Groups Authenticated users & Everyone difference

Hi Everyone,
There are builtin groups Authenticated users & Everyone.  when i check for some iviews, folders, their permissions are set to Everyone with enduser as checked and for some objects, the permissions are given as Authenticated users group with enduser as checked. 
What is the difference between these two.  All the ESS/MSS objects has given the permission as Authenticated users group with Enduser checked. 
anyone clarify this doubt.
Regards,
EP.

Hi,
There are two kinds of Properties for an Portal Content Object,
1. Administrator Permission- create/modify/read/ permissions etc privilatges on the object. These are Design Time Permissions
2. EndUser- When a user is assigned a end User Permission, he can view the content at runtime i.e. If the iView is assigned to the User (via iView assigned to a role, and role has an entry point and assigned to the user) and he has only the end user Permission, then he can login and view the runtime content only. A kind of end user privilage.
Now,
1. Authenticated Users: the Users who have entered their logon info/ used a certificate to Login to the Portal/ to say users who have authenticated themselves to Portal  are the Authenticated Users. The User Group is named so.
2. Everyone- All the Users- Authenticated or not fall in this group. Sometimes Content can be accessed directly with a URL without any Logon.
Based on who can access the End user Content, the End User permission is provided in Permission settings, i.e.in the ACL of that Object.
Hope this answers your question. Reward points for Helpful answers.
Thanks,
Vamshi

Similar Messages

  • Everyone Group vs. Authenticated Users Group

    Two questions.....
    1.) What is the difference between the "Everyone" group and the "Authenticated Users" group.
    2) We are starting to use some new BI content (NW04s) in our federated portal and have found that we have to grant permissions to "Authenticated Users" instead of the "Everyone" group. Any ideas why?
    Regards,
    Diane

    Diane,
    The following asnwer is not a SAP answer but I did a quick check on our system and:
    1. the difference between the group Everyone and Authenticated users is exactly 1 user assignment.. I looked further and see that it has to do with the J2EE_GUEST user. this user is member of the group Everyone but NOT of the group Authenticated users.
    2. Can not give you a sure anser on this question but maybe it has to do with security that this is needed?!?!\
    Hopfully another SDN community member can fill me in here...
    Good luck and Kind Regards,
    Benjamin Houttuin

  • Reg Authenticated Users Group

    Hello Everyone.
    We created two Roles Role1 and Role2 for this Roles we have assigned the Group "Authenticated Users"
    Now the client requirement is they wants to remove couple of users who are assigned to Role1(who belong to "Authenticated Users" group.
    Though it is not a good practise One thing I can do is search for the group "Authenticated Users" in portal  then choose modify and choose assigned users and remove the users from this group.So,that they can not see Role1
    If I remove the users from the group "Authenticated Users" then they will not be able to see Role2 as they are removed from the "Authenticated Users" group which is assigned to Role2
    Can anyone help me out regarding this issue.

    Hi Shailesh,
    What you understood is correct ie  "Both the users have been added to Role 1 and Role 2, and both the roles have been assigned to "Authenticated Group".
    I tried the step what you have stated.
    once I login to portal --- User administration -- identity management
    search for the user.
    choose modify
    if I click on assigned roles I do not see either Role1 or Role2 under assigned roles
    but if i click on assigned groups I see " Authenticated  Users"
    thanks in advance

  • Authenticated Users

    I am reading that the Everyone group includes the group Authenticated Users, plus the Guest account, plus the reserved accounts SERVICE, LOCAL_SERVICE, NETWORK_SERVICE, etc.   Is this still the case in Windows 8.1?
    To be clear, would Authenticated Users only include:
    1) Users who login interactively, including users in Guests group (NOT the Guest account!)
    2) Users who login through Terminal Services or Remote Desktop
    3) Users who access resources on the computer through Microsoft Networking.
    Does this imply that any file system resource that needs to be accessed by system services will have the "Everyone" group with a minimum of read access on the target folder or files?
    Is there any documentation listing all file system resources that either Windows 8 or Windows 2012 system services need to have access to?   I'm trying to harden my NTFS permissions and I don't want to break critical system services.
    Will

