Find every responsibility with access to function

Hi,
When they setup Applications here they went a little nuts with custom responsibilities and menus. Of course there's no doc :(
Has anyone found/written SQL to determine all responsibilities with access to a given (forms) function ?
Oracle's reports in this area all seem to start with either the responsibility or menu and I'd prefer not to have to run/filter a bunch of individual reports.
I'm running 11.03.
Thanks
Ken

You can try this query:
select r.responsibility_name
from fnd_responsibility_vl r
, fnd_form_functions f
where f.function_name = 'AR_ARXCUDCI_STD'
and r.menu_id in (
select me.menu_id
from fnd_menu_entries me
start with me.function_id = f.function_id
connect by prior me.menu_id = me.sub_menu_id)
Kind regards,
Diederik

Similar Messages

Re: Need to Find Out Responsibility in which a function is attached

Hi,
Can anybody let me know if there is query to find out the responsibility in which a form function is attached in Oracle apps R12.
Regards
Kirubanandh

Try below...
SELECT VL.RESPONSIBILITY_NAME,
VL.RESPONSIBILITY_ID,
VL.menu_id
FROM FND_RESPONSIBILITY_VL VL ,
(SELECT DISTINCT MENU_ID
FROM FND_MENU_ENTRIES_VL
START WITH MENU_ID IN
(SELECT MENU_ID
FROM FND_MENU_ENTRIES_VL FmevL,
FND_FORM_FUNCTIONS_VL fffvl
WHERE FmevL.FUNCTION_ID = fffvl.FUNCTION_ID
AND fffvl.USER_FUNCTION_NAME = 'Flexfield Values'
CONNECT BY prior MENU_ID = SUB_MENU_ID
) B
where VL.MENU_ID = B.MENU_ID
order by VL.RESPONSIBILITY_NAME;
-- Thanks, ShyamS
Edited by: 987937 on Feb 13, 2013 1:34 PM

Error - Creating a Web Dynpro Application Accessing ABAP Functions

Dear All,
we are trying to implement a web dynpro application with accessing ABAP functions.
Previous tasks:
-     insert the ABAP system into the SLD from the NWDI System (Transaction RZ70; the ABAP system is correctly insert into the SLD => technical systems)
-     equipped the JCO connections with the web dynpro content manager (ping and test = OK)
Its the standard tutorial out of the SDN called Creating a Web Dynpro Application Accessing ABAP Functions.
Some hints:
-     There are no errors after the implementation and the rebuild of the project in the NWDS
-     The auto deployment works fine to the development runtime system. The application is shown in the Web Dynpro content manager
-     The In the build log I found these entries:
System.err] [Invoked from com.sap.s2x.tools.GUID.getnodeaddress(GUID.java:585)]
[System.err] java.net.UnknownHostException: FRASAPP562: FRASAPP562
[System.err]      at java.net.InetAddress.getLocalHost(InetAddress.java:1191)
[System.err]      at com.sap.s2x.tools.GUID.getnodeaddress(GUID.java:575)
[System.err]      at com.sap.s2x.tools.GUID.<clinit>(GUID.java:179)
[System.err]      at com.sap.s2x.tools.S2XGUID.getGUID(S2XGUID.java:19)
[System.err]      at com.sap.ide.metamodel.core.i18n.LanguageState.createS2XID(LanguageState.java:191)
[System.err]      at com.sap.ide.metamodel.core.i18n.S2XLanguageUnmarshaller.unmarshal(S2XLanguageUnmarshaller.java:52)
[System.err]      at com.sap.ide.metamodel.core.i18n.TextPoolProxy.loadLanguageState(TextPoolProxy.java:703)
[System.err]      at com.sap.ide.metamodel.core.i18n.TextPoolProxy.prepareLanguageForRead(TextPoolProxy.java:646)
[System.err]      at com.sap.ide.metamodel.core.i18n.TextPoolProxy.isEmpty(TextPoolProxy.java:222)
[System.err]      at com.sap.ide.webdynpro.checklayer.MDOChecker.check(MDOChecker.java:23)
[System.err]      at com.sap.ide.webdynpro.checklayer.view.ViewChecker.check(ViewChecker.java:52)
[System.err]      at com.sap.ide.webdynpro.checklayer.controller.ViewControllerChecker.check(ViewControllerChecker.java:96)
[System.err]      at com.sap.ide.webdynpro.checklayer.controller.ControllerChecker.check(ControllerChecker.java:119)
[System.err]      at com.sap.ide.webdynpro.checklayer.controller.ControllerChecker.check(ControllerChecker.java:56)
[System.err]      at com.sap.ide.webdynpro.checklayer.component.ComponentChecker.check(ComponentChecker.java:181)
[System.err]      at com.sap.ide.webdynpro.checklayer.component.ComponentChecker.check(ComponentChecker.java:56)
[System.err]      at com.sap.ide.webdynpro.generation.Generation.check(Generation.java:2039)
[System.err]      at com.sap.ide.webdynpro.generation.Generation.generatePersistentComponent(Generation.java:1296)
[System.err]      at com.sap.ide.webdynpro.generation.console.GenerationConsole.generate(GenerationConsole.java:175)
[System.err]      at com.sap.webdynpro.generation.ant.GenerationAnt.main(GenerationAnt.java:50)
[System.err]      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[System.err]      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[System.err]      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[System.err]      at java.lang.reflect.Method.invoke(Method.java:324)
[System.err]      at com.sap.webdynpro.generation.ant.WDGenAntTask.execute(WDGenAntTask.java:219)
[System.err]      at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
[System.err]      at org.apache.tools.ant.Task.perform(Task.java:364)
[System.err]      at org.apache.tools.ant.Target.execute(Target.java:341)
[System.err]      at org.apache.tools.ant.Target.performTasks(Target.java:369)
[System.err]      at org.apache.tools.ant.Project.executeTarget(Project.java:1214)
[System.err]      at com.sap.tc.buildplugin.techdev.ant.util.AntRunner.run(AntRunner.java:112)
[System.err]      at com.sap.tc.buildplugin.DefaultAntBuildAction.execute(DefaultAntBuildAction.java:61)
[System.err]      at com.sap.tc.buildplugin.DefaultPlugin.handleBuildStepSequence(DefaultPlugin.java:213)
[System.err]      at com.sap.tc.buildplugin.DefaultPlugin.performBuild(DefaultPlugin.java:190)
[System.err]      at com.sap.tc.buildplugin.DefaultPluginV3Delegate$BuildRequestHandler.handle(DefaultPluginV3Delegate.java:66)
[System.err]      at com.sap.tc.buildplugin.DefaultPluginV3Delegate.requestV3(DefaultPluginV3Delegate.java:48)
[System.err]      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[System.err]      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[System.err]      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[System.err]      at java.lang.reflect.Method.invoke(Method.java:324)
[System.err]      at com.sap.tc.buildtool.v2.impl.PluginHandler2.maybeInvoke(PluginHandler2.java:350)
[System.err]      at com.sap.tc.buildtool.v2.impl.PluginHandler2.request(PluginHandler2.java:102)
[System.err]      at com.sap.tc.buildtool.v2.impl.PluginHandler2.build(PluginHandler2.java:76)
[System.err]      at com.sap.tc.buildtool.PluginHandler2Wrapper.execute(PluginHandler2Wrapper.java:58)
[System.err]      at com.sap.tc.devconf.impl.DCProxy.make(DCProxy.java:1723)
[System.err]      at com.sap.tc.devconf.impl.DCProxy.make(DCProxy.java:1495)
[System.err]      at com.sap.tc.buildcontroller.CBSBuildController.build(CBSBuildController.java:727)
[System.err]      at com.sap.tc.buildcontroller.CBSBuildController.execCommand(CBSBuildController.java:503)
[System.err]      at com.sap.tc.buildcontroller.CBSBuildController.evalCmdLine(CBSBuildController.java:442)
[System.err]      at com.sap.tc.buildcontroller.CBSBuildController.run(CBSBuildController.java:314)
[System.err]      at com.sap.tc.buildcontroller.CBSBuildController.exec(CBSBuildController.java:252)
[System.err]      at com.sap.tc.buildcontroller.CBSBuildController.mainLoop(CBSBuildController.java:207)
-     Im able to start the application out of the Web Dynpro content manager with run => only the user interface is displayed without any functionality
-     The normal start over the NWDS fails => error text
com.sap.tc.webdynpro.services.sal.core.DispatcherException: The requested deployable object 'local/J08_Flugdat_Daventdcflight~xxx.com' and application 'FlightListApp' are not deployed on the server. Please check the used URL for typos.
There two different URLs in use.
Start via NWDS:
http://frasapp562:50000/webdynpro/dispatcher/J08_Flugdat_Daventdcflight~xxx.com/FlightListApp
Start via web dynpro content manager:
http://frasapp562:50000/webdynpro/dispatcher/xxx.com/aventdc~flight/FlightListApp
For test purposes, we started the BAPI (BAPI_Flight_Getlist) on the ABAP system directly. It works.
Any ideas about the system behaviours (different URLs and missing functionality)?
Thanks a lot in advanced!
Best regards
Christoph

The Error has been solved The implementation of a method was missing....
Thx
Christoph

HT201441 I restored my iPhone 5 to a back up on my brothers iMac ..now I have access to the phone but can't turn off the find my phone with the owner of the account I backed my phone to .. What can I do to solve this issue??

I restored my iPhone 5 to a back up on my brothers iMac ..now I have access to the phone but can't turn off the find my phone with the owner of the account I backed my phone to .. What can I do to solve this issue??

You sould be able to sync both ways. Check your default calendar on your phone by going to Settings>Mail,Contacts,Calendars>scroll down to the calendars section to Default Calendar. Check to be sure you have selected your mac calendar as your default (and not, for example, On My iPhone). Then enter a new event on your phone and sync to confirm that it appears on your mac.

Too Slow - Domino 6.5.4 with access manager agent 2.2 ?

I don't know how to tune Domino 6.5.4 with access manager agent 2.2?
I think AMAgent.properties is not good for SSO.
Please help me to tune it.
# $Id: AMAgent.properties,v 1.103 2005/09/19 22:08:34 madan Exp $
# Copyright ? 2002 Sun Microsystems, Inc. All rights reserved.
# U.S. Government Rights - Commercial software. Government users are
# subject to the Sun Microsystems, Inc. standard license agreement and
# applicable provisions of the FAR and its supplements. Use is subject to
# license terms. Sun, Sun Microsystems, the Sun logo and Sun ONE are
# trademarks or registered trademarks of Sun Microsystems, Inc. in the
# U.S. and other countries.
# Copyright ? 2002 Sun Microsystems, Inc. Tous droits r閟erv閟.
# Droits du gouvernement am閞icain, utlisateurs gouvernmentaux - logiciel
# commercial. Les utilisateurs gouvernmentaux sont soumis au contrat de
# licence standard de Sun Microsystems, Inc., ainsi qu aux dispositions en
# vigueur de la FAR [ (Federal Acquisition Regulations) et des suppl閙ents
# ? celles-ci.
# Distribu? par des licences qui en restreignent l'utilisation. Sun, Sun
# Microsystems, le logo Sun et Sun ONE sont des marques de fabrique ou des
# marques d閜os閑s de Sun Microsystems, Inc. aux Etats-Unis et dans
# d'autres pays.
# The syntax of this file is that of a standard Java properties file,
# see the documentation for the java.util.Properties.load method for a
# complete description. (CAVEAT: The SDK in the parser does not currently
# support any backslash escapes except for wrapping long lines.)
# All property names in this file are case-sensitive.
# NOTE: The value of a property that is specified multiple times is not
# defined.
# WARNING: The contents of this file are classified as an UNSTABLE
# interface by Sun Microsystems, Inc. As such, they are subject to
# significant, incompatible changes in any future release of the
# software.
# The name of the cookie passed between the Access Manager
# and the SDK.
# WARNING: Changing this property without making the corresponding change
# to the Access Manager will disable the SDK.
com.sun.am.cookie.name = iPlanetDirectoryPro
# The URL for the Access Manager Naming service.
com.sun.am.naming.url = http://sportal.yjy.dqyt.petrochina:80/amserver/namingservice
# The URL of the login page on the Access Manager.
com.sun.am.policy.am.login.url = http://sportal.yjy.dqyt.petrochina:80/amserver/UI/Login
# Name of the file to use for logging messages.
com.sun.am.policy.agents.config.local.log.file = c:/Sun/Access_Manager/Agents/2.2/debug/C__Lotus_Domino/amAgent
# This property is used for Log Rotation. The value of the property specifies
# whether the agent deployed on the server supports the feature of not. If set
# to false all log messages are written to the same file.
com.sun.am.policy.agents.config.local.log.rotate = true
# Name of the Access Manager log file to use for logging messages to
# Access Manager.
# Just the name of the file is needed. The directory of the file
# is determined by settings configured on the Access Manager.
com.sun.am.policy.agents.config.remote.log = amAuthLog.Dominoad.yjy.dqyt.petrochina.80
# Set the logging level for the specified logging categories.
# The format of the values is
#     <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
# The currently used module names are: AuthService, NamingService,
# PolicyService, SessionService, PolicyEngine, ServiceEngine,
# Notification, PolicyAgent, RemoteLog and all.
# The all module can be used to set the logging level for all currently
# none logging modules. This will also establish the default level for
# all subsequently created modules.
# The meaning of the 'Level' value is described below:
#     0     Disable logging from specified module*
#     1     Log error messages
#     2     Log warning and error messages
#     3     Log info, warning, and error messages
#     4     Log debug, info, warning, and error messages
#     5     Like level 4, but with even more debugging messages
# 128     log url access to log file on AM server.
# 256     log url access to log file on local machine.
# If level is omitted, then the logging module will be created with
# the default logging level, which is the logging level associated with
# the 'all' module.
# for level of 128 and 256, you must also specify a logAccessType.
# *Even if the level is set to zero, some messages may be produced for
# a module if they are logged with the special level value of 'always'.
com.sun.am.log.level =
# The org, username and password for Agent to login to AM.
com.sun.am.policy.am.username = UrlAccessAgent
com.sun.am.policy.am.password = LYnKyOIgdWt404ivWY6HPQ==
# Name of the directory containing the certificate databases for SSL.
com.sun.am.sslcert.dir = c:/Sun/Access_Manager/Agents/2.2/domino/cert
# Set this property if the certificate databases in the directory specified
# by the previous property have a prefix.
com.sun.am.certdb.prefix =
# Should agent trust all server certificates when Access Manager
# is running SSL?
# Possible values are true or false.
com.sun.am.trust_server_certs = true
# Should the policy SDK use the Access Manager notification
# mechanism to maintain the consistency of its internal cache? If the value
# is false, then a polling mechanism is used to maintain cache consistency.
# Possible values are true or false.
com.sun.am.notification.enable = true
# URL to which notification messages should be sent if notification is
# enabled, see previous property.
com.sun.am.notification.url = http://Dominoad.yjy.dqyt.petrochina:80/amagent/UpdateAgentCacheServlet?shortcircuit=false
# This property determines whether URL string case sensitivity is
# obeyed during policy evaluation
com.sun.am.policy.am.url_comparison.case_ignore = true
# This property determines the amount of time (in minutes) an entry
# remains valid after it has been added to the cache. The default
# value for this property is 3 minutes.
com.sun.am.policy.am.polling.interval=3
# This property allows the user to configure the User Id parameter passed
# by the session information from the access manager. The value of User
# Id will be used by the agent to set the value of REMOTE_USER server
# variable. By default this parameter is set to "UserToken"
com.sun.am.policy.am.userid.param=UserToken
# Profile attributes fetch mode
# String attribute mode to specify if additional user profile attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user profile attributes will be introduced.
# HTTP_HEADER - additional user profile attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user profile attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.profile.attribute.fetch.mode=NONE
# The user profile attributes to be added to the HTTP header. The
# specification is of the format ldap_attribute_name|http_header_name[,...].
# ldap_attribute_name is the attribute in data store to be fetched and
# http_header_name is the name of the header to which the value needs
# to be assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.profile.attribute.map=cn|common-name,ou|organizational-unit,o|organization,mail|email,employeenumber|employee-
number,c|country
