Modifying masterfile permission

Similar Messages

• How to get the permission of a file in java

  Hi All,
  I need to get the permission's that are granted to a file and how to modify its permission.Which class in java is used for this purpose?Kindly give me a solution.Thanks in advance.

  java.io.File class can be used.
  File f = new File("filename");
  S.O.P(f.canRead());
  S.O.P(f.canWrite());You can set the attribute using Runtime class.
  Runtime r = Runtime.getRuntime();
  Process p =r.exec("attrib -r file");If you are working with unix,
  r.exec("chmod -permissionoptions file");

• Regarding creating SharePoint custom permissions not permission level

  Hi All,
  i want to create or manage custom permissions under permission level.
  like
  for list items Manage Lists and add items etc.
  Thanks in advance.
  Kindly suggest me some suggestion
  Varsha Patil

  Use SPSecurityTrimmedControl control to for specific users or group. But still SPSecurityTrimmedControl will not work for full control so you also need to customize permission for full controls users.
  First go to permission level page and modify the permission for full control. uncheck the permission for whom you don't want to show this control (refer below link to know about base permission)
  http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spbasepermissions.aspx
  Then do the same for custom permission level. and now assign this custom permission to group. Later use  SPSecurityTrimmedControl in above menu and then hide/show control for users.
  http://social.technet.microsoft.com/Forums/en-US/9496525a-3f8f-47e3-a3c0-73d9a1670b0d/how-to-make-the-site-actions-menu-invisible-to-certain-users?forum=sharepointgenerallegacy
  http://social.msdn.microsoft.com/Forums/en-US/0dba2a60-204d-44d9-968f-84cd41f52e2d/how-to-hide-site-actions-menu-for-user-group?forum=sharepointcustomizationlegacy
  Hemendra:Yesterday is just a memory,Tomorrow we may never see
  Please remember to mark the replies as answers if they help and unmark them if they provide no help

• 'Touch does not have proper permission to run.'

  I downloaded the app 'touch' but it will not open. I have tried uninstalling it and reinstalling it but when I click on it, it still will not open. Whenever I restart my phone the first message that pops up is 'Touch does not have proper permission to run.' I have no clue how to solve this problem please help!

  Hi LucyAnnDey
  Welcome to BlackBerry Support Forums
  After Installing that application have you allowed permission to that app ?
  Refer to this KB Article and modify the permission for that app and set it to allow :
  KB29104 : How to modify application permissions on a BlackBerry smartphone
  Good luck.
  Click " Like " if you want to Thank someone.
  If Problem Resolves mark the post(s) as " Solution ", so that other can make use of it.

• How to permission site - subsite - feature hierarchy

  We use the following hierarchy in our SharePoint 2013 collection:
  site -> subsite -> feature (the permission to view a certain tab on the subsite)
  We need to permission individual users (initially 100 users, user base will grow to about 500) for individual sites, specific subsites and selected features. So user A may be permitted to use site1, subsite1, subsite2 and feature1. User B may be allowed to
  also use site1 but only subsite2 and feature2.
  I guess it is of no importance, but site and subsite are a true hierarchy, one subsite belongs to exactly one site. The features however are rather unrelated; if someone is permitted for feature 1 then he will permitted for feature 1 in every site/subsite combination.
  However, currently we treat the features as if they were in a hierarchy, too.
  We currently plan to use individual groups for every combination of security sets and assign the users to a number of such groups. We will end up with approx. 15.000 groups and hundreds of thousand assignments to
  these groups. (There are 5 sites, 2000 subsites and 7 features, so the total possible amount of groups is 70.000, but "only" 15.000 are being used). This seems to be flawed.
  Ideally we would use joined permissions, e.g. one group per site, one group per subsite and one group per available feature. A certain feature should then only be available to a user, if they are in that feature's group but also in the parent subsite and site
  groups.
  It is probably obvious that I am far from a Sharepoint expert and I am thankful for any hint concerning our security scenario.