    Sorry for my dilatory reply. According to your description, I doubt there is no way to achieve your goal. As far as I know, there is no app of microsoft can manage a progress file access. What we can do is
    limit User Account execute the program, such as using AppLocker, we can specific special
    user execute the program.
    I am not requiring a program from Microsoft to virtualize or secure anything.  It would be nice to have that but it was not the question.  My question is do we have documentation about what specific security settings and user rights a new user
    group needs to have to be able to execute applications while logged in?   
    I don't want them in Users group because that group has write access to a large part of the file system.  I want to create a new NTFS group with very limited file system access, which then forces me to add that new user group into the various security
    settings and user settings required to execute programs.
    Such documentation has to exist somewhere....
    Will

  • PCD Business Objects Permissions for Authenticated users

    Hi All,
    I am working on SRM7.0 Business package installed on Portal NW7.01.
    I wanted to understand Which permissions should i provide to "Business Objects" PCD Folder for Authenticated users.
    Should it be Administrator "None" and End User "ON"
    Or Should it be Administrator "Read" and End User "ON"
    Regards,
    Ashish Shah

    Hi Sandeep,
    I was wondering what is the need of assigning permissions to "Everyone" Group and "Authenticated Users"
    2. Group: Everyone(built in group)
    Administrator:Read
    Enduser:checked
    3. Group:: Authenticated Users(built in group)
    Administrator:Read
    Enduser:checked.
    If i am not using Anonymous users , should i only assign this permission?
    Group:: Authenticated Users(built in group)
    Administrator:Read
    Enduser:checked.
    Regards,
    Ashish Shah

  • Authenticated Users Group Question

    I have a quick question regarding the Authenticated Users "group". I used to be a systems administrator, but I'm a bit rusty since I've been a software developer for the last 10 years. A conflict with data center operations (DCO) group
    at work lead me to get another opinion.
    The question is this... is the authenticated users group a domain-level group or is there a local authenticated users group that would allow only users authenticated locally? We have a share that permits the authenticated users group access.
    My opinion is that all domain users who have authenticated successfully have access to this share. The DCO group is telling me that this is the local (to the server containing the share of course) authenticated users group only.
    Is there such a thing as a local-only authenticated users group? To me this doesn't even make sense, but I could very well be wrong.
    Nathon Dalton
    Sr. Software Engineer
    Blog: http://nathondalton.wordpress.com

    I apologize. I don't think I explained myself correctly. Let's consider the following...
    SERVER: SERVER1
    DOMAIN: DOMAIN1
    SHARE: \\SERVER1\SHARE1
    SHARE PERMISSIONS: Authenticated Users - Full Control
    Given the above information, is it possible that the Authenticated Users group will allow ONLY users that are defined on SERVER1 to access \\SERVER1\SHARE1?
    My understanding is that's not possible. There's one defined Authenticated Users group and that represents ALL users that are authenticated against DOMAIN1, whether added to local groups, shares, etc.
    What I'm being told however is that SHARE1 having Authenticated Users assigned is okay since only those user accounts defined on SERVER1 will be able to access it. All the users in the domain will NOT be able to access it. I think this is bogus. Am I wrong?
    Nathon Dalton
    Sr. Lead Developer
    Blog: http://www.nathondalton.com

  • Changing permission on "Everyone" group on "Users" folder to "No Access"

    Hello Everyone,
    I need help on changing permission on "Everyone" group on "Users" folder to "No Access" using a Terminal command line.
    What i'm trying to do is assign "Everyone" group to "No Access" on "User" folder to restrict other users from going to users home folder on the computer.
    Right  now, when a user login he/she has the ability to view files that are not located in the documents folder
    PS
    Network is configured for OD/AD, home folder is located on Dell Server
    Appreciate the help, Thanks very much

    You are running Oracle Linux and want to use a network volume provided by Windows 2008 to install Oracle Database.
    Your problem is that you cannot set appropriate privileges on the mounted volume to perform the installation.
    Is this correct?
    If yes, then as far as I know, Windows file sharing is not support, even if you fix the permission issues. Your problem is the file system, which won't be Linux ext3. NFS might be supported, but I think it is not the best idea. Have you looked into iSCSI? It will allow you to mount remote disks using SCSI protocol. You could do pretty much everything with such a mounted disk that you can do with a locally attached drive, including initializing, but instead of using the local bus, it will use the TCP/IP network.
    How to setup iSCSI on Windows Server 2008 (storage server)
    http://technet.microsoft.com/en-us/edge/Video/ff710316
    CentOS / Red Hat Linux: Install and manage iSCSI Volume
    http://www.cyberciti.biz/tips/rhel-centos-fedora-linux-iscsi-howto.html
    Edited by: Dude on Jun 23, 2011 12:08 PM

  • Authenticated User group

    We have following doubt regarding Authenticated User group in Windows 7
    1. When this user group is added to a Drive/folder/file automatically.
    2. As per our observation, mostly it shows in the drive in which OS is installed. On some machines it shows in other drives. How  this is added in other automatically.
    3. Another observation is, due to the presence of this group, it is possible to write a file(which is created by administrator or system) with an application which is started with Standard User token.  So do we need to add any extra permission to work
    our application(with standard user token) to read and write to the folder/file with Authenticated User group.
    4.  Is it possible that Authenticated User group will not exist in OS installed drive.
    5. Is it possible that an application with standard user cannot write to a file/folder even if Authenticated User group is present for the same.
    Thanks, Renjith V R

    Hi,
    To learn more about authenticated users group, you can refer to the related thread:
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/e1a8e680-03a2-4690-a7e5-f17ad7389ecd/authenticated-users?forum=winserverDS
    Andy Altmann
    TechNet Community Support

  • Authenticated Users Group

    As I understand the AU group is made up by any user that logs in. However, it does not work when I specify access to a TAB page so is only visible for AU. In this case the TAB is also available for the PUBLIC user.
    I am working with Portal 3.0 EA on an Intel/NT plataform, my question is: is this the way that was supossed to be or it is something that has to do with the version that I am using...?
    Thanks

    I apologize. I don't think I explained myself correctly. Let's consider the following...
    SERVER: SERVER1
    DOMAIN: DOMAIN1
    SHARE: \\SERVER1\SHARE1
    SHARE PERMISSIONS: Authenticated Users - Full Control
    Given the above information, is it possible that the Authenticated Users group will allow ONLY users that are defined on SERVER1 to access \\SERVER1\SHARE1?
    My understanding is that's not possible. There's one defined Authenticated Users group and that represents ALL users that are authenticated against DOMAIN1, whether added to local groups, shares, etc.
    What I'm being told however is that SHARE1 having Authenticated Users assigned is okay since only those user accounts defined on SERVER1 will be able to access it. All the users in the domain will NOT be able to access it. I think this is bogus. Am I wrong?
    Nathon Dalton
    Sr. Lead Developer
    Blog: http://www.nathondalton.com

  • RDBMSRealm, everyone group, guest user

    Hi folks, I'm having some fun with the rdbms realm lately and have a few
    questions.
    We're using the RDBMSRealm example with form based auth under WLS 5.1 SP 9 and
    have the following in web.xml
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>All Pages</web-resource-name>
         <description>These pages are only accessible by all authorised xyz users.</description>
    <url-pattern>*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <description>These are the roles that have access</description>
    <role-name>
    xyz
    </role-name>
    </auth-constraint>
    </security-constraint>
    <security-role>
    <description>All application users</description>
    <role-name>
    xyz
    </role-name>
    </security-role>
    which basically says that every page in the web-app requires a user to be in the
    xyz role and does seem to work fine.
    Now, what I'd like to do is to allow everyone to access one particular page
    within the application (that is, this page does not require the xyz role). So
    something like the following would be great.
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Some Particular Page</web-resource-name>
         <description>This page is accessible to everyeone.</description>
    <url-pattern>/particular/page.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <description>everyone can get at this page.</description>
    <role-name>everyone</role-name>
    </auth-constraint>
    </security-constraint>
    However, this doesn't seem to work, I get redirected to the form based login
    page and once I've logged in can get to the page that I'm hoping shouldn't
    require a logged in user.
    So I'm wondering about the xml syntax and semantics.
    - What are the rules around specific and general mappings, like will a
    more specific mapping be used before falling back to the general mapping?
    - Are the mappings applied in order (first to last) and the first match
    taken?
    - Are the rules according to section 10 of the servlet spec applicable here?
    Now my problem might also be the RDBMSRealm its self -- I'm also having some
    problems with the everyone group and the guest user. If I remove the first
    constraint above and only include the /particular/page.jsp constraint to the
    everyone group things still don't seem to work right.
    I can see the realm call getGroup("everyone") and getUser("guest) but both
    calls return null, since these principals are not in our database
    tables. However, if I hit http://localhost:7001/AdminRealm I do see a list of
    all groups that our RDBMSRealm knows about and I also see the everyone group
    which contains system and guest users and so I have more questions.
    - Does CachingRealm fall back to the standard properties realm if it gets nulls
    from the RDBMSDelegate?
    - Does the everyone group include unauthenticated users (i.e. guest) as I'm
    hoping?
    I've tried adding an instance of weblogic.security.acl.Everyone to my
    RDBMSDelegate class and checking if the call to getGroup is looking for
    "everyone" in which case I return this instance but this doesn't seem to do
    anything either. I also tried adding this everyone group to the list returned
    by getGroups but that didn't help and I carried the idea through to getUser and
    getUsers with a guest user but again no luck. I'm always forced to authenticate
    before I can get to the page that should allow anyone (everyone) to see it.
    Any help, ideas, advice, beer, etc. would be much appreciated!
    Thanks,
    Derek

