Maximum length of security group name in Shared Services

Similar Messages

• Maximum length allowed for column name, index name and table name?

  Hi,
  I want to know what is the maximum length allowed for coulmn name, table name and index name in MaxDB ?
  Regards
  Raj

  Hi Raja,
  simply check the catalog:
  sqlcli bwt=> \dc domain.columns
  Table "DOMAIN.COLUMNS"
  | Column Name      | Type         | Length | Nullable | KEYPOS |
  | ---------------- | ------------ | ------ | -------- | ------ |
  | SCHEMANAME       | CHAR UNICODE | 32     | YES      |        |
  | OWNER            | CHAR UNICODE | 32     | YES      |        |
  | TABLENAME        | CHAR UNICODE | 32     | YES      |        |
  | COLUMNNAME       | CHAR UNICODE | 32     | YES      |        |
  and
  sqlcli bwt=> \dc domain.indexes
  Table "DOMAIN.INDEXES"
  | Column Name        | Type         | Length | Nullable | KEYPOS |
  | ------------------ | ------------ | ------ | -------- | ------ |
  | SCHEMANAME         | CHAR UNICODE | 32     | YES      |        |
  | OWNER              | CHAR UNICODE | 32     | YES      |        |
  | TABLENAME          | CHAR UNICODE | 32     | YES      |        |
  | INDEXNAME          | CHAR UNICODE | 32     | YES      |        |
  regards,
  Lars

• Powershell script: to get the AD Security Group Name

  I need PowerShell script that takes input: AD Security Group Name and loop
  through all web applications and their content in the farm to know where this particular group is used.

  hi
  AD groups are represented in Sharepoint as SPUser object with
  SPUser.IsDomainGroup set to true. I.e. you may use the same script which is used for users:
  Powershell script to find permissions for a specific user.
  Blog - http://sadomovalex.blogspot.com
  Dynamic CAML queries via C# - http://camlex.codeplex.com

• AD Security Group name change not showing in Sharepoint 2010

  Hi!
  We have a Sharepoint 2010 Standard enviroment and are heading for a role-based identity-managment in our company. That's why we find it better to use AD Groups instead of Sharepoint Groups.
  So we have over 1000 AD Security Groups groups that have been added to our Sharepoint Sites and our goal is to control every permission in Sharepoint from AD.
  I have done all this with the combination of Excel and Powershell and it have worked great.
  The problem i see in the long run is the name change of AD Security Groups. Sharepoint 2010 isn't showing the new name of the group.
  Does anyone know of any workaround that can solve this problem. It's a bit of a disappointment that Microsoft haven't fixed this. The only information i think they should store in Sharepoint is the SID of the groups.
  I was thinking of designing a powershell script that runs every night and updates the display name of the groups that do not match the AD display name.
  Is there any other way?

  As far as I know, and I'm not sure where to go from here without testing on my own...and I'm not sure when I'll be able to do that.  Perhaps a configuration issue.
  Have you tried removing the incorrectly named group and adding in the correctly named one?
  Read through this related post: 
  http://social.msdn.microsoft.com/Forums/en-US/sharepoint2010general/thread/49dc833f-4127-45ac-bd21-98b04d3632ef
  Looks like that can help you.  Let us know how things go.
  Colorless Green Ideas Sleep Furiously http://www.sharepointnerd.com

• Maximum Length of Stored Procedure Name

  Hi,
  What is the maximum length of the name of a stored procedure?
  Thanks

  Yabut:
  SQL> desc dba_objects
  Name                                      Null?    Type
  OWNER                                              VARCHAR2(30)
  OBJECT_NAME VARCHAR2(128)
  SUBOBJECT_NAME                                     VARCHAR2(30)
  OBJECT_ID                                          NUMBER
  DATA_OBJECT_ID                                     NUMBER
  OBJECT_TYPE                                        VARCHAR2(18)
  CREATED                                            DATE
  LAST_DDL_TIME                                      DATE
  TIMESTAMP                                          VARCHAR2(19)
  STATUS                                             VARCHAR2(7)
  TEMPORARY                                          VARCHAR2(1)
  GENERATED                                          VARCHAR2(1)
  SECONDARY                                          VARCHAR2(1)
  SQL> desc user_objects
  Name                                      Null?    Type
  OBJECT_NAME VARCHAR2(128)
  SUBOBJECT_NAME                                     VARCHAR2(30)
  OBJECT_ID                                          NUMBER
  DATA_OBJECT_ID                                     NUMBER
  OBJECT_TYPE                                        VARCHAR2(18)
  CREATED                                            DATE
  LAST_DDL_TIME                                      DATE
  TIMESTAMP                                          VARCHAR2(19)
  STATUS                                             VARCHAR2(7)
  TEMPORARY                                          VARCHAR2(1)
  GENERATED                                          VARCHAR2(1)
  SECONDARY                                          VARCHAR2(1)