# Session attributes mode
# String attribute mode to specify if additional user session attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user session attributes will be introduced.
# HTTP_HEADER - additional user session attributes will be introduced into HTTP header.
# HTTP_COOKIE - additional user session attributes will be introduced through cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
# The session attributes to be added to the HTTP header. The specification is
# of the format session_attribute_name|http_header_name[,...].
# session_attribute_name is the attribute in session to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.session.attribute.map=
# Response Attribute Fetch Mode
# String attribute mode to specify if additional user response attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user response attributes will be introduced.
# HTTP_HEADER - additional user response attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user response attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
# The response attributes to be added to the HTTP header. The specification is
# of the format response_attribute_name|http_header_name[,...].
# response_attribute_name is the attribute in policy response to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.response.attribute.map=
# The cookie name used in iAS for sticky load balancing
com.sun.am.policy.am.lb.cookie.name = GX_jst
# indicate where a load balancer is used for Access Manager
# services.
# true | false
com.sun.am.load_balancer.enable = false
####Agent Configuration####
# this is for product versioning, please do not modify it
com.sun.am.policy.agents.config.version=2.2
# Set the url access logging level. the choices are
# LOG_NONE - do not log user access to url
# LOG_DENY - log url access that was denied.
# LOG_ALLOW - log url access that was allowed.
# LOG_BOTH - log url access that was allowed or denied.
com.sun.am.policy.agents.config.audit.accesstype = LOG_DENY
# Agent prefix
com.sun.am.policy.agents.config.agenturi.prefix = http://Dominoad.yjy.dqyt.petrochina:80/amagent
# Locale setting.
com.sun.am.policy.agents.config.locale = en_US
# The unique identifier for this agent instance.
com.sun.am.policy.agents.config.instance.name = unused
# Do SSO only
# Boolean attribute to indicate whether the agent will just enforce user
# authentication (SSO) without enforcing policies (authorization)
com.sun.am.policy.agents.config.do_sso_only = true
# The URL of the access denied page. If no value is specified, then
# the agent will return an HTTP status of 403 (Forbidden).
com.sun.am.policy.agents.config.accessdenied.url =
# This property indicates if FQDN checking is enabled or not.
com.sun.am.policy.agents.config.fqdn.check.enable = true
# Default FQDN is the fully qualified hostname that the users should use
# in order to access resources on this web server instance. This is a
# required configuration value without which the Web server may not
# startup correctly.
# The primary purpose of specifying this property is to ensure that if
# the users try to access protected resources on this web server
# instance without specifying the FQDN in the browser URL, the Agent
# can take corrective action and redirect the user to the URL that
# contains the correct FQDN.
# This property is set during the agent installation and need not be
# modified unless absolutely necessary to accommodate deployment
# requirements.
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
# See also: com.sun.am.policy.agents.config.fqdn.check.enable,
# com.sun.am.policy.agents.config.fqdn.map
com.sun.am.policy.agents.config.fqdn.default = Dominoad.yjy.dqyt.petrochina
# The FQDN Map is a simple map that enables the Agent to take corrective
# action in the case where the users may have typed in an incorrect URL
# such as by specifying partial hostname or using an IP address to
# access protected resources. It redirects the browser to the URL
# with fully qualified domain name so that cookies related to the domain
# are received by the agents.
# The format for this property is:
# com.sun.am.policy.agents.config.fqdn.map = [invalid_hostname|valid_hostname][,...]
# This property can also be used so that the agents use the name specified
# in this map instead of the web server's actual name. This can be
# accomplished by doing the following.
# Say you want your server to be addressed as xyz.hostname.com whereas the
# actual name of the server is abc.hostname.com. The browsers only knows
# xyz.hostname.com and you have specified polices using xyz.hostname.com at
# the Access Manager policy console, in this file set the mapping as
# com.sun.am.policy.agents.fqdn.map = valid|xyz.hostname.com
# Another example is if you have multiple virtual servers say rst.hostname.com,
# uvw.hostname.com and xyz.hostname.com pointing to the same actual server
# abc.hostname.com and each of the virtual servers have their own policies
# defined, then the fqdnMap should be defined as follows:
# com.sun.am.policy.agents.fqdn.map = valid1|rst.hostname.com,valid2|uvw.hostname.com,valid3|xyz.hostname.com
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
com.sun.am.policy.agents.config.fqdn.map =
# Cookie Reset
# This property must be set to true, if this agent needs to
# reset cookies in the response before redirecting to
# Access Manager for Authentication.
# By default this is set to false.
# Example : com.sun.am.policy.agents.config.cookie.reset.enable=true
com.sun.am.policy.agents.config.cookie.reset.enable=false
# This property gives the comma separated list of Cookies, that
# need to be included in the Redirect Response to Access Manager.
# This property is used only if the Cookie Reset feature is enabled.
# The Cookie details need to be specified in the following Format
# name[=value][;Domain=value]
# If "Domain" is not specified, then the default agent domain is
# used to set the Cookie.
# Example : com.sun.am.policy.agents.config.cookie.reset.list=LtpaToken,
# token=value;Domain=subdomain.domain.com
com.sun.am.policy.agents.config.cookie.reset.list=
# This property gives the space separated list of domains in
# which cookies have to be set in a CDSSO scenario. This property
# is used only if CDSSO is enabled.
# If this property is left blank then the fully qualified cookie
# domain for the agent server will be used for setting the cookie
# domain. In such case it is a host cookie instead of a domain cookie.
# Example : com.sun.am.policy.agents.config.cookie.domain.list=.sun.com .iplanet.com
com.sun.am.policy.agents.config.cookie.domain.list=
# user id returned if accessing global allow page and not authenticated
com.sun.am.policy.agents.config.anonymous_user=anonymous
# Enable/Disable REMOTE_USER processing for anonymous users
# true | false
com.sun.am.policy.agents.config.anonymous_user.enable=false
# Not enforced list is the list of URLs for which no authentication is
# required. Wildcards can be used to define a pattern of URLs.
# The URLs specified may not contain any query parameters.
# Each service have their own not enforced list. The service name is suffixed
# after "# com.sun.am.policy.agents.notenforcedList." to specify a list
# for a particular service. SPACE is the separator between the URL.
com.sun.am.policy.agents.config.notenforced_list = http://dominoad.yjy.dqyt.petrochina/*.nsf http://dominoad.yjy.dqyt.petrochina/teamroom.nsf/TROutline.gif?
