Letting other users see my objects

Suppose I have USER-A which has objects like tables, triggers, procedures and jobs and I want USER-B to have READ-ONLY access to these objects.
What is the best way in doing it, assuming they are in different schemas? Recall that you can only grant select on tables, but how about triggers/procs/jobs?

but i don't want USER-B to execute/tamper the procedure - just look at its code.Why can't user B just look at the code by viewing the script in your source control repository?
Cheers, APC

Similar Messages

How to let other users use my customization?

Hello,
I have a few nice dynamic pages with bind variables.
I use the user PORTAL to customize my bind variables, but what I customize is not for other users, they see the result of the default bind variables.
Surely there is a way to set the customization from a designer for the whole comunity. My question is how to pull that off.
Thanks for any information in advance.
Kind Regards,
Arnoud M. Barth

Hi,
You can set customizations at the system level by clicking on the edit defaults link of the portlet. This changes the default values of the portlet. In 309 or release 1 clicking on the edit page will show you the edit defaults link on the right hand corner of the portlet. In case of 902 or release 2 each portlet has a actions icon. Clicking on that will bring you a list of actions you can perform on a portlet. You will have "Edit Defaults" link here.
Thanks,
Sharmila

How can i let other user not to open a subVI

i have created a SubVI function in my Program, and i don't want the other users to open it and see what in it.
the question is, can i do that?
thank you
Rani

Open your SubVI, right click on the icon, select VI Properties and then under Security you can lock your block diagram.
Regards
Ken

How do I let other users on my MacBook Pro update apps that I've downloaded?

I recently left a position as an IT at a school district where I was put in charge of all Mac products district wide. Most of the important apps, such as Apple Configurator or Remote Desktop, were downloaded using a district Apple ID, but many of the apps downloaded (regrettably) were through my own personal Apple ID. Is there a way to allow other accounts on the computer to update these apps without my Apple ID and password? If not, is there a way we can at least re-download those apps via the district Apple ID and transfer the data to that one? Running Mac OS 10.8.5 on a mid 2011 MacBook Pro. Thanks in advance for any help.

That's a lot of travel. Hope she's a hottie!!! But I'll skip the poutine. Not one of my favorites. Been to Whistler in the summer, and the skiing isn't all that good. Not enough sand.

In po my doc type,other users can't do me21n&me22n but they see in me23n

i have created my own document type in po, that document use for me only not other users but other users can see(me23n) display mode but can't do me21n & me22n with my own document type, this option is there in sapmm plez explain
thank u

HI,
For achieving this you have to restrict the authorization for other users in authorization object M_BEST_BSA.
Regards,
Bharat.

After transport changes are not reflecting to other users

HI all it's urgent
One user abcd who had made some changes to some screens is not reflecting to other users after transport we have 2 clients 100 and 200 changes are reflecting in own user id we transported with scc1 transaction
with regards
vinod

I am not a developer, so pardon me if I misunderstood this question. I thought screens and other repository objects are client independent. That means the change should be evident in all clients without a need to transport.
Is this to do with security by any chance ( though it seems unlikely )? Can the other users see the change in the original client in which the request was made? That should help you determine whether the problem lies with the transport or outside. Also you can check the contents of the transport in SE01 and see if it holds the kind of data that you are expecting it to. I am guessing you have already generated the screen after saving the changes.
Hope this helps,
Sanket

How to restrict a schema owner from granting privileges to other users.

How can we restrict a schema owner from granting privileges to other users on his objects (e.g. tables). Lets say we have user called XYZ and he has tables in his schema TAB1, TAB2 an TAB3. How can we restrict user XYZ from granting privileges on TAB1, TAB2 and TAB3 to other users in the database. Is it possible in Oracle 10g R2? Any indirect or direct way to achieve this? Please help on this.
Thanks,
Manohar

Whenever someone is trying to prevent an object owner from doing something, that's generally a sign of a deeper problem. In a production database, the object owner shouldn't generally have CREATE SESSION privileges, so the user shouldn't be able to log in, which would prevent the user from issuing any grants.
As a general rule, you cannot stop an object owner from granting privileges on the objects it owns. You can work around this by creating a database-level DDL trigger that throws an exception if the user issuing the statement is XYZ and the DDL is a GRANT. But long term, you probably want to get to the root of the problem.
Justin
Edited by: Justin Cave on Nov 6, 2008 9:52 PM
Enrique beat me to it.

