Local username and privilge - read only user account

Similar Messages

• Creating a read-only user account

  I am trying to create a read-only user account. Reason being,
  when our users may be able to use MS Access to pull information
  and modify changes (if possible). I was told there is a way to
  do this. Help?

  I'm connecting using ODBC with a user account that I created.
  This dummy account will be available to approx 15 users so they
  can generate reports using Crystal. But, if there is someone
  that wants to generate queries using MS Access, they can still
  modify the data. So, how do I create only select statements to
  disallow users from using MS Access to link to the oracle
  database and change data?

• "Read-only" user account

  Hi All,
  Although the systems in question run Solaris 8, I am asking in this Solaris 10 forum because the way to implement what I am trying to do will most likely be the same on Solaris 8 as Solaris 10 (basic user, group, and permissions related functions have not changed much). There are also alot more posts and answers in this forum so I'm likely to receive a response more quickly.
  My question is: I have been asked to create a "read-only" account for IBM to support some of the applications on a couple of our systems (app support has recently been outsourced to them). I don't really understand why they would be needing a "read-only" account as they wouldn't be able to do anything to resolve problems or install new versions etc., but anyway the question is there and they seem to be insisting on creating such an account. So what is involved with creating a so called "read-only" account? I have never been asked to create one of these before and I've been working with UNIX for quite some time.
  I know one could do something like create a very basic user who is only a member of a new group I would create called e.g. "readonly" and then use things like "chmod" to set permissions so that all files on the system have no write or execute permissions for "other" users (e.g. -rwxrwxr--), or I can use restricted shell (e.g. rksh, rbash) etc. However, setting all files globally to no write and execute permissions for "other" can and probably would cause all sorts of problems, and I already gave them a restricted shell but this was not suitable for them as they are unable to change directory or browse other parts of the filesystem they need to check.
  Please let me know how I can create one of these so-called "read-only" accounts.
  Thanks in advance.
  Regards,
  David.
  Commonwealth Bank
  David Stofberg
  UNIX Systems Administrator
  Enterprise IT Operations
  Level 9, 363 George Street
  Sydney NSW 2000
  P: +61 (2) 9303-2898
  M: +61 (434) 220-893
  E: [email protected]
  Our vision is to be Australia's finest financial services organisation through excelling in customer service.

  most normal users dont have the ability to write to most critical areas of the system by default. if you need more restrictions, deploy RBAC. you can create custom rights profile to limit what a certain role can do.
  [http://docs.sun.com/app/docs/doc/816-4557/prbactm-1?a=view] solaris 10
  [http://docs.sun.com/app/docs/doc/805-7229/6j6q8svdf?l=en&a=view] solaris 8 (update 10/01)

• A question about creating READ ONLY users.

  Dear all,
  I have a question about read only user accounts and I would appreciate if you could kindly give me a hand. I have a schema named SCHEMA1. Whenever I want to connect by using sqlplus I run the following:
  sqlplus user1/[email protected] SCHEMA1.WORLD is the entry in the tnsnames.ora referring to the schema SCHEMA1.
  I need to create a read only user who is able to SELECT all tables and views created by user1 on SCHEMA1 (this user will not modifiy anything at all. The user is used only for a person using SQL queries to read data). for several tables I write the grants explicitly, for example:
  CREATE USER user2 IDENTIFIED BY user2;
  GRANT CREATE SESSION to user2;
  GRANT SELECT ON S001_COR_ECLASS TO user2;
  GRANT SELECT ON REF_ECLASS511 TO user2;Is there anyway to do the same thing but for all the tables (because there are a lot of tables and views)? Besides, even with these granted permissions when the user connects with SQL Developer to the database, he is not able to view the list of tables/views in SQL Developer GUI. What causes this problem?
  Thanks in advance,
  Dariyoosh

  Hello Dariyoosh,
  he is not able to view the list of tables/views in SQL Developer GUIyou can either go to "Other Users" - user1 - tables. There you see every table you have permission to select.
  Or you can create a synonym in schema2 for each table in schema1 and set a filter on the tables node of user2 "Include synonyms".
  Regards
  Marcus

• Problem with Read-only user being able to add and delete files and folders.