    THorner <[email protected]> writes:
    RDBMSRealm, everyone group, guest user
    Update-I've got it working.
    AS well as the isMember change mentioned below I altered getPrincipal
    for both the RDBMSRealm class
    if(name.equals("guest")){return createUser("guest","guest");}
    if(name.equals("everyone")){return new Everyone(this);}
    and RDBMSDelegate
    if(name.equals("guest")){return realm.createUser("guest","guest");}
    if(name.equals("everyone")){return new
    weblogic.security.acl.Everyone(realm);}
    did something to RDBMSUser so that guest always authenticates
    (alternatively you could put the guest user on the database, surely?)I did see various examples of the guest and everyone additions to the realm
    code, but I also read some stuff that indicated that if the rdbms realm returns
    null for these requests then the caching realm should fall back to the standard
    properties realm which does have the guest user and everyone group defined.
    With the debugging turned on this does seem to be what it does and the
    guest/everyone code doesn't seem to be needed. I also checked the
    http://localhost:7001/AdminRealm servlet and did see the everyone group with
    system and guest users as part of it.
    >
    Allow guest access to the file servlet (otherwise they can't be sent any
    HTML pages - my best guess would be that this is your problem).This was probably part of the problem, judging by the messages from the realm
    debugging.
    Also I altered weblogicURL.policy to allow 'everyone' access to the page
    that was to be unrestricted - so I guess you should set
    I hope this helps, if not (and you haven't already) turn on RDBMSRealm
    debugging - eventually I found the information useful (in that it tends
    to tell you what it has last been looking for, and the methods used)In the end, I found that specifying that the everyone group is required for a
    particular resource didn't seem to work. Instead I protected the majority of my
    application with a set of rules and left all other pages without any matching
    rules and the guest user then seems to work ok.
    The servlet 2.3 spec has an addition to the <role-name> tag which allows a * to
    indicate all roles but this isn't in the 2.2 spec.
    Thanks for the help!
    Cheers,
    Derek
    >
    terry
    -----Original Message-----
    From: THorner
    I am working on something similar (although not in a war),
    which isn't working yet, but I can tell you a couple of
    things that I have come across.
    -----Original Message-----
    From: [email protected]
    [mailto:[email protected]]On Behalf Of Derek
    Scherger
    Posted At: Mon 04 June 2001 22:13
    Posted To: weblogic.developer.interest.security
    Conversation: RDBMSRealm, everyone group, guest user
    Subject: RDBMSRealm, everyone group, guest user
    Hi folks, I'm having some fun with the rdbms realm lately and
    have a few
    questions.
    We're using the RDBMSRealm example with form based auth under
    WLS 5.1 SP 9 and
    have the following in web.xml
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>All Pages</web-resource-name>
         <description>These pages are only accessible by all
    authorised xyz users.</description>
    <url-pattern>*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <description>These are the roles that have
    access</description>
    <role-name>
    xyz
    </role-name>
    </auth-constraint>
    </security-constraint>
    <security-role>
    <description>All application users</description>
    <role-name>
    xyz
    </role-name>
    </security-role>
    which basically says that every page in the web-app requires
    a user to be in the
    xyz role and does seem to work fine.
    Now, what I'd like to do is to allow everyone to access one
    particular page
    within the application (that is, this page does not require
    the xyz role). So
    something like the following would be great.
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Some Particular Page</web-resource-name>
         <description>This page is accessible to
    everyeone.</description>
    <url-pattern>/particular/page.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <description>everyone can get at this page.</description>
    <role-name>everyone</role-name>
    </auth-constraint>
    </security-constraint>
    However, this doesn't seem to work, I get redirected to the
    form based login
    page and once I've logged in can get to the page that I'm
    hoping shouldn't
    require a logged in user.
    So I'm wondering about the xml syntax and semantics.
    - What are the rules around specific and general mappings, like will a
    more specific mapping be used before falling back to the
    general mapping?
    - Are the mappings applied in order (first to last) and the
    first match
    taken?
    - Are the rules according to section 10 of the servlet spec
    applicable here?
    Now my problem might also be the RDBMSRealm its self -- I'm
    also having some
    problems with the everyone group and the guest user. If I
    remove the first
    constraint above and only include the /particular/page.jsp
    constraint to the
    everyone group things still don't seem to work right.
    I can see the realm call getGroup("everyone") and
    getUser("guest) but both
    calls return null, since these principals are not in our database
    tables. However, if I hit http://localhost:7001/AdminRealm I
    do see a list of
    all groups that our RDBMSRealm knows about and I also see the
    everyone group
    which contains system and guest users and so I have more questions.
    - Does CachingRealm fall back to the standard properties
    realm if it gets nulls
    from the RDBMSDelegate?
    - Does the everyone group include unauthenticated users (i.e.
    guest) as I'm
    hoping?
    I've tried adding an instance of weblogic.security.acl.Everyone to my
    RDBMSDelegate class and checking if the call to getGroup is
    looking for
    "everyone" in which case I return this instance but this
    doesn't seem to do
    anything either. I also tried adding this everyone group to
    the list returned
    by getGroups but that didn't help and I carried the idea
    through to getUser and
    getUsers with a guest user but again no luck. I'm always
    forced to authenticate
    before I can get to the page that should allow anyone
    (everyone) to see it.
    Any help, ideas, advice, beer, etc. would be much appreciated!
    Thanks,
    Derek