OpenImageResource http://dominoad.yjy.dqyt.petrochina/icons/*.gif
# Boolean attribute to indicate whether the above list is a not enforced list
# or an enforced list; When the value is true, the list means enforced list,
# or in other words, the whole web site is open/accessible without
# authentication except for those URLs in the list.
com.sun.am.policy.agents.config.notenforced_list.invert = false
# Not enforced client IP address list is a list of client IP addresses.
# No authentication and authorization are required for the requests coming
# from these client IP addresses. The IP address must be in the form of
# eg: 192.168.12.2 1.1.1.1
com.sun.am.policy.agents.config.notenforced_client_ip_list =
# Enable POST data preservation; By default it is set to false
com.sun.am.policy.agents.config.postdata.preserve.enable = false
# POST data preservation : POST cache entry lifetime in minutes,
# After the specified interval, the entry will be dropped
com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
# Cross-Domain Single Sign On URL
# Is CDSSO enabled.
com.sun.am.policy.agents.config.cdsso.enable=false
# This is the URL the user will be redirected to for authentication
# in a CDSSO Scenario.
com.sun.am.policy.agents.config.cdcservlet.url =
# Enable/Disable client IP address validation. This validate
# will check if the subsequent browser requests come from the
# same ip address that the SSO token is initially issued against
com.sun.am.policy.agents.config.client_ip_validation.enable = false
# Below properties are used to define cookie prefix and cookie max age
com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
# Logout URL - application's Logout URL.
# This URL is not enforced by policy.
# if set, agent will intercept this URL and destroy the user's session,
# if any. The application's logout URL will be allowed whether or not
# the session destroy is successful.
com.sun.am.policy.agents.config.logout.url=
#http://sportal.yjy.dqyt.petrochina/amserver/UI/Logout
# Any cookies to be reset upon logout in the same format as cookie_reset_list
com.sun.am.policy.agents.config.logout.cookie.reset.list =
# By default, when a policy decision for a resource is needed,
# agent gets and caches the policy decision of the resource and
# all resource from the root of the resource down, from the Access Manager.
# For example, if the resource is http://host/a/b/c, the the root of the
# resource is http://host/. This is because more resources from the
# same path are likely to be accessed subsequently.
# However this may take a long time the first time if there
# are many many policies defined under the root resource.
# To have agent get and cache the policy decision for the resource only,
# set the following property to false.
com.sun.am.policy.am.fetch_from_root_resource = true
# Whether to get the client's hostname through DNS reverse lookup for use
# in policy evaluation.
# It is true by default, if the property does not exist or if it is
# any value other than false.
com.sun.am.policy.agents.config.get_client_host_name = false
# The following property is to enable native encoding of
# ldap header attributes forwarded by agents. If set to true
# agent will encode the ldap header value in the default
# encoding of OS locale. If set to false ldap header values
# will be encoded in UTF-8
com.sun.am.policy.agents.config.convert_mbyte.enable = false
#When the not enforced list or policy has a wildcard '*' character, agent
#strips the path info from the request URI and uses the resulting request
#URI to check against the not enforced list or policy instead of the entire
#request URI, in order to prevent someone from getting access to any URI by
#simply appending the matching pattern in the policy or not enforced list.
#For example, if the not enforced list has the value http://host/*.gif,
#stripping the path info from the request URI will prevent someone from
#getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
#However when a web server (for exmample apache) is configured to be a reverse
#proxy server for a J2EE application server, path info is interpreted in a different
#manner since it maps to a resource on the proxy instead of the app server.
#This prevents the not enforced list or policy from being applied to part of
#the URI below the app serverpath if there is a wildcard character. For example,
#if the not enforced list has value http://host/webapp/servcontext/* and the
#request URL is http://host/webapp/servcontext/example.jsp the path info
#is /servcontext/example.jsp and the resulting request URL with path info stripped
#is http://host/webapp, which will not match the not enforced list. By setting the
#following property to true, the path info will not be stripped from the request URL
#even if there is a wild character in the not enforced list or policy.
#Be aware though that if this is set to true there should be nothing following the
#wildcard character '*' in the not enforced list or policy, or the
#security loophole described above may occur.
com.sun.am.policy.agents.config.ignore_path_info = false
# Override the request url given by the web server with
# the protocol, host or port of the agent's uri specified in
# the com.sun.am.policy.agents.agenturiprefix property.
# These may be needed if the agent is sitting behind a ssl off-loader,
# load balancer, or proxy, and either the protocol (HTTP scheme),
# hostname, or port of the machine in front of agent which users go through
# is different from the agent's protocol, host or port.
com.sun.am.policy.agents.config.override_protocol =
com.sun.am.policy.agents.config.override_host =
com.sun.am.policy.agents.config.override_port =
# Override the notification url in the same way as other request urls.
# Set this to true if any one of the override properties above is true,
# and if the notification url is coming through the proxy or load balancer
# in the same way as other request url's.
com.sun.am.policy.agents.config.override_notification.url =
# The following property defines how long to wait in attempting
# to connect to an Access Manager AUTH server.
# The default value is 2 seconds. This value needs to be increased
# when receiving the error "unable to find active Access Manager Auth server"
com.sun.am.policy.agents.config.connection_timeout =
# Time in milliseconds the agent will wait to receive the
# response from Access Manager. After the timeout, the connection
# will be drop.
# A value of 0 means that the agent will wait until receiving the response.
# WARNING: Invalid value for this property can result in
# the resources becoming inaccessible.
com.sun.am.receive_timeout = 0
# The three following properties are for IIS6 agent only.
# The two first properties allow to set a username and password that will be
# used by the authentication filter to pass the Windows challenge when the Basic
# Authentication option is selected in Microsoft IIS 6.0. The authentication
# filter is named amiis6auth.dll and is located in
# Agent_installation_directory/iis6/bin. It must be installed manually on
# the web site ("ISAPI Filters" tab in the properties of the web site).
# It must also be uninstalled manually when unintalling the agent.
# The last property defines the full path for the authentication filter log file.
com.sun.am.policy.agents.config.iis6.basicAuthentication.username =
com.sun.am.policy.agents.config.iis6.basicAuthentication.password =
com.sun.am.policy.agents.config.iis6.basicAuthentication.logFile = c:/Sun/Access_Manager/Agents/2.2/debug/C__Lotus_Domino/amAuthFilter

