Flat heirarchy permissions

Hi,
Am using Contribute in a large educational institution. We
recently re-vamped our site and at the sayso of the developer
adopted a 'flat' heirarchy, whereby all web-pages sit in the root
directory. By default, all users in our institution do NOT have
access to this directory.
The problem: How do I set it up to allow Contribute users
access only to the files they need? My problem is that if they can
only access specific files in the dir and NOT the entire dir, then
they run into problems with Contribute because it uses temporary
files which inherit the permissions of the root dir (ie. no
access). Allowing users full access to the directory (our present
solution) poses a security risk.
Thoughts? Thanks in advance :-)

http://www.adobe.com/cfusion/webforums/forum/messageview.cfm?catid=302&threadid=1146845
Hope this helps.

Similar Messages

Permissions

Here is a summary of the permissions system the way I understand it. I hope it helps save anyone out there some of the time and trouble I've had to endure to understand Permissions.
I) POSIX:
Get info
The 'Get Info' window is a user-friendly way to view and manage permissions on files and directories. But it is a little confusing to understand.
You can tell if you've really messed around too much with the permissions of a file or directory if the Get Info window lists your Sharing and Permissions as 'custom'. You shouldn't have any 'custom' permissions settings if you are new to managing permissions.
For all beginners, there should only be three listings in the 'Get Info' window. The reason this confuses people is because everyone wants to see themselves as the owners of their computer's files and directories, and nobody wants to see 'everyone' with access to important files and folders.
First listed is the file's (or directory's, if you selected a directory) owner. There is only one owner for each file or directory, but the owner can be changed in terminal with chown (provided you have the needed privileges).
Next listed is the primary group to which the owner of the file or directory belongs. A user can only belong to one primary group, but the primary group of a user can be changed with usermod in terminal.
Next listed is all other users. This is the account that mostly ruins people as everyone wants 'everyone' to have no access to their computer. The main problem is that the need for 'everyone' to have permissions on some important files is not correctly understood by most people.
Using File Hierarchies to Manage Permissions
It is easier to accept the need for 'everyone' to have access to important directories once you realize that the file and directory permissions are also managed via the file and directory hierarchies. So, regardless of who has permissions on a file or directory, if it is copied or moved to a directory to which 'everyone' has no access, and you are the only one with permissions, then the moved or copied file cannot be accessed by anyone until you move it back out of your directory. The role of file hierarchies in managing permissions is a very important part of the system, but most people are not aware of how it works.
It is similarly easier to understand the need for 'everyone' to have access to important directories with two different examples. Say, for example, you add a new user to your system. The system will automatically copy directories into that user's home folder for that user to use. But if the directories are not accessible by 'everyone', then that user will not have access to any of the copied resources.
For another example of the need for 'everyone' to have access to important directories, consider what happens when you attempt to assign 'no access' to 'everyone' on your System folder. Now, you yourself cannot access the folder and you have to reboot your system with disks. You cannot simply add yourself as the owner of the System file, because the system needs to access that file at start-up. The System is one important user on your system which you cannot do without! So the System must be the owner of the System directory. The System automatically belongs to a group called 'wheel' which allows for the connection of other 'Systems' to your 'System' through a common group. Is the 'System' did not belong to any group, you could never share resources, files, directories, or executables (like a printer, for example) with other 'System' users. So your computer automatically includes a 'wheel' group and a 'System' (YOUR 'System') that belongs to that group. Now then, you are not your system. Your system is your system. In order to use your system, you have to have a user account. Also, you have to have access to your System folder. Since the System folder necessarily belongs to your system, and the system is necessarily installed as a member of the 'wheel' group (otherwise you would not be able to network), then there is only one more permission through which you can gain access to your system, and that is the 'everyone' group. This is because there are only three reserved places on the permissions bits. There is one place for the file (or directory) owner, one place for the primary group of that owner, and one place for 'everyone' else.
The three-entry 'limits' to the permissions system (owner, group, everyone) make much more sense when you realize that the directory and file heirarchy permissions are meant to be used as the other half of the permissions assignments. Where the most important owner ('System') of a directory (system) must be the most accessible (to 'everyone'), all other groups and users can impose more restrictions on files and folders (directories) that they create, as well as those which they have imported into their own files and folders, using the file hierarchies to manage permissions.
Terminal ls -l command
When in terminal, you use the ls command to see a list of the files in the current directory. However, when you at the -l option to the ls command, you also get to see the file and directory permissions for each file or directory in the current directory.
The permissions for a file start with a -, and the permissions for a directory start with a 'd'. That is followed by 9 dashes or letters. The letters are for 'read' 'write' and 'execute' (rwx). The first three are for the file or directory owner. The second three are applied to the file or directory owner's primary group. The second three are applied to everyone. However, if a file which 'everyone' can read is in a folder to which 'everyone' has no access, then there will be no access to that particular file, even though the permissions for 'everyone' assign access. That's because the permissions assignments to a file or folder are only half of the permissions management. The other half is the arrangement of the files and folders, through the hierarchical assignment of permissions restrictions. That is the fact about permissions systems that confuses everyone.
Terminal chmod command
In terminal, you can change the permissions 'mode' assigned to a particular file or folder (or even an entire hierarchical structure) using the chmod command. There is a numbering system to correspond to the 10-letter (drwxrwxrwx) system. You can learn more about that online or by typing 'man chmod' into the terminal.
Terminal chgrp command
In terminal, if the owner of a file or directory belongs to more than one group, you can change the group that has permissions to the file or directory to one of the owners' non-primary groups. You can learn more about that by typing 'man chgrp' into the terminal.
Terminal, editing the /launchd-user.conf file
You can set the 'umask' by editing the configuration file for the user. Editing configuration files is an important part of the system and a valuable skill to learn. Once you learn how to edit the user configuration file, you can easily change the default permissions mode that is assigned by that user to his or her new files and folders by changing the 'umask' variable. The umask variable uses a 4 digit number for permissions, just like the chmod command.
Who are Users?
There are several very important users on your system. Your computer itself is a user on your computer, called 'System'. There is a user called 'root' that gives you control over the 'System' (and consequently can destroy your entire system). 'Root' user is also a default member of the 'admin' group. When your system is first installed, it prompts you to add yourself as the first human 'user' and makes you the first human member of the 'admin' group, as well as a member of the 'staff' group. Your primary membership is to the 'staff' group, but you can also function as a member of the 'admin' group by entering your password when prompted or when required in a command. You can add any other users from that point and grant them admin privileges, or not, or membership in some other group with other privileges to access certain directories or files.
What are the Groups?
Groups like 'wheel' and 'daemon' are used to connect your system to network users without granting system privileges. Your computer 'System' is a user that belongs to the 'wheel' group. 'Root' user also belongs by default to the 'wheel' group and 'admin' group' and 'staff' group (so that if you, the hardware owner, log in as 'root' user, you can access everything on the hardware). The 'wheel' group is like an empty socket waiting for you to allow other network resources to connect with your system by adding them to the 'wheel' group. A user could be a member of the 'wheel' group without having privileges or permissions to anything on your system. Maybe such a user would only be given permissions to access a printer or a single folder on your system.
'Everyone' is the group that most people want to eliminate. However, 'everyone' is necessary for the most important system resources, which can subsequently be assigned restricted access (when they are moved or copied to other, more restricted, files and directories) using the hierarchical assignment principle. 'Everyone' is the most misunderstood group identity.
Apart from such default required groups, you can create any group you like, and many applications will add a group to your system for use with that application and its resources. You can see what groups are on your system (and what users belong to them) by reading the etc/group file.
If a user is not assigned to any group, the computer assigns them to the default group called 'staff'.
What is the best way to set up file and directory permissions?
There is a utility called 'disk utility' which you can use to 'fix' your permissions if you messed around with them too much without knowing what you were doing (learning, obviously!). If you still have access to your system, and it is acting funky, and you have been messing around with permissions, 'disk utility' is likely to solve all of your trouble. If the permissions are too badly ruined (for example, if you assign 'everyone' 'no access' to your system folder, etc), and you have no way to login to the root user (root user can be both enabled and logged in through any terminal window using 'dsrootenable', if you have both an administrator password and a root user password) then you may have to reboot from disk or perform a new installation, since you likely have removed yourself from your own computer.
Apart from the 'disk utility' defaults for important directories, there is no best way to set up permissions. When you combine the permissions mode of a file or directory with the hierarchical permission structure, there are many ways that intellectual property can be both protected and shared, according to the project and purposes.
There are many possible arrangements for permissions, and each proposed scheme requires a bit of study to understand how security, privacy, collaboration, and sharing will be affected.
II) ACL:
Microsoft WindowsOS manages permissions differently (They use ACL's instead of POSIX). There, you assign each file or directory different permissions for each user or group. In Apple OS it is called 'ACLs' when you create custom permissions by removing or adding permissions for users or groups that are in conflict with the standard three-values permission system. Altering the permissions to create these 'custom' settings shows up with the 'ls -l' command as a '+' appended to the permissions bits (drwxrwx---+). The reason for the '+' (or the exceptions added to the standard security permissions) can be listed using the ls command with the -le switch.

Mac OS X ACLs are based on a FreeBSD ACL implementation that extends the standard Unix/POSIX file system DAC security model. The ACLs used in Windows' security model work differently, because the Windows' security model is based on security tokens that interact...well, to be honest, I've always felt that the Windows security model reminds me of the OS X preference domain model more than anything else.
Otherwise, not bad at all.

Enable SSL to LDAP / MS AD : Portal will not start

Hi all ,
We have successfully enabled portal User Authentication to MS AD/LDAP over port 389 in a EP6 SP2 portal . Portal use
Now we wish to switch to LDAP over SSL .We did the following for a Ad with SSL enabled on port 636 :
1) Import the AD server cert into the keystore using Visual admin tool
2) Log into portal as adminstrator > Go to UM Administration
3) Change DataSource to AD , Flat heirarchy
4) Enter hostname of AD server , user . password , paths etc.., Enable SSL
5) Save config and restart portal
Now the Portal will not start and we get the following error messages in the
console_logs...any ideas ???
Loading services:
Loading service: com.sap.portal.license.runtime license
java.lang.NullPointerException
        at com.sap.security.core.util.imp.UMTrace.debug(UMTrace.java:
739)
at com.sap.security.core.util.imp.UMTrace.debug(UMTrace.java:
840)
at com.sap.security.core.util.imp.UMTrace.fatalT(UMTrace.java:
586)
at com.sap.security.core.persistence.datasource.imp.
LDAPConnectionManage
r.initConnectionPools(LDAPConnectionManager.java:556)
        at com.sap.security.core.persistence.datasource.imp.
LDAPConnectionManage
r.initialize(LDAPConnectionManager.java:77)

Here's another option that might work for you:
Check out this note: 789590. From reading between the lines it looks like you can change your um config without the portal being up by creating a file called 'sapum.properties.upgrade'. That note talks about modifying some logging parameters but you should be able to substitute the um parameters to change your config back to using just the portal database.
Here's what sap explained about the process:
"you can update single um.properties by defining a file called sapum.properties.upgrade and storing it in the
directory \ume\. During the next startup, these properties are uploaded and update the older values from the UME properties stored in the PCD.
Values that are not listed in the .upgrade file are not touched. The upload is done before the service is starting, so that the updated values are taken as start parameters. Again in note 789590, you can find an example for an upgrade file (in this case for updating the information on the logging settings)."
Once you get the portal up and running, when you try to change the UM config, make sure you click on the 'Test Connection' button after you've saved the new ldap settings to make sure that everything is ok. The ldap server might be accessable but you might have a problem with the user, password, group or user path. Also if you're using SSL then make sure the 'Use SSL for Ldap access' is checked.
Hope that helps.
Regards,
Robin.

Time dependant Heirarchy upload using flat file

Hello,
I have created all the procedure required for time dependant heirarchy from blog "http://www.sdn.sap.com/irj/scn/weblogs;jsessionid=(J2EE3417700)ID0251631050DB01275680198710677010End?blog=/pub/wlg/3113".
While loading data using IP, I am getting error 'Error 8 when compiling the upload program: row 661, message: A newer version of data type /BIC/B0011807000 was' . I have activated transfer rules, datasource and also executed program 'RS_TRANSTRU_ACTIVATE_ALL'. But the same error persist.
How to maintain these values Date-To and Date-f

Hi Naveen,
The date in infopackage mentioned is 01.01.2009 to 31.12.9999.
The structure in flat file is 20090101(yyyymmdd)
I am getting an error mentioned above in thread.
Please suggest me
Thanks,
Sonu

How to upload heirarchy through flat file in BI 7.0

i have the documentation for loading heirarchy through flatfile in 3.x but i want documentation for 7.0 can anyone help me out

Hi folks, As given in the previous links; Is Hierarchy Loading possible in BI 7.0 without using RSA1OLD(3.X approach)? The blogs & articles in SDN only cover 3.X methodology for uploading Hierarchies from flat files or external source systems. Hierarchies are not supported in 7.0 Datasources. Could anyone correct me if I'm wrong. Please refer this [link |/thread/375310 [original link is broken];for reference. I had this wierd feeling that the approach that we follow is correct, but this came to my mind when instead of using 7.0 DS, we are forced to use 3.X methodology; That evokes to reason with! Thanks.

Nested Permissions Heirarchy in SharePoint 2010

I have not found a clear answer to the following question -
For any sub site, list, library, or other SharePoint object with non-inherited unique permissions, what happens if a specific user is individually listed with their own ID with , say, for example Contribute permission level, but the same user is part of
a SharePoint group that is at a READ permission level to the object in question?
Would SharePoint give the specific user Contribute level access, or lock them down to READ access due to the user's group membership? - Why?
Can anyone direct me to a graphic flowchart of how SharePoint parses such permission level conflicts?