  • How can I stop authenticated users from getting other user's information?

    We recently discovered that it is possible for authenticated users, via KMu2019s details view, to view details about the other users that have access to the same resource as you.  Our portal (7.0 sp15) is used for an external facing web site.  We have secured it against anonymous users but the problem still remains for authenticated users.  Here is an example:
    The KM folder documents\Public Documents has been assigned read permissions for the group Everyone.  An authenticated user can open the URL https://<host>/irj/go/km/navigation/documents/Public%20Documents and a list of folders are shown.  The user can then select the Details from the menu for one of the folders and the Details iview is displayed.  They then select the menu item Settings > Permissions and the users/groups/roles assigned to this folder are shown.  The user can then select a user and view that users name and email address or the user could select a group and view for each member of the group the user id, name, and email address which could then be used to help attack the site.
    So I thought it would be easy enough to disable the details view for all users but content managers or administrators but I seem to running into difficulty. 
    I tried disabling the Details KM command with limited success.  Even with it disabled, if you know the URL for the details component you can still access it.  So it seems the better option is to take away access to the details component.  It seems that the users are getting access to the Details iView from the standard eu_role.  If I remove the iView from this role then all user have no access to the Details in KM.  I tried to add the iView to another role that content managers would have but when logged in with a user that had that other role I still was not able to access the Details iView. 
    This SAP Help document [http://help.sap.com/saphelp_nw70/helpdata/en/47/f0f7415e639c39e10000000a155106/frameset.htm |http://help.sap.com/saphelp_nw70/helpdata/en/47/f0f7415e639c39e10000000a155106/frameset.htm ]discusses the eu_role(Standard User role) and it states that
    By default, the Everyone group is assigned to the Standard User role. If you choose to use the other every user roles instead, you need to remove these assignments from the Standard User role and apply them to the Every User Core and Control Center User roles.
      But, when I look at what groups the role is assigned to or what roles are assigned to the Everyone group they donu2019t appear to be linked contrary to what the documentation says.  So, what Iu2019m thinking here is that I can create a copy of this role and remove the Details iView from the original and then assign the copy to the content managers and administrators.  Doing this causes all users to lose access, even the content managers.
    I thought Iu2019d give the Security Zones a try to see if this could help me but when I take away rights from here it still allows access.
    Iu2019m stumped.  Iu2019m sure there is some key piece that eludes me.  What can I do to allow users read only access to some KM folders and files while preventing them from viewing the permission/user details?