  Hi,
  Based on your description, my understanding is that you want to set the individual permissions for site, subsite and features(I am not so sure about what a feature you are referring to).
  By default, every items will inherited the permission from their parents except you have stopped the inheritance when creating the subsites or items.
  So if you need individual permissions for different content, then you may stop the permission inheritance first.
  After that, you can modify the permission for each content based on your need, such as creating groups for each content and grant the groups permission to the subsite or the items.
  More references:
  http://social.technet.microsoft.com/wiki/contents/articles/18203.sharepoint-2013-break-document-library-permissions-inheritance.aspx
  http://support.sherweb.com/Faqs/Show/how-to-manage-permissions-in-sharepoint-2013
  https://support.office.com/client/Edit-permissions-for-a-list-library-or-individual-item-02d770f3-59eb-4910-a608-5f84cc297782
  Thanks,
  Victoria
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Victoria Xia
  TechNet Community Support

• Activating Permission Changes Not enabled.

  Hi,
  When we port  the track from one DTR server to other, it created few issues in Some DCs of the track and hence we are trying to manually correct the files in DTR repository itself. For doing this i have 2 question and have given below.
  1. Whether if i add or change the Files already existing in DTR manually, by changing in File system(without using NWDS), will it reflect in NWDS when i reimpoort in NWDS?
  2. For manually modifying the permission set for the DC folder, i have to set the permission. for this, I went to DTR perspective and in the folder where write access is required. I added a ACL principle which will give write access to Group NWDI.Administrators. But after adding the principle, I couldn't Activate the changes as the Button "activate all changes" is disabled. if i close NWDS, the change i did just disappears. Please Let me know on how to enable this "Activate" option or what to do for activate the permissions set.
  Please help me in this as this has been bugging us for long time now.
  Thanks in advance.

  Hi Ervin,
  Thanks for the info. The problem is , Even after trying several option, some how Via NWDS we were not able to correct the DC problem. Days and Days were spent on it and SAP OSS finally said that the source track from where the Track is ported to new server is corrupted. we cannot do any thing to the source dtr even if it is corrupted as any mistake might create some problem and might even loose soem data. Since the Standard way of Transport is not possible,  we are looking for an alternative options such as Manual Tranportation.
  Can you you please explain me why there could be a problem if we Modify in file system directly. All we
  expect is a server restart or NWDS restart if not reflecting in NWDS.

• Granting access to users to modify published organizational forms outlook 2007 -exchange 2010 ?

  How do i grant Access to users to modify published organizational forms outlook 2007 and 2010, we use exchange server 2010 in our environment. Please advise.
  Aditya Mediratta

  Hi  Aditya
  Thank you for your question.
  Organizational Forms  belongs to public folder. You can use Add-PublicFolderClientPermission modify user permission.
  You can refer to the following link:
  http://technet.microsoft.com/en-us/library/bb124743(v=exchg.141).aspx
  you can refer to the following link to create organizational form;
  http://technet.microsoft.com/en-us/library/gg236889(v=exchg.141).aspx
  the public folder permission,you can refer to the following link:
  http://technet.microsoft.com/en-us/library/ee633461(v=exchg.141).aspx
  If any questions, please let me know.
  Best Regard,
  Jim Xu

• Manage presentation catalog and permission

  Hi all,
  I need help: in Oracle BI I can't use permission in 'Manage Presentation Catalog Groups and Users'.
  This is because I create a new dashboard (on Explorer) and a new group and user(in rpd file).
  Then I try to relate this things but it's wrong..
  And now in 'Manage Presentation Catalog Groups and Users' I coundn't add users to groups.
  Which is the file where Oracle BI save the permission?
  What I can do?
  Thanks

  this is my situation:
  !http://lh5.ggpht.com/_Mf5eEi3FM3E/SciVars21lI/AAAAAAAAA8E/Ek3cWJzju7k/s800/Errore.JPG!
  and this-one is the right one:
  !http://lh3.ggpht.com/_Mf5eEi3FM3E/SciVayubqRI/AAAAAAAAA8M/Rt90SH1G7iI/s800/NONErrore.JPG!
  It's the same in ‘Manage Presentation Catalog’ and ‘Manage Interactive Dashboard’: I couldn't modify the permission to report/dashboard..
  Internet Explorer give me this warinig:
  !http://lh3.ggpht.com/_Mf5eEi3FM3E/ScimT_XfmpI/AAAAAAAAA9E/DII0j2VzrNo/s800/Outlook.jpg!
  ..but in the file 'catalogsysmessages.xml' there's the right row:
  <WebMessage name="kmsgPermsDlgAdd"><TEXT>Nuovo</TEXT></WebMessage>
  Edited by: salhpao on Mar 24, 2009 9:24 AM

• Removing modify/sync NTFS permissions using removeaccessruleall in Powershell

  Hi,
  I've got a script together which removes all non-inherited groups from a user's home folder. It's working fine until I run into groups which have modify/sync permission. Even though I'm using the removeaccessruleall permission, those groups just don't
  remove. I've attached the code I'm using below and I can provide the full script if needed.
  $objAccessRule1 = New-Object System.Security.AccessControl.FileSystemAccessRule($strAccount,"FullControl","ContainerInherit,ObjectInherit","None","Allow")
  $objACL.RemoveAccessRuleAll($objAccessRule1)
  I'd appreciate any insight anyone can provide.
  Cheers,
  Ed Narayan
  

  Hi Rohn,
  Still no luck. The modify/sync permission still remains. Here's my code:
  import-module activedirectory
  $StrInvocation = (Get-Variable MyInvocation).Value
  $strRunDir = Split-Path $StrInvocation.MyCommand.Path
  $strDate = get-date -format "dd-MMM-yyyy-HHmm"
  # Set everyone to list folder contents - this folder only and remove extra groups on folder
  function phase1
  $strSharePath = $args[0]
  $objACL = Get-Acl $strSharePath
  # Define permissions
  $strPermission1 = "Everyone","ListDirectory","None","None","Allow"
  # Attach permissions to access rules
  $objAccessRule1 = New-Object System.Security.AccessControl.FileSystemAccessRule $strPermission1
  # Attach access rules to ACL object
  $objACL.SetAccessRule($objAccessRule1)
  $objACL.PurgeAccessRules([System.Security.Principal.NTAccount]"AccountAdmins")
  $objACL.PurgeAccessRules([System.Security.Principal.NTAccount]"SHR-MDRIVE")
  $objACL.PurgeAccessRules([System.Security.Principal.NTAccount]"SYSTEM")
  # Set access rules on ACL object
  Set-Acl $strSharePath $objACL
  # For each folder processed, turn on inheritance if it's off, remove orphaned acls and non-inherited groups
  function phase2
  [CmdletBinding()]
  Param([Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)]
  [string]$strFolder)
  PROCESS{
  # Set variables
  $strLog = "$strRunDir\Logs\log-$strDate.txt"
  $arrGroups = @()
  $objACEs = @()
  $objACL = get-acl $strFolder
  $objACEs = $objACL.Access | Where-Object {!$_.IsInherited} | select-object IdentityReference -unique
  [bool]$blnIsInherit = [bool](get-inheritance $strFolder | select-object -expandproperty inheritanceenabled)
  [bool]$blnGroupExists = $false
  $objChildObjects = Get-ChildItem $strFolder -recurse
  write-output "`n" | Out-file $strLog -append
  write-output "FOLDER:$strFolder `n" | Out-file $strLog -append
  write-output "Inheritance enabled - $blnIsInherit `n" | Out-file $strLog -append
  # If inheritance is turned off, enable it
  if(!$blnIsInherit)
  write-output "Enabling inheritance for $strFolder`n" | Out-file $strLog -append
  $objACL.SetAccessRuleProtection($False, $True)
  # If non-inherited permissions exist, process each of them
  if(($objACEs| Measure-Object).Count -gt 0)
  foreach($objACE in $objACEs)
  [bool]$blnIsGroup = $false
  [string]$strAccount = $objACE.IdentityReference
  if($strAccount -like "*\*")
  $arrSplit = $strAccount.split("\")
  $strAccount= $arrSplit[1]
  # Check if permission is for a group
  $blnIsGroup = [bool](get-adgroup $strAccount -erroraction silentlycontinue)
  # If permission is for a group, create an acl entry for removing it. Multiple remove entries can be created depending on the number of groups found
  if($blnIsGroup)
  Write-output "Removing:$strAccount`n" | Out-file $strLog -append
  $objACL.PurgeAccessRules([System.Security.Principal.NTAccount]$strAccount)
  if($strAccount-like "*SYSTEM*" -or $strAccount-like "*CREATOR OWNER*" -or $strAccount-like "*USERS*" -or $strAccount-like "*Administrators*" -or $strAccount-like "*S-1-5-*")
  Write-output "Removing:$strAccount`n" | Out-file $strLog -append
  $objACL.PurgeAccessRules([System.Security.Principal.NTAccount]$strAccount)
  Set-acl $strFolder $objACL
  Phase 1 changes the everyone group to list folder contents on this folder only and removes a bunch of groups from the root folder.
  Phase 2 removes all orphaned sids and non-inherited groups from the folder and turns on inheritance if it's turned off.
  At this stage, this feels like a bug within the ACL cmdlets.
  Cheers,
  Ed