This is where my confusion is.
If a user is granted a specific user permission to an item of Contribute, but, because that same user is a member of a SharePoint group that has only READ permission to the same item, which applies? - Your note above seems to indicate both. That
makes no sense to me. - Both can't really apply as the group READ permission to the item question, through the user's membership in that SharePoint group would tend to block the user specific Contribute permission. How can a user have both a READ and a Contribute
permission to the same item? A reader typically isn't allowed to contribute.....
Another way of looking at this is maybe, because of individual permissions and group permissions, and multiple group memberships being possible, the way to look at it is that a single user may have " multiple doors " into the same room with the
item being accessed and each is a valid doorway in it's own right and has no impact on any of the other doorways to the room. Does that work, conceptually?
But looking at it this way tells me that a group permission lockdown to a piece of data can be almost invisibly negated by membership in a higher access permission group or direct access to the same data at a higher level. That's a problem and difficult
to detect without constantly auditing group memberships to heavily trafficked data.

Trying to install Tiger on 17" flat screen imac 800mhz. PLEASE HELP!!

I posted on this board a few days ago about installing tiger on my 17” imac G4 800 mhz Flat Panel.
My computer is running well and with no problems.
My current OS is jaguar 10.2.8 and 9.2.2.
I have 35gb free on my hd.
I have just installed new 517mb memory.
I purchased the Full Retail 10.4 Tiger ref M96392Z/A
I have run
Disk First Aid
Disk Warrior
Hardware Check
All passed
I have repaired permissions.
I have unplugged everything except the keyboard and mouse.
I have inserted the the installation DVD and gone through the first 2 stages.
On reaching the selection of the HD
It reads “Some volumes are unavailable until the installer has finished processing”
The HD image is greyed out and if I place the cursor over it a message appears saying “This volume is not yet available.
There is a spinning wheel in the top right hand corner of the box.
Aware that this is a large upgrade and could be slow, I have left the box and spinning wheel for 7 hours.
No Change.
I went ‘back’ and opened disk utilities. When I try and verify the disk it reads “Cannot unmount”
I am a retired person and I am begining to think I will die before I can install Tiger.
Help Me Please!!!
imac G4 flat 17" screen Mac OS X (10.2.x) 800 mhz

Can't you borrow a friend's external drive ?
You could use mine but I live a bit far away (10 hours flight)... unfortunately for you ...
If you have important data on your drive you should anyway consider such an external hard drive for easy, safe and fast backup ! Prices droped significantly and a low capacity (120 gig) external firewire drive shouldn't cost over $100.-- (unlike a computer, they easely fit in a safe when you are away for a long period...)
You could ask someone (reliable) or Apple centre to change the internal drive by remplacing it with a new faster one. This way you may put the old drive in an empty (you should buy an external drive case, I suggest a sarotech FW/USB II and a maxtor drive) case you could use as backup drive.
This solution is a little more expensive but has the advantage of a longer (+/-3 years) factory waranty on the drive ("ready to use" external drives are cheaper but usualy carry only one year waranty).
Best regards
coolapic
Mac OS X (10.4.3)
Mac OS X (10.4.3)

Loading flat files located on a server using the Control Center piece ofOWB

Loading flat files from a server with OWB
I am successful loading files with OWB, as long as they resided on my workstation in the C:\ drive. I copied the files to a Linux server into directories owned by Oracle/oinstall, permissions on the directories containing the files are 777. I ran the OWB client from the server with the following results:
Error
RPE-01013: SQL Loader reported error condition, number 1.
SQL*Loader: Release 10.2.0.1.0 - Production on Fri Mar 9 11:15:58 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
SQL*Loader-500: Unable to open file (/u00/data/owb_repos1/state_codes.csv)
SQL*Loader-553: file not found
SQL*Loader-509: System error: The system cannot find the file specified.
SQL*Loader: Release 10.2.0.1.0 - Production on Fri Mar 9 11:15:58 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
SQL*Loader-500: Unable to open file (/u00/data/owb_repos1/state_codes.csv)
SQL*Loader-553: file not found
SQL*Loader-509: System error: The system cannot find the file specified.
I tried to load the file using the control center from both the windows client and the server client. Can I do this from either one?
I can't import the file in the Design Center from the /u00/data/owb_repos1 directory, it does not show up.
If anyone has received similiar errors from OWB, please tell me how I can fix this. THANKS!!!
[d97886@owbtest owb_repos1]$ pwd
/u00/data/owb_repos1
[d97886@owbtest owb_repos1]$ ls -la
total 24
drwxrwxrwx 2 oracle oinstall 4096 Mar 19 12:14 .
drwxrwxrwx 18 oracle oinstall 4096 Mar 6 16:41 ..
-rwxrwxrwx 1 oracle garrett 1481 Mar 8 07:32 state_codes.csv
[d97886@owbtest owb_repos1]$

Hi
This is what i do for my flat files (i am loading my tables from the flat files):
1) Create location for the files in OWB and it should look something like \\path_to_where_the_files_are. Here you should be able to browse to your Linux box and select the location of the files.
2) Then check whatever you use (i use TOAD) and you should see in owb schema a directory created there which points to the location of the flat file.
3) then just follow the guide to sample the files etc and you are good to go.
Basically OWB has to be able to see the files that are on Linux machine.
Alternatively you can map your Linux share to your windows box (use samba or something) and use it that way.
Sorry if it is stating the obvious.
Hope this helps
Kind Regards
Vix

To read flat file from a unix server

We need to read a flat file from a Unix server, where our Database is located.
The location gets created correctly.
But while we are trying to import files from the location in Design Center , we get an error that "directory does not exists", although the directory has all the permissions.
Can someone please suggest how should we create the location so as it can read the files.
Please Reply ASAP......

