to do this as it's a time consuming task to create them manually.
  Thanks
  Paul

  What I've seen is Business Role Export / Import functionality. It is pretty straight-forward to do, just export the Business Roles in a job (limit what to export in the source SQL) to a CSV-file, then read it back in to different environment in similar job.
  When we were exporting the Business Roles we expored the privilege-references as MSKEYVALUEs not MSKEYs. Note how you have named your repositories in different environments (as you know the name of the MX_PRIVILEGE differs if your ERP repository in development is eg ERP100 and in Q/A ERP200), you may need to convert the privilege names accordingly in export or import.
  One more thing you need to keep in mind is to pay attention whether your data has CR+LFs, which will break the CSV, we tackled this by encrypting/decrypting the data that had line feeds (DESCRIPTION-attribute).

• How to assign "Public Group" and "Privilege" to user create with ldapadd

  Hello,
  We create users with ldapadd and a ldif file.
  The ldif file is like that :
  dn: cn=user1,cn=users,dc=def,dc=eau,dc=cgeaux,dc=fr
  sn: user1
  cn: user1
  userPassword: user1
  mail: [email protected]
  objectClass: top
  objectClass: person
  objectClass: inetorgperson
  objectClass: organizationalperson
  objectClass: orcluser
  objectClass: orcluserv2
  It works but Public Group" and "Privilege" aren't assigned.
  How can I assign these privileges without using Portal admin interface ?
  Thanks.
  Best Regards.
  Luc Ponelle

  Hi Luc..
  we now are trying the same thing..
  We managed to create one user...
  but, when we check in the OID "http"//ourserver:7777/oiddas
  we cannot see the user?
  Why?..
  We now try to create user automatically by batch..
  and did you find the solution yet to ur problem?
  Thanks.

• Reviewing Windows NT Rights and Privileges Granted for SQL Server Service Accounts

  Hi Folks,
  I am an experienced .NET apps developer who has been tasked with writing a bunch of technical controls for all the SQL Server instances on a domain.
  So for the last month I have been diving in the deep end learning Powershell, dba and infrastructure tasks. This is still a work in progress, so be kind to me.. ;o)
  So the task I am stuck on is described in the section on 'Reviewing Windows NT Rights and Privileges Granted for SQL Server Service Accounts' http://technet.microsoft.com/en-us/library/ms143504(v=sql.105).aspx
  I have not been able to find cmdlets that gives me this information. I have found some exes which come frustratingly close like NTRights.exe. This lets me specify a computer name which is great, but only seems to let you set or deny permissions, not just
  list them!
  Any help with this would be very much appreciated as I am firmly stuck. As per comments above also bear in mind that up until around 1.5 months ago I had never used powershell / knew very much at all about SQL server admin etc. Feeling much more comfortable
  with them now, but much less so with Active Directory/ windows permission structures etc so please can I ask anyone kind enough to reply to try and keep the acronyms down as much as humanly possible.. ;o)
  Cheers 
  Kieron

  Hi Kieron,
  Take a look at this module, it makes permissions much easier to work with than what's currently available:
  https://gallery.technet.microsoft.com/scriptcenter/PowerShellAccessControl-d3be7b83
  Don't retire TechNet! -
  (Don't give up yet - 13,085+ strong and growing)