Veriface let other's face logged in to my laptop

Hi,, I have just bought Lenovo Ideapad G460 last month but i started to use veriface software several days ago.
I didnt find any problems with the software but when my bro try to use his face into veriface, then veriface let him enter my laptop.
So veriface let other user's face enter my laptop while I know it shouldnt be.
Could anyone please kindly help me regarding this?
Thanks

hey N-gie,
i would suggest playing with settings on the veriface software. i'm speculating that the reason why your brother could unlock your unit with your face, might be that his physical trait such as lip shape, position of eyes; etc is nearly the same as yours.
i have seen Veriface open for identical twins before.
anyway, go here : http://consumersupport.lenovo.com/us/en/DriversDownloads/drivers_list.aspx?CategoryID=880973
and install the latest version of veriface
WW Social Media
Important Note: If you need help, post your question in the forum, and include your system type, model number and OS. Do not post your serial number.
Did someone help you today? Press the star on the left to thank them with a Kudo!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
Follow @LenovoForums on Twitter!
Have you checked out the Community Knowledgebase yet?!
How to send a private message? --> Check out this article.

SQL Developer and Blocking View of Other Users' Objects

I am using SQL Developer in a classroom environment. My student users can “see” Other Users objects. They cannot modify, but none the less can see the structure and data.
I only want the users to be able to see their own objects. Is there a privilege that needs to be revoked? (In using SQL Plus command line, this was not a problem.)
Thanks.
-Karen

Karen,
From sysdba account (sys/system). Run following and verify for that particular user grant is revoked. May be exit from sql developer and log back in or refresh view.
YOu can also potenially revoke all the privs from all non admin uses i.e.r even connect/resource roles and grant them back.
revoke select any table from yourschemaname;
revoke connect from schemaname;
revoke create session from schemaname;
revoke resource from schemaname;
Then just grant privs as need basis
grant connect to schemanme;
grant resource to schemaname;
grant create session to schemaname;
..Regards
Edited by: OrionNet on Jan 23, 2009 2:01 PM

Not able to see other users change list in IR/ID

Hi All,
I need to perform the CTS+ transports in PI 7.1 and when ever i am going to change list tab apart from my user id i am not able to see any other user id to transfer the objects to my id
Is some setting is missing or some role we need to assign.
Appreciate your reponse on this.
Thanks
Ankur

Hi Anku,
Have a look on this doc [Limit Authorization PI Content objects.pdf|http://www.sdn.sap.com/irj/scn/events?rid=/library/uuid/a005629b-c063-2910-0fb8-f57dc68abaca], and/or contact your basis team who manages the user roles...
The same in [e-learning|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40457bb0-c663-2910-85ad-f5f42edb715a].
just in case of... for ESR authorization, you have this one [How To Setup Profile Based Authorization In ESR Using PI 7.1 EHP1|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/50a3efb4-57a1-2d10-a6b9-fed6d21799f8?QuickLink=index&overridelayout=true]
Else... a stupid question:
in "change list" tab, have you click on the "filter" button to be able to select "User = All" ?
and then to do your transfer...
Regards.
Mickael
Edited by: Mickael Huchet on Feb 14, 2012 9:24 AM

Filter "Other users" to only show schems that have objects

I searched thru the forum, but didn't see this request anywhere. It would be nice to have a preference to only display "Other Users" who actually own objects in their schema.
In TOAD, there's a preference like this under Schema Browser->Data. Their preferences are:
* Show all users
* Only show users that own objects
* Only show users that own objects excluding Synonyms
* Only show users that own objects excluding Synonyms and Temporary Tables
This would be really useful for me, as our database has a ton of users that have no objects. :-)
Thanks for a cool product that works on my Mac!
--Leif