We have started Design Center on a local machine(Windows Machine) with uaer as repository owner of the server,
In the design center we can not sample the file till we import it,
can you please tell how to sampe the file without importing it.
Also a location pointing to server location gets easily created on the design center and the file module points to that location only, but when we try to import the file through that location, it says directory does not exists, although oracle user has all the read write permissions on the directory......
Please help!

HELP!! - Need PL/SQL to write to a flat file!!

I'm trying to query information about a customer's salesrep, and append the results to a flat file. I'm a beginner, and the following pseudocode is the best I have so far. Any advice would be much appreciated.
Thanks in advance!!
Paul
CREATE OR REPLACE PROCEDURE paul IS
file_handle utl_file.file_type;
mgrname CHAR;
mgrphone CHAR;
mgrext CHAR;
BEGIN
utl_file.open('C:\WINNT\Profiles\pking\Desktop\outputfile.txt','w');
SELECT
name
,attribute7
,attribute8
INTO
mgrname
,mgrphone
,mgrext
FROM
ra_salesreps_all
rem WHERE
rem X-X-X-X-X
rem
rem EXCEPTION
rem WHEN no_data_found THEN
rem NULL;
utl_file.putf(file_handle, mgrname, mgrphone, mgrext);
utl_file.fclose(file_handle);
END paul;
null

Below is a simple one....
Procedure WRITE2FILE
id_h in integer,
matter in varchar2 default null
IS
v_FileHandle utl_file.file_type;
root_dir varchar2(200);
file_h varchar2(100);
BEGIN
file_h := 'msg_'| |id_h| |'.txt'; -- you can give dynamic file name
root_dir := 'unix_or_nt/home/file_dir';
v_FileHandle := utl_file.fopen(root_dir,file_h,'w');
if matter is not null then
utl_file.put_line(v_FileHandle,'Additional Information');
utl_file.put_line(v_FileHandle,'------------------------------------------------------------------');
utl_file.put(v_FileHandle,matter);
utl_file.new_line(v_FileHandle,1);
utl_file.put_line(v_FileHandle,'------------------------------------------------------------------');
else
utl_file.put(v_FileHandle,matter);
end if;
utl_file.fflush(v_FileHandle);
utl_file.fclose_all();
exception
when utl_file.invalid_path then
DBMS_OUTPUT.PUT_LINE('Invalid path:');
when utl_file.invalid_mode then
DBMS_OUTPUT.PUT_LINE('invalid_mode');
when utl_file.invalid_filehandle then
DBMS_OUTPUT.PUT_LINE('invalid_filehandle');
when utl_file.invalid_operation then
DBMS_OUTPUT.PUT_LINE('Invalid_operation. ');
DBMS_OUTPUT.PUT_LINE('The File is not available.');
when utl_file.read_error then
DBMS_OUTPUT.PUT_LINE('read_error');
when utl_file.write_error then
DBMS_OUTPUT.PUT_LINE('write_error');
when utl_file.internal_error then
DBMS_OUTPUT.PUT_LINE('internal_error');
when others then
DBMS_OUTPUT.PUT_LINE(4, 'A problem was encountered while writing the document.');
end ;
Calling procedure>>>>>>>>>
execute write2file(100,'Prints the matter in here.');
will result in a file with name msg_100.txt and the contents of the file will be...
Additional Information
Prints the matter in here.
1)Make sure the directory has write permissions
2)Initialization parameter UTL_FILE = 'unix_or_nt/home/file_dir' on database server. If not, then put this in init.ora (ask your DBA) and restart the db.
3)check the syntax for the '/' and '\' depending on your OS
null

How to allow users to upload a flat file to BW

Hi All,
For a planning application I would like to permit our users to upload a flat file on their local desktop to the infopackage and execute the load.
We would like to empower the users to prepare and upload their flat files into BW from their desktop without asking for BW support.
Please let me know if any of you have followed this approach.
Thanks
Karen

