Grant access to individual content

Similar Messages

• Grant access to application

  Hi All,
  I am working with Olite 10gR2;
  I created and deployed my application with data subsetting parameter using wtgpack; I published the application successfully.
  I then created a group and granted access to my application to the group.
  I created user's and added the users to the group. This worked fine last week in dev and I was able to add all 90 users to the group.
  Problem: I was able to add two users now; when I tried adding a third user I got this error message -
  "Error in executing " Save application ":oracle.lite.web.resource.ResourceException: CONS-10049: Consolidator Exception: Closed Statement "
  When I tried granting access to my application, to individual users as an alternative to adding users to group with access to the application, I get this error;
  Error Message: "Virtual Path Is Null"
  I will appreciate any solution on this error message. I need to be able to add more users to the group.
  Thanks for your time.

  I created a servlet filter for faces-servlet
  Don't map filter to servlet.
  Use URL mapping, something like:
    <filter-mapping>
      <filter-name>YourFilter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
  Also have a question about ReadOnlySQLAuthenticator. Mentioning sensitive queries like query to get the password of the user from the table etc, is it secure? will it lead to any type of security threat like if a user get access to console and get the query etc?
  Your sql queries shouldn't be 'sensitive'
  Best practice is to store secure hash(for example: SHA1 or better) instead of encrypted password.
  (ReadOnly)SQLAuthenticator can use encrypted passwords or secure hash(check Provider Specific Configuration). To make this to work, you will need to create secure hash and append {ALGORITHM_TYPE} to begin of hash.
  For example: {SHA1}asdsijifndfbj=
  And of course, you need to protect your WLS admin console(and enterprise manager, if deployed).
  Use strong admin password and restrict access to console url (if possible).
  Dario

• !!Still unresolved error #2123: BitmapData.draw(), videosampleaccess, No policy files granted access

  Hello,
  I have looked all over the forums, google etc. and not found any reliable and working solution to be able to retrieve the stream bitmapdata from RTMP  or HTTPDynamicStreaming source. Please find the details below.
  I have tried everything:
  NetStream.checkPolicyFile = true
  Security.loadPolicyFile(...);
  /applications/live/main.asc has the code below:
  application.onConnect = function( client )
      client.videoSampleAccess = "/";
      this.acceptConnection(client) ;
  The Application.xml has the tag:
  <Client>
       <access>
            <VideoSampleAccess enabled="true">/</VideoSampleAccess>
       </access>
  </Client>
  But constantly, I receive this error ( both on FMS3.5 and FMS4.0 RTMP & HttpLiveDynamicStreaming):
  securityerror:Error #2123: Security sandbox violation: BitmapData.draw: http://localhost/xxyy.swf cannot access rtmpt://localhost:1935/live. No policy files granted access.
  The problem persists wherever the player.swf is placed.
  Since I'm using OSMF the video display object had to be retrieved in the way like this:
  var mediaDisplayObjectTrait:DisplayObjectTrait;
  mediaDisplayObjectTrait = media.getTrait(MediaTraitType.DISPLAY_OBJECT) as DisplayObjectTrait;
  v = new Video(mediaDisplayObjectTrait.mediaWidth,mediaDisplayObjectTrait.mediaHeight);
  loadable.netStream.checkPolicyFile = true;
  v.attachNetStream(loadable.netStream);
  The new Video part is a must because when using ( the only working http - vod setup ) the BitmapData of the DisplayObject defaults to 320x240 even though the mediaWidth and mediaHeight properties are set fine and the video itself has much higher resolution. I must note at this point its far weird and worths another post.
  Seems like the player simply doesn't know anything about where and how to obtain any kind of policy information from the stream.
  I think this issue must be resolved once and for all, it's simply not acceptable to have this poor documentation floating around an essential feature without any professional help involved.

  You don't need crossdomain policy files, you need to do the following;
  1)      Edit the Application.xml file in the host folder, within install directory/conf/... , edit the client tag, adding the attribute override=”yes”
  <Client override=”yes”>
  In a default install of Flash Media Server, the Client class is set to prevent overriding values in the application folder. This was why the settings we were trying were not holding.
  We do not need to alter anything else of the conf Application.xml
  2)      Add the client/access nodes to the root Application.xml within the content folder  ( we have already done this as far as I am aware ).
  <Application>
    <Client>
     <Access>
      <VideoSampleAccess enabled="true">/</VideoSampleAccess>
      <AudioSampleAccess enabled="true">/</AudioSampleAccess>
     </Access>
    </Client>
  </Application>
  3)      Restart the Media Server by using the administration console. This will enable the client>access values to be overridden to true.

• FBA Not granting access to AD group users

  In my FBA setting, individual user can be granted access to sharepoint site and works fine. It is able to resolve AD group but any user within that AD group is not able to get access to the sharepoint site. Same user when added directly gets access. Since
  these AD groups have more than 2000 users it is not possible to add them individually. Is there anyway of doing it? 
  i followed this approach but it did not work.
  http://social.technet.microsoft.com/Forums/office/en-US/9592df6b-d789-49c0-b1ec-142828cdadc8/fba-ldap-domain-group-members-getting-access-denied?forum=sharepointadminlegacy
  sachin

  Ok complete answer is in the link http://social.technet.microsoft.com/Forums/office/en-US/9592df6b-d789-49c0-b1ec-142828cdadc8/fba-ldap-domain-group-members-getting-access-denied?forum=sharepointadminlegacy.
  I did not do something right in the first time .
  After editing role provider and adding the italic lines: 
  <add name="AccountRole"
                    type="Microsoft.Office.Server.Security.LdapRoleProvider,
  Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                    server="server"
                    port="389"
                    useSSL="false"
                    enableSearchMethods="true" 
                    groupContainer="DC=$$,DC=@@,DC=!!"
                    groupNameAttribute="cn"
                    groupNameAlternateSearchAttribute="cn"
                    groupMemberAttribute="member"
                    userNameAttribute="sAMAccountName"
                    dnAttribute="distinguishedName"
                    useUserDNAttribute="true"
                    connectionUsername="username" 
                    connectionPassword="password"
                    userFilter="&amp;(objectClass=user)(objectCategory=person)"
                    groupFilter="&amp;(objectCategory=Group)(objectClass=group)"
                    userContainer="DC=$$,DC=@@,DC=!!"
                      scope="Subtree"
  />
  Then following these steps:
  If
  you add the group in the site, you must make sure it was retrieved from the Role provided (LdapRoleProvider in your issue), but not the membership provider (LDAP in your issue)
  Things
  have started working now.
  sachin

• Grant access based on application type?

  Hi,
  Is there a way to grant access to just some of the application types attached to a DIR? I would like to limit the users to open the CAD files but they should be able to open the PDF files attached. The idea is to create the PDF file automatically out of the CAD file so I canu2019t put them in different DIRs because that would involve manual work.
  Kind regards,
  Kristoffer Pehrson

  Hi Kristoffer,
  from my point of view maybe the authorization trace could help to find a suitable authorization object for creating your checks. More information on this authorization trace could be found under http://wiki.sdn.sap.com/wiki/display/PLM/AuthorizationTraceintransactionST01
  Useful information on each DMS authorization object can be found under http://wiki.sdn.sap.com/wiki/display/PLM/AuthorizationObjectsin+DMS.
  If no standard authorization object could be useful maybe you can use a BADI like DOCUMENT_AUTH01 or DOCUMENT_MAIN01 to implement an individual check for the application type and so restrict some users to view special applications.
  Best regards,
  Christoph

• Granting Access in custom portlets

  Hi,
  I'm deploing some portlets using PLSQL. Those portlets work's fine. Now i want to grant restricted access to this portlets. The best i can do is function is_runnable return false to users that i don't want to show my portlet.
  Example:
  if wwctx_api.get_userid!= 'PORTAL30' then return false;
  else return true;
  end if;
  Can i use portal funcionality of grant access to, by example applications components or pages or content areas to restric access to my portlets ?
  Thanks
  Pedro Ribeiro

  I realize that this is an old thread, but on the chance there are others like me looking into how to restrict access to custom porlets, I thought I would venture a reply.
  I looked at the current online docs for for Portal Security Services. If you have a need to get down in the weeds these docs will show you what you need to know. But there is a very SIMPLE way to restrict access to your new portlet.
  After you have your new PL/SQL or JAVA porlet in place, just create a new Portal Page using the wizard. Make it a plain page, no banner. Add your custom portlet to the new page. Then PUBLISH THIS NEW PAGE AS A PORTLET. Instead of adding your original portlet to other pages, add this "wrapper page" instead. You can use the grant access tab for the wrapper page to restrict access of the portlet to specific users and groups.
  pmw