It is great to have this feature, but at our site it is VERY slow - so much so that I thought that SQL Developer had hung.
I assume that when this option is selected, the query is doing something like select distinct owner from all_objects and when the option is not selected it is querying user_name from all_users?
It takes only about a second to display our list of appoximately 1800 users (unsorted at the moment :( ) and it took 95 seconds to filter that list to the 235 users that have visible objects (we have ~ 240000 records in all_objects).
On another point, selecting this option effectively removes an already saved filtered user if it doesn't have any available objects. This seems to include checking against schemas with availble objects when expanding the "Other Users" node, which now takes significantly longer than when this option is not set - taking 60 seconds to expand the node which is filtered to just eight schemas out of the 235 with available objects.
Going back to the Other Users Filter to switch off this option appears to simply hang SQL Developer for the ~ 90 seconds that it takes to query the list of schemas with available objects.
I don't know whether it is possible to do something about this sort of performance, but with the performance I am getting at the moment, I won't be using this functionality.

Convergence problem -- users seeing other users' mailboxes

Hello, all!
We seem to be having rather a shocking problem with Convergence -- in certain rare circumstances, people logging in to Convergence sometimes end up with other people's mailboxes instead of their own.
Today, we had another of such incidents reported to our helpdesk -- after the issue was passed to my division, I decided to visit the affected user's desktop to see who they were logged in as, plus some particulars from cookes that Convergence uses, thinking that it may be related to a recent patch we received as a response from a Sun Support ticket filed about a similar incident. Afterwards, I went back to the server and started reading logs to see if I could pinpoint the root cause of what happened.
Note that these logs have been sanitized -- <INCORRECT_USER> represents the username of the mailbox that the affected user saw instead of their own, <AFFECTED_IP> represents the IP address of the affected user's IP address, and <PREVIOUS_IP> represents the IP address of the user trying to access their mailbox that was seen by the affected user as well. (The IPs are not the same and are not in the same subnet.)
So, from our Glassfish domain's access logs:
"<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:04:37 -0600" "GET /iwc/svc/wmap/msg.mjs?rev=3&sid=&mbox=INBOX&uid=457&process=html%2Cjs%2Clink%2Ctarget%2Cbinhex&maxtext=155000&security=false&lang=en&token=KZc9jnOair&dojo.preventCache=1289322277283 HTTP/1.1" 200 6184
That was the last access from the affected user's IP address before the incident begins -- this is just to show that they didn't log out. Then:
"<PREVIOUS_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:19:06 -0600" "GET /iwc_static/layout/login.html?lang=en-us&14.01_234924&svcs=abs,im,mail,calendar,c11n HTTP/1.1" 200 5095
...the other user visits the login page to try and log in. (I'll spare everyone the accesses to the preloading of Convergence's UI images. =) After a while, the other user attempts to log in and is successfully sent to main.html:
"<PREVIOUS_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:19:11 -0600" "POST /iwc/svc/iwcp/login.iwc HTTP/1.1" 200 312
"<PREVIOUS_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:19:11 -0600" "GET /iwc_static/layout/main.html?lang=en&14.01_234924& HTTP/1.1" 200 8856
However, out of the blue:
"<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:19:11 -0600" "POST /iwc/svc/iwcp/login.iwc HTTP/1.1" 200 312
"<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:19:11 -0600" "POST /iwc/svc/wmap/cmd.mjs HTTP/1.1" 200 17
...the affected user tries to log in as well, then ask the AJAX cmd process to do something. The affected user mentioned that they usually stay connected to Convergence and just reopen a browser window when they need to check their mail. This seems consistent -- main.html probably prompted the affected user to retype their password to continue on after the previous commmand above failed after an expired session after they closed their browser window.
Now, according to Convergence's iwc.log:
AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-36 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:06,582- SSO is disabled
AUTH: DEBUG from com.sun.comms.client.web.auth.IwcAuthController Thread httpSSLWorkerThread-443-36 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:06,583- No valid session found, redirecting to login page
AUTH: DEBUG from com.sun.comms.client.web.auth.IwcAuthController Thread httpSSLWorkerThread-443-36 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:06,584- Redirecting to: /iwc_static/layout/login.html?lang=en-us&14.01_234924&svcs=abs,im,mail,calendar,c11n
The other user visits the site and is redirected to login.html, then...
AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,410- SSO is disabled
PROTOCOL: DEBUG from com.sun.comms.client.protocol.ProtocolEngineServlet Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,411- Iwc Protocol command issued: login.iwc
AUTH: WARN from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,413- Subject not found in session, creating one
AUTH: DEBUG from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,414- Loaded com.sun.comms.client.security.auth.AppCallbackHandler class
AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,416- SunLDAPLoginModule:initialize()
AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,504- SunLDAPLoginModule:login()
AUTH: INFO from com.sun.comms.client.security.auth.modules.impl.SunAuthCallBack Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,506- User LoginID is <INCORRECT_USER>
AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunAuthCallBack Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,508- Host header is connect.siue.edu
AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunAuthCallBack Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,510- Attempting to resolve User's domain/organization: siue.edu from the host header...
AUTH: INFO from com.sun.comms.client.security.auth.modules.impl.SunAuthCallBack Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,511- User domain is siue.edu
AUTH: DEBUG from com.sun.comms.client.security.auth.AppCallbackHandler Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,513- Done Handling Callback class: com.sun.comms.client.security.auth.modules.impl.SunLDAPAuthCallBack
AUTH: DEBUG from com.sun.comms.client.security.auth.AppCallbackHandler Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,514- Done Handling Callback class: com.sun.comms.client.security.auth.AuthorizationIdCallback
AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,516- SunLDAPLoginModule:lookupUser()
AUTH: INFO from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,517- Loaded UG LDAP pool...
AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,521- Releasing UG LDAP to pool
AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,523- Loaded Auth LDAP pool...
AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,527- Releasing Auth LDAP to pool
AUTH: INFO from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,529- SunLDAPLoginModule:User <INCORRECT_USER> Authenticated
AUTH: INFO from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,533- Loading user entry from LDAP
...the other user successfully logs in (using an external Sun-based LDAP server), then starts asking the LDAP server for their Convergence preferences.
AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,535- Creating Comms User.....
AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,537- Creating new User
(That's interesting...)
AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,539- Login id of the user is <INCORRECT_USER>
AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,541- Domain name of the user is siue.edu
AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,544- Org DN of the user is o=siue.edu,o=usergroup
AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,546- Real domain name of the user is siue.edu
AUTH: INFO from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,548- User entry loaded successfully
AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,550- Updating user cache with default attribute values
AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,552- Updating user cache common preference with default values
AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,555- Processing AttrName: sunUCDefaultApplication
AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,557- Preference Attribute : sunUCDefaultApplication is not present in user cache
And intermixed with the loading of preferences for the other user...
AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,666- SSO is disabled
PROTOCOL: DEBUG from com.sun.comms.client.protocol.ProtocolEngineServlet Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,667- Iwc Protocol command issued: login.iwc
AUTH: WARN from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,669- Subject not found in session, creating one
AUTH: DEBUG from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,671- Loaded com.sun.comms.client.security.auth.AppCallbackHandler class
AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,674- SunLDAPLoginModule:initialize()
AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,676- SunLDAPLoginModule:login()
AUTH: INFO from com.sun.comms.client.security.auth.modules.impl.SunAuthCallBack Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,678- User LoginID is <INCORRECT_USER>
...there's the affected user trying to log in -- and getting the same username as the other user!
AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-32 ipaddress=<AFFECTED_IP> sessionid=0fabb5152fbab756c5ef6cdb2c1d at 11/09/10 11:19:14,933- SSO is disabled
AUTH: DEBUG from com.sun.comms.client.web.authorization.MailAuthorizationFilter Thread httpSSLWorkerThread-443-32 ipaddress=<AFFECTED_IP> sessionid=0fabb5152fbab756c5ef6cdb2c1d at 11/09/10 11:19:14,935- Removing token parameter from the mail backend service request
PROXY_MAIL: DEBUG from com.sun.comms.client.web.services.sun.MailServiceProxy Thread httpSSLWorkerThread-443-32 ipaddress=<AFFECTED_IP> sessionid=0fabb5152fbab756c5ef6cdb2c1d at 11/09/10 11:19:14,938- reqURI: /iwc/svc/wmap/cmd.mjs
The affected user (seeing that they have less to load) tries to send the command referenced above. Note their session ID...
AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-37 ipaddress=<PREVIOUS_IP> sessionid=1a60d56c1deb585e05bf126aa4fe at 11/09/10 11:19:15,740- SSO is disabled
PROTOCOL: DEBUG from com.sun.comms.client.protocol.ProtocolEngineServlet Thread httpSSLWorkerThread-443-37 ipaddress=<PREVIOUS_IP> sessionid=1a60d56c1deb585e05bf126aa4fe at 11/09/10 11:19:15,831- Iwc Protocol command issued: get_allprefs.iwc