    The only 3d party apps are Hazel...
    And that's your problem!
    From the Hazel site's description:
    Hazel watches whatever folders you tell it to, automatically organizing your files according to the rules you create.
    Hazel, is a prefPane so you must have some rule (or it supplied the rule as a default) to put pictures (jpg's) from your Desktop (folder) into your Pictures folder.
    Open your System Preferences and Hazel in there and either turn off Hazel or change or delete the appropriate rule covering this situation.

  • OID and Authenticated Users

    Is there a way to tell if a user has authenticated with OID? Example a shadow group of OID users that the person becomes a member of automatically when the user logs in and then looses membership when their session expires or they log out? I am running into cases where I want access to things granted based solely on authenticated or not but I have yet to find a way to do inside of BI Publisher's permissions structure other than the use of such a group. I noticed the AUTHENTICATED_USERS group but tests revealed that it is not working as required. Any sugestions?

    BIP authorization model is user -> roles -> folders -> reports. When integrated with LDAP-compliant directory (such as OID), a BIP role translates to a directory group and vice versa: http://download.oracle.com/docs/cd/E12844_01/doc/bip.1013/e12188/T421739T475591.htm
    The case of reports that need to be restricted to the specific user group implies that you create this particular group (say Sales) in the directory and BIP makes it a role. So now you've got role "Sales" in BIP, you assign folders A, B and C to that role and publish reports for Sales to those folders.
    The case of reports that need to be available to all authenticated users is a little harder. If you only need online reports (no Excel Analyzer or Online
    Analyzer), you may be in luck. BIP standalone gives all authenticated users a built-in role that allows them to view online reports (and do nothing else). BIP enterprise - not sure. A more 'portable' solution is to create a group Everyone in the directory and add users to it. This will get tedious for a lot of users but you can do it with a script. Perhaps there's a better solution - inquire in the BIP forum (BI Publisher

  • "Authenticated Users" vs. "Users"

    I'm setting up a profiles structure on a server starting with the master folder that'll house all the profile subfolders.  the default permissions on a newly created folder always has the admins and creator/owner and system accounts, but by default
    it also has Users.  Yet in some pre-existing installations I've come across I've seen Authenticated Users put there instead, so the admin must have had a reason. 
    So the question is, what's the difference?  Since any domain user would have to authenticate to get into any resourcse anyway, is this not just the same thing?  What would be a scenario whereby you should use one over the other? 
    Thanks! 

    Authenticated user group is builtin user group & any user created in domain default became member of this group, where as you can't see or manually modify authenticated user group to add or remove members. Authenticated user group can't be added into
    user created groups like Global/Domain local/Universal group but it can be added to built in domain local group in AD. Even it contains member of trusted forest. Authenticated user group membership is controller by OS.
    Domain user group is a global group & it too contains all the users from domain where as its member can be managed like manually can be added or removed by administrators. Domain user group is visible in ADUC console.
    http://technet.microsoft.com/en-us/library/cc756898%28WS.10%29.aspx
    Regards
    Awinish Vishwakarma| CHECK MY BLOG
    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

  • Can you create a group of users in Messenger

    Currently the last post of information in reference to my question shows as follows:
    there is not a way to create a group. From the client side, you can
    create folders and organize users that way. From the server side, you
    can add an eDir group object to the contact list but it will
    automatically be broken out by user rather than just adding the group
    object.
    If you are interested in a group in Messenger so that you can chat with
    more than one person at a time, currently you can do that by inviting
    users to her chat, or by highlighting multiple users and then clicking
    on Send Message. That will automatically invite everyone to the chat.
    I will submit an enhancement request.
    Has Novell or anyone released a way to do this as of yet or a new version that has this enhancement, this post was back in 2005 so I don't know if it was ever done and I have searched for it in the Novell Documentation, maybe I missed it..
    Thanks
    Paul

