Is it possible that network access permission control in acs 5.1

Hello
We have ACS5.1, WLC 7.0 and using 802.1x to authentication users.
Anybody know how I can configure network access restriction with using internal user group information.
For example, under the same SSID(like that "test") , same VLAN ID.
But two different user group has a different network access permission.
One group has full permission and the other has a limit network access permission.
Is it possible?

The equivalent of a NAR would be ACS 5.1 returning an authorization profile after authentication. Just configure your authorization policy to return one profile for one group of user and the other profile for the others.
Now to restrict access to the network, I think you're best with an ACL ? So link ACLs to your profiles.
Nicolas

Similar Messages

  • Aaa network access limit user session

    Hi, I'd like to limit a user to one authenticated session in aaa network access, with ASA and ACS.
    Is tacacs+ accounting necessary ?
    thank you in advance
    RS

    I have never done it with Cisco ACS so I can not offer much support on this.
    However, I've done it many times on Cisco Freeware TACACS+ and it is very easy.
    1- in Cisco Freeware tacacs, include "max-session = 1" under either the user
    profile or group file definition.
    2- in the router itself, you need to enable "ip finger". This will allow the
    TACACS+ server to querry the router everytime there is a new attempt to loggin.
    If you already have a session to the router, TACACS+ server will see this and
    reject a new session for that same user. If the login ID is different than what
    is already connected to the router, it will then be accepted:
    C7140#who
    Line User Host(s) Idle Location
    0 con 0 idle 11w2d
    * 2 vty 0 cciesec idle 00:00:00 192.168.15.9
    Interface User Mode Idle Peer Address
    C7140#
    Now if user "cciesec" tries to login again through another session, it will
    be rejected by the TACACS server:
    [root@LinuxES-lab1 root]# finger @192.168.15.1
    Line User Host(s) Idle Location
    0 con 0 idle 11w2d
    2 vty 0 cciesec idle 00:04:00 192.168.15.9
    * 3 vty 1 idle 00:00:00 192.168.128.100
    Interface User Mode Idle Peer Address
    [root@LinuxES-lab1 root]#
    Easy right?

  • Bluetooth network access

    trying to pair my iPhone (iOS 8.1) to the iMac (Yosemite) via bluetooth.  The pairing won't work, and I keep getting a message on the iMac that network access needs to be set to allow the pairing---where do I enable the pairing in "network access"?
    After more trying, I'm now able to get to the point where the access code for bluetooth pairing pops on the iMac, and also on my phone, but when I confirm the codes match on my iPhone, the iMac tells me that the connection cannot be made.  Any suggestions?

    It doesn't need to be paired.

  • Query: Best practice SAN switch (network) access control rules?

    Dear SAN experts,
    Are there generic SAN (MDS) switch access control rules that should always be applied within the SAN environment?
    I have a specific interest in network-based access control rules/CLI-commands with respect to traffic flowing through the switch rather than switch management traffic (controls for traffic flowing to the switch).
    Presumably one would want to provide SAN switch demarcation between initiators and targets using VSAN, Zoning (and LUN Zoning for fine grained access control and defense in depth with storage device LUN masking), IP ACL, Read-Only Zone (or LUN).
    In a LAN environment controlled by a (gateway) firewall, there are (best practice) generic firewall access control rules that should be instantiated regardless of enterprise network IP range, TCP services, topology etc.
    For example, the blocking of malformed TCP flags or the blocking of inbound and outbound IP ranges outlined in RFC 3330 (and RFC 1918).
    These firewall access control rules can be deployed regardless of the IP range or TCP service traffic used within the enterprise. Of course there are firewall access control rules that should also be implemented as best practice that require specific IP addresses and ports that suit the network in which they are deployed. For example, rate limiting as a DoS preventative, may require knowledge of server IP and port number of the hosted service that is being DoS protected.
    So my question is, are there generic best practice SAN switch (network) access control rules that should also be instantiated?
    regards,
    Will.

    Hi William,
    That's a pretty wide net you're casting there, but i'll do my best to give you some insight in the matter.
    Speaking pure fibre channel, your only real way of controlling which nodes can access which other nodes is Zones.
    for zones there are a few best practices:
    * Default Zone: Don't use it. unless you're running Ficon.
    * Single Initiator zones: One host, many storage targets. Don't put 2 initiators in one zone or they'll try logging into each other which at best will give you a performance hit, at worst will bring down your systems.
    * Don't mix zoning types:  You can zone on wwn, on port, and Cisco NX-OS will give you a plethora of other options, like on device alias or LUN Zoning. Don't use different types of these in one zone.
    * Device alias zoning is definately recommended with Enhanced Zoning and Enhanced DA enabled, since it will make replacing hba's a heck of a lot less painful in your fabric.
    * LUN zoning is being deprecated, so avoid. You can achieve the same effect on any modern array by doing lun masking.
    * Read-Only exists, but again any modern array should be able to make a lun read-only.
    * QoS on Zoning: Isn't really an ACL method, more of a congestion control.
    VSANs are a way to separate your physical fabric into several logical fabrics.  There's one huge distinction here with VLANs, that is that as a rule of thumb, you should put things that you want to talk to each other in the same VSANs. There's no such concept as a broadcast domain the way it exists in Ethernet in FC, so VSANs don't serve as isolation for that. Routing on Fibre Channel (IVR or Inter-VSAN Routing) is possible, but quickly becomes a pain if you use it a lot/structurally. Keep IVR for exceptions, use VSANs for logical units of hosts and storage that belong to each other.  A good example would be to put each of 2 remote datacenters in their own VSAN, create a third VSAN for the ports on the array that provide replication between DC and use IVR to make management hosts have inband access to all arrays.
    When using IVR, maintain a manual and minimal topology. IVR tends to become very complex very fast and auto topology isn't helping this.
    Traditional IP acls (permit this proto to that dest on such a port and deny other combinations) are very rare on management interfaces, since they're usually connected to already separated segments. Same goes for Fibre Channel over IP links (that connect to ethernet interfaces in your storage switch).
    They are quite logical to use  and work just the same on an MDS as on a traditional Ethernetswitch when you want to use IP over FC (not to be confused with FC over IP). But then you'll logically use your switch as an L2/L3 device.
    I'm personally not an IP guy, but here's a quite good guide to setting up IP services in a FC fabric:
    http://www.cisco.com/en/US/partner/docs/switches/datacenter/mds9000/sw/4_1/configuration/guides/cli_4_1/ipsvc.html
    To protect your san from devices that are 'slow-draining' and can cause congestion, I highly recommend enabling slow-drain policy monitors, as described in this document:
    http://www.cisco.com/en/US/partner/docs/switches/datacenter/mds9000/sw/5_0/configuration/guides/int/nxos/intf.html#wp1743661
    That's a very brief summary of the most important access-control-related Best Practices that come to mind.  If any of this isn't clear to you or you require more detail, let me know. HTH!

  • ORA-24247: network access denied by access control list (ACL) using FTP

    What used to work on our 10g server now doesn't work on 11g. We recently migrated to a new server and this FTP download process is the only thing that is giving me problems.
    I have tried using the IP Address and Domain name, opened up the ports 10 to 80 (just in case) and even tried FTPing to a local FTP site and cannot seem to get past the ORA-24247 error. At this point I am not sure what else to try. The FTP process worked great in 10g...
    begin
    dbms_network_acl_admin.create_acl (
    acl => 'cwtoto_acl_file.xml',
    description => 'FTP Access',
    principal => 'CWT_OPERATOR',
    is_grant => TRUE,
    privilege => 'connect',
    start_date => null,
    end_date => null
    dbms_network_acl_admin.add_privilege (
    acl => 'cwtoto_acl_file.xml',
    principal => 'CWT_OPERATOR',
    is_grant => TRUE,
    privilege => 'resolve',
    start_date => null,
    end_date => null
    dbms_network_acl_admin.assign_acl (
    acl => 'cwtoto_acl_file.xml',
    host => '69.30.63.173',
    lower_port => 10,
    upper_port => 80
    dbms_network_acl_admin.assign_acl (
    acl => 'cwtoto_acl_file.xml',
    host => 'ftp.rmpc.org',
    lower_port => 10,
    upper_port => 80
    dbms_network_acl_admin.assign_acl (
    acl => 'cwtoto_acl_file.xml',
    host => 'ftp.taglab.org',
    lower_port => 10,
    upper_port => 80
    dbms_network_acl_admin.assign_acl (
    acl => 'cwtoto_acl_file.xml',
    host => '146.63.252.61',
    lower_port => 10,
    upper_port => 80
    commit;
    end;
    Edited by: tfrawley on Jan 20, 2011 10:23 AM

    So, I have contacted support to fix my inability to login to Oracle Support. In the meantime I'll just run through this problem one more time:
    I executed the following:
    begin
    dbms_network_acl_admin.create_acl (
    acl => 'cwtoto_acl_file.xml',
    description => 'FTP Access',
    principal => 'CWT_OPERATOR',
    is_grant => TRUE,
    privilege => 'connect',
    start_date => null,
    end_date => null
    dbms_network_acl_admin.assign_acl (
    acl => 'cwtoto_acl_file.xml',
    host => 'ftp.rmpc.org',
    lower_port => 1,
    upper_port => 1000
    commit;
    end;
    This should give me an ACL xml file and permission for CWT_OPERATOR to connect to ftp.rmpc.org on ports 1 through 1000.
    I can look and see if the creation was successful: SELECT host, lower_port, upper_port, acl FROM dba_network_acls t ;
         HOST     LOWER_PORT     UPPER_PORT     ACL
    1     ftp.rmpc.org     1     1000     /sys/acls/cwtoto_acl_file.xml
    Looks good right?
    So I test it using the following:
    DECLARE
    l_conn UTL_TCP.connection;
    BEGIN
    l_conn := ftp.login('ftp.rmpc.org','21','[email protected]','anonymous');
    ftp.logout( l_conn);
    END;
    And get the following errors:
    ORA-24247: network access denied by access control list (ACL)
    ORA-06512: at "SYS.UTL_TCP", line 17
    ORA-06512: at "SYS.UTL_TCP", line 246
    ORA-06512: at "SYSTEM.FTP", line 49
    ORA-06512: at line 4
    Has anyone else tried to use UTL_TCP and experienced a simliar issue?

  • HR User, REST example - network access denied by access control list (ACL)

    Hi,
    I am new to APEX and am running the 'Oracle Developer Days' vm. I'm logged into APEX as the default HR/oracle account and I've been following the 'Creating and Using a RESTful Web Service in Application Express 4.2' training video, however when I try to retrieve information by entering a dept no. and clicking submit I get:
    ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1130 ORA-24247: network access denied by access control list (ACL)
    I've seen the following thread:
    ORA-24247: network access denied by access control list (ACL)error-UTL_HTTP
    and I've tried running the command:
    GRANT EXECUTE ON SYS.UTL_HTTP TO HR;
    but I'm not getting anywhere, presumably the HR user does not have permissions to access 'http://localhost:8888/apex/hr/employee_test'
    Any help much appreciated, also if this is the wrong forum for this question please let me know.
    Many Thanks

    Hi,
    Thank you for the link; I executed the first block of code to 'grant connect privileges to any host for the APEX_040200 database user' that did not work so I changed the user to HR within the code and re-executed and that seems to have done the trick. I guess the HR user is now in the power_users list/group?
    Thanks again!

  • APEX and ORA-24247: network access denied by access control list (ACL)

    Hi,
    I try to send email with APEX.
    I have enter the parameters of my mail server and activate the email on my application.
    I have follow the APEX installation guide and apply the script given in the "Granting Connect Privileges" section.
    When I try to send email or make a subscription, I don't receive any email and can see this error in the table "WWV_FLOW_MAIL_LOG"
    +"MAIL_TO","MAIL_FROM","MAIL_REPLYTO","MAIL_SUBJ","MAIL_CC","MAIL_BCC","MAIL_SEND_ERROR","LAST_UPDATED_BY","LAST_UPDATED_ON","SECURITY_GROUP_ID"+
    +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
    +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
    +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
    +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
    +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",24/02/12,3210210578052219+
    +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
    Do you see what is wrong in my configuration ?
    I use APEX 4.1, Oracle 11g.
    The script that I have apply is :
    DECLARE
    ACL_PATH  VARCHAR2(4000);
    ACL_ID    RAW(16);
    BEGIN
    -- Look for the ACL currently assigned to '*' and give APEX_040100
    -- the "connect" privilege if APEX_040100 does not have the privilege yet.
    SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
    WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;
    -- Before checking the privilege, make sure that the ACL is valid
    -- (for example, does not contain stale references to dropped users).
    -- If it does, the following exception will be raised:
    --+
    -- ORA-44416: Invalid ACL: Unresolved principal 'APEX_040100'
    -- ORA-06512: at "XDB.DBMS_XDBZ", line ...
    --+
    SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
    FROM XDB.XDB$ACL A, PATH_VIEW P
    WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
    EQUALS_PATH(P.RES, ACL_PATH) = 1;
    DBMS_XDBZ.ValidateACL(ACL_ID);
    IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_040100',
    +'connect') IS NULL THEN+
    DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
    +'APEX_040100', TRUE, 'connect');+
    END IF;
    EXCEPTION
    -- When no ACL has been assigned to '*'.
    WHEN NO_DATA_FOUND THEN
    DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml',
    +'ACL that lets power users to connect to everywhere',+
    +'APEX_040100', TRUE, 'connect');+
    DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');
    END;
    +/+
    COMMIT;
    Thanks for your help,

    Hi,
    You need to grant privilege to the user.
    i.e add principal
    You can use script :
    DECLARE
    ACL_ID   RAW(16);
    CNT      NUMBER;
    BEGIN
    -- Look for the object ID of the ACL currently assigned to ''*
    SELECT ACLID INTO ACL_ID FROM DBA_NETWORK_ACLS
    WHERE HOST = '' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;*
    -- If just some users referenced in the ACL are invalid, remove just those
    -- users in the ACL. Otherwise, drop the ACL completely.
    SELECT COUNT(PRINCIPAL) INTO CNT FROM XDS_ACE
    WHERE ACLID = ACL_ID AND
    EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL);
    IF (CNT > 0) THEN
    FOR R IN (SELECT PRINCIPAL FROM XDS_ACE
    WHERE ACLID = ACL_ID AND
    NOT EXISTS (SELECT NULL FROM ALL_USERS
    WHERE USERNAME = PRINCIPAL)) LOOP
    UPDATE XDB.XDB$ACL
    SET OBJECT_VALUE =
    DELETEXML(OBJECT_VALUE,
    *'/ACL/ACE[PRINCIPAL="'||R.PRINCIPAL||'"]')*
    WHERE OBJECT_ID = ACL_ID;
    END LOOP;
    ELSE
    DELETE FROM XDB.XDB$ACL WHERE OBJECT_ID = ACL_ID;
    END IF;
    END;
    REM commit the changes.
    COMMIT;
    Or you need to add privilege to specific user/schema using following script:
    BEGIN
    DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE (
    acl          => 'aclfilename.xml',
    principal    => 'databaseuser',
    is_grant     => TRUE,
    privilege    => 'connect',
    position     => null);
    COMMIT;
    END;
    Please execute this code after connect as sysdba user.
    Thanks & Regards,
    Jaydipsinh Raulji
    Web: [www.oracleapexconsultant.com|www.oracleapexconsultant.com]

  • Controlling network access for user accounts

    Can anyone suggest a way to control airport access to a wireless network?
    I have an iMac G4 with AirPort running Tiger that I'd like to set up for a young teen to practice doing some video editing. I'd like to have network access disabled under normal circumstances, but be able to enable it easily during times when there is supervision.
    Ideally, I'd like to have the airport icon in the menubar and select a network to join causing a prompt for an administrator password. I can't seem to get anywhere close to that. Any help would be appreciated.
    Thanks.

    Thank you for your quick response.
    5. Click the checkbox under Require Administrator
    password to:
    The two choices I have are:
    - when changing networks
    - when creating a computer-to-computer network
    The first almost gets me what I want, there are two problems with this as I see it.
    1. when the computer comes up and automatically logs in, the user is greeted by authentication dialogs. (AirPort trying to connect?) I'd like to configure AirPort not to automatically try to connect and therefore not produce these dialogs.
    2. once approved, the network stays approved until the next reboot. I'd like to not be forced to reboot just to "lock down" the network again.
    Any help on those two points?

  • Setting Network access from JInitiator Control Panel 1.1.8.3

    We were trying to use the GetClientInfo JavaBean from the Oracle Technology Network to read the clients IP address from the Web server. We were able to do this by setting the Network access to Unrestricted on the JInitiator Control Panel 1.1.8.3.
    Is it possible to get this to work without setting the Network access to Unrestricted?
    Also, does anybody know of any security concerns with setting the network access to Unrestricted?
    Thanks in Advance,
    Todd

    Hey Todd - I've been able to get the ip address without setting it to unrestricted.
    I can't tell you why you site requires this.
    Could you let me know what you learn?
    Mick

  • HT201304 Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?

    Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?

    you might be able to block it if the app uses Internet access
    and depending on your wireless you might be able to block a specific user
    accessing the backend host that the app uses
    some firewalls offer application filtering but I'm not aware of any that work with ios apps

  • ORA-24247: network access denied by access control list (ACL)error-UTL_HTTP

    I am getting following ACL error while executing following procedure:
    create or replace procedure sat_proc as
    http_req utl_http.req;
    http_resp utl_http.resp;
    BEGIN
    http_req := utl_http.begin_request('www.yahoo.com');
    http_resp := utl_http.get_response(http_req);
    utl_http.end_response(http_resp);
    END;
    exec sat_proc;
    ORA-29273: HTTP request failed
    ORA-06512: at "SYS.UTL_HTTP", line 1130
    ORA-24247: network access denied by access control list (ACL)
    ORA-06512: at "TRANSDBA.SAT_PROC", line 5
    ORA-06512: at line 1
    I am able to execute successfully while executing above code as PL/SQL block:
    DECLARE
    http_req utl_http.req;
    http_resp utl_http.resp;
    BEGIN
    http_req := utl_http.begin_request('www.yahoo.com');
    http_resp := utl_http.get_response(http_req);
    utl_http.end_response(http_resp);
    END;
    PL/SQL procedure successfully completed.
    Could help me find why I am getting error while executing same code in a procedure? Is there any privilege missing?

    GRANT EXECUTE ON SYS.UTL_HTTP TO <your_user>;
    SQL> set time on
    17:21:01 SQL> set role none;
    Role set.
    17:21:23 SQL> @utl_http.sql
    17:21:34 SQL> DECLARE
    17:21:34   2  http_req utl_http.req;
    17:21:34   3  http_resp utl_http.resp;
    17:21:34   4  BEGIN
    17:21:34   5  http_req := utl_http.begin_request('www.yahoo.com');
    17:21:34   6  http_resp := utl_http.get_response(http_req);
    17:21:34   7  utl_http.end_response(http_resp);
    17:21:34   8  END;
    17:21:34   9  /
    PL/SQL procedure successfully completed.
    17:21:35 SQL> connect / as sysdba
    Connected.
    17:22:47 SQL> connect dbadmin/admindb
    Connected.
    17:23:06 SQL> @utl_http.sql
    17:23:22 SQL> DECLARE
    17:23:22   2  http_req utl_http.req;
    17:23:22   3  http_resp utl_http.resp;
    17:23:22   4  BEGIN
    17:23:22   5  http_req := utl_http.begin_request('www.yahoo.com');
    17:23:22   6  http_resp := utl_http.get_response(http_req);
    17:23:22   7  utl_http.end_response(http_resp);
    17:23:22   8  END;
    17:23:22   9  /
    PL/SQL procedure successfully completed.
    17:23:23 SQL> set role none;
    Role set.
    17:23:29 SQL> @utl_http.sql
    17:23:31 SQL> DECLARE
    17:23:31   2  http_req utl_http.req;
    17:23:31   3  http_resp utl_http.resp;
    17:23:31   4  BEGIN
    17:23:31   5  http_req := utl_http.begin_request('www.yahoo.com');
    17:23:31   6  http_resp := utl_http.get_response(http_req);
    17:23:31   7  utl_http.end_response(http_resp);
    17:23:31   8  END;
    17:23:31   9  /
    DECLARE
    ERROR at line 1:
    ORA-29273: HTTP request failed
    ORA-06512: at "SYS.UTL_HTTP", line 1130
    ORA-24247: network access denied by access control list (ACL)
    ORA-06512: at line 5
    17:23:31 SQL> above is from test user
    Below is from SYSDBA account
    SQL> set time on
    17:20:53 SQL> revoke execute on sys.utl_http to dbadmin;
    revoke execute on sys.utl_http to dbadmin
    ERROR at line 1:
    ORA-00905: missing keyword
    17:22:03 SQL> revoke execute on sys.utl_http from dbadmin;
    revoke execute on sys.utl_http from dbadmin
    ERROR at line 1:
    ORA-04020: deadlock detected while trying to lock object
    ACLiLZU+w09hR7gQAB/AQAjcw==
    17:22:32 SQL> /
    Revoke succeeded.
    17:22:52 SQL> Edited by: sb92075 on Jun 10, 2010 5:24 PM

  • When in Windows 7 (using bootcamp obviously) I am able to see my files in my Mac partition. When I try to access them I am told that I need permission from the administrator. How do I give myself permission to access files between the two partitions?

    When in Windows 7 (while using bootcamp) I am able to see my personal files in my Mac partition. When I try to access them I am denied access, it tells me that I need permission from the administrator. How do I give myself permission to access files between the two partitions, Mac/Windows7?

    When in Windows 7 (while using bootcamp) I am able to see my personal files in my Mac partition. When I try to access them I am denied access, it tells me that I need permission from the administrator. How do I give myself permission to access files between the two partitions, Mac/Windows7?

  • "Check that you have permission to write to the library directory." I had this error pop up when trying to access a iPhoto Library from Finder.

    The error, "Check that you have permission to write to the library directory." Displayed after trying to access a iPhoto Library from finder. The file is located on the local hard drive and was accessed not 5 minutes before the error displayed. Upon searching the forums I found a similar problem and the instructions said to check a permission box in the "Get Info" tab. There was no box visible and after clicking the arrow to open the "Open With" tab, the rainbow wheel started to spin and I could no longer access Finder or the desktop. I was deleting files trying to make space on my hard drive and noticed as I was deleting files more data was being added to the iPhoto Library. My question is how can I fix this and how can I prevent this in the future, thank you very much for any help, I would really like to keep these pictures.

    I found a similar problem and the instructions said to check a permission box in the "Get Info" tab.
    This applies only when the Library is on an external drive. You cannot ignore permissions on the system drive.
    I was deleting files trying to make space on my hard drive
    What were you deleting?
    and noticed as I was deleting files more data was being added to the iPhoto Library.
    Hard to see how deleting files can add data to the iPhoto Library. Can you explain why you thought this?
    I would really like to keep these pictures.
    Make a back up now.
    Most Simple Back Up:
    Drag the iPhoto Library from your Pictures Folder to another Disk. This will make a copy on that disk.
    Slightly more complex: Use an app that will do incremental back ups. This is a very good way to work. The first time you run the back up the app will make a complete copy of the Library. Thereafter it will update the back up with the changes you have made. That makes subsequent back ups much faster. Many of these apps also have scheduling capabilities: So set it up and it will do the back up automatically.
    Example of such apps: Chronosync - but there are many others. Search on MacUpdate or the App Store

  • ORA-24247: network access denied by access control list (ACL)

    Hi All,
    I am sending a mail thru OWB 11g ( and using database 11g) after successful or failure of process. My process is completing successfully but am not able to send mail. At the time of sending mail it is giving me error as below
    ORA-24247: network access denied by access control list (ACL)
    ORA-06512: at "SYS.UTL_TCP", line 17
    ORA-06512: at "SYS.UTL_TCP", line 246
    ORA-06512: at "SYS.UTL_SMTP", line 115
    ORA-06512: at "SYS.UTL_SMTP", line 138
    ORA-06512: at line 8
    I have created ACL using the following code
    BEGIN
    dbms_network_acl_admin.create_acl(acl => 'oramail.xml',
    description => 'Network permissions for mail.oracle.com',
    principal => 'OWF_MGR', is_grant => TRUE, privilege => 'connect');
    DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'oramail.xml',
    principal => 'OWF_MGR',
    is_grant => true,
    privilege => 'resolve');
    DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl => 'oramail.xml',
    host => '141.146.46.30');
    END;
    commit;
    where 141.146.46.30 is my mail server IP. I am still not able to send mail by OWB. Please let me know if I have missed any steps in this.
    Thanks.

    For Oracle Warehouse Builder 11g running in 11g dB you need to set the ACL for the OWBSYS user. For example:
    EXECUTE DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('acl_for_owb_cc.xml', 'ACL for Control Center', 'OWBSYS', TRUE, 'connect');
    For Oracle Warehouse Builder 10.2.0.4 running in 11g dB you need to set the ACL for the OWB repository owner. For example:
    EXECUTE DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('acl_for_owb.xml', 'ACL for OWB', 'MY_OWB_REPO_OWNER', TRUE, 'connect');"

  • I set up a new user on my network today and am now in a location without access to that network. I just set her up as a user on her macbook but I can't log in with her credentials. Is that because I am not on the network and it is the initial setup?

    I set up a new user on my network today and am now in a location without access to that network. I just set her up as a user on her macbook but I can't log in with her credentials. Is that because I am not on the network and it is the initial setup?

    You need to set the option to create a mobile account using the Directory Utility app. 

Maybe you are looking for