• Planner provisioning for user groups lost in Shared services

  Hi All,
  Everything was fine. All of a sudden, no users were able to login in to planning.
  On investigation it was found that all the planner/planning provision to the groups is lost in the shared services.
  Digged into log for a while and couldnt find out any issues.
  What could be the reason we lost user group security provisioning only to planning?
  Could anyone please help on this?
  Regards,
  GG

  I used to have same experience every time migration happens from dev to UAT or prod etc.
  After migration, registering with shared service will be successful. When i try to sync, migrate user identities (provisionusers.cmd) from shared service all user group info vanishes in planning (Add/Edit access page). i.e hsp_access_control table is truncated or all rows are dropped.
  Then i have to set it up correctly. Guess this happens because usergroups have different id between different environments. When sync'g planning at target, it will not be able to recognize the wrong usergroup id of source system.
  My assumption:
  When provisionusers.cmd is run, planning fetches the usergroup provisioning information from shared services in to hsp_access_control planning repository table. could someone confirm the same?
  Is there any other way to overcome this issue recurring on every time migration happens?
  But the problem today was different: the provisioning is lost in the shared services itself which i havent witnessed so far. We didnt migrate recently, everything was file till 8 AM, but screwed around 8.10 AM. everything was up and running.
  Cheers,
  GG

• LCM Migration - Instance name?  Shared services project Name ? Data source?

  Situation
  * We have hyperion 11.1.1.3.24
  * Objective - trying to perform a LCM file-migration from our DEV environment to UAT
  * DEV has only one PMA enabled Planning Application (“budget”), few FR reports & other related artifacts.
  So far
  * Successfully Exported these 4 (EPMA, Shared-services, Planning & FR) from our DEV
  * When trying to import EPMA into our UAT, noticed the status shows Failed. (Noticed Similar claims have been reported in other posts as well.)
  Another dilemma that I have it what should I enter on these Instance Name, Shared services Project name & Data source.
  * Instance Name ===> ? Not sure. how to find this?
  * Shared services project ===> Haven't created one at all. So, which one should I use OR how to find this out ?
  * Data Source ===> I guess, this would be the EPMA repository database name ?
  Although I can Migrate all the Artifacts into our UAT (as identical to our DEV), Migration status has shown as "Failed". Is this because of the fact I skipped the Destination options with blank values (for Instance, shared-services & data-source). Has anyone ever had success on this Migration step.
  OR Should I disregard this migration status, just because we can see all identical artifacts in our UAT.
  Any help would be greatly appreciated.

  If you log into EPMA and pick an application and select deploy (don't worry you don't have to deploy you can cancel it before you do so),
  it will display a popup which will have the
  Instance Name (usually default), Shared Services Project (drop down will display different application groups available), Data Source (this is the name you gave when you created the datasource for the application)
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Error while adding users to a group created in shared services

  Hi All,
  I am using EPM 11.1.1.1.0.. When i log into SHared services as admin and create a group i get the following error when i try to add the user members to the group.
  "Servlet error: An exception occurred. The current application deployment descriptors do not allow for including it in this response. Please consult the application log for details."
  Can somebody please help....
  Regards.
  Alicia

  Hello Ritendra,
  i am also facing the same problem. i could not find some solution.
  if you got some solutions then please help me.
  i have installed oracle 9i as in W2K system.
  regards
  sudhir