PROTOCOL: WARN from com.sun.comms.client.protocol.delegate.UserPrefsCommandDelegate Thread httpSSLWorkerThread-443-37 ipaddress=<PREVIOUS_IP> sessionid=1a60d56c1deb585e05bf126aa4fe at 11/09/10 11:19:15,834- get_allprefs.iwc : Service is not enabled : smime
CONFIG: DEBUG from com.sun.comms.client.web.ServerConfiguration Thread httpSSLWorkerThread-443-37 ipaddress=<PREVIOUS_IP> sessionid=1a60d56c1deb585e05bf126aa4fe at 11/09/10 11:19:15,837- Virtual domain is enabled
PROTOCOL: WARN from com.sun.comms.client.protocol.delegate.agent.ClientOptionsAgent Thread httpSSLWorkerThread-443-37 ipaddress=<PREVIOUS_IP> sessionid=1a60d56c1deb585e05bf126aa4fe at 11/09/10 11:19:15,839- client preferences not found for domain: siue.edu
...and how it's completely different from the other user's session ID. (One odd note -- the other user's browser asks for get_allprefs.iwc, but the affected user's browser doesn't until much later when, after seeing the incorrect mailbox, tried to rectify the problem by closing their browser and revisiting the domain, which bounced them off to main.html since they (apparently) had a valid session:
From Glassfish's access logs:
"<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:24:48 -0600" "GET / HTTP/1.1" 200 279
"<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:24:48 -0600" "GET /iwc/ HTTP/1.1" 302 0
"<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:24:48 -0600" "GET /iwc_static/layout/main.html?lang=en-us&14.01_234924 HTTP/1.1" 200 8856
And from Convergence's iwc.log:
AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-36 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:50,928- SSO is disabled
AUTH: DEBUG from com.sun.comms.client.web.auth.IwcAuthController Thread httpSSLWorkerThread-443-36 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:50,934- Found a valid session, redirecting user to the main view page
PROTOCOL: WARN from com.sun.comms.client.protocol.delegate.agent.ClientOptionsAgent Thread httpSSLWorkerThread-443-36 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:50,952- client preferences not found for domain: siue.edu
AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-37 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:51,947- SSO is disabled
PROTOCOL: DEBUG from com.sun.comms.client.protocol.ProtocolEngineServlet Thread httpSSLWorkerThread-443-37 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:51,949- Iwc Protocol command issued: get_allprefs.iwc
PROTOCOL: WARN from com.sun.comms.client.protocol.delegate.UserPrefsCommandDelegate Thread httpSSLWorkerThread-443-37 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:51,951- get_allprefs.iwc : Service is not enabled : smime
CONFIG: DEBUG from com.sun.comms.client.web.ServerConfiguration Thread httpSSLWorkerThread-443-37 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:51,952- Virtual domain is enabled
PROTOCOL: WARN from com.sun.comms.client.protocol.delegate.agent.ClientOptionsAgent Thread httpSSLWorkerThread-443-37 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:51,954- client preferences not found for domain: siue.edu
(Again, what's odd is that the JSESSIONID changes again.)
I thought initially that it may be a pooling problem, so I decided to check out the logs for the Sun ONE Directory Server that this instance of Convergence is connected to and:
[09/Nov/2010:11:19:14 -0600] conn=407075 op=22106 msgId=86900 - SRCH base="o=siue.edu,o=usergroup" scope=2 filter="(uid=<INCORRECT_USER>)" attrs="* isMemberOf"
[09/Nov/2010:11:19:14 -0600] conn=407075 op=22106 msgId=86900 - RESULT err=0 tag=101 nentries=1 etime=0
[09/Nov/2010:11:19:14 -0600] conn=408714 op=2173 msgId=86901 - BIND dn="uid=<INCORRECT_USER>,ou=People,o=siue.edu,o=usergroup" method=128 version=3
[09/Nov/2010:11:19:14 -0600] conn=408714 op=2173 msgId=86901 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=<INCORRECT_USER>,ou=people,o=siue.edu,o=usergroup"
[09/Nov/2010:11:19:14 -0600] conn=408784 op=4786 msgId=86902 - SRCH base="o=siue.edu,o=usergroup" scope=2 filter="(uid=<INCORRECT_USER>)" attrs="* isMemberOf"
[09/Nov/2010:11:19:14 -0600] conn=408784 op=4786 msgId=86902 - RESULT err=0 tag=101 nentries=1 etime=0
[09/Nov/2010:11:19:14 -0600] conn=408714 op=2174 msgId=86903 - BIND dn="uid=<INCORRECT_USER>,ou=People,o=siue.edu,o=usergroup" method=128 version=3
[09/Nov/2010:11:19:14 -0600] conn=408714 op=2174 msgId=86903 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=<INCORRECT_USER>,ou=people,o=siue.edu,o=usergroup"
But two different LDAP connections.... well, actually four... searched for and bound to the other user's username.
The other interesting thing I found was while I was searching for the other user's username in the LDAP logs -- earlier I pointed out an interesting entry about "creating a Comms user"; however, the other user logged in previously to Convergence:
[08/Nov/2010:21:23:10 -0600] conn=407075 op=18839 msgId=75351 - SRCH base="o=siue.edu,o=usergroup" scope=2 filter="(uid=<INCORRECT_USER>)" attrs="* isMemberOf"
[08/Nov/2010:21:23:10 -0600] conn=407075 op=18839 msgId=75351 - RESULT err=0 tag=101 nentries=1 etime=0
[08/Nov/2010:21:23:10 -0600] conn=408714 op=680 msgId=75352 - BIND dn="uid=<INCORRECT_USER>,ou=People,o=siue.edu,o=usergroup" method=128 version=3
[08/Nov/2010:21:23:10 -0600] conn=408714 op=680 msgId=75352 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=<INCORRECT_USER>,ou=people,o=siue.edu,o=usergroup"
I'm stumped -- anyone have any ideas why this is happening to us? (Due to these problems, we've been forced to shutdown our Convergence servers and redirect users to another older webmail product until this is fixed.)