Hi,
I installed opensso (so Sun Java(TM) System Access Manager 7.5) and the agent for Domino 6.5.4 and I have the message in logs "amAgent"
2007-07-11 18:40:16.119 Error 1708:3dbcf768 PolicyAgent: render_response(): Entered.
I have the box to identify but it doesnot connect me on my opensso server.
It still identify with Domino's server
Thanks for your response
Thomas

IOS 7 Only Allows Find My iPhone with Primary iCloud Account

While iOS7 may be a big leap forwards in most respects, the "Find my iPhone" feature has taken a big step in reverse. This useful feature is NO LONGER AVAILABLE for use with secondary iCloud accounts, ONLY your PRIMARY account.
This may not be a huge concern for most users, because many (including most first-tier tech reps at Apple I've spoken to) seem to believe that you can only have one iCloud account on a device. NOT TRUE. While you can only have one PRIMARY account, you can add multiple additional iCloud EMAIL accounts (go to Settings/Mail, Contacts & Calendars/Add Account/iCloud). In the last iOS, once you created a new, secondary iCloud email address, you could activate many iCloud features for use with the new account, including Mail, Calendar, Contacts, Reminders, Notes, Safari Data (which never actually worked), and Find My iPhone. Under iOS7, however, Find My iPhone is no longer available. Instead, a small paragraph below the new iCloud email account setup screen says "Only your main account can use Bookmarks, Photo Stream, Documents & Data, Backup, and Find My iPhone."
Consider two cases where this is a huge problem.
1) We have a large number of company iOS devices that we need to keep track of.
2) Personally, I have an iPhone and iPad, and so does my wife. So do our kids!
In both the above cases, we created a secondary iCloud account, we'll call it "[email protected]", and added it as a secondary iCloud email address on ALL our iOS devices. In the setup screen we disabled everything EXCEPT "Find My iPhone". This account has a unique password, making it possible to see the location of ANY OR ALL the devices using the Find My iPhone App, WITHOUT having to share email, contacts, calendars, etc. among all these devices.
In our company, I can tract the location of any iOS device I gave to an employee, but his personal PRIMARY iCloud account is used to keep his mail, contacts, calendars, etc. secure. He shares this data between his iPhone and iPad, but NOT with everyone else. In my family, we all have our own primary iCloud accounts. I share mine between my iPhone and iPad; my wife and kids do the same. This allows us to keep our calendars, contacts, emails, etc. separated. But we all used the secondary iCloud email account ONLY with Find My iPhone. This allowed everyone in the family to see the location of everyone else, very nice in an emergency. Unlike the Find My Friends app, the device being located doesn't have to respond to a request to be found (very important when finding a lost or stolen device).
In both the above cases, we just log into the Find My iPhone APP on ANY iOS device, using the secondary iCloud account's email address and password (the email address is actually saved in the app, so you really only need to enter the password after the initial login). Viola! You can now see the location of any device that has that secondary iCloud account installed. And a person can still be untrackable if they wish, simply by turning off the Find My iPhone feature under the shared account's iCloud account settings on their device.
Alas, with iOS7 this is no longer possible. With the Find My iPhone feature only available for use with the device's PRIMARY iCloud account, there are only two ways to track another device:
1) Use the same primary iCloud account (which forces you to share other data and features you may not want to);
2) Log into the Find My iPhone APP with the PRIMARY iCloud email address and password of the person you want to track.
Either way, the person doing the tracking MUST have access to the PRIMARY iCloud credentials of the device they are tracking. This is a large security hole! Ask yourself: if you are a parent, do you really want your kids to have access to your primary iCloud account, including your mail, contacts, calendars, etc? Some people may not want their spouse to access that. In a company setting, do you want all your employees to be FORCED to share Documents & Data, Backup and Bookmarks, just to use the Find My iPhone feature? If they want to keep their mail, contacts, calendars, etc. separated from other employees, they will be forced to move these to a secondary iCloud account, which will no longer allow them to share Bookmarks, Photo Stream, Documents & Data or Backup. Why this ridiculous limitation?
The bottom line:Find My iPhone is now only useful for the primary iCloud account holder, and can no longer be used effectively between larger numbers of iOS devices, such as families or corporate institutions. This should be addressed in the next update to the iOS.