• Essbase security sync issue with Shared Services v 11.1.2.2

  Hi,
  We are using Essbase version 11.1.2 (ESB11.1.2.2.102B025) and shared services version 11.1.2.2.300.6001 (Drop 6)
  Foundation Services is on a cluster evironment, windows 2008 64 bit.
  Essbase is on Unix Sun Solaris.
  We encounter an issue in which each time a new user is added to a group.
  The user will not have immediate access to Essbas. Currently the only time the
  user will have access is when we restart essbase.
  Is there a way to sync users from Shared Services without restarting Essbase?
  Anyone has experience on this problem and may know what and where to look?
  This is the error the user get, even though the group has access to essbase cube and the user
  has been added to the group.
  [Thu Jun 27 16:22:18 2013]Local/ESSBASE0///79/Error(1055126)
  This user has no application access set. Please contact your system administrator
  [Thu Jun 27 16:22:18 2013]Local/ESSBASE0///79/Error(1054067)
  Internal error
  [Thu Jun 27 16:22:18 2013]Local/ESSBASE0///79/Error(1051293)
  Login fails due to invalid login credentials
  [Thu Jun 27 16:22:18 2013]Local/ESSBASE0///79/Warning(1051003)
  Error 1051293 processing request [Login] - disconnecting
  There is no issue if we provision the user directly to the cube, e.g. without using group.
  Please advise. Thanks.

  You shouldn't have to restart Essbase as it should automatically sync, there may be additional information in SharedServices_Security_Client.log though it is probably worth logging with Oracle.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Purge of groups automatically in Shared Services

  Hello,
  I need to delete around 200 groups from Shared Services and I was just wondering if it would be possible to automate the process?
  Any clues please?
  Thanks in advance.
  KR,
  Andy

  Hi,
  You can use the import/export utility that has a parameter on the import to delete.
  Have a look in :- :\Hyperion\common\utilities\CSSImportExportUtility
  Unzip the utility, there in a PDF with usage instructions.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• How to change SQL Server security groups name after server rename?

  A Windows 2003 server has been renamed from LAMDAMIRROR1A to LAMDAMIRROR2A and the following
  sql has been run in SQL Server 2008 R2 on the server :
  exec sp_dropserver 'LAMDAMIRROR1A'
  exec sp_addserver 'LAMDAMIRROR2A','local'
  However, although everything appears ok, the 5 Windows 2003 Groups (automatically created by
  the SQL 2008 R2 Install) still contain 'LAMDAMIRROR1A' in their name. Does this matter ? Can the Windows Groups be just renamed (right click , rename) or will this cause problems ?
  The Windows Groups are :
  SQLServer2005SQLBrowserUser$LAMDAMIRROR1A
  SQLServerDTSUser$LAMDAMIRROR1A
  SQLServerMSSQLServerADHelperUser$LAMDAMIRROR1A
  SQLServerMSSQLUser$LAMDAMIRROR1A
  SQLServerSQLAgentUser$LAMDAMIRROR1A
  There are also Registry entries containing the old 'LAMDAMIRROR1A' name. Does this matter ?
  Should this be changed ?
  eg. 
  My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\100\Machines\OriginalMachineName.
  My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Services\Report Server\GroupPrefix.
  My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\printers\Microsoft XPS
  DocumentWriter\DsSpooler\serverName.
  etc

  Hi,
  If you have executed the sp_dropserver and sp_addserver in SQL Server 2008 R2, we need to verify if you renamed the SQL Server instance successfully. You can select information from @@SERVERNAME or sys.servers to verify if the renaming operation is completely
  successful in SQL Server Management Studio (SSMS). If yes, whether you change the registry entries containing the old 'LAMDAMIRROR1A' name or not, there’s no impact on SQL Server Services. For more details, please review this article: 
  How to: Rename a Computer that Hosts a Stand-Alone Instance of SQL Server.
  In addition, if you must rename the windows groups, you can just right-click the group in Computer Management/System Tools/Local Users and Groups/Groups and rename it, or you can create new groups with new names, for more details, please review this article:
  Manage Local Groups. If there are some issues regards the Windows, you can post the question in the Windows Server forums at
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=windowsserver . It is appropriate and more experts will assist you.
  Thanks                 
  Lydia Zhang                           