• Wwsbr_api.add_folder and grant access/

  I created a folder with the API
  wwsbr_api.add_folder, which worked fine.
  Now i want to grant VIEW access to a specific user for that folder, using an API. I used:
  wwsec_api.set_user_acl
  (p_person_id=>v_personid
  ,p_object_type_name=>'FOLDER'
  ,p_name => 'STOREMANAGER2'
  ,p_privilege=>'VIEW'
  But it didn't help. The user can still not see this folder? Any suggestions?
  Thanks,
  Anja
  null

  Jerry,
  sorry for replying so late, but i can read my email only at the hotel in the evening.
  Thanks for the script, but it didn't help.
  Here is more information:
  Running
  Declare
  c Varchar2(100);
  Begin
  c := wwsec_api.get_granted_user_privilege
  p_user_id =>10,
  p_object_type_name=>'FOLDER',
  p_name=>'2227'
  dbms_output.put_line(c);
  End;
  for my specific user, it returns VIEW:
  SQL> @getgranteduserpriv.sql
  VIEW
  PL/SQL procedure successfully completed.
  However, if i navigate through the UI with
  another user that has admin privileges:
  - i click Edit Folder
  - Administration
  - Folder (Edit Content Area)
  - Access tab
  Here i don't see my user "10" in the ACCESS list.
  I do see another user "7" which has VIEW privileges. That's what the UI shows.
  However, if i run wwsec_api.get_granted_user_privilege for user "7" i don't get anything back.
  Am i using the right API?
  Is wwsec_api.set_user_acl
  matching the UI's GRANT ACCESS/CHANGE ACCESS interface?
  Thanks for you help,
  Anja
  null

• Sql server grants access to specific login to database.

  i have created website for intranet and hosted it on server. for that i needed to create login "IIS APPPOOL\hi" in sql server 2008 for my application
  to access my "reportdb" database. "IIS APPPOOL\hi" has sysadmin and public server roles in sql server 2008. And i have default login"sa" same
  as "IIS APPPOOL\hi". these are working correctly. Now I want these two logins to access"reportdb" for all
  operations in database and remaining all logins should be denied to access"reportdb". My Sql Server 2008 is having mixed mode (windows authentication and Sql authentication). plz help me

  I think what Tauseef is requesting is to keep access for the 2 sysadmins & deny access to everyone else, correct?
  As Uri mentioned, by being part of sysadmin role, “IIS APPPOOL\hi” & “sa” would have access to everything in the server, and nobody else should have access to the DB unless explicitly being granted access.
  If you would really deny anyone else access to the database, you can potentially deny connect to public, and only sysadmins (who override permissions) would be able to connect; although I would strongly recommend against such practice.
  Something else I would like to recommend against is the usage of sysadmin for what may not be a DBA role (IIS appPool). Following the least-privilege principle, I would recommend having a non-administrator user for applications that has enough capabilities
  to perform the tasks needed.
  The main risk is that a SQL injection (SQLi) bug in your application would lead to a complete compromise of your SQL server.
  If there are app tasks that would require elevated permissions, I would recommend encapsulating the logic in a stored procedure and either use impersonation or digital signatures to accomplish a controlled elevation of privileges instead. If you have any
  question on this topic I will be glad to assist.
  I hope this information helps,
  -Raul Garcia
   SQL Server Security
  This posting is provided "AS IS" with no warranties, and confers no rights.

• Update to IOS 6 has been a nightmare. Facebook would allow me to save pictures unless I granted access to my foto album. Does this mean my pictures are going be planted all over the web? The safari keeps crashing and loading is slow.

  update to IOS 6 has been a nightmare. Facebook would allow me to save pictures unless I granted access to my foto album. Does this mean my pictures are going be planted all over the web? The safari keeps crashing and loading is slow. Most infuriating is that YouTube was deleted from my entertainment apps and I now have to pay for it if I want it back!! This is a bloody disgrace.