• Rule Generation fails

  Hello!
  We have an issue. After installation few month ago we uploaded standard files (according to postinstall steps) and now we are trying to load modified action/permission files.
  We have a problem with Rule Generation programm. During rule generation job we have got a problem:
  "Error while executing the Job:ERROR: Risk: F001 has exceeded the maximum number of rules (46,655) that can be generated for a risk"
  According to note #1310365 on our side for F001 is all correct: F001 risk consist of two Functions - GL01 and GL02. GL01 has 168 actions, and GL02 has 56 actions, i.e. total 9408 rules (168*56). We think that it happens because we uploaded files for all systems and groups (for DEV200, PRD400and their group ERP Systems; for PRD420 and its group CUA), in this case 9408 * 5 (number of systems)=47040.
  We have tried to upload empty files (action/permission with only one string in each), we hoped that it cleaned all information, and after this we can load SoD again. But it doesn't help...
  What can we do?
  P.S. [thread |Rule Generation fails - maximum no of rules 46655; has been watched
  Regards,
  Artem

  Artem,
  After close study , i think i found some key point.
  Per SAP note 1310365, max number of risk allowed per function are
  tcodes in function1 X tcodes in func2 X 3
  per example in note
  Suppose you have a risk (P086) that includes three functions:
  MD12 with 21 actions
  BR08 with 46 actions
  TS22 with 34 actions
  This particular risk applies to three different versions of SAP, all running on your environment. In this example, P086 translates to 98,532 distinct rules.
  98,532 = 21x46x34x3
  also since you had already uploaded standard rule sets........ and when you upload modified files....... it must be containing old tcodes also........ those should be removed.
  regards,
  Surpreet

• How to restrict user rights so they can add list items but cannot edit them once saved?

  I appreciate if you can help me with this. My beloved company uses SP2010, and I got the task to solve this issue using it, though I am not a programmer (basic html is still ok).
  I need a simple annual leave list with the following capabilities:
  1. Group of users (~100 members) should be able to create list items in a list that contains annual leave data. Columns are: Name, Leave start date, Leave end date, Team leader, etc.
  2. Once they fill in the new item form, a workflow notifies the team leader to visit the item and set a column "approval status" to approved or rejected.
  3. Based on this column value, another workflow notifies the requestor about the decision.
  4. After approval, users should be able to see their items in the list, but they should not be able to edit it.
  Sounds so simple, but I have big issues with point 4. as Sharepoint does not differentiate create and edit rights to a list item. As a result, requestor can edit dates of the approved items.
  Any hints how to solve this? Can impersonation help with this? Or should I add a new permission level to the site?