Hi,
The possible steps..
1. Create a small program and then give
Selection Screen:
FIle name : -
Note: Ask users give always same file name i.e. xyz.csv
Once user will give file name and execute it then file will save in Application Server (You fix the path like /usr/sap/BI1/DVEBMGS00/work, you create seperate folder in Application server)
2. Create a small Program with is using Events..
REPORT ZTEST_EV.
DATA: EVENTID LIKE TBTCJOB-EVENTID.
DATA: EVENTPARM LIKE TBTCJOB-EVENTPARM.
      EVENTID = 'ZEVENT1'.
      EVENTPARM = 'ZEVENTPARAM'.
CALL FUNCTION 'RSSM_EVENT_RAISE'
          EXPORTING
            I_EVENTID                         = EVENTID
            I_EVENTPARM                  = EVENTPARM
          EXCEPTIONS
           BAD_EVENTID                            = 1
           EVENTID_DOES_NOT_EXIST       = 2
           EVENTID_MISSING                     = 3
           RAISE_FAILED                           = 4
           OTHERS                                    = 5
        IF SY-SUBRC <> 0.
                 MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
                 WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
        ENDIF.
3. Once user will upload the file in Step 1, then he need to run this Program,.
4. You craetea Process Chain using this Event, then once User will run this program then the Data Loads will happen through Process Chain.
Note: Eventhough this is lengthy process, it is protected 100%, because we are not giving any access to User, we just given reports/programs to execute.
Thanks
Reddy
Thanks
Reddy

Flat file connection: The file name "\server\share\path\file.txt" specified in the connection was not valid

I'm trying to execute a SSIS package via SQL agent with a flat file source - however it fails with Code: 0xC001401E The file name "\server\share\path\file.txt" specified in the connection was not valid.
It appears that the problem is with the rights of the user that's running the package (it's a proxy account). If I use a higher-privelege account (domain admin) to run the package it completes successfully. But this is not a long-term solution, and I can't
see a reason why the user doesn't have rights to the file. The effective permissions of the file and parent folder both give the user full control. The user has full control over the share as well. The user can access the file (copy, etc) outside the SSIS
package.
Running the package manually via DTExec gives me the same error - I've tried 32 and 64bit versions with the same result. But running as a domain admin works correctly every time.
I feel like I've been beating my head against a brick wall on this one... Is there some sort of magic permissions, file or otherwise, that are required to use a flat file target in an SSIS package?

Hi Rossco150,
I have tried to reproduce the issue in my test environment (Windows Server 2012 R2 + SQL Server 2008 R2), however, everything goes well with the permission settings as you mentioned. In my test, the permissions of the folders are set as follows:
\\ServerName\Temp --- Read
\\ServerName\Temp\Source --- No access
\\ServerName\Temp\Source\Flat Files --- Full control
I suspect that your permission settings on the folders are not absolutely as you said above. Could you double check the permission settings on each level of the folder hierarchy? In addition, check the “Execute as user” information from job history to make
sure the job was running in the proxy security context indeed. Which version of SSIS are you using? If possible, I suggest that you install the latest Service Pack for you SQL Server or even install the latest CU patch.
Regards,
Mike Yin
If you have any feedback on our support, please click
here
Mike Yin
TechNet Community Support