  Back up all data.
  Boot into Recovery by holding down the key combination command-R at the startup chime. Release the keys when you see a gray screen with a spinning dial.
  Note: You need an always-on Ethernet or Wi-Fi connection to the Internet to use Recovery. It won’t work with USB or PPPoE modems, or with proxy servers, or with networks that require a certificate for authentication.
  When the OS X Utilities screen appears, follow the prompts to reinstall the OS. You don't need to erase the boot volume, and you won't need your backup unless something goes wrong. If your Mac was upgraded from an older version of OS X, you’ll need the Apple ID and password you used to upgrade, so make a note of those before you begin.

• How do I access my iCloud content? Specifically movies purchased in itunes.

  How do I access my iCloud content? Specifically movies purchased in itunes. I have multiple Apple devices, one itunes account, one cloud...purchased upgraded storage. The iCloud page on Apple website states that movies purchased in itumes are automatically transferred to the cloud. I can't find the movies unless I sync my devices via a cord. I am interested in purchasing Apple TV but want to make sure I will be able to access movies purchased.

  Movies are not stored in icloud.  They are on the cloud - yes, but what Apple means,  is that you can redownload the movies via the iTunes Store, where all movies are stored (the itunes cloud).

• How do i access my icloud contents

  i just got mu iphone 5 & synce it thru the icloud but all my apps n contact didnt come through. So i then synced it to itunes on the comuter & al my apps are gone!! any ideas?
  also how do i access my icloud contents so that i can delte some apps from there to free storage

  I checked iCloud>manage
  This revealed backup 668 MB and mail 17.1Mb
  I was invited to purchase more space but when I tried told this not possible. Where has the 50 gig gone.
  David T

• My computer was formatted but I need to access my old content on my itunes backups. Is there any way I can acquire these iTunes backup files ever again?

  My computer was formatted but I need to access my old content on my itunes backups. Is there any way I can acquire these iTunes backup files ever again?
  I tried recovery software but had no luck!

  You reformatted the drive in your computer. The backup files you want to access were overwritten when you re-formatted the drive. They are gone. There may be data recovery services that can get them back. Search google if you want. This has absolutely nothing to do with using an iPhone at this point. You deleted files on your computer...

• Https access to Sap Content Server 620 with R/3 46C

  We are trying to access the Sap Content Server 620 via Https.
  We do not want to administer it via HTTPS, (as we know CSADMIN doesn't support Https in rel. 46C as for note 712332). We want to do in way that the users when do check-in/out of originals these go across the
  network using Https instead Http.
  According note 712330 it should be possible.
  Anyone already did it ?
  Any suggestions ?
  NOte 506314 is not clear. We are in doubt how we applyed it.
  What we did:
  0)activate the SSL on the Sap COntent Server Web Site, requiring and installing a CA certificate.
  1)On the R/3 server in tx OAC0 with %HTTPS filled up the
  two boxes with "%HHTPS
  required"                                           
  1)unpacked the Sap criptolibrary and copied all the files (including those in ntintel subdirectory created during the unpacking) under c:\Programmi\Sap\Frontend\Sapgui on a frontend PC.                                                                               
  2)set the env. variable SAPHTTP=c:\Programmi\Sap\Frontend\Sapgui on 
  Frontend PC                                                                               
  3) from c:\Programmi\Sap\Frontend\Sapgui we created both the SAPSSLC.pse and the SAPSSLS.pse file with the command  :            
  3) from c:\Programmi\Sap\Frontend\Sapgui we created both the          
  SAPSSLC.pse and the SAPSSLS.pse file with the command  :              
  sapgenpse get_pse -noreq -p C:\Programmi\SAP\FrontEnd\SAPgui\<PSE-NAME>
  CN=localhost                                                                               
  4) we run the test: saphttp https://itmif069
  from the frontend to the server where the Content Server is (itmif069). We recive the error:
  trc file: "dev_http", trc level: 2, release: "620"
  Fri Oct 08 12:26:46 2004
  [2256] sccsid: @(#) $Id: //bas/620/src/krn/ftp/http.c#26 $ SAP
  [2256] HTTP Start : argc - 2 a0 - saphttp
  [2256] https//itmif069
  [2256] SECUDIR=C:\Programmi\SAP\FrontEnd\SAPgui
  <<- SapSSLSetTraceFile()==SAP_O_K
  =================================================
  = SSL Initialization
    SapISSLComposeFilename(ssl_lib): using default "sapcrypto.dll"
    SapISSLComposeFilename(server_pse): using default "SAPSSLS.pse"
    SapISSLComposeFilename(client_pse): using default "SAPSSLC.pse"
    SapISSLComposeFilename(anon_pse): using default "SAPSSLA.pse"
  = found SAPCRYPTOLIB  5.5.5C pl16  (Jun 10 2004) MT-safe
  = found SECUDIR environment variable
  = using SECUDIR=C:\Programmi\SAP\FrontEnd\SAPgui
  =  secudessl_Create_SSL_CTX():  PSE "SAPSSLA.pse" not found,
  =      using PSE "SAPSSLC.pse" as fallback
  = The Server SSL_CTX
  =    provides this ordered list of 9 ciphersuites:
  =       1.  SSL_RSA_WITH_RC4_128_SHA
  =       2.  SSL_RSA_WITH_RC4_128_MD5
  =       3.  SSL_RSA_WITH_3DES_EDE_CBC_SHA
  =       4.  SSL_RSA_WITH_DES_CBC_SHA
  =       5.  SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
  =       6.  SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  =       7.  SSL_RSA_EXPORT_WITH_RC4_40_MD5
  =       8.  SSL_RSA_WITH_NULL_SHA
  =       9.  SSL_RSA_WITH_NULL_MD5
  = Success -- SapCryptoLib SSL ready!
  =================================================
  <<- SapSSLInit(, read_profile=0)==SAP_O_K
  ERROR => [2256] URI https//itmif069 [http.c       774]
  ERROR => [2256] Connect to Host  Port 443 error: NIECONN_REFUSED
  [http.c       777]
  We do not know if the criptolibrary ha to be instyalled to the R/3 server to.
  We do not know if the CA certificate instalelled on the Sap COntent Server web site has to be installed on the R/3 server too.
  Any suggestion ?
  Regards