  Hello
  We are going to do the following things to accomplish your task
  create a new security permission level that will allow submit only
  create your annual leave list
  assign everyone the submit only permission
  add a workflow to send the email and modify the item permissions
  Ok first things first, on the sharepoint server open a powershell window and type the following powershell:
  $spweb=Get-SPWeb -Identity "<site url>";
  $spRoleDefinition = New-Object Microsoft.SharePoint.SPRoleDefinition;
  $spRoleDefinition.Name = "Submit only";
  $spRoleDefinition.Description = "Can submit/add forms/files/items into library or list but cannot view/edit them.";
  $spRoleDefinition.BasePermissions = "AddListItems, ViewPages, ViewFormPages, Open";
  $spweb.RoleDefinitions.Add($spRoleDefinition);
  $spweb.Dispose();
  Now in your site you will have a new permission level called 'Submit Only'.
  Create your annual leave list and give all users read and submit only permissions.
  Now create a workflow against this list in sharepoint designer.
  Add a new step which should be an impersonization step
  1st action
  add permission: give the user and their manager (i am presuming you are capturing this information in your list so it will be recorded against the item) whatever control you wish, i.e. full control, contribute, etc.
  2nd action
  remove list permission: remove the group you initially gave read and submit only permission to and select the read and submit only permissions to remove from them, i.e. if you added the 'All Users' group, then when performing this action choose to remove
  the read and submit only permissions for the users 'All Users'.
  3rd Action
  Send an Email: Email Manager with notification.
  Regards
  Sergio Giusti
  http://sergioblogs.blog.co.uk/
  Whenever you see a reply and if you think is helpful, click " Vote As Helpful". And whenever you see
  a reply being an answer to the question of the thread, click "
  Mark As Answer".
  i just face the same issue and i create a new Permission level named "Submit Only". but i also have a custom web part that is added to my Create form . so when users tried to access the Create form they will get Access Defined. so is there a way to
  modify the permission level to be able to read web parts ?

• Drag file OUT of portfolio onto another program

  By default a user is able to drag a file out of a pdf portfolio onto their desktop or a folder. I'm wondering if it's possible to grant permission to drag the file out of the portfolio into a specified document. Is this possible? Where/how could I modify this permission? Specifically, I have image files that I want to drag out of the portfolio and into another pdf document.

  I posted this on another thread. See if this works:
  1) Uncheck "Backup previous version" in Keynote's Preferences.
  2) Make a duplicate copy of your file that has issues and save it.
  3) If you still get spinning wheels from switching between apps after editing or 10 seconds of inactivity, manually save with command+s. It may beach ball here but be patient and wait for it to finish! Try editing and resume doing work now.
  Command+s may be a bit slow but I think that might be normal since the files are so big.
  Good luck and let me know if this works.

• Dragging files out of portfolio

  By default a user is able to drag a file out of a pdf portfolio onto their desktop or a folder. Permission to drag those items onto another document or program is restricted. I'm wondering if it's possible to grant permission to drag the file out of the portfolio into a specified document/program. Is this possible? Where/how could I modify this permission? Specifically, I have image files that I want to drag out of the portfolio and into another pdf document.