Brad, and everyone else, just to clarify my original post that started this thread, and offer a workaround or two: you CAN still locate, erase etc. any iOS device using Find My iPhone in iOS7, but the device you want to track or erase must EITHER use the same PRIMARY iCloud account as you do, OR you must log into the Find My iPhone app on your phone using THEIR primary iCloud account's username and password.
For parents, that's not a big deal, maybe just an annoyance: give your kids their own individual primary iCloud accounts, but you jot down their username and password in their contact info on your phone. Log Into FMI with that and track them.
The real pain is if you as an adult want others to be able to see where you are, WITHOUT also giving them access to your other iCloud info. For then to see you, THEY must either use the same PRIMARY iCloud account as you do, or they must have your username and password to log into the FMI app...which means they cal also see all your other stuff, even if you turn off the FMI feature on your phone. Anything you share with iCloud will be visible to anyone with access to your iCloud account.
For corporate users who want to track and manage company-owned iOS devices without having all of them use the same primary iCould account, this is a big pain. For families, imagine being on a vacation, or experiencing a disaster, accident, etc, where you'd really want everyone to be able to locate each other, even if they are unable to answer their phone or otherwise respond...a very real possibility in today's world. Now not so easy without compromising privacy and security.
I have three workarounds. The first two use Find My iPhone and so require everyone to use the same PRIMARY iCloud account.
1) the simplest thing is to go to your device under Settings/iCloud and toggle off anything you don't want others to see...but if you have multiple devices of your own (say an iphone and an iPad), this prevents you from sharing with yourself. Bummer.
2) It occurred to me today that with iOS6 there was a way to lock out changes to features in Settings. Sure enough, it still works with iOS7. Enabling this feature allow everyone to share the same PRIMARY iCloud account WITHOUT sharing other things you'd like to keep private. Enabling this feature will prevent the person with the device from making any changes to the Accounts on their device (Mail, Contacts, Calendars), so you'll need to think about what features of these accounts you WANT to allow before following the steps below. ALL THE FOLLOWING STEPS ARE PERFORMED ON THE OTHER DEVICES IN YOUR FAMILY/COMPANY, not your own.
A) I suggest entering airplane mode in Settings to prevent the device you are working on from downloading any of your iCloud info during this process.
B) Next, be sure YOUR PRIMARY iCloud account is listed on the person's device that you wish to track (kid's employee, etc). Go to Settings/iCloud to check this, and if necessary sign out of their iCloud account here and sign in with your primary iCloud account.
C) Add a second iCloud account using their personal iCloud email address (the one you just deleted as the primary). Set this one to share whatever they need to (their own Mail, contacts, calendars, etc). If they weren't previously using iCloud for anything but tracking and already had their own email account set up, you can omit this step.
D) Now, decide what features of your Primary iCloud account you do NOT want this person to be able to see or use (mail, contacts, calendars, etc). On THEIR DEVICE go to Settings/iCloud, and toggle OFF any of these things, but be sure to leave anything they need to share. A common issue here will be Photos. Since Photo sharing is now ONLY supported with the primary account, I suggest leaving this on, but you can still prevent them from seeing your new photos if needed. Tap the arrow to the right of Photos, and on the next screen toggle off "My Photo Stream", but leave on "Photo Sharing" which allows them to see, create and subscribe to other shared steams, just not your primary photostream. You can instead make this same Photo setting on your device, which has the same result. Or just disable Photos altogether. Whatever setting suits you the best.
Once you have decided which features of your primary iCloud account you'll allow this person to see, BE SURE YOU HAVE ALSO TURNED ON "Find My iPhone" here.
E) Lastly, go to Settings/General/Restrictions. Tap "Enable Restrictions". Enter a new password (twice- this is NOT the same password for the device, but only for locking and unlocking restrictions, so use a new one only you will know). Scroll down to the "Allow Changes" section and tap "Accounts." Tap to place a check next to "Don't Allow Changes". Exit from Settings.
You're done! Repeat the above steps on every device in your family or company you want to track. You will now be able to track all of them at one time using Find My iPhone on your device, from your primary iCloud account, and they will also be able to see your device location, but they will not be able to see any of your information as long as you toggled it off and then locked out account changes under restrictions. Be aware that they will not be able to add, delete or change any Mail accounts unless you unlock the restrictions. But you will likely have their own separate email account on this device (step C above).
3) if this is too much for you to handle, and tracking is your primary concern, in the App Store there is a free app called "Find my Kids - Footprints" . They just released a new iOS7 version which is unrated, but the previous version was reasonable well rated. After a trial it requires an annual subscription (which removes the ads, and it is VERY cheap), but it irks me to pay for a service that I used to get for free. I haven't tried it yet, but it seems to do a bit more that the Find my iPhone app as far as tracking...but it can't lock or erase your device. You'd still need to use their primary iCloud account for that. I'm sure we'll be seeing more apps like this in the near future.
Hope this helps.

How do I find all pictures with no (empty) keyword ?

I have decided to import all my pictures into LightRoom.
A lot of my older pictures are not registered with any keywords :(
- only with IPTC location information.
My plan is to systematic go through all my pictures and add relevant keywords to all pictures - so my old pictures become as searchable as my newest pictures.
Some of my old pictures has keywords some has not.
How do I in Lightroom - find all pictures with no keywords?
I have tried to use the Find tool - but don't see any options to search for "Empty/missing" keywords.
Also I would like to find all pictures with few keywords and in step II add additional keywords to these pictures.
Any ideas on how to make a find all pictures where number of keywords is less than X inside or outside LightRoom.
Henrik Bach
Denmark

> I also did think of the SQL idea.
> If I find a way of doing this I will repost my findings.
Well, being a tech geek, I found this challenge kind of irresistible,
and I'm happy to report I have a solution for you.
STEP 1
First, make a copy of your "Lightroom Database.lrdb" file (we'll work
off the copy to be safe)
STEP 2
Next, you need to be able to browse the database. The database is in
SQLite3 format. I tried installiing an SQLite3 ODBC driver and accessing
it through MS Access 2003. While Access was able to see all of the
tables in the database, every time I tried to link to one I got:
"Reserved error (-7748); there is no message for this error"
I found a few tips for this but wasn't able to work around it and get it
to work. Which is a shame, since Access would be the easiest way for
browsing and querying tables.
Instead I found an open source tool called SQLite Database Browser.
http://sourceforge.net/project/showfiles.php?group_id=87946&package_id=91778&release_id=41 4746
I used the Windows version. There appears to be a version for MacOSX on
PowerPC. It doesn't look like there is a version for Intel based Macs
(though if you know how, you could always try downloading the source and
compiling it yourself).
STEP 3
After you install the browser, open it up, choose "Open Database" and
select the COPY of the lightroom database we made in step 1
STEP 4
go to the Execute SQL tab and issue the following command
SELECT A.idx_filename, count(C.name)
FROM Adobe_imageFiles A, AGLibraryTagImage B, AGLibraryTag C
WHERE A.image=B.image AND B.tag=C.id_local AND C.kindName='AgKeywordTagKind'
GROUP BY A.idx_filename
HAVING count(C.name) <= 3
That will give you all images with 3 or fewer keywords applied.
Of course, theres no guarantee that this wont break in future versions.
Now an explanation of the data.
Adobe_imageFiles - contains data about image files:
1) idx_filename is the filename
2) absolutePath is the full file path
3) image is a unique ID for the image which you can cross reference in
other image related tables
AGLibraryTag - contains info about "tags" applied to images:
1) id_local is a unique ID for this "tag", which you can use to cross
reference in other tag tables
2) kindName is the kind of tag you are looking at. Available values
appear to be:
AgCaptionTagKind
AgCollectionTagKind
AgCopyrightTagKind
AgEnumeratedMetadataTagKind
AgFolderTagKind
AgImportTagKind
AgKeywordTagKind
AgMissingFileTagKind
AgQuickCollectionTagKind
AgSpecialContentOwningTagKind
AgTempImagesTagKind
3) name is the value for that tag (the collection name, the keyword, etc)
AGLibraryTagImage - Use this to connect the images and tags tables

How to find every 3rd Friday?