  Caro Mauro,
  I'm more or less in the same situation right now.
  Taking into account that you ask for help on this subject last 2004 Oct. I suppose that you have probably solved the problem.
  Please can you help me with the solution implemented.
  Find below my current work e-mail adress
  [email protected]
  Thanks in advance,
  Best regards, Xavier Grau.

• Grant access to all the views created in user schema to another schema

  How to grant access for all the views created in own HAGGIS schema to comqdhb schema on the HAGGIS database.
  Oracle Grant Privileges
  ===============
  Object privileges assign the right to perform a particular operation on a specific object
  I read that we can use select 'grant select on' ||view_name||'HAGGIS' user_views where owner='COMQDHB'
  Is this right
  Oracle System Privileges
  ===============
  System privileges should be used in only cases where security isnt important,because a single grant statement could remove all security from the table
  Role based security
  ============
  Role security allows you to gather related grants into a collection-since the role is a predefined collection of privileges that are grouped together.privileges are easier to assign to users.
  [http://www.dba-oracle.com/art_builder_grant_sec.htm]
  can we grant select update to all the views at a time to the other schema.
  Are there any other ways to secure the data other than creating users and assigning roles.
  Thank you
  Edited by: Trooper on Dec 23, 2008 9:24 AM

  I think what was suggested was that you use SQL to generate the grants on each and every view, that is, you use SQL to generate SQL where the SQL being generated is "grant select on view_name to role'"
  If you users to connect to Oracle you have to create usernames for them though if the users only connect via an application the application might run just as one user and access to the application is controled via application security. The control on the application can be via Directory Services such as OID or MS Active Directory. User access to Oracle can also be controlled via OID.
  To connect to Oracle you can use OS authenication (not recommended), usernames with passwords, or via Advanced Security Option which supports single sign-on products like Kebros or Oracle Internet Directory etc....
  Example using SQL to generate SQL
  How do I find out which users have the rights, or privileges, to access a given object ?
  http://www.jlcomp.demon.co.uk/faq/privileges.html
  HTH -- Mark D Powell --