Error in Performing Flat-File Reconciliation

Hi All,
I was trying perform flat file reconcilation using the GTC Connector. The format of my flat file (PPSLocal.txt) is like this:
Account Name|Full Name|Domain|Last Logon Timestamp|Description|GUID|Mail|Employee ID|First Name|Last Name
PPS\SophosSAUPPS010|SophosSAUPPS010|PPS.LOCAL||Used for download of Sophos updates|EED86D86-750C-404A-9326-044A4DB07477||||
PPS\GBPPL-SI08$|GBPPL-SI08$|PPS.LOCAL|||79677F4D-8959-493E-9CF9-CDDDB175E40B||||
PPS\S6Services|Series 6 Services Account|PPS.LOCAL||Series 6 Services Account|B4F41EE2-6744-4064-95F6-74E017D0B9AF||||
I created a GTC Connector "OtherDomain" specified all the configuration;
Staging Directory (Parent identity data) /home/GTC
Archiving Directory /home/GTC/archive
File Prefix PPS
Specified Delimiter |
File Encoding UTF8
Source Date Format yyyy/MM/dd hh:mm:ss z
Reconcile Deletion of Multivalued Attribute Data check box unchecked
Reconciliation Type Full
After that i performed the connector configuration mapping and ran the respective schedule task which displayed the following error message on console:
Class/Medthod: SharedDriveReconTransportProvider/getFirstPage - Before calling: getAllData
*DEBUG,20 Aug 2009 09:08:49,202,[XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT],Class/Method: SharedDriveReconTransportProvider/getAllData entered.*
*DEBUG,20 Aug 2009 09:08:49,202,[XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT],Class/Method: SharedDriveReconTransportProvider/getReconFileList entered.*
*DEBUG,20 Aug 2009 09:08:49,202,[XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT],Class/Method: SharedDriveReconTransportProvider.EndsWithFilter/accept entered.*
*INFO,20 Aug 2009 09:08:49,202,[XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT],Staging dir -->/home/GTC*
*INFO,20 Aug 2009 09:08:49,202,[XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT],Number of files available -->0*
*DEBUG,20 Aug 2009 09:08:49,202,[XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT],Class/Method: SharedDriveReconTransportProvider/getReconFileList left.*
*ERROR,20 Aug 2009 09:08:49,202,[XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT],Problem encountered in reconciling the first page of data*
com.thortech.xl.gc.exception.ReconciliationTransportException: No Parent files in staging directory or necassary access(READ) permissions are missing
*     at com.thortech.xl.gc.impl.recon.SharedDriveReconTransportProvider.getAllData(Unknown Source)*
*     at com.thortech.xl.gc.impl.recon.SharedDriveReconTransportProvider.getFirstPage(Unknown Source)*
*     at com.thortech.xl.gc.runtime.GCScheduleTask.execute(Unknown Source)*
*     at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.run(Unknown Source)*
*     at com.thortech.xl.scheduler.core.quartz.QuartzWrapper$TaskExecutionAction.run(Unknown Source)*
*     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)*
*     at weblogic.security.service.SecurityManager.runAs(Unknown Source)*
*     at weblogic.security.Security.runAs(Security.java:41)*
*     at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)*
*     at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown Source)*
*     at org.quartz.core.JobRunShell.run(JobRunShell.java:178)*
*     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:477)*
*ERROR,20 Aug 2009 09:08:49,202,[XELLERATE.GC.FRAMEWORKRECONCILIATION],Reconciliation Encountered error:*
com.thortech.xl.gc.exception.ProviderException: No Parent files in staging directory or necassary access(READ) permissions are missing
*     at com.thortech.xl.gc.impl.recon.SharedDriveReconTransportProvider.getFirstPage(Unknown Source)*
*     at com.thortech.xl.gc.runtime.GCScheduleTask.execute(Unknown Source)*
*     at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.run(Unknown Source)*
*     at com.thortech.xl.scheduler.core.quartz.QuartzWrapper$TaskExecutionAction.run(Unknown Source)*
*     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)*
*     at weblogic.security.service.SecurityManager.runAs(Unknown Source)*
*     at weblogic.security.Security.runAs(Security.java:41)*
*     at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)*
*     at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown Source)*
*     at org.quartz.core.JobRunShell.run(JobRunShell.java:178)*
*     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:477)*
Caused by: com.thortech.xl.gc.exception.ReconciliationTransportException: No Parent files in staging directory or necassary access(READ) permissions are missing
*     at com.thortech.xl.gc.impl.recon.SharedDriveReconTransportProvider.getAllData(Unknown Source)*
*     ... 11 more*
*WARN,20 Aug 2009 09:08:49,203,[XELLERATE.GC.FRAMEWORKRECONCILIATION],Though Reconciliation Scheduled task has encountered an error, Reconciliation Transport providers have been "ended" smoothly. Any provider operation that occurs during that "end" or "clean-up" phase would have been executed e.g. Data archival. In case you want that data to be a part of next Reconciliation execution, restore it from Staging. Provider logs must be containing details about storage entities that would have been archived*
*DEBUG,20 Aug 2009 09:08:49,203,[XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT],Class/Method: SharedDriveReconTransportProvider/end entered.*
*DEBUG,20 Aug 2009 09:08:49,203,[XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT],Class/Medthod: SharedDriveReconTransportProvider/end - After calling: Re-setting instance variables*
*DEBUG,20 Aug 2009 09:08:49,203,[XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT],Class/Medthod: SharedDriveReconTransportProvider/end - After calling: Re-set over for instance variables*
*DEBUG,20 Aug 2009 09:08:49,203,[XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT],Class/Method: SharedDriveReconTransportProvider/end left.*
*DEBUG,20 Aug 2009 09:08:49,203,[XELLERATE.SCHEDULER.TASK],Class/Method: SchedulerBaseTask/run left.*
*DEBUG,20 Aug 2009 09:08:49,203,[XELLERATE.SCHEDULER.TASK],Class/Method: SchedulerBaseTask/isSuccess entered.*
*DEBUG,20 Aug 2009 09:08:49,203,[XELLERATE.SCHEDULER.TASK],Class/Method: SchedulerBaseTask/isSuccess left.*
*DEBUG,20 Aug 2009 09:08:49,203,[XELLERATE.SERVER],Class/Method: SchedulerTaskLocater /removeLocalTask entered.*
*DEBUG,20 Aug 2009 09:08:49,203,[XELLERATE.SERVER],Class/Method: SchedulerTaskLocater /removeLocalTask left.*
*DEBUG,20 Aug 2009 09:08:49,203,[XELLERATE.SERVER],Class/Method: QuartzWrapper/updateStatusToInactive entered.*
*DEBUG,20 Aug 2009 09:08:49,207,[XELLERATE.SERVER],Class/Method: QuartzWrapper/updateStatusToInactive left.*
*DEBUG,20 Aug 2009 09:08:49,207,[XELLERATE.SERVER],Class/Method: QuartzWrapper/updateTaskHistory entered.*
*DEBUG,20 Aug 2009 09:08:49,208,[XELLERATE.SERVER],Class/Method: QuartzWrapper/updateTaskHistory left.*
*DEBUG,20 Aug 2009 09:08:49,209,[XELLERATE.SERVER],Clearing Security Associations with thread executing Scheduled task*
*DEBUG,20 Aug 2009 09:08:49,210,[XELLERATE.SERVER],Class/Method: QuartzWrapper/run left.*
*DEBUG,20 Aug 2009 09:08:49,210,[XELLERATE.SERVER],Class/Method: QuartzWrapper/execute left.*
However, to my amazement, the reconciliation event for all the user are getting created in OIM Design console;
I have tried changing the directory /home/GTC permission to 777 also but it didnt help.
If anyone has any clue on this, kindly help.
Cheers,
Sunny