  The setup:
  Computer #1
  iMac (intel) running 10.5.5
  File sharing ON
  Sharing folder on external USB drive called 'iTunes' (but not the drive volume itself)
  Users:
  - Everyone = Read Only
  - Admin(me) = Read/write
  - UserA = Read Only (with account PW and username identical to local login for computer below)
  Computer #2
  UserA's iBook G4 running 10.4.11
  When I go to finder>network>iMac>connect it prompts me to login which I do and then select 'iTunes' folder which is visible and mounts successfully. I can see all files, access them all. Life seems great. Then I discover that I can also modify and delete files from the iBook, and create and delete directories.
  I'm new to networking and although I've setup and managed minimal networking tasks on PCs before, this is my first foray into the Mac networking world. Please help.
  What am I doing wrong? What haven't I set?
  Thanks in advance.

  Sorry, I should have clarified this in the first email.
  When I login from the iBook, I am logging in under a read-only user (not as myself, who is admin on the iMac). The user on the iBook has only been given read-only permissions on the iMac yet is able to add and delete files.
  This read-only login/PW however, is the admin account on the iBook, but that shouldn't allow this person to write on the iMac so far as I understand things...right?

• Read only users and row locks

  Can read-only users obtain row locks on non-temporary (i.e,. visible to other users) tables, for example through SELECT FOR UPDATE, even though they couldn't not ultimately modify said tables?

  Yes.
  Here is an example with Oracle XE 11G and HR schema:
  Connecting as user having only CREATE SESSION and SELECT privilege on HR.JOBS table:
  SQL> desc hr.jobs;
  Name                                      Null?    Type
  JOB_ID                                    NOT NULL VARCHAR2(10)
  JOB_TITLE                                 NOT NULL VARCHAR2(35)
  MIN_SALARY                                         NUMBER(6)
  MAX_SALARY                                         NUMBER(6)
  SQL> select * from session_roles;
  no rows selected
  SQL> select * from session_privs;
  PRIVILEGE
  CREATE SESSION
  SQL> select owner, table_name, privilege from user_tab_privs;
  OWNER                          TABLE_NAME
  PRIVILEGE
  HR                             JOBS
  SELECT
  SQL> select job_title from hr.jobs for update;
  JOB_TITLE
  President
  Administration Vice President
  Administration Assistant
  Finance Manager
  Accountant
  Accounting Manager
  Public Accountant
  Sales Manager
  Sales Representative
  Purchasing Manager
  Purchasing Clerk
  JOB_TITLE
  Stock Manager
  Stock Clerk
  Shipping Clerk
  Programmer
  Marketing Manager
  Marketing Representative
  Human Resources Representative
  Public Relations Representative
  19 rows selected.
  SQL>Now connecting as HR following statement hangs:
  SQL> connect hr/hr
  Connected.
  SQL> select * from jobs for update;Going back to first session:
  SQL> update hr.jobs set min_salary=0;
  update hr.jobs set min_salary=0
  ERROR at line 1:
  ORA-01031: insufficient privileges

• AP Banks menu is excluded and used Bank read only but Accounts is greyed ou

  Hi,
  We have a audit requirement to restrict a responsibility from Banks acess. So removed the Bank Setup Menu and created a Banks Read Only fucntion and assigned it to the responsibility
  Now I can see Banks as read only but the Bank Account button is greyed out.
  Please let me know if we can make it to work
  Thanks,
  User 12048986

  I had to include all the Bank functions in the menu and then also include the read only bank accounts. Now we can exclude the bank fucntions from responsibility

• How can I sync settings and programs between 2 user accounts on the same mac?

  Hi,
  I have created 2 user accounts on my mac, one for personal, and one for work (but both for me). It's primarily for organization, keeping files separate, but also because I have two separate Dropbox accounts and only one can be installed per user. I want to know if there's a way to sync selected programs, files, and settings between the two accounts? Basically, I'd like to have the same programs and settings for both user accounts, and just different files.
  I can't seem to find any info on this, but maybe I'm using the wrong terms!
  Thanks!