• Syncing behaviour/direction of individual content type in iTunes

  Hi fellows. I wish to clarify my understanding of how iTunes sync (overwrite) the individual content type on an iPod. The scenario is: when I sync an iPod with another new library, typically we will be prompted with the warning message, "+this iPod is currently synced with another library. If you choose to sync it with this library, all the existing content will be replaced with the content on this library+" (or some similar warning). My doubts are as follows:
  Qn1. Am I right to say that, even if I click "okay" to that warning message above, the actual "replacing" +doesn't start immediately+ as iTunes will wait for the user to select what subset of content he wants, & more importantly, for the user to click the "sync" button (near the bottom right of iTunes) before the actual erasing and replacing begins?
  Qn2. Does iTunes treat each content type as separate libraries, i.e. in the context of "approving" iTunes's demand to overwrite the existing content on the iPod with content from iTunes own, current library, if the "sync" checkbox on the other content type's tab is unchecked, will that existing content type stored on the iPod be excluded from the erasing and replacing?
  I understand this may be very confusing, so allow me to illustrate my question with a specific example:
  http://img.photobucket.com/albums/v489/ralliart12/blog180610/iTunes%20library%20revisit/initially_unchked_for_unpairedipod.png
  If I choose to sync music from the current iTunes library to an iPod that was previously synced with another library, and I approved iTunes to go ahead and replace the existing music on the iPod with the music from the iTunes library but I have the "Sync Apps" checkbox unchecked, will the apps +on the iPod+ be wiped? Similarly, if the "sync movies" checkbox on the Movie tab is unchecked, will the movies on the iPod be wiped when I allow iTunes to replace the music library on the iPod with the songs from iTunes?
  Qn2a. If iTunes treat syncing each content type libraries on their own, are music and movies treated as one library?
  Qn2b. What determines the initial "checked/unchecked" status of each of those check-boxes in the diagram above when an iPod that is synced with another library, is connected to iTunes for the first time?
  In fact (this paragraph is not a qn; just a comment) I find the manner in which this is handled in iTunes to be inelegant. E.g. suppose in the context of qn2 iTunes treat all content type libraries as one unified library, and once I give iTunes the permission to erase the songs on the iPod with the songs from its current library but say I don't wanna replace the apps on the iPod with the apps from this iTunes library; neither do I wish to replace the podcasts on the iPod with the podcasts on this iTunes library. I can goto the "Apps" tab and uncheck "Sync Apps", but I could not goto the "Podcasts" tab and uncheck "Sync podcasts" without committing/applying the updated aps syncing conditions first. So if the "Sync podcasts" checkbox was checked for some reason, the podcatss on the iPod will be replaced with podcasts from the iTunes library without my "permission".
  For those who are veterans with this sync-ing behaviour stuff, I sincerely hope to gain some insight as to how iTunes behaves (in these contexts above). Thanks n advance.

  I'm going to duck out of giving you a definitive answer on the grounds that I don't really know and I don't have the resources or time to check the details. However I may still have something to offer. As you've observed the process is more than a little obscure, but the safest option is to assume that if you attempt to move your device from syncing with one library to syncing with another you will lose all the existing media content on the device.
  The exact details will ultimately depend on the type of device. For example, while many can be *manually managed* with more than one library the iPhone (and I think the Shuffle) can only take content from one library even in this mode. More particularly when you manually add content to an iPhone every file that you have on the device will be compared with it's "original" in your library and if there isn't a matching file the one on the device will be removed. In contrast on a "synced" iPod Classic you could (not that it's a good idea) remove larger physical files such as movies once they've been synced to the device and, although iTunes might issue a warning, it will not remove the existing files as long as there are still coresponding entries in the library.
  With the exception of the transfer of purchased content all sync operations are strictly library to device. iTunes will have a good go at throwing away your data given half a chance. For this reason I strongly urge that you make backups of your library and media files and certainly never rely on the device to hold the only copy of any of your precious files.
  It's not clear why you want this information, but if you're determined to tease out the finer details then it shouldn't be too hard for you to create a number of small distinct test libraries and actually try it out for yourself. If the issue is that you simply want the freedom to update your device from more than one computer then this is perfectly feasible. Simply put your entire library on an external (preferably host powered) usb drive and take it with you. I take one further step and sync my library with my local drive at each end using SyncToy 2.1 so that I end up with 3 mutual backups for the same library, one at home, one at work, and the one I carry between them. I can open any of the three libraries on my PCs or connect the portable version to any computer running the same build of iTunes to update any of my devices without losing any content.
  tt2