I have a column of consecutive dates that span multiple months. A second column list the day name for the date. How do I find every 3rd Friday of any month? I'd like to have it display some text in a 3rd column next to the particular Friday.
If the formula is generic enough, I'd like to find other types of days such as every 1st Friday, every 2nd Thursday, etc.

I'm assuming that by "every 3rd Friday of any month" you mean "the third Friday of each month," and that your meaning for "every second Tuesday" and "every first Friday" is similar.
The first occurrence of any particular weekday in a particular month will be on one of the first seven days in that month, the second occurrence in the second seven days, and the third occurrence in the third seven days.
The day number within a month is returned by the DAY(date) function.
First:      DAY(date)>0 AND DAY(date)<8
Second: DAY(date)>7 AND DAY(date)<15
Third:     DAY(date)>14 AND DAY(date)<22
Fourth:   DAY(date)>21 AND DAY(date)<29
A number corresponding to the day of the week is returned by the WEEKDAY(date) function. By default, the week starts on Sunday, which is assigned the WEEKDAY value 1.
So for a date to be the third Friday of a month, three things must be TRUE:
WEEKDAY(date) must be 6
DAY(date) must be greater than 14
DAY(date) must be less than 22.
Expressed as a formula, placed in the same row as the date, and with the dates listed in column A,
=IF(AND(WEEKDAY($A)=6,DAY($A)>14,DAY($A)<22),"Third Friday","")
will place "Third Friday" beside the third Friday of each month, and a null string in the other rows.
There should be enough information there to write the formulas for the other cases.
Regards,
Barry

How do i get rid of the pop ups that are constantly popping up on my mac. Everytime i search for anything on google an ad for mac keeper comes up and every time i access Netflix another stream of ads pop up... Do i have a virus HELPPPPPP

How do i get rid of the pop ups that are constantly popping up on my mac. Everytime i search for anything on google an ad for mac keeper comes up and every time i access Netflix another stream of ads pop up... Do i have a virus HELPPPPPP

You may have installed the "VSearch" trojan, perhaps under a different name. Remove it as follows.
Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
Back up all data before proceeding.
Triple-click anywhere in the line below on this page to select it:
/Library/LaunchAgents/com.vsearch.agent.plist
Right-click or control-click the line and select
          Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.* A folder should open with an item named "com.vsearch.agent.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
Repeat with each of these lines:
/Library/LaunchDaemons/com.vsearch.daemon.plist
/Library/LaunchDaemons/com.vsearch.helper.plist
/Library/LaunchDaemons/Jack.plist
Restart the computer and empty the Trash. Then delete the following items in the same way:
/Library/Application Support/VSearch
/Library/PrivilegedHelperTools/Jack
/System/Library/Frameworks/VSearch.framework
~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
From the Safari menu bar, select
          Safari ▹ Preferences... ▹ Extensions
Uninstall any extensions you don't know you need, including any that have the word "Spigot," "Trovi," or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
Reset the home page and default search engine in all the browsers, if it was changed.
This trojan is distributed on illegal websites that traffic in pirated content. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.
You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that this Internet criminal has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
          Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

Problem with accessing features as a host

I just started using Adobe Connect. I created a New Meeting under Shared Meetings. When I open the room, I'm added as a participant vs. a host. Therefore, I don't have access to change the room layout, record, etc. I am listed as a host under "Role." Am I accessing the room incorrectly?
Does it matter if I create a room under Shared Meetings vs. User Meetings?
Also, how can I find which features are available with the license that I am using? I'm wondering if the license is limiting what I can and cannot do.
Thanks.

I'll make an assumption here, so correct me if I'm wrong. I believe you are using the Named Host licensing model. I would venture to guess you are in the Administrator group, and used that license/user ability to create a meeting in the Shared Meetings folder and add yourself as a Host of that room.
However, to activate (for lack of a better term) the room and allow you and others in the room to be at a role above Participant, you must be a member of the Meeting Host group. Addd your self to that group, and then go back into the room you created and you should have full Host rights. If you don't you may want to either clear your browser's cookies or wait 7-15 minutes, with the room closed, to allow the session for that room to be ended by the server, and then go back into your room.
The rooms location on the server should have zero effect on access and functionality on the room.
Here is a description of the Connect licensing and how those licenses work: Setting the Record Straight on Adobe Connect Licensing | RealEyes Media

SMB Share with Access Based Enumeration & Mac OSX 10.8/10.9

Hello,
I've been working on a bit of a problem related to some SMB Shares on Windows Server 2012 with Access Based Enumeration with Mac OSX 10.8 & 10.9.
Basically, we have one network share that mounts for all of our Students & Faculty on campus. Then, based on which security group the user is inside of in Active Directory, they gain access and visibility to different folders. (Basically, if they are members of the graphic design department, they get access to the Graphic Design's folder). All of that is working fine, no problems. From there we have 3 folders that branch off. We have a Distribution, an Open, and a Dropbox folder.
Distribution is setup as a spot for instructors to have full access, students have read access, They're able to drop files into this locations, to distribute them to their students. This folder is working fine, no problems.
Open is setup with everyone read/write access across the board. This folder is setup for students to share data to each other, work on projects, etc. This folder is working as intended, no problems.
Dropbox is the only folder we're having trouble with, i'm assuming because it's settings are the most complex out of the three. The purpose of the drop box is for students to have read/write control over their own content, but not others, and instructors to have read/write over this entire folder.
Now that I've laid out our Setup, the problem we've encountered, is ONLY occurring inside of the Dropbox folder. When I try to Drag/Drop OR Copy/Paste from another location on the computer into the Dropbox folder, I get a permission error. HOWEVER, if I have a file open, and I click "save as" browse to the dropbox folder, I can save the file into that location without any trouble. Also, on our windows computers, with the same exact users, drag/drop & Copy/Paste work normally.
Things I've Tried:
Disabling the .DS_Store - I figured in the drop box, the .DS_Store would be created by the first user who copied a file in, then subsequent users would not have access to the .DS_Store.
CIFS/SMB1 - I've read that SMB2 can cause some trouble while connecting to SMB Shares, so I tried both connecting via CIFS, and also by forcing back to SMB1, with no fix.
Am I missing something with this? I've read a lot about people having trouble connecting to SMB Shares, but for us it had not been a problem up until this point. Does anyone know what a possible fix might be for this? I'm sifting through internet searches right now, trying to find a solution, however MOST of the responses I see are regarding the two things I've already tried.
Any suggestions would be greatly appreciated.
Thanks!

hi everybody
I really need some help so here is a little up !
thanks !

