LDAP and everyone group
I am using wls version 5.1 with service pack 7. I still need to add all
users the the "everyone" group in order to be able to authenticate. I
thought this issue was resolved in the latest service pack. But I still
get an exception thrown if my user is not in "everyone" group. Does
anyone know what the status of this bug is? Is it resolved or not?
Here is the exception:
java.rmi.RemoteException: Security violation: insufficient permission to
access method
at
weblogic.ejb.internal.BaseEJBObject.preInvoke(BaseEJBObject.java:431)
at
com.itginc.webtrade.ejb.LoginBeanEOImpl.loginUser(LoginBeanEOImpl.java:143)
at
com.itginc.webtrade.ejb.LoginBeanEOImpl_ServiceStub.loginUser(LoginBeanEOImpl_ServiceStub.java:112)
at
com.itginc.webtrade.servlets.LoginServlet.service(LoginServlet.java:190)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:865)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:106)
at
weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:907)
at
weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:851)
at
weblogic.servlet.internal.ServletContextManager.invokeServlet(ServletContextManager.java:252)
at
weblogic.socket.MuxableSocketHTTP.invokeServlet(MuxableSocketHTTP.java:364)
at
weblogic.socket.MuxableSocketHTTP.execute(MuxableSocketHTTP.java:252)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:129)
Glen wrote:
>
I just encountered this error and deleted the 'everyone' group as a workaround.We authenticate with LDAP and WL always complained about not finding the group 'everyone'. The app worked fine but I thought I'd be a good guy and add the group to LDAP. Once I did, I got your error.Could the issue be that the 'everyone' group is OK but the permissions on the group deny access? I'm searching BEA to find out the expected permissions when I found your posting.I still need the expected permissions for the 'everyone' group.According to http://www.weblogic.com/docs51/admindocs/ldap.html#changes
.. you don't need to define the everyone group in any version after WLS 5.0
because of the introduction of the CachingRealm.
Similar Messages
-
Difference between Domain\Domain Users and Everyone Group in SharePoint
Hi,
In SharePoint 2013, is Everyone Group an AD group ? Please help with details.
Thanks
srabonHi All,
Domain Users, Authenticated Users, or Everyone
Domain Users
The Domain Users is the only real group of the 3 listed above. By that I mean you can add and remove members from this group. Domain Users is a Global Group in the domain, and it can only contain users that are members of same domain the Domain
Users group resides in. By default all users created in the domain are automatically members of this group. However, the default Guest account in the domain is NOT a member of Domain Users, instead it is placed in the Domain Guest group.
Because Domain Users is generally considered the most secure group of the three listed above.
Authenticated Users
Authenticated Users was first introduced in Windows NT 4.0 SP3. This is a built-in group and cannot be modified. The Authenticated Users group contains users who have authenticated to the domain or a domain that is trusted by the computer domain.
Authenticated Users contains all manually created user accounts in all trusted domains regardless of whether they are a member of the Domain Users group or not. Authenticated Users specifically does not contain the built-in Guest account, but will contain
other users created and added to Domain Guests.The Authenticated Users group also includes the local computer account (computername$) and the built-in SYSTEM account.
Everyone group
The Everyone group includes all members of the Domain Users, Authenticated Users group as well as the built-in Guest account, and several other Built-in security identifiers like SERVICE, LOCAL_SERVICE, NETWORK_SERVICE, etc. NULL session connections (aka
anonymous logon) used to be included in this group but were removed in Windows 2003. This is a built-in group that cannot be modified.Because the Everyone group contains the Guest account, and several other Built-in security identifiers like SERVICE,
LOCAL_SERVICE, NETWORK_SERVICE, etc. is generally considered the least secure of the three groups.
Short Answer is there isn't much to worry about unless folks are logging I with a guest account or you have removed a bunch of folks from the domain users group
-Ivan -
LDAP and Notes Group Security Authentication Troubles
First, my apologies if this is in the wrong forum, but after looking at the forum names a few times this seemed the most appropriate.
I have a PDF file that I would like to have access restricted to a certain group on my organization's directory server. I'm kind of the new guy here, so I'm not 100% certain on this, but I'm pretty sure that our setup is:
A Lotus Domino LDAP server storing the directory information in a Lotus Notes database. Each user has a Notes certificate stored on the server for authentication to various databases we have on our intranet.
I've entered the LDAP server information in the Security Settings... window in Acrobat, and I'm sure its correct as I can use the same information to browse the LDAP server with Softerra LDAP browser. There is no authentication required, but the server might restrict access based on domain; I'm not sure (shouldn't matter). Anyway, when I go to Manage Trusted Identities... then Add Contacts, then Search, I can never get any results to return.
I wish to only allow users in a certain group, CN=ALLOWED - GROUP, to have access to the PDF. I feel that there should be a way to accomplish this with the Notes certificates. Anyone know what I'm doing wrong or need to do?
If something I've said is wrong or unclear, I'd be happy to try again; this sort of thing isn't my forte.
Thanks in advance,
Mark> I guess the CA is the machine that's hosting the Lotus notes database
No, the CA is merely an "entity". It's your Certificate Authority, the master certificate used to sign and authenticate all subsidiary certificates. You are talking about setting this up as a PKI for signature validation and managed security, right? Or am I way off base with your workflow and leading you away from where you should be (if so, feel free to ignore me - lots of people do)?
Leonard is right though, for securing individual PDFs to a specific group you would need LiveCycle Rights Management ES. The security needs to be in the PDF itself otherwise its useless. Say you configure your security at an application level, as you are trying to do, and then someone copies the PDF to a USB key and takes it home. No longer on your network, so they can now freely open the document. -
RDBMSRealm, everyone group, guest user
Hi folks, I'm having some fun with the rdbms realm lately and have a few
questions.
We're using the RDBMSRealm example with form based auth under WLS 5.1 SP 9 and
have the following in web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>All Pages</web-resource-name>
<description>These pages are only accessible by all authorised xyz users.</description>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>These are the roles that have access</description>
<role-name>
xyz
</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>All application users</description>
<role-name>
xyz
</role-name>
</security-role>
which basically says that every page in the web-app requires a user to be in the
xyz role and does seem to work fine.
Now, what I'd like to do is to allow everyone to access one particular page
within the application (that is, this page does not require the xyz role). So
something like the following would be great.
<security-constraint>
<web-resource-collection>
<web-resource-name>Some Particular Page</web-resource-name>
<description>This page is accessible to everyeone.</description>
<url-pattern>/particular/page.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>everyone can get at this page.</description>
<role-name>everyone</role-name>
</auth-constraint>
</security-constraint>
However, this doesn't seem to work, I get redirected to the form based login
page and once I've logged in can get to the page that I'm hoping shouldn't
require a logged in user.
So I'm wondering about the xml syntax and semantics.
- What are the rules around specific and general mappings, like will a
more specific mapping be used before falling back to the general mapping?
- Are the mappings applied in order (first to last) and the first match
taken?
- Are the rules according to section 10 of the servlet spec applicable here?
Now my problem might also be the RDBMSRealm its self -- I'm also having some
problems with the everyone group and the guest user. If I remove the first
constraint above and only include the /particular/page.jsp constraint to the
everyone group things still don't seem to work right.
I can see the realm call getGroup("everyone") and getUser("guest) but both
calls return null, since these principals are not in our database
tables. However, if I hit http://localhost:7001/AdminRealm I do see a list of
all groups that our RDBMSRealm knows about and I also see the everyone group
which contains system and guest users and so I have more questions.
- Does CachingRealm fall back to the standard properties realm if it gets nulls
from the RDBMSDelegate?
- Does the everyone group include unauthenticated users (i.e. guest) as I'm
hoping?
I've tried adding an instance of weblogic.security.acl.Everyone to my
RDBMSDelegate class and checking if the call to getGroup is looking for
"everyone" in which case I return this instance but this doesn't seem to do
anything either. I also tried adding this everyone group to the list returned
by getGroups but that didn't help and I carried the idea through to getUser and
getUsers with a guest user but again no luck. I'm always forced to authenticate
before I can get to the page that should allow anyone (everyone) to see it.
Any help, ideas, advice, beer, etc. would be much appreciated!
Thanks,
DerekTHorner <[email protected]> writes:
RDBMSRealm, everyone group, guest user
Update-I've got it working.
AS well as the isMember change mentioned below I altered getPrincipal
for both the RDBMSRealm class
if(name.equals("guest")){return createUser("guest","guest");}
if(name.equals("everyone")){return new Everyone(this);}
and RDBMSDelegate
if(name.equals("guest")){return realm.createUser("guest","guest");}
if(name.equals("everyone")){return new
weblogic.security.acl.Everyone(realm);}
did something to RDBMSUser so that guest always authenticates
(alternatively you could put the guest user on the database, surely?)I did see various examples of the guest and everyone additions to the realm
code, but I also read some stuff that indicated that if the rdbms realm returns
null for these requests then the caching realm should fall back to the standard
properties realm which does have the guest user and everyone group defined.
With the debugging turned on this does seem to be what it does and the
guest/everyone code doesn't seem to be needed. I also checked the
http://localhost:7001/AdminRealm servlet and did see the everyone group with
system and guest users as part of it.
>
Allow guest access to the file servlet (otherwise they can't be sent any
HTML pages - my best guess would be that this is your problem).This was probably part of the problem, judging by the messages from the realm
debugging.
Also I altered weblogicURL.policy to allow 'everyone' access to the page
that was to be unrestricted - so I guess you should set
I hope this helps, if not (and you haven't already) turn on RDBMSRealm
debugging - eventually I found the information useful (in that it tends
to tell you what it has last been looking for, and the methods used)In the end, I found that specifying that the everyone group is required for a
particular resource didn't seem to work. Instead I protected the majority of my
application with a set of rules and left all other pages without any matching
rules and the guest user then seems to work ok.
The servlet 2.3 spec has an addition to the <role-name> tag which allows a * to
indicate all roles but this isn't in the 2.2 spec.
Thanks for the help!
Cheers,
Derek
>
terry
-----Original Message-----
From: THorner
I am working on something similar (although not in a war),
which isn't working yet, but I can tell you a couple of
things that I have come across.
-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of Derek
Scherger
Posted At: Mon 04 June 2001 22:13
Posted To: weblogic.developer.interest.security
Conversation: RDBMSRealm, everyone group, guest user
Subject: RDBMSRealm, everyone group, guest user
Hi folks, I'm having some fun with the rdbms realm lately and
have a few
questions.
We're using the RDBMSRealm example with form based auth under
WLS 5.1 SP 9 and
have the following in web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>All Pages</web-resource-name>
<description>These pages are only accessible by all
authorised xyz users.</description>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>These are the roles that have
access</description>
<role-name>
xyz
</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>All application users</description>
<role-name>
xyz
</role-name>
</security-role>
which basically says that every page in the web-app requires
a user to be in the
xyz role and does seem to work fine.
Now, what I'd like to do is to allow everyone to access one
particular page
within the application (that is, this page does not require
the xyz role). So
something like the following would be great.
<security-constraint>
<web-resource-collection>
<web-resource-name>Some Particular Page</web-resource-name>
<description>This page is accessible to
everyeone.</description>
<url-pattern>/particular/page.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>everyone can get at this page.</description>
<role-name>everyone</role-name>
</auth-constraint>
</security-constraint>
However, this doesn't seem to work, I get redirected to the
form based login
page and once I've logged in can get to the page that I'm
hoping shouldn't
require a logged in user.
So I'm wondering about the xml syntax and semantics.
- What are the rules around specific and general mappings, like will a
more specific mapping be used before falling back to the
general mapping?
- Are the mappings applied in order (first to last) and the
first match
taken?
- Are the rules according to section 10 of the servlet spec
applicable here?
Now my problem might also be the RDBMSRealm its self -- I'm
also having some
problems with the everyone group and the guest user. If I
remove the first
constraint above and only include the /particular/page.jsp
constraint to the
everyone group things still don't seem to work right.
I can see the realm call getGroup("everyone") and
getUser("guest) but both
calls return null, since these principals are not in our database
tables. However, if I hit http://localhost:7001/AdminRealm I
do see a list of
all groups that our RDBMSRealm knows about and I also see the
everyone group
which contains system and guest users and so I have more questions.
- Does CachingRealm fall back to the standard properties
realm if it gets nulls
from the RDBMSDelegate?
- Does the everyone group include unauthenticated users (i.e.
guest) as I'm
hoping?
I've tried adding an instance of weblogic.security.acl.Everyone to my
RDBMSDelegate class and checking if the call to getGroup is
looking for
"everyone" in which case I return this instance but this
doesn't seem to do
anything either. I also tried adding this everyone group to
the list returned
by getGroups but that didn't help and I carried the idea
through to getUser and
getUsers with a guest user but again no luck. I'm always
forced to authenticate
before I can get to the page that should allow anyone
(everyone) to see it.
Any help, ideas, advice, beer, etc. would be much appreciated!
Thanks,
Derek -
RDMBS - Creates two rows in table and adds to "everyone" group
I have got the RDBMSRealm (using the example code) working from a JSP and a new
user is persisted to my Oracle 8i users table. From the WLS console I can also
see this new user under my Group "Candidates". However it has also added this
user to the "everyone" group and I have two identical rows in my table. I can't
see where it picks up this "everyone" group. Any pointers would be appreciated.
Thanks.
I'm using WLS 6.1 sp2 under Windows 2K Prof."Roger Lee" <[email protected]> wrote:
>
I have got the RDBMSRealm (using the example code) working from a JSP
and a new
user is persisted to my Oracle 8i users table. From the WLS console I
can also
see this new user under my Group "Candidates". However it has also added
this
user to the "everyone" group and I have two identical rows in my table.
I can't
see where it picks up this "everyone" group. Any pointers would be appreciated.
Thanks.
I'm using WLS 6.1 sp2 under Windows 2K Prof. -
Regular expressions and capture groups
Hi everyone :)
Is there a way to override the default behaviour of capture groups in regular expressions? More specifically I want to override this:
"The captured input associated with a group is always the subsequence that the group most recently matched."
For example, if I have a string that is this:
* <comment one>
* <comment two>
<some text>
I have a pattern of the form "(.*)(/\\*.*\\*/)(.*)" which will match multi-line comments. I have also specified the flag DOTALL so that the predefined character class '.' matches over line-breaks.
If I apply this pattern to the above string I get comment two being captured, not comment one. This is because of the stipulation that I cited above.
I need to be able to capture only the first match, and prevent the capture group from being overwritten by more recent matches.
Is this possible? Any ideas?
Thanks in advance.
Kind regards,
Ben DeanyIs there a way to override the default behaviour of
capture groups in regular expressions? More
specifically I want to override this:No, but you don't need to.
I have a pattern of the form "(.*)(/\\*.*\\*/)(.*)"
which will match multi-line comments.Comment two is captured by the second group because comment one is eaten by the first group. Use the reluctant quantifier "*?" on the . in the first group instead of the greedy quantifier "*" to get what is apparently the behavior you want. Then the first group will contain nothing, the second group will contain comments one and two, and the third group will contain the following text.
.* is a very powerful thing to use. It will match everything in its path, guzzling text like moonshine at Mardi Gras. The only reason it doesn't match comment two as well is because then the expression as a whole would not match.
The parentheses surrounding the first and third groups are not needed (unless you want to use group methods on them too). -
To get the company code and country grouping attached to a position
Hi everyone,
I have a position and I need to get the company code and the country grouping that this position is attached to. Could you kindly suggest an FM or a class which would fetch the above data keeping in mind the inheritance tree. That is, if the company code is not maintained in HRP1008, then it should look for the same in the Org Unit that this position belongs to and so on..
Any help will be greatly appreciated.
Regards,
Alpana.Hi
Check the A011 relationship of the position and get the cost center, from cost center you can get the company code and country grouping from Cost Center Master CSKS.
~~~Ganesh Kumar K. -
Users added to Profile Manager not showing up in everyone group
So profile manager was working quite well until I made a change to the workgroup group.
I removed the password policy from the workgroup group and added a new group for the password policy so we could essentially still manage non user assigned iOS devices.
Now when I add a new user to the workgroup group on the server I have them login to the mydevices site so we can enroll the device and they can login but are immediately presented with:
"You do not have permission to access the page you were looking for. Contact your system administrator."
In troubleshooting the issue I noticed that new users being added are not showing up the in the everyone group which is preventing the users from having proper access. Prior to all this I could add a user and they would show up in everyone as intended.
Any thoughts?I'm not sure if this is the same issue, but I have a user in Server.app that is not showing up in Users group. She is listed in her sub-group, but I cannot add devices to her account. When I click on the arrow next to her name in the sub-group, it takes me to the Users list to the top user.
Any thoughts? -
Getting list of all users and their group memberships from Active Directory
Hi,
I want to retrieve a list of all the users and their group memberships through JNDI from Active Directory. I am using the following code to achieve this:
==================
import javax.naming.*;
import java.util.Hashtable;
import javax.naming.directory.*;
public class GetUsersGroups{
public static void main(String[] args){
String[] attributeNames = {"memberOf"};
//create an initial directory context
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://172.19.1.32:389/");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
env.put(Context.SECURITY_CREDENTIALS, "p8admin");
try {
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
//get all the users list and their group memberships
NamingEnumeration contentsEnum = ctx.list("CN=Users,DC=filenetp8,DC=com");
while (contentsEnum.hasMore()){
NameClassPair ncp = (NameClassPair) contentsEnum.next();
String userName = ncp.getName();
System.out.println("User: "+userName);
try{
System.out.println("am here....1");
Attributes attrs = ctx.getAttributes(userName, attributeNames); // only asked for one attribute so only one should be returned
System.out.println("am here....2");
Attribute groupsAttribute = attrs.get(attributeNames[0]); // memberOf
System.out.println("-----"+groupsAttribute.size());
if (groupsAttribute != null){
// memberOf is a multi valued attribute
for (int i=0; i<groupsAttribute.size(); i++){
// print out each group that user belongs to
System.out.println("MemberOf: "+groupsAttribute.get(i));
}catch(NamingException ne){
// ignore for now
System.err.println("Problem encountered....0000:" + ne);
//get all the groups list
} catch (NamingException e) {
System.err.println("Problem encountered 1111:" + e);
=================
The following exception gets thrown at every user entry:
User: CN=Administrator
am here....1
Problem encountered....0000:javax.naming.NamingException: [LDAP: error code 1 -
000020D6: SvcErr: DSID-03100690, problem 5012 (DIR_ERROR), data 0
]; remaining name 'CN=Administrator'
I think it gets thrown at this line in the code:
Attributes attrs = ctx.getAttributes(userName, attributeNames);
Any idea how to overcome this and where am I wrong?
Thanks in advance,
Regards.In this sentence:
Attributes attrs = ctx.getAttributes(userName, attributeNames); // only asked for one attribute so only one should
It seems Ok when I add "CN=Users,DC=filenetp8,DC=com" after userName, just as
userName + ",CN=Users,DC=filenetp8,DC=com"
But I still have some problem with it.
Hope it will be useful for you. -
Primary Group and Additional Group in Solaris 10
hi!
We've just freshly installed a Solaris 10 system. I'm very new in Solaris. There's something i noticed, and i'm not sure whether is that normal.
In the user screen in solaris management console, i notice that i'm not able to see the Primary group and additonal group list. What i can see is only the Primary group in ID format. I'm able to see it only the first time when i launch the Solaris management console or switch from one workplace to another. After right clicking on the user properties for the second time, it disappear and show only the primary group id in integer. On the left hand side of the screen, it says "The group cannot be listed. You can change the primary group 10 to another valid integer. Because of error or oversight, group membership cannot be found. You can enter a number for the primary group, but cannot choose from a list of groupnames. Also you cannot choose Seconday Group until the group info is available". "Check group files, NIS maps, or load for possible corruption. If you have not already populated appropiate files or maps, See administrator guide, Naming and Directory Services(DNS, NIS, LDAP) or docs.sun.com for LDAP see also Solaris Management console help, about the toolbox editor to manage LDAP"
Is that normal? What could be wrong here? Please advise. Thanks.hi! Anyone can provide advise on the issue i encountered?
-
Question about Everyone Group in SharePoint 2013
Hi,
I have couple of question about EVERYONE group below,
- As per the best practice which Group we should use instead of EVERYONE group in Sharepoint ?
- What is the difference between Everyone and All Authenticated Users Group
We have added Everyone Group in different sites, now the question is if we hide this group showing up in sharepoint people picker, is there any impact interms of current site?
- Is there any way we can hide Everyone group showing up in the people picker only for the site / Site Collection level.
Please help.
Thanks
srabonThere is no functional difference between the Everyone group and All Authenticated Users (after Active Directory has been upgraded to Server 2003 native schema).
I'm not aware of any function to hide the group from the People Picker.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Authentication against both LDAP and BI repository
I have a lot of user who are authenticated against LDAP. I need add few users who aren't exist in LDAP. I can create user in BI repository and if this user is in an Administrator group he is able to log in. But if this user isn't in an Administrator group he get error "Succesfull execution of intitializtion block LDAP is required". Is there any way how to authenticate users agains both LDAP and BI repository?
Hi,
why dont you create a group in ldap and add the correspondng users to that group.
You can configure the LDAP server with that group and try...
Hope it works...
Regards
Venkat -
Identity Service LDAP with dynamic grouping
Hi all,
We are developing an enterprise application with oc4j and bpel.
First we managed to handle user management with XML based JAZN tool.
After that,we managed to connect identity service with iPlanet LDAP server and get users and roles(with static groups defined.)
But our client wanted static and dynamic groups together in their LDAP server,because of the complexity of their current user base.
When we try this,we cannot get the roles that are assigned with dynamic groups.But we can get the roles that are statically defined.
We check the roles from the worklist application (integration/worklistapp... thing..) and we se the static groups where we cannot see dynamic one's.
There is a section in is_config.xml like:
<roleControls>
<property name="nameattribute" value="cn"/>
<property name="objectclass" value="groupOfUniqueNames"/>
<property name="membershipsearchscope" value="onelevel"/>
<property name="memberattribute" value="uniquemember"/>
<search searchbase="ou=Groups,dc=dummy,dc=com,dc=tr" scope="onelevel" maxSizeLimit="1000" maxTimeLimit="120"/>
</roleControls>
I think the property uniquemember has an effect in this situation but I cannot find any sample configurations using dynamic groups in LDAP.
Hope somebody has already done that..I find a solution here:
http://download.oracle.com/docs/cd/E15523_01/integration.1111/e10226/hwf_config.htm
I am currently using weblogic's defaultAuthentication to test BPM 11g.
I do not know if this approach works in production environment. -
Changing permission on "Everyone" group on "Users" folder to "No Access"
Hello Everyone,
I need help on changing permission on "Everyone" group on "Users" folder to "No Access" using a Terminal command line.
What i'm trying to do is assign "Everyone" group to "No Access" on "User" folder to restrict other users from going to users home folder on the computer.
Right now, when a user login he/she has the ability to view files that are not located in the documents folder
PS
Network is configured for OD/AD, home folder is located on Dell Server
Appreciate the help, Thanks very muchYou are running Oracle Linux and want to use a network volume provided by Windows 2008 to install Oracle Database.
Your problem is that you cannot set appropriate privileges on the mounted volume to perform the installation.
Is this correct?
If yes, then as far as I know, Windows file sharing is not support, even if you fix the permission issues. Your problem is the file system, which won't be Linux ext3. NFS might be supported, but I think it is not the best idea. Have you looked into iSCSI? It will allow you to mount remote disks using SCSI protocol. You could do pretty much everything with such a mounted disk that you can do with a locally attached drive, including initializing, but instead of using the local bus, it will use the TCP/IP network.
How to setup iSCSI on Windows Server 2008 (storage server)
http://technet.microsoft.com/en-us/edge/Video/ff710316
CentOS / Red Hat Linux: Install and manage iSCSI Volume
http://www.cyberciti.biz/tips/rhel-centos-fedora-linux-iscsi-howto.html
Edited by: Dude on Jun 23, 2011 12:08 PM -
Need info regarding Oracle UCM Accounts and Security Groups behaviour
Need information regarding Oracle UCM Accounts and Security Groups behaviour.
Oracle UCM version: 11.1.1.5.0
Steps:
1. Log in with "weblogic" user and created a content with id "content1"
2. Applied "@acc1(R)" and "TestGroup1" to the cotent created in step 1
3. Log out
4. Log in as "acc1user1", the user is not able to see the "content1"
5. Log out
6. Log in as "role1user1", the user is not able to see the "content1"
Account and Group information:
1. User "acc1user1" is part of "@acc1(R)"
2. User "role1user1" is part of "role1(R)" and is mapped to "TestGroup1" in UCM
Expected:
Both "acc1user1" and "role1user1" should be able to see "content1" as they have at least Read permission.
Please help me understand why the users are not able to see the content.ACLs, like Accounts, are optional security setting which may add on some extra functionality to mandatory security groups. Likewise, the resulting permission is taken as an intersection of SG and ACLs.
But in the second part the number of set of users is huge (approx say 600)I don't get this completely. Does this mean that those "sets of users" (users who see the same data) are distinct and that there is 600 of such groups?
If you read thoroughly the manual I sent earlier, there is a recommendation that there should be maximum 50 security groups, and you should use accounts, should this number be exceeded. This means you could have all the documents in one security group (and have one common role with Read permission), but combine it with accounts. ACLs are not a good choice here - their performance and manageability is much worse than of accounts. ACLs are primarily used if you expect security settings to change during the lifetime (e.g. a project manager adds temporarily rights to access an item to another user, and revokes it when the user finishes his or her work).
Note that accounts as well as permissions of users within accounts can also be mapped externally (from LDAP/AD) and it usually follows some kind of org chart.
I'd feel more comfortable not to speak about users, security groups, roles, etc., but about some real-life objects and scenarios.
Maybe you are looking for
-
How to update user status in CRM Order depending the delivery status in R/3
Hi All, In my scenario the partial delivery allowed to the customer while creating the CRM Order. But as per my requirement the status should be updated when the complete order and delivery takes place. Let me describe you clearly: Suppose I want
-
My Nook says "User not Activated" How do I fix this?
I recently downloaded Adobe Digital Editions to check out books from my local library. In Digital Editions, it says my Nook is authorized. I download a book and drag it to my Nook. When I open the book on my Nook it says "User Not Activated" How do I
-
How to unlock my iphone6?
I need help. I have bought two iphone6 for my girlfriend and myself. But I just travel at here, and the shop assistant told me I can use these two phone in my country so i paid them. But my friend tell me only 't-mobile sim free' phone could use in o
-
Hi there, I have a problem with displaying some nested XML data. I've tried quite a lot of different approachey to this, but just can't get it working properly. So here's the deal: I have an XML file (which is dynamically created from a servlet) of t
-
Which application should I use?? Any help would be great!!
I'm rather new to web-design, and I need some general guidance. I am looking at taking on a rather ambitious project for my company. I need to create a website that can do all of the following: Host online classes. These would be some sort of flas