>
The other interesting thing I found was while I was searching for the other user's username in the LDAP logs -- earlier I pointed out an interesting entry about "creating a Comms user"; however, the other user logged in previously to Convergence:"creating a Comms user" => means creating user object in memory using details in the LDAP and configuration, it does not create a User entry in LDAP.
Can you please provide following details:
- version of Convergence
- output of 'iwcadmin -l'
- full iwc.log and glassfish access log file

Some clients see all other users some dont?

Hello Apple Forums!
I have a question regarding my ichat service running on a 10.6.2 machine (x-serve)
I had 1 user today that I set up on our ichat, and when I added her, logged in to the server, however no buddy list. My experience with all other users is when they are added, they immediately see all the other users who are logged in. Im not sure how to resolve this. I know have to add buddies to all the internal employees in order for them to see her. Can someone please tell me what I am doing wrong?
Please let me know what other information you need.
Thanks,

Thanks for the correction on the forum posting. Should I re-post or is there an admin that can kindly move over for me?
tibor.moldovan:
I have researched this issue for a while now. I have cleared all the local preferences on the end users machine. I have not set up a test user, however I will. All other clients I have added recently, the entire "workgroup" (everyone part of the same workgroup) show up. Come to think of it, this particular user is in more than one workgroup. Hmmm. Maybe this is related to what is going on? If the "workgroup" group is not primary, then she wouldn't necessarily see everyone else?
Tim:
Adding (or sending buddy requests) to the other users in the ichat server (this is a local ichat for interoffice comm only) when accepted, those "added" buddies show up fine and can communicate.
Message was edited by: cpguru21
Message was edited by: cpguru21

Can I put more than one user under one Apple ID account. I want to let other family members use imessage on their own Apple device. Or is there another way to get this end result?