• Role and privilege used by JDBC

  Is there any reqiured role and privilege used by JDBC?
  I use Oracle JDBC9203 for Oracle to connect Oracle8163, when executing certion codes, the JDBC raise a exception as below:
       at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134)
       at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:179)
       at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:269)
       at oracle.jdbc.oracore.OracleTypeCOLLECTION.initCollElemTypeName(OracleTypeCOLLECTION.java:1026)
       at oracle.jdbc.oracore.OracleTypeCOLLECTION.getAttributeType(OracleTypeCOLLECTION.java:1056)
       at oracle.jdbc.oracore.OracleNamedType.getFullName(OracleNamedType.java:110)
       at oracle.jdbc.oracore.OracleTypeADT.createStructDescriptor(OracleTypeADT.java:2262)
       at oracle.jdbc.oracore.OracleTypeADT.unpickle81(OracleTypeADT.java:1656)
       at oracle.jdbc.oracore.OracleTypeUPT.unpickle81UPT(OracleTypeUPT.java:466)
       at oracle.jdbc.oracore.OracleTypeUPT.unpickle81rec(OracleTypeUPT.java:416)
       at oracle.jdbc.oracore.OracleTypeCOLLECTION.unpickle81_imgBody_elems(OracleTypeCOLLECTION.java:979)
       at oracle.jdbc.oracore.OracleTypeCOLLECTION.unpickle81_imgBody(OracleTypeCOLLECTION.java:923)
       at oracle.jdbc.oracore.OracleTypeCOLLECTION.unpickle81(OracleTypeCOLLECTION.java:743)
       at oracle.jdbc.oracore.OracleTypeCOLLECTION._unlinearize(OracleTypeCOLLECTION.java:242)
       at oracle.jdbc.oracore.OracleTypeCOLLECTION.unlinearize(OracleTypeCOLLECTION.java:208)
       at oracle.sql.ArrayDescriptor.toJavaArray(ArrayDescriptor.java:963)
  I decompile "OracleTypeCOLLECTION.class", in funtion "initCollElemTypeName", i see a SQL as "select elem_type_name, elem_type_owner from all_coll_types where ....", this sql raise the error.
  Since all_coll_types is a system view of Oracle, i think the user connect to Oracle must have some role and privilege, it has connect role and execution privileges on some user-defined packages, is there any other role and privilege it needs? I don't like to grant DBA role to it for security reason.
  Very thanks for your reply.

  Can you post the code (Java and PL/SQL) that is being executed when this error is thrown? You don't need any particular privilege to execute PL/SQL via JDBC-- just the privileges you'd need to execute it in SQL*Plus or anywhere else.
  Justin
  Distributed Database Consulting, Inc.
  www.ddbcinc.com/askDDBC

• Create new user same as a existing roles and Privileges

  Hi Team,
  I am a junior DBA. New user Joined in Application team. So, Client requested me.....
  Crerate new user with same privileges as like as existing user.
  As of now i am creating user like "create user username identified by "password". Then grant privileges to that user. earliar I never comapare or copied users.
  Please suggest any one how to create new user as like as existing user roles and privileges.
  Thanks,
  Venkat

  For basic cloning:
  select dbms_metadata.get_ddl('USER', '...') FROM DUAL;
  SELECT DBMS_METADATA.GET_GRANTED_DDL('ROLE_GRANT','...') FROM DUAL;
  SELECT DBMS_METADATA.GET_GRANTED_DDL('SYSTEM_GRANT','...') FROM DUAL;
  SELECT DBMS_METADATA.GET_GRANTED_DDL('OBJECT_GRANT','...') FROM DUAL;
  SELECT DBMS_METADATA.GET_granted_DDL(‘TABLESPACE_QUOTA’, ‘...’) FROM dual;
  Then just replace the username with the new one you want to create.

• Security and privileges loading

  We need some easy way to upload the security and privileges in the EUL...
  We need to modify the privileges of about 60k users and hundreds of responsibilities...
  Is there a best practice some of you may suggest??

  see below
  Oracle BI EE 11g – Migrating Security – Identity Stores – Part 1 - http://www.rittmanmead.com/2011/04/oracle-bi-ee-11g-migrating-security-identity-stores-part-1/
  Oracle BI EE 11g – Migrating Security – Policy Store – Part 2 - http://www.rittmanmead.com/2011/04/oracle-bi-ee-11g-migrating-security-policy-store-part-2/
  Oracle BI EE 11g – Migrating Security – Credential Store – Part 3 - http://www.rittmanmead.com/2011/04/oracle-bi-ee-11g-migrating-security-credential-store-part-3/
  also this
  http://download.oracle.com/docs/cd/E21764_01/apirefs.1111/e13952/taskhelp/security/ExportDataFromSecurityRealms.html
  http://download.oracle.com/docs/cd/E21764_01/apirefs.1111/e13952/taskhelp/security/ImportDataIntoSecurityRealms.html
  mark if it helps

• Levels, And Privileges In Detail

  I was wondering about two things in regaurds to the privileges, the first one being Conference Calls can someone explain in detail waht those are please? And the other question I have is in regaurd to Lounge Acess and MVP Meetups what are these? Thanks in avance!
  Reputation, status levels, and privileges
  When another community member marks your answer as helpful or solved, you receive reputation points. You can find any user's status level and points next to each post.
  As you collect more reputation points, your status level increases and you receive additional privileges.
  Status Level
  Points
  Privilege
  Level 1
  0-149
  Level 2
  150-499
  Report Post
  Level 3
  500-999
  Custom Avatar
  Level 4
  1,000-3,999
  Conference Calls
  Level 5
  4,000-7,999
  User Tips
  Level 6
  8,000-19,999
  Lounge Access, MVP Meetups
  Level 7
  20,000-34,999
  Level 8
  35,000-49,999
  Level 9
  50,000-79,999
  Level 10
  80,000+
  Best,
  Coander15

  Kappy provided my favorite answer to this question: apple points and priveleges

• Role and Privileges for OLAP metadata

  Hi,
  Is there any document which specifies what all roles and privileges are required for creating any OLAP meta data ( Dimension, Cube, Measure and Catalog etc)?
  I think these are impt roles:-
  SELECT_CATALOG_ROLE
  EXECUTE_CATALOG_ROLE
  DELETE_CATALOG_ROLE
  RECOVERY_CATALOG_OWNER
  OLAP_DBA
  OLAP_USER
  Through system/manager I created one user TEST_BI_OLAP and granted CONNECT.
  After login as TEST_BI_OLAP I am able to create dimension. Why it is possible whereas doc says user should have OLAP_USER or OLAP_DBA role associated with it.
  OR only CONNECT is sufficient for creating OLAP metadata!!!!!
  regds
  P

  The difference is in what the end user sees. Say you want to deploy an analytical workspace based off of a ROLAP dimensional cube. Here is how I've been approaching the problem:
  1. Create a new user with the OLAP_USER role to hold the AW (say "AW_USER")
  2. Now log in with a userid that has OLAP_DBA role, and create the AW utilizing the ROLAP cube - but direct the AW to be stored in the AW_USER schema. Note that because it is in a separate schema from the ROLAP cube, you will not need to append characters to the dimension or measure names.
  3. Have end users log in using the AW_USER name. Then they will see the AW information, but they will not have access to the ROLAP cube data.
  Hope this helps,
  Scott

• DDL and Privileges of a schema.

  Hi Folks,
  Oracle 9.2.0.6.0 on Linux.
  How to find the 'DDL' and privileges of a particular schema?
  Thanks
  KSG

  How to find the 'DDL' and privileges of a particular schema?Do you want to copy the user definition?
  You can look at
  DBA_TAB_PRIVS for grants on objects,
  DBA_SYS_PRIVS for system privileges and on
  DBA_ROLE_PRIVS to see which roles are granted.
  Otherwise try the same starts with USER_*

• Roles and Privileges for 10g AWR and ASH reports

  Are there specific roles and privileges are required for one to run AWR and ASH reports for users who don't have DBA roles? If so, I would like to know about them.

  I think sysdba privilege need to run AWR report.
  Also check, how privilege is granted to PERFSTAT user in $ORACLE_HOME/rdbms/admin/spcuser.sql, you might get some clue!!!
  Cheer,
  Virag

• Mapping a user's role and privilege to another

  Hi all,
  Is there a command/way to map the role and privileges of a current user to a new user? I am new to oracle, I did read through the online docs but was not able to figure it out.
  Thank you very much!

  Check this link would help: Check the part where they are copying roles and grants for the users using dbms_metadata. You can limit this to one user you want by adding additional where clause like "where username = <username>
  Copying Oracle Users

• A mess with account, administrator PW,  permissions and privileges!

  I don't know where to start. I've tried a number of the suggestions in the other posts below, but just can't get into my HD1. I inadvertently deleted some folders from Library (but did put them back). I thought they were doubles.
  I re-booted from my Snow Leopard install DVD (hold down C). I have tried a number of times to choose a new password. But, each time I can Log-in, but notice that I can't get into my Administration PW. Now, which one do I use? The one when I installed Leopard 2~3 years ago? (That one I forgot). Or one of the few that I just created?
  Anyway, I live just outside of Tokyo, Japan and called the Apple Store in Tokyo (got an English speaker) and he directed me through the steps. But, he said to choose System Administration (root) which I did. Later I realized that shouldn't have been done from the article that he had sent me. I followed his steps, could log in and then noticed that I could use Mail (if I filled in my Mail PW etc.) but my clock couldn't be authenticated as I tried to set the time. It's on L.A. time. (but in Tokyo).
  So, next that didn't work and he e-mailed me the Apple site Help articles on re-setting the accounts. I tried a few more times and still couldn't access to authenticate. So, I re-installed my Snow Leopard disk. 10.6...
  I went to the Apple Support site and downloaded the Snow Leopard up-dates.... I've tried to install the up-dates of Snow Leopard 10.6.6 and that couldn't be authenticated either and it said I need 10.6.5 tried that and the same thing all the way down to 10.6.2 and still none of them could be installed either. Now, iTunes can't be accessed. and I just tried to install the newest Skype and that also can't be installed. (all on HD1 in applications) and my printer also... I can get online with Safari and Firefox O.K.
  I also tried to use Disk Utility and verify disk/repair disk but get, "insufficient privileges"! and can not verify permissions. The time set can't be done. I click on the Lock it shows "authenticate" for a second and stays locked...
  The Snow Leopard up-date 10.6.6 shows this....
  Even though SL 10.6.6 is installed, it keeps going back to Mac OS X (10.6.1) below....
  I wanted to post a screen shot here, but don't know how....it couldn't be copied.
  PLease...let me know...thank you
  What can I do from here? Anyone out there able to help me! thanks. I am NOT a computer wiz and not really into any type of "Terminal" lingo to understand what I'd do.

  ok, that's not normal then. then you are right and some permissions are seriously messed up. before we proceed a couple of questions. are you logged in as the user Savannah when you are experiencing these problems? were you trying to change permissions on the Mail folder while logged in as Savannah or as some other user. you should do it while logged in as Savannah. other users shouldn't have permissions to the Mail folder of user Savannah.
  if you are doing this while logged in as Savannah I suggest resetting permissions and ACLs on Savannah's whole home directory. this is much easier if that user is admin so give it admin rights temporarily in system preferences->accounts. you can remove admin rights from that user later, once we fix everything. after you've made that user admin log in as Savannah and run the following terminal commands (copy and paste please)
  sudo chflags -R 0 ~
  you'll have to enter the password of user savannah after that command. it will not be echoed on the screen. that's normal.
  Next enter
  sudo chown -R `id -un`:`id -gn` ~
  and then
  chmod -RN ~
  next, boot from the leopard install DVD and reset ACLs on Savannah's home directory as described here
  http://support.apple.com/kb/TS1334?viewlocale=en_US
  after that log in as savannah again and run
  sudo chgrp -R `id -gn` ~
  then try using Mail again. it should hopefully work now.

• Solaris 8 branded zone and privileges

  Hello,
  I've just installed a Solaris 8 Branded zone to migrate an old server. The migration worked like a charm, and everything seems ok excepted one thing. The zone must run a Lotus Domino server, so the process needs to bind ports 80, 443 and 389, but it can't.
  I've found things about the limitpriv directive for the zone configuration, and the net_privaddr privilege to allow a process to bind ports under 1024.
  So now, if I run the process in the non global zone as root, it can bind, but if it is launched as the user notes, it can't.
  If I use the ppriv command to see what are the privileges of the process, I see :
  1945:   /opt/lotus/notes/latest/sunspa/server
  flags = <none>
          E: file_link_any,proc_exec,proc_fork,proc_info,proc_session
          I: file_link_any,proc_exec,proc_fork,proc_info,proc_session
          P: file_link_any,proc_exec,proc_fork,proc_info,proc_session
          L: contract_event,contract_observer,file_chown,file_chown_self,file_dac_execute,file_dac_read,file_dac_search,
          file_dac_write,file_link_any,file_owner,file_setid,ipc_dac_read,ipc_dac_write,ipc_owner,net_bindmlp,net_icmpaccess,
          net_mac_aware,net_privaddr,net_rawaccess,proc_audit,proc_chroot,proc_exec,proc_fork,proc_info,proc_lock_memory,
          proc_owner,proc_session,proc_setid,proc_taskid,sys_acct,sys_admin,sys_audit,sys_mount,sys_nfs,sys_resourceSo, the net_privaddr appears in the limit, but it is not enabled. How can I make it enabled for that process?
  Thanks

  Thanks for the link, good explanations about privileges but they seem unusable in Solaris 8 branded zone. It suggests to create a role with the privileges my process needs, using the "rolemod -K" command, but this option does not exist for the rolemod command in my Solaris 8 zone, it just supports "classic" RBAC.
  Maybe the solution would be to create the good profile for the user running the process, but I'm a little bit lost with RBAC and I can't find an existing profile corresponding to what I want.
  Actually, the limitpriv for my zone is "default,net_rawaccess,net_privaddr,file_dac_read" and that's all. I added net_privaddr and file_dac_read because I saw that a "ppriv -D" on the Lotus server complained about the lack of these privileges, but in fact they are already included in default privileges.