Mounted drives security access rights

Similar Messages

• Oracle Drive & Managing access right

  I wonder if there's possible to manage access rights to others OID users or groups vi ODrive
  ?

  There is an 'Advanced Properties' option in the right click menu that will launch a dialog that allows you to set security and manage metadata of documents, and allows you to set policies (versioning, metadata, workflow etc) and set the security of folders,
  hoep that helps,
  -sancho

• Special access right for PA20 and PA30

  Hello Experts!
  I have a problem and was wondering how it would be configured in SAP, any help would be greatly appreciated.
  How to config the security access right, if the logon user is the member of specify role, he/she is not allow to access the detail of all HR staff by using PA20 and PA30 but he/she can access the details or other staff.
  Thanks in advance!!
  Antony

  Hello Antony,
  Yes. it is possible. But for that you will have to uniquely indicate the HR staff group to restrict their data access by a Security definition attribute.
  I suggest, you can maintain a seperate, Unique Org.Key - VDSK1 field in PA0001 (Organisational Assignment) infotype specific to HR staff. This can be used in Role Component "HR: Master Data" in the relevant role assigned to exclude the org.key specific to HR staff.
  Hope this information helps. Please let me know if you still have any questions.
  Best regards
  G Raj

• Access rights on external usb drives gets reset.

  Hi!
  I use external usb-drivers for backup. I don´t wont other users on my iMac to access this drives, so I have set the access rights for "Everyone" to *"no access"*.
  This works as intended, for a while... But for no reason what so ever, the access rights get´s reset to *"Read & Write"*. This might happen after a day or two..
  Anyone experienced the same? Anyone know why this happens, and maybe have a solution to this problem?
  Best regards
  Geir.

  Other users on your iMac can easily right-click on the external hard drive icon, get info and check the "Ignore ownership on this volume". Then everyone can read and write on the backup drive which probably isn't what you want. Theoretically, only users with admin rights can check that box, but there's plenty of ways to circumvent this.
  If you want to restrict access more, lauch Disk Utility and create a new Read/Write disk image with encryption on the external drive. This will take some time to create and ask you for a password. I'd recommend a strong password (use the password generator that pops up) and let it be stored in your keychain. This way, Time Machine won't ask you to enter the password to back up or enter time machine. You should write down that password though in case the internal hard drive fails or your home folder (including the keychain) gets corrupted. You will be required to enter the password to do a full restore from Time Machine.
  The downside of this is that the other users of your iMac can't use Time Machine at all.
  Per default, the Time Machine rights are so that you can only access your own home folder plus the shared and public folder (and other non-standard folders within anyone's home folder as it has no specific access rights). Try logging in from another account or the guest account and see if you can access your user account's backup files in, say /Documents. It should deny access and not even reveal the folder's contents.

• How do i change the access rights for every file in every sub-folder?

  I have an external drive that was shared between my PC and my iMac (running Snow Leopard 10.6.5).
  Some of the files created by my PC have the following access rights (privileges):
  Me: Custom
  staff: Custom
  everyone: Custom
  I want every file to have the following access rights (privileges):
  Me: Read & Write
  staff: Read & Write
  everyone: Read & Write
  I presume that I need to go into the terminal and run some command line program, but I have no idea what program or what options (or even where to look for such a program). Can someone tell me how to do this, so that every file in every sub-folder has the same access rights?

  Well, that's different. Most people do not install anything on their PC to read an HFS+ disk, so I assumed it was formatted for the PC. [See my above post|http://discussions.apple.com/thread.jspa?messageID=12843313#12843313].
  Note that it is the same as what you asked about, except with numbers instead of the letter equivalents.
  Posix permissions are for User;Group;Other (ugo) and each one can have read/write/execute permissions. Read = 4, Write = 2, and Execute = 1. So, for rwx you set 421=7.
  I try to make it safe by not typing in the file path. If you do what you posted, you will change the startup volume's permissions. The path to your external is /Volumes/ext hd mount point. If you start typing the path and accidentally hit return before finishing the full path, you could fubar something you didn't want to. So, I type the command, leave a space, and then drag the target to the Terminal window.
  You might also consider the GUI based permission changing program, [BatChmod|http://www.macchampion.com/arbysoft/BatchMod/Welcome.html].
  Message was edited by: Barney-15E

• Using AirPort Time Capsule as an external drive with access to files by guest account

  Is it possible to use my AirPort Time Capsule as an external drive with access to files by a guest account?
  I would like to store a large number of folders containg photographs on my AirPort Time Capsule and allow anyone with a password to access the photographs - at the time of viewing the Time Capsule would be connected to the internet but I wouldn't want users to actually access anything other than the files on the Time Capsule - is this possible?  if so any help in configuring it would be really helpful.

  No it is not possible.. Guest is just that.. a guest that is allowed permission to access the internet but none of the local files.
  To give a person access to the TC they must have password to access your normal network..
  From there it is up to you how you do this.. people cannot actually access files on your computers unless you give them share and password permissions for that.. you can even setup accounts on the TC although I recommend against it.. if you want shared photos anyway. All security on a TC is illusion.. merely pressing the reset and it is all blown away.. so if you are concerned about security don't put stuff on the TC people should not access.. or like your TM backups ensure they are encrypted.
  A person can then access you TC and the photos.. but what else on the network??

• Setting Item level access rights on sharepoint list item in ItemAdding event handler

  Hi ,
  I am using sharepoint 2013. I am trying to set item level access rights when a list item is added using the following code snippet,
  public override void ItemAdding(SPItemEventProperties properties)
  base.ItemAdding(properties);
  ConfigureItemSecurity(properties);
  private void ConfigureItemSecurity(SPItemEventProperties properties)
  var item=properties.ListItem;
  SPSecurity.RunWithElevatedPrivileges(delegate()
  using (SPSite site = new SPSite(properties.SiteId))
  using (SPWeb oWeb = site.OpenWeb())
  item.ParentList.BreakRoleInheritance(true);
  oWeb.AllowUnsafeUpdates = true;
  var guestRole = oWeb.RoleDefinitions.GetByType(SPRoleType.Reader);
  var editRole = oWeb.RoleDefinitions.GetByType(SPRoleType.Editor);
  SPGroup HRGroup = oWeb.SiteGroups.Cast<SPGroup>().AsQueryable().FirstOrDefault(g => g.LoginName=="HR Team");
  SPRoleAssignment groupRoleAssignment = new SPRoleAssignment(HRGroup);
  groupRoleAssignment.RoleDefinitionBindings.Add(guestRole);
  SPUserCollