Is it possible to assign an AD User to SQL Server Login with a defined set of SQL Server Roles?

Similar Messages

• Unable to push user profiles to AD groups with Profile Manager since upgrade to Server v3

  Since upgrading our OS X Mac server from 10.8.5 to 10.9.1, and OS X Server app to v3 (now 3.0.2) I have been unable to push or modify user profiles to AD groups (or AD users) using Profile Manager. This was working fine on OS X 10.8.5. Pushing device profiles is still working OK after the upgrade.
  From what I can see from the logs on the client side and server side, it seems related to a problem with the mdm authtoken.
  In the client console I can see this entry:
  27/01/14 14:30:15.844 mdmclient[38557]: *** ERROR *** [Agent:636102071] Unable to proceed with connection to: https://ourserver.ourdomain/devicemanagement/api/device/mdm_connect (com.apple.mdmconfig.mdm) because don't have valid MDM AuthToken
  On the server, in the php.log I can see the corresponding attempt to authenticate:
  1::Jan 27 14:29:50.930 [158] <192.168.28.171> {require_once (mdm_checkin.php:11)} vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv - PUT mdm_checkin
  0::Jan 27 14:29:50.931 [158] <192.168.28.171> checkin: 'UserAuthenticate'
  1::Jan 27 14:29:50.936 [158] <192.168.28.171> {Target_for_incoming_request (target.php:209)} Found target NETWORK LS: <User[156]@ourclientmachine>
  0::Jan 27 14:29:50.937 [158] <192.168.28.171> {LabSession_validate_auth_token (mdm_checkin.php:22)} Failed auth for target NETWORK LS: <User[156]@Device[1697]>, incoming_request={
  0::Jan 27 14:29:50.937 [158] <192.168.28.171>   'MessageType'=>'UserAuthenticate',
  0::Jan 27 14:29:50.937 [158] <192.168.28.171>   'UDID'=>'17aff5c5a40f51acbbd78023d0028c80',
  0::Jan 27 14:29:50.937 [158] <192.168.28.171>   'UserID'=>'A5EA25B7-7CCD-4EF4-B240-F23DED275EEC'
  0::Jan 27 14:29:50.937 [158] <192.168.28.171> }
  1::Jan 27 14:29:50.965 [158] <192.168.28.171> {SendFinalOutput (mdm_checkin.php:145)} Sent Final Output (407 bytes)
  1::Jan 27 14:29:50.965 [158] <192.168.28.171> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - /devicemanagement/mdm/mdm_checkin
  0::Jan 27 14:29:50.965 [158] <192.168.28.171> {SendFinalOutput (mdm_checkin.php:145)} Completed in 34ms | 200 OK [https://ourserver.ourdomain/devicemanagement/api/device/mdm_checkin]
  So I can see there is a failure to authenticate, but don't really know how to troubleshoot this further. Or maybe this is just a bug in the new server app?
  I have tried to remove and re-enroll clients in Profile Manager but no joy there.
  In the client's Keychain I can see an MDM user AuthToken linked to the correct user account.
  Thanks in advance for any help or suggestions

  I just wanted to update my post, as this issue for me is resolved.
  I uninstalled and reinstalled the Server.app on our Mac server, since then I've been able to push profiles to AD Users and Groups. I guess that in my case the Server app got into a bit of a mess when it was upgraded to v3.
  Now the next headache I have is that my AD Groups which are displayed in Profile Manager are not syncing any recent changes. I think I'm probably seeing the same issue as described in this post
  https://discussions.apple.com/message/25420919#25420919

• IT 0105 subtype 0001. Assign one System user to more than one person?

  Hello, Gurus!
  We are maitaining Hr master data (infotype 0105 - Communication, subtype 0001 - System User name). We have two person: person A and person B. Person A have communication with system user C. When we communicate person B with same system user C, we gettin error:
  "ID/number already used for person A".
  The time constraint is set to 3 (Record may include gaps, can exist more than once"
  Is it possible to assign one system user more than one person?
  This condition is checked by FM CHECK_USRID. We assume, what the result of this checking can be changed from "Error" to "Alert", if we will change one record in table T77S0:
  Current value:
  GRPID=MAIL
  SEMID=SAPSY
  GSVAL=0001
  Table record after modification:
  GRPID=MAIL
  SEMID=SAPSY
  GSVAL=0002 (or any digital value, which is iffer from "0001"
  Should we expect negative consequences of similar modification?
  Please, advice.

  Thanks for explanation.
  But there is a little moment, that I can not understand ((
  We check PAI module of CHECK_USRID (include MP010530, screen 2000) and find folowing fragment of ABAP code:
    CALL FUNCTION 'RH_GET_HR_USER_SUBTY'                       "YRAK040203
         EXPORTING                                                     "YRAK040203
               mandt                 = sy-mandt                     "YRAK040203
          IMPORTING                                                     "YRAK040203
               hr_subty              = hr_subty                         "YRAK040203
          EXCEPTIONS                                                    "YRAK040203
             SUBTYPE_NOT_AVAILABLE = 1                                "YRAK040203
               OTHERS                = 0.                               "YRAK040203
      IF p0105-usrty = hr_subty.                                        "YRAK040203
      MESSAGE E900 WITH  PA0105-PERNR.                           "YRAk028906
        MESSAGE e900 WITH object_found double.                     "YRABEWERBER
      ELSE.                                                                  "YRAK040203
      message W900 with pa0105-pernr.                                 "YRAK040203
        MESSAGE w900 WITH object_found double.                     "YRABEWERBER
      ENDIF.                                                                 "YRAK040203
  where p0105-usrty=0001 and hr_subty is equivalent field GSVAL=0001 in table T77S0. In other terms, when we are
  maitain subtype 0001, the first condition (marked bold) is always executed.
  For what the "else" condition is used, if it never be executed? If we will change value GSVAL from 0001 to 0002, theoretically, we will get "warning" instead "error", because p0105-usrty = hr_subty=false and code MESSAGE w900 WITH object_found double will be executed.
  Any ideas?
  Regards.

• How to check which license is assign to current user?

  Hi all,
  I want to fire some action when a CRM user click on my sdk program but if a Prof user click on it, other action will be fire. May I know how to do it?

  Hi,
  I don't know the programming part how to access the information, but which licence is assigned to which user is stored in the file B1Upf.xml on the licence server.
  HTH, Sandra

• Is it possible to assign user-defined data elements to table control?

  Hi SDN,
  Is it possible to assign a user defined data element other than basic data types in table control column.

  Hi Suresh,
  In Screen layout,In element list tab,i am not able to give the user-defined data types other than basic data types?please tell me how to give other data types

• 'Business Partner Assigned to the User' Access Sequence don't work

  Hello.
  I use access sequence 0008 (Business Partner Assigned to the User) in my Partner determination procedure. But it doesn't work. Corresponding Partner field in service document is empty. But I need that BP linked with logon user filled it.
  I've made the same settings on another incstanse of SM and it's work. And what the difference between I don't understand.
  Edited by: Dmitry Udot on Feb 13, 2011 2:31 AM

  Sorry, but I don't quite get it.  My purpose is to have 9 policies all working all the time (they did at in one version of firmware).  I don't care about time entries for these.  All 9 policies are full of keywords and websites to block webpages related to porn to one degree or another.  The 10th policy is time-based to prevent internet access altogether for one or two computers through the wee hours of the morning.  This, all in leu of having no parental controls.
  Again, it would help if there was more detailed documentation on how this all works.  This is the first I am aware that time settings in one policy could affect or impede the operation of other policies.  How am I supposed to know this?
  In any case, I appreciate your assistance and looking into this for me.  But can you now tell me how to make it work so the policies will work as I want - the first 9 around the clock all the time, and the 10th one only from 1:30 am to 8:00 am (every day).  Please instruct me on how I am supposed to configure this to work, and what specific settings I am supposed to enter... if it is even possible.  Or is there another way of accomplishing this on my WRT54G (Rev. 2) product?  Thanks.
  Perry

• Error message "Solution not assigned to this user"

  After creating the data source, I'm trying to create a report in  SDK sandbox solution.
  As I'm not a keyuser, it is going to the ByD center and asking for user id / password.
  I even tried to assign WoC View also to a user.
  When I tried with different user ids given to me by SAP, I'm getting the same error.
  Let me know  the steps to assign a solution in ByD center for report creation from ByD SDK
  - Ravi ,

  Hi Ravi,
  as I already told Lynn, this will only be possible in a global solution.
  The reason is the following:
  You can create yourself multiple sandbox solution. So if you now to multiple changes with key user tools in the frontend for different sandbox solutions, in the end you won't know which change was made for which sandbox solution as these changes won't appear in your list of solution entitities in the ByDesign studio.
  Therefore: Changes with the key user tools can only be made for the global solution.

• SPML: search the roles assigned to a user and add others to him

  Hi,
  as in the subject i'm trying to create a method in idmClient to search the roles assigned to a user and then add some other (one or more).
  How can i implement the search/filter of the available roles assigned to a user?
  Thanks in advance,
  Gentjan

  coocooche wrote:
  Hi,
  as in the subject i'm trying to create a method in idmClient to search the roles assigned to a user and then add some other (one or more).
  How can i implement the search/filter of the available roles assigned to a user?I already find how to do it. I have to asked another question about SPML: is there any way to add new roles without searching the old ones?
  In other words i implemented a method that:
  1) search the roles assigned to a user and copy it to a List
  2) add to the List of the old roles, the new ones.
  Is it possible just to add the new roles without doing a search of the old ones? In this way the performance is better.
  Thanks in advance,
  Gentjan

• How to assign iView to user.

  Hi All
  How do we assign iView to Role or Users.
  Thanks...Suresh

  It is not possible to assign an iView directly to a user. Only roles can be attached to users. This can be done by going to User administration on the Portal.
  Select the user name using the search functionality, navigate to 'Assigned roles' and attach the same there.
  Conversely, it is also possible to search for the role name and navigate to 'Assigned users' and attach the user there.
  Hope this helps.
  Sudha
  Message was edited by: Sudha Mohan

• Events assignment to particular users in LMS 4.2.2

  Hi,
    Is it possible to assign events that are raising in LMS to particular users .
  Is it possible to track the events in LMS 4.2

  Hi ,
  You need to define operations and collector to achieve your goals.
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/ciscoworks_lan_management_solution/4-2/navigation/Guide/lms42_nav_guide/ipmtask.html#wp1076863
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/ciscoworks_lan_management_solution/4-2/user/guide/lms_monitor/lms_mnt/mnt-adhocdvmg.html
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/ciscoworks_lan_management_solution/4-2/user/guide/lms_monitor/lms_mnt/mnt-collectors.html
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/ciscoworks_lan_management_solution/4-2/user/guide/lms_monitor/lms_mnt/mnt-operations.html
  Thanks-
  Afroz
  **Ratings Encourages Contributors ***

• APP-FND-01929: This responsibility has already been assigned to this user

  Dear All,
  While adding a new responsibility in the User Screen, I am getting the following Error:
  APP-FND-01929: This responsibility has already been assigned to this user. Please eneter a different responsibility.
  But in the list of responsibilities this particular responsibility is not added before..
  What will be the cause of this problem..
  How can I overcome this situation.. Please update...
  Many Thanks in advance.....

  Hi,
  As per your other thread, I believe you have restored couple of tables from your backup and this is not supported. In order to have everything running properly, then a full database restore should be done.
  Unable to login to application..
  Unable to login to application..
  Regards,
  Hussein

• No portal roles are assigned for this user.If this problem persists, contac

  I am trying to access portal first time using j2ee_admin user. It is saying "No portal roles are assigned for this user.If this problem persists, contact your system administrator."
  iam using abap+java enginee how config in abap enginne ,iwant which role to assign  j2ee_admin  user
  i already asiigned sap_j2ee_admin,SAP_BC_JSF_COMMUNICATION,SAP_BC_JSF_COMMUNICATION_RO   but it show same problem
  please help me..
  Edited by: Mugala Balu on Aug 7, 2010 5:53 PM
  Edited by: Mugala Balu on Aug 8, 2010 7:48 AM

  Balu,
  Well this issue has been discussed many a times in forums. You would have to point your data source to ABAP system.
  Check this thread in [here|J2EE Failed to start  , after changing UME datasource;.
  Good Luck!
  Sandeep Tudumu

• How can we see previleges assigned to all users using database query

  I am using the follwoing query to see previleges assigned to all users , but the suprising thing is that it shows GP_APP_ID as null for a large number of user , even though in discoverer administrator I can see the previleges assigned to those users. I do not understand why it does that. Can someone please help so that I can see the previleges of all users
  select unique EU_USERNAME, decode (GP_APP_ID ,1000, 'Desktop / Plus Privilege (U)',
  1001, 'Create / Edit Query (U)',
  1002, 'Item Drill (U)',
  1003, 'Drill Out (U)',
  1004, 'Grant Workbook (aka Sharing) (U)',
  1005, 'Collect Query Statistics (U)',
  1006 ,'Admin Privilege (A)',
  1007, 'Set Privilege (A)',
  1008, 'Create / Edit Business Area (A)',
  1009, 'Format Business Area (A)',
  1010, 'Create / Edit Summaries (A)',
  1011, 'Not used as far as can be determined',
  1012, 'Schedule (U)',
  1013, 'User is never required to schedule workbooks (U)',
  1014, 'Save workbooks to database (U)',
  1015, 'Managed scheduled workbooks (A)',
  1016, 'to 1017 Not used as far as can be determined',
  1018, 'Change Password',
  1019, 'to 1023 Not used as far as can be determined',
  1024, 'Create Link (U))') from
  EUL5_ACCESS_PRIVS A,
  EUL5_EUL_USERS U
  where A.AP_EU_ID=U.EU_ID
  order by EU_USERNAME
  thanks

  Hi,
  This is probably because the business area security is stored in the same table. So you will probably find that where GP_APP_ID is null then GBA_BA_ID holds the value of the business area. You should change your query to just select where GP_APP_ID IS NOT NULL.
  Rod West

• Is it possible to assign a default value to an out parameter??

  Is it possible to assign a default value to an out parameter??
  Thanks in advance.

  pradeep.vupala wrote:
  I think ur looking for an IN OUT parameter?That won't help.
  A quick test is easy to check what happens :
  SQL> create or replace procedure myproc(p_out out number default 1)
    2  as
    3  begin
    4  null;
    5  end;
    6  /
  Warning: Procedure created with compilation errors.
  SQL> show err
  Errors for PROCEDURE MYPROC:
  LINE/COL ERROR
  1/18     PLS-00230: OUT and IN OUT formal parameters may not have default expressions
  SQL> create or replace procedure myproc(p_out in out number default 1)
    2  as
    3  begin
    4  null;
    5  end;
    6  /
  Warning: Procedure created with compilation errors.
  SQL> show err
  Errors for PROCEDURE MYPROC:
  LINE/COL ERROR
  1/18     PLS-00230: OUT and IN OUT formal parameters may not have default expressions
  SQL>

• How to get the list of roles assigned to a user in all the child systems

  how to get the list of roles assigned to a user in all the child systems from CUA SYSTEM

  Try transaction SUIM in your CUA system. Go to user, cross-system information, users by roles. If you run it wide open, you'll get all users and all roles assigned for all systems managed in your CUA.
  Krysta