TC with Access via User Accounts

Hi all folks,
I start using a new TC (2TB with 7.5.1) with access via User Accounts switched on, but it confuses me a little. In general I'm interesting in storing some more data to the TC, also I'm interesting in using seperate folder/mountpoints.
I add some User Accounts (I used the short names from my Mac, for example lutz, test, work, gast and admin) and every User can logon/connect to the TC, with a User Folder and a "Data" Folder, but admin can't connect to the User Folder.
All the time I try to logon/connect with the admin User, I can mount the "Data" Folder, but I can't mount the "admin" Folder (but the folder is shown).
In the Mac Syslog I find,
/System/Library/CoreServices/Finder.app/Contents/MacOS/Finder[111]:
NetworkNode::handleMountCallBack returned -6602
I got a box with,
The operation cannot be completed because the original item for "admin" cannot be found.
And in the TC Syslog I find,
Syslog Protocol 6 - All Information
Nov 18 00:16:54 Gewichtung: 5 AFP login OK from [email protected].
Nov 18 00:16:57 Gewichtung: 5 AFP session from [email protected] closing.
Nov 18 00:16:58 Gewichtung: 5 AFP login OK from [email protected].
Nov 18 00:18:03 Gewichtung: 3 No Address for NTP server time.euro.apple.com.
I got folders like this, "lutz" and "Data" and both are empty.
From the admin Point of view the "Data" Folder looks like this and the "admin" folder can't connect too.
"Data"
"Data/Shared"
"Data/Users"
"Data/Users/lutz"
"Data/Users/test"
"Data/Users/gast"
"Data/Users/work"
"Data/MacBook.sparesbundle"
"Data/PowerBook.sparesbundle"
My question, is "admin" an TC internal User too?
What's the reason I can't mount the "admin" Folder and why I got a complete view to the TC filesystem with the "admin" User only?
It's nice to see this, but what's the reason!
How to add some more Shared folder for data exchange?!
Any idea what's happend,
thanks for any help, I can't find any information about this behavior,
Lutz
p.s.
The password from the User Account definitions are ignored for the "admin" user, the TC Password is used all the time.
p.s.
I read "http://web.me.com/pondini/Time_Machine/FAQ.html", too.

Hi all folks,
anyone who spend some time to add an User Account named "admin" to a TC and try to logon/connect to the TC with this user.
If someone try to do this, don't use the same password for "admin" and the TC itself, but try to logon/connect with "admin" to the TC with the defined passwords, both. I can connect "admin" to the TC with the TC password only, not with the password defined via User Account.
Thanks for any help,
Lutz

OSX 10.8 and SMB Shares with Access Based Enumeration.

Hello,
I've been working on a bit of a problem related to some SMB Shares on Windows Server 2012 with Access Based Enumeration with Mac OSX 10.8 & 10.9.
Basically, we have one network share that mounts for all of our Students & Faculty on campus. Then, based on which security group the user is inside of in Active Directory, they gain access and visibility to different folders. (Basically, if they are members of the graphic design department, they get access to the Graphic Design's folder). All of that is working fine, no problems. From there we have 3 folders that branch off. We have a Distribution, an Open, and a Dropbox folder.
Distribution is setup as a spot for instructors to have full access, students have read access, They're able to drop files into this locations, to distribute them to their students. This folder is working fine, no problems.
Open is setup with everyone read/write access across the board. This folder is setup for students to share data to each other, work on projects, etc. This folder is working as intended, no problems.
Dropbox is the only folder we're having trouble with, i'm assuming because it's settings are the most complex out of the three. The purpose of the drop box is for students to have read/write control over their own content, but not others, and instructors to have read/write over this entire folder.
Now that I've laid out our Setup, the problem we've encountered, is ONLY occurring inside of the Dropbox folder. When I try to Drag/Drop OR Copy/Paste from another location on the computer into the Dropbox folder, I get a permission error. HOWEVER, if I have a file open, and I click "save as" browse to the dropbox folder, I can save the file into that location without any trouble. Also, on our windows computers, with the same exact users, drag/drop & Copy/Paste work normally.
Things I've Tried:
Disabling the .DS_Store - I figured in the drop box, the .DS_Store would be created by the first user who copied a file in, then subsequent users would not have access to the .DS_Store.
CIFS/SMB1 - I've read that SMB2 can cause some trouble while connecting to SMB Shares, so I tried both connecting via CIFS, and also by forcing back to SMB1, with no fix.
Am I missing something with this? I've read a lot about people having trouble connecting to SMB Shares, but for us it had not been a problem up until this point. Does anyone know what a possible fix might be for this? I'm sifting through internet searches right now, trying to find a solution, however MOST of the responses I see are regarding the two things I've already tried.
Any suggestions would be greatly appreciated.
Thanks!
iMac, OS X Mountain Lion (10.8.5)

Just thought I'd post this in case it helps someone. This could be the same problem we have (had) here so try this:
When it asks for name and password put this in the name field: sharename\name
So if the share is called "WWW" and your login name is "Bob" you'd put "www\Bob" in the name field and then normal password in the password field.
Works perfectly for us. I cant remember when it started 10.7 or 10.8 but this was the only solution. Hope it helps someone else!

"you are not authorized to access the function" issue

Hi folks,
I have a issue when I tried to include rich content container in one OA page. I defined the function according to the dev guide. Then the page shows error as "You are not authorized to access the function XXX. Please contact your System Administrator". Now the OA application has Application Short Name as SYSADMIN and Responsibility as SYSTEM_ADMINISTRATOR. And I defined the function under System Administrator->Application->Function. Any suggestion for this issue is appreciated.

Hi Prince,
Hussein,
I enabled the multi - org, upgraded R12 from 11i. I try to login into Application, I am getting an error
You are not authorized to access the function Projects: Worklist. Please contact your System Administrator.
This could be multi - org issue? Please let me know.
Thanks
PrincePlease check apache log files for details about the error (error_log* and access_log* files).
Is this happening to all users?
Did you enable Multi-Org successfully with no errors?
After Upgrade to 12.1, unable to Login with You are not authorized to access the function Applications Default Login Page [ID 1368800.1]
You Are Not Authorized To Access This Function When Using Iexpense [ID 295907.1]
Thanks,
Hussein

Nokia candy bar phone with LED torch function

Hi,
I need a candy bar phone with LED torch function with a decent camera 3-5mp. I don't really want to install an app I want it as standard. Can anyone recommend any Nokia phone that offers that?
I need it quite urgently as my wife's contract is up and I cannot find a phone for her.

Check out the Nokia X2. It has an LED torch as standard that is accessed by holding down the * key. It also has a 5mp camera and the quality of the pictures is good.
http://europe.nokia.com/find-products/devices/nokia-x2-00
I've got an X2 and think it's a great phone in it's price range. I paid just under £60 for a black one and have been very happy with it.

Find every responsibility with access to function

Similar Messages

Maybe you are looking for