  Hi,
  I don't think you are going to have much luck with this task.
  While you can drag out of a portfolio, it is generally just to Explorer. You can't drag a file into another PDF, using drag and drop. This functionality is not available within Acrobat.
  In addition you will not be able to drag images from a portfolio or from Explorer into an image field in an XFA form.
  Sorry,
  Niall

• "Created By" Column is showing empty in SharePoint List

  Hello All,
  I have created a custom list and enabled the "Created By" and "Created" Column to be shown in the list.
  All the users are able to see the "Created" Column populated, but the "Created By" column is blank, no value is populated to it.
  But the Farm Administrator is able to see the values for "Created By" column in the List. I tried providing full control to the Users, provided all permissions, but still the users are unable to see this column populated. I have no clues what to
  be done.
  So I tried a workaround specified in the forum ie., by using a column with calculated value =[Me]. But this gives the login name and not the Proper name, which is not helpful for me. I just want a column which displays who created the item.
  Please help me regarding this issue.
  Thanks,
  Shanky

  Hi Alex,
  Yes, I have checked them too.
  1. This is happening with all lists, as I have modified the permission for the users to the lists only to :
  Add Items
  View Items
  Open Items
  View application Pages
  View Pages
  Open
  This is to make sure that the users wont modify the list or delete it or its items.
  2. This is happening with all the items in the list, not only for other people's items but also for current user's item as well.

• Exchange BPA Errors (Exchange server is a virtual machine but the additional tools are not installed and The 'Services' string type value located in 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v14\Setup\Services' registry key is missing)

  Hi,
  I am running BPA on My Exchange 2010 VM (Server 2008 R2 VM on Hyper-V) and get the following errors:
  The 'Services' string type value located in 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v14\Setup\Services' registry key is missing or inaccessible. The Microsoft Exchange Information Store service won't start. As a result, all services that depend
  on this service won't be able to start
  Exchange server [Exchange Server FQDN] is a virtual machine but the additional tools are not installed. This configuration is not supported. Install Virtual Machine Additions for this guest.
  Problem is that, for the first, that Key exists and the service is actually running fine. And for the second my VM tools are already installed.
  Hopefully someone out there has had the same issue and can assist.
  Pete

  Hi Pete,
  For the first error message, please try the following steps:
  Make sure the Information Store service is in Starting status,
  Automatic startup type and works well, as a test we can try to
  restart the Infroamtion Store service and verify the service works well.
  Start
  Registry Editor, find the registry key “Services” under “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v14\Setup”, its value is “C:\Program
  files\Microsoft\Exchange Server\v14”(default install location), please check your registry, make sure the key “Services” exist and value is the Exchange Server install location and the
  location is accessible;
  Start
  Registry Editor, and locate the following registry key:
  HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\Setup
  Use the
  Permission option under the Security tab to check the permission setting on this key. Make sure
  System is in the list with Full Control permissions if the service account is Local System. If you are not using Local System as the service account, check the existence of the corresponding account in the list and ensure that
  it has Full Control permissions. Please refer to this article:
  Title: Exchange Store Does Not Start: Errors 7024, 1026, 9542, and 5000
  Link:
  http://support.microsoft.com/kb/285116
  Start
  ADSI Edit, and then browse to the following location:
  Domain.com/Configuration/Services/Microsoft Exchange/Org/Administrative Groups/AdminGroup/Servers/Server Name
  Right-click the
  server name, and then click Properties.
  Click the
  Security tab, make sure this own server’s server object have
  full control permission on its own server.
  If not or the object is missing, please modify the permission or click
  Add, locate the computer account for the Exchange Server computer, add it to the Permissions list with full control.
  Click OK, and then close ADSI Edit.
  Use
  Active Directory Users and Computers to add the current affected
  Exchange Server computer account to the Exchange Servers(previous version should be “Exchange Domain Servers”) group in the
  Microsoft Exchange Security Groups( or Users) OU. Refer to this article:
  http://support.microsoft.com/kb/297295.
  Restart the Exchange Server computer, then rerun the ExBPA.
  For the second error message, Microsoft don’t recommend to install Exchange Server on virtual machine without additional tools, so the error message occurs. We can just ignore
  this message, it will not affect the Exchange servers.
  Regards, Eric Zou