Can I put more than one user under one Apple ID account. I want to let other family members use imessage on their own Apple device. Or is there another way to get this end result?

You can seach the net for solutions like this one http://appletvvpn.com/how-to-connect-apple-tv-2-to-vpn/ another idea is to use a PC as the control and fit that with a wireless card and set up a ad hoc wireless network that the Apple TV uses.

Other user can not see the data from the workbook

Hi Friends,
I created a workbook with some worksheets in a Business area. The owner of the workbook has no problem to view all the worksheets and get all the data returned.. I granted all the neccessary privileges to other users ,they could see the workbook, but no data returnd for the query results. Tried refresh the worksheet, same no data retrieved.Checked the SQL inspector and the plan, it showed the correct paths and execution plan without any errors there. The same query run in SQL plus by other users returned data correctly.
By the way, I had a summary folder in the workbook. During the troubleshooting, I dropped this summary folder, still the same no data return for other users.
Any body happen to know the cause or has some ideas on this issue?
The discoverer administrator verson is 9.0.4.00 and the PLUS /Viewer is 9.04.45.02.
Thank you very much,
J.K

Hi All
The scheduling of reports, as you have probably noticed, requires that the scheduling privilege within Discoverer Administrator tool be granted to the user NOT to a role. Scheduling will not work if you attempt this. The reason for this is that these two SYS grants must go to a user:
GRANT SELECT ON SYS.V_$PARAMETER
GRANT EXECUTE ON SYS.DBMS_JOB
The user will also need to have these grants:
CREATE PROCEDURE,
CREATE TABLE,
CREATE VIEW,
EXECUTE ANY PROCEDURE,
UNLIMITED TABLESPACE on user's tablespace
My new Discoverer 10g Handbook, which I would recommend to anyone working with Discoverer, explains scheduling in detail and even tells you how the tables and views that are used to store the results work. You won't find this information anywhere else, as you will see if you read some of the five reviews that have been left on Amazon.com. For more information about the book please look here:
http://learndiscoverer.com/books/books.htm
The PUBLIC grants are not having any impact. All these do is ensure that ALL users have the same basic privileges. You can just as easily grant these to any role of your choosing and it will work just fine.
By the way, because the PUBLIC role is the MINIMUM privileges that a user can have you might want to consider reducing the end user Discoverer privileges afforded to PUBLIC. By default, all users can Create and Edit workbooks, share workbooks, save workbooks and so on. This is far too rich a set of privileges for the basic user, who in most cases will be a VIEWER user. Whenever I create a new EUL I always recommend that my client reduces the PUBLIC user's privileges and then create new roles for more advanced VIEWER and PLUS users, adding privileges as required.
Thus, my basic VIEWER, aka PUBLIC, has only these privileges:
Collect Query Statistics
Item Drill
Drill Out
My advanced VIEWER has this additional privilege:
Save Workbooks to Database
My basic PLUS user has all of the above, plus these (pardon the pun):
Create/Edit Query
Create Link
and my advanced PLUS users get everything, which means they now get these as well:
Grant Workbook
Schedule Workbooks
I also remove the Save / Save As Actions link from Viewer which prevents the basic VIEWER users from knowing that it is there. In essence, because these users no longer can click the Save link and because they do not have the Save to Database privilege, they will not be prompted to save within Viewer no matter what they do. This now makes 10.1.2 Viewer work the same way as previous versions.
Even though the Save link is not there, my advanced Viewer users will be prompted to save if they have made any changes. This therefore allows you to have two classes of Viewer, one who can save and one that cannot.
I hope this helps
Regards
Micahael Armstrong-Smith

Letting other users see my objects

Similar Messages

Maybe you are looking for