AS you are saying that fiel is there.
Can you please tell me how your recon sch task is running, I mean to say at what interval or once or daily ?
If you are putting your file in parent form it is going to archive after recon. that';s correct and your recon manager is getting users that is also correct it means your recon si working fine.
Now to run this recon second time you have to put one more fiel with new records or updated records in the parent dir otherwise it shows error.
For me it is not showing any error.
As user774847 is saying that it is known issue, i can't comment on this as I am not getting this error. I get this error only when i don't put any flat file in parent dir and i run the sch task.
Just put new file or updated one for each time you run the SCh Task and make the SCh Task ONCE or Daily.
Let me know if errors are still coming

Permissions issues - Adobe CC programs

Hi,
I have been having continuous problems with the new Adobe CC programs, and after many times of running Adobe's cleaner tools, reinstalling and following the suggestions laid out by Adobe and the forums with no success - I am am going to try here.
I believe this to be an OS issue, not an Adobe one.
Photoshop - hanging after it opens and you try to use it. For awhile, it stops responding then just starts working.
AfterEffects hangs during open (apparently a support doc for this alone) - then opens after about 5 minutes.
And Premiere just won't flat open.
Now - according to Adobe I should "enable TCP between software". And, then there is the repair permissions and such for folders, files, etc.
So - other than Disk Utility > Repair Permissions, is there a step I could be missing?
And how does one enable TCP communication between software? Even when I access it all locally and have the firewall off?
I am at a loss for what to do.
Thanks...
Scott

What is your exact brand/model graphics adapter (ATI or nVidia or ???)
What is your exact graphics adapter driver version?
Have you gone to the vendor web site to check for a newer driver?
For Windows, do NOT rely on Windows Update to have current driver information
-you need to go direct to the vendor web site and check updates for yourself
ATI Driver Autodetect http://support.amd.com/en-us/download/auto-detect-tool
nVidia Driver Downloads http://www.nvidia.com/Download/index.aspx?lang=en-us
Do you have dual graphics adapters?
Go to the Windows Control Panel and select Hardware and Sound and then select Device Manager... In Device manager you click the + sign to the left of Display Adapters... and see if 2 are listed
IF YES, read below
-http://helpx.adobe.com/premiere-pro/kb/error---preludevideo-play-modules.html
-http://forums.adobe.com/thread/1001579
-Use BIOS http://forums.adobe.com/thread/1019004?tstart=0
-link to why http://forums.adobe.com/message/4685328
-http://www.anandtech.com/show/4839/mobile-gpu-faceoff-amd-dynamic-switchable-graphics-vs-n vidia-optimus-technology/2

MAPPING USING FLAT FILE SOURCE MODULE

I created a mapping using a flat file as source and a dimension as target, I've already configure both modules and their locations.
When I try to deploy this mapping in the deploy manager, it generates the script for the control file and when I hit the deploy button it says that the deploy was succesfull, but I really don�t know what it did.
Does it put the file in my target schema?, what do I suposs to do next?

Hi,
So,i don't have to manually run the sql loader from the command prompt???
All i have to do is Execute the map normally from the deployment manager and it will load the .ctl file itself.Ok great,i did so but i got the following error:
Starting Execution BM_DEBIT_CARDS_DAT_MAP
Starting Task BM_DEBIT_CARDS_DAT_MAP
C:\Documents and Settings\CORAL 2000\Desktop\Flat filesBM_DEBIT_CARDS_DAT_MAP.ctl (The file access permissions do not allow the specified action.)
RPE-01008: Recovery of this request is in progress.
RPE-01009: Completion of this task could not be completed due to an earlier system failure.
Completing Task BM_DEBIT_CARDS_DAT_MAP
Completing Execution BM_DEBIT_CARDS_DAT_MAP
So are there any permissions i should grant or what?
Dina Nagia

Flat heirarchy permissions

Similar Messages

Maybe you are looking for