• Security Settings for two admin groups  with shared service

  Hi all,
  I use Essbase Administration Services 11.1.2 and Hyperion Shared Services Console 11.1.2.0.73 (Drop 17)
  Access Rights are granted via Groups in Hyperion Shared Service Console.
  We have two admin groups.
  AccessGroup 1: admin rights on some cubes (A) and read rights on all others (B).
  AccessGroup 2: admin rights on (B) and read rights on (A).
  If someone of AccessGroup 1 copies a cube of (A) – Fin_rep for example – wether AccessGroup 1 nor AccessGroup 2 can even see the cube (and i dont even mention admin rights) execpt the one who copied it.
  Settings in Shared Services Console:
  - Both groups have role "Create/delete application" and "AccessManager" (or something like that - german word is "Zugriffsberechtigungsmanager") on Essbase Cluster (our essbase server).
  - AccessGroup 1 has role "ApplicationManager" and "AccessManager" for all cubes which they should administrate (A)
  and role "Read" for all cubes with read only (B)
  - AccessGroup 2 has role "ApplicationManager" and "AccessManager" for all cubes which they should administrate (B)
  and role "Read" for all cubes with read only (A)
  I hope i can get some help with this topic.
  Thank you in advance,
  Best regards
  Bernd
  Edited by: 907705 on 07.02.2012 02:52

  Security will not copy over when you create new cube from old cube. You have to grant security to required groups using shared services or Maxl.

• Maximum length of member name in mapping

  Hi Experts,
  I am trying to migrate live data from Essbase to HFM version 11.1.1.3 using FDM. Maximum length of the member name of source accounts in Essbase that I have to load is upto 74 characters. What is the maximum permitted length of member names in FDM to be used in mappings?
  I was able to load the mappings that I have created into FDM using a map loader but after the map import whenever I click on any item in the map area, a page displays saying 'Application error'. When I delete all the maps, the error goes away so I guess its some issue with the length of the source account member.
  I checked the IIS logs and in the maps log I found a line saying the length of source accounts has exceeded the limit. Any suggestions about what I am trying to achieve can be done? I can not tweak anything at the Essbase side as its a live application. Please suggest.
  Thanks & Regards!

  FDM supports 75 characters in the source & target fields (v 11.1.2).
  You may have restricted characters in your member names. Check the admin guide for a list.
  And yes, this is possible. I've done it a number of times. Sorry for the brevity but hopefully this gets you moving forward.
  Edited by: TonyScalese on Mar 24, 2011 3:38 PM
  Edited by: TonyScalese on Mar 24, 2011 9:22 PM

• Creating Groups on Shared Services.  Any naming limitations?

  Hi,
  Is there a limitation on the length of the Group Names that are created in the Native Directory of Shared Services? Only limitation I know is 80 characters, but I think it applies to Essbase outline dimension members only. Can anybody confirm?
  Thanks,
  A

  It's longer than 80. This name worked:
  Now is the time for all good men to come to the aid of their party. The quick red fox jumped over the lazy brown dog. asdfjkl;
  That's 129 characters. I got one up to 242 characters and saved it, but when I tried to modfiy it I got an error message saying the length was too long.
  The documentation probably states the maximum length.
  However, once the length of the group name gets past 40 or so it becomes difficult to read in the Shared Services console. How long does it need to be?
  Regards,
  Cameron Lackpour

• SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT - Active Directory Security Group Discovery Agent reported warnings for 524 object(s). DDRs were generated for 0 object(s) that had warning(s) while reading non-critical properties.

  Hi, can anyone help me troubleshoot the following please:
  Active Directory Security Group Discovery Agent reported warnings for 524 object(s). DDRs were generated for 0 object(s) that had warning(s) while reading non-critical properties. DDRs were not generated for 524 object(s) that had warnings while reading
  critical properties.
  Possible cause: OU name or Security Group name may contain at least a Unicode character which has conversion problem between Unicode and your system ANSI locale(e.g. Korean characters in English System Locale). The site server might not have access to
  some properties of this object. The container specified might not have the properties available.
  Solution: Please verify the Active Directory schema for properties that are not replicated or locked. Refer to the discovery logs for more information.
  Does the error relate to 524 security groups? There are several invalid search paths listed in adsgdis.log, are these related?
  Thanks,
  Dale

  You'll have to examine the log to determine exactly which objects its referring to. Although this is in the context of group discovery, group discovery still creates DDRs for computer objects within those groups so it could be either groups or computers.
  This is not a search path issue though as it's clear that the discovery process found 524 different objects, but as stated, it could not properly read criticial properties of those objects and thus did not create DDRs for them.
  As mentioned, reading the log in detail will list the objects individually and the reason it could not create a DDR for it.
  Jason | http://blog.configmgrftw.com