    In article <[email protected]>, Pbolin260 wrote:
    > Has Novell or anyone released a way to do this as of yet or a new
    > version that has this enhancement, this post was back in 2005 so I don't
    > know if it was ever done and I have searched for it in the Novell
    > Documentation, maybe I missed it..
    >
    I've not heard of that capability. The enhancement request is a good
    idea. Would be nice to be able to make folders of groups of users too.
    Craig Johnson
    Novell Support Connection SysOp

  • Workspace Credential Conflict between Logged-in User and the Authenticated User

    Hi there,
    I am running LiveCycle ES Update1 SP2 with Process Management component on WIN/JBoss/SQL Server 2005.
    I have been encountering user credential conflicts from time to time, but it has not been consistent and the problem manifested in various ways, such as:
    - problem when logging in with error "An error occurred retrieving tasks." on the login screen
    - user logs in successfully but is showing somebody else queue(s) with his/her own queue with no task in there
    - fails to claim task from group queue.
    The stacktrace from the server.log file I collected from a production system shows the exception below.
    Has anybody else encountered the similar problem?
    It looks to me that it doesn't log out cleanly and some kind of caching is done on the authenticated session and is not cleaned up properly on user logout.
    2009-07-10 15:05:13,955 ERROR [com.adobe.workspace.AssemblerUtility] ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
    2009-07-10 15:05:13,955 INFO  [STDOUT] [LCDS] [ERROR] Exception when invoking service 'remoting-service': flex.messaging.MessageException: ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
      incomingMessage: Flex Message (flex.messaging.messages.RemotingMessage)
        operation = submitWithData
        clientId = F3D2CDD0-330F-F00B-C710-5AF3F7CB4138
        destination = task-actions
        messageId = 7E385A6B-E4E6-3A81-CD6A-630DF4FAE5BB
        timestamp = 1247202313955
        timeToLive = 0
        body = null
        hdr(DSEndpoint) = workspace-polling-amf
        hdr(DSId) = F3C38977-171B-7BED-3B16-F3A5FE419479
      Exception: flex.messaging.MessageException: ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
        at com.adobe.workspace.AssemblerUtility.createMessageException(AssemblerUtility.java:369)
        at com.adobe.workspace.AssemblerUtility.checkParameters(AssemblerUtility.java:561)
        at com.adobe.workspace.tasks.TaskActions.callSubmitService(TaskActions.java:788)
        at com.adobe.workspace.tasks.TaskActions.submitWithData(TaskActions.java:773)
        at sun.reflect.GeneratedMethodAccessor941.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at flex.messaging.services.remoting.adapters.JavaAdapter.invoke(JavaAdapter.java:421)
        at flex.messaging.services.RemotingService.serviceMessage(RemotingService.java:183)
        at flex.messaging.MessageBroker.routeMessageToService(MessageBroker.java:1495)
        at flex.messaging.endpoints.AbstractEndpoint.serviceMessage(AbstractEndpoint.java:882)
        at flex.messaging.endpoints.amf.MessageBrokerFilter.invoke(MessageBrokerFilter.java:121)
        at flex.messaging.endpoints.amf.LegacyFilter.invoke(LegacyFilter.java:158)
        at flex.messaging.endpoints.amf.SessionFilter.invoke(SessionFilter.java:44)
        at flex.messaging.endpoints.amf.BatchProcessFilter.invoke(BatchProcessFilter.java:67)
        at flex.messaging.endpoints.amf.SerializationFilter.invoke(SerializationFilter.java:146)
        at flex.messaging.endpoints.BaseHTTPEndpoint.service(BaseHTTPEndpoint.java:278)
        at flex.messaging.MessageBrokerServlet.service(MessageBrokerServlet.java:315)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:252)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at com.adobe.workspace.events.RemoteEventClientLifeCycle.doFilter(RemoteEventClientLifeCycle .java:138)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:202)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:202)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
        at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
        at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja va:159)
        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11P rotocol.java:744)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
        at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
        at java.lang.Thread.run(Thread.java:595)
    Kendy

    I am having the same server issue and i cant get hold of SP3 to fix it. can anyone tell me how to fix this problem or provided a link where i can get SP3 from? Ive spent most of the day on the phone to Adobe Support and they have been unable to provide me with a link to the service pack.

Maybe you are looking for