  To give other users read-only access to your iTunes library, use the Sharing features of iTunes. Sharing works over the local network as well as on the same computer. See the built-in help for details.
  To give others selective access to your iPhoto library, you have the option of using iCloud Photo Sharing, if the privacy implications don't bother you. The images will be stored temporarily on Apple servers.
  If you want to give full read/write access to more than one user, see the support articles linked below.
  iTunes: How to share music between different accounts on a single computer
  iPhoto: Sharing libraries among multiple users
  There is a way to share the library without moving it to a secondary volume. If you really need to do that, ask for instructions.

• How do I share photos and music between different user accounts on the same macbook

  How do I share photos and music between different user accounts on the same Macbook? i.e. I want all to be able to access family photos when logged into their respective accounts. Same goes for the iTunes library. Hope this is possible...
  Thanks!

  To give other users read-only access to your iTunes library, use the Sharing features of iTunes. Sharing works over the local network as well as on the same computer. See the built-in help for details.
  To give others selective access to your iPhoto library, you have the option of using iCloud Photo Sharing, if the privacy implications don't bother you. The images will be stored temporarily on Apple servers.
  If you want to give full read/write access to more than one user, see the support articles linked below.
  iTunes: How to share music between different accounts on a single computer
  iPhoto: Sharing libraries among multiple users
  There is a way to share the library without moving it to a secondary volume. If you really need to do that, ask for instructions.

• Authorization RADIUS - read-only user on FWSM

  Hi support community,
  I am experiencing an issue while trying to create some read-only users on my FWSM.
  I've setup the authentication on my RADIUS Server, which works fine, and put the aaa authorization command LOCAL  command.
  I've also set the commands - associated priviege :
  privilege show level 3 mode configure command dhcpd
  privilege show level 5 mode configure command privilege
  All this things works great when i authenticate locally on the FWSM.
  However, this is not working whe authenticating via the RADIUS server:
  aaa authentication enable console MY_RADIUS LOCAL
  aaa authentication http console MY_RADIUS LOCAL
  aaa authentication ssh console MY_RADIUS LOCAL
  And i set up the authorization locall, because i dont run any TACACS server :
  aaa authorization command LOCAL
  I managed to make this work on ASA, by sending RADIUS attributes (cf a document that i can't find anymore...).
  So what are exactly the differences between asa and FWSM ?
  On my ASA there was a command i could not run on the FWSM :
  aaa authorization exec authentication-server
  (i am running version 4.1 on FWSM and 8.4 on ASA).
  Thank you for your help.
  Florian

  You really need to see the example given here,
  [Read only user for a schema|http://arjudba.blogspot.com/2008/09/create-read-only-user-for-schema.html]
  [Global read only user|http://arjudba.blogspot.com/2008/09/how-to-make-global-read-only-user.html]

• 10.7 install to external drive results in only "user" account

  There is a problem which I have had couple of times when installing OS X Lion onto an external drive while running 10.7 off of the internal drive. The problem is that the OS install on the external drive gets created with only one user account, the same user account as what's running on the internal drive during install, except on the external drive the user account does not have admin privileges. So when booted off the external drive, there's no way to act as administrator, including upping the only account's privileges you have access to!
  The only way to get an admin account on the OS instance on the external drive is to delete the hidden AppleSetupDone file on the external drive and then boot and let the OS go through its first run procedure.
  Obviously the design team for OS X Lion one of the install as streamlined with the user being presented with the fewest choices and questions during the install is possible. However, not being presented with choices about the number and types of user accounts that will be set up during such an install clearly has its downside.
  If the install on the external drive is going to duplicate the account that's currently running during the install, then it should at least copy those privileges as well. Ending up with an OS instance with no account with admin privileges is obviously not acceptable.

  takoateli wrote:
  Wrong again.
  Have you ever installed to an external drive while booted 10.7 from the internal? I have, multiple times, and always the same result. I end up with the same account I was booted into on the internal at the time of install, duplicated on the external drive. Same account name, same password, and it's a *user* account. Not admin.
  Here's what I do:
  While booted on my MBP 13" internal hard drive, I open and run the 10.7 installer contained in "InstallESD", with the installation target being my external USB drive. The install finishes, the computer reboots off the external drive. No "Bienvenue, Welcome, Aloha etc.", no catchy music, no setup steps or installation completion. Just a login screen. I put in the login info for my account on the internal hard drive, and there I am, booted into the external drive, as *user*.
  Greg
  Right YOU ARE DOING IT WRONG!!!!!
  Sorry but I am not wrong.
  Boot the system from either the Recovery HD partition or if you have a Lion Install USB thumb drive boot from that. Then select Re-Install OS X and point it to the external drive. Do not start the Install from inside the OS installed on the internal drive.
  I thought that would be apparent, but I guess not.
  If you have not made a Lion install USB thumb drive I suggest you do that using LionDiskMaker.
  Serial Serveur » Lion DiskMaker (US)

• Limiting iTunes and QuickTime to one User Account in WinXP

  I'm the Dad and the admin on my XP machine.
  I have 3 non-admin accounts for the kids.
  Only 1 kid has an iPod and uses iTunes.
  No one else uses or needs iTunesHelper, iPodService, or QTTASK.EXE.
  I know that I can kill each service inidividually from Task Manager, but the non-admin accounts can't. They suffer the slowdown caused by these services running from the background and constantly going out to the web for un-needed and unwanted activities such as checking the Apple Store, etc.
  I don't want this behavior.
  I want to prevent these services from loading and running for all User Accounts except the one.
  Please give me steps to limit these services!!!
    Windows XP  

  As far as I can tell, this is NOT a solution.
  As I try to allow the one User Account to load and run the services, ALL accounts are forced to load and run them.
  As I try to disable the services from loading and running on other accounts, they won't load and run on the one User Account that I want them to.
  Does ANYone know of a way to disable iTunes, iPodHelper, and qttask from loading on selected User Accounts?
    Windows XP  

• How to configure read only user on IAP?

  Requirement:
  In environments, such as enterprises and campus universities, there are instances where few administrators only monitor the IAP clustered networks. For such users, a read only user can be configured on IAP.
  Solution:
  In IAP software, a provision is given is to configure a read only user in the system settings, under "Admin" tab.
  Configuration:
  Follow the below steps to configure radius authentication in IAP:
  Login to IAP web interface
  Select "System" from the main menu and then click on "Admin" tab
  Under View Only settings, enter the username and password.
  Verification
  Logout of the IAP web interface and try logging in using the username and password created for read only user.
  This read only user will no longer be able to see configuration options. Below screenshot shows the difference of menu options between an administrator and read-only user:

  HG,
  Please check this link.
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml
  We need to set up command authorization.
  Regards,
  ~JG
  Do rate helpful posts.

• Read only user creation for Oracle EM Console 11.1.1.5

  Dear All.
  I have created Read only user for Oracle EM Console.
  I have followed below link to do the same
  http://moshe-soa.blogspot.com/2011/09/blog-post.html.
  I have noticed with read only user is that TEST button in EM Console is active means user with read only user can create a trans, in Prod scenario it is a risk.
  Raised a CR with Oracle and found that it is a bug
  Bug 14082464 - CANNOT DISABLE TEST/TEST WEB SERVICE BUTTON IN SOA EM COSOLE is there in Metalink.
  So my question is there any way by which i can disable the TEST button in EM Conasole.
  I think there are some WLST script or servlet java class available to resolve this issue.
  Can any one confirm this and please suggest if any one aware of any alternative method.
  Thanks,

  Hi, have you got any solution to this problem? I am having exact the same issue in 11.1.1.6.

• SharePoint 2010 List View Web Part not showing for read-only users?

  Hello all,
  I have List View Webparts on my Blank Web Part page, and it's not showing for Read-Only users.
  Is this intended by Microsoft or is it a bug?
  Thank you!

  Hi,
  According to your post, my understanding is that the read only user could not see the list view web part.
  Per my knowledge, the issue may be cause that the user do not have the proper permission for the list.
  1. Check whether the user can access the list.
  2. Check whether the user can view all the items instead of partial items in the list.
  3. Check whether there are some fields refer to other lists or terms, especially the lookup field or managed metadata filed.
       If that is the case, make sure the user can access the lookup list.
  Thanks,
  Jason
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Jason Guo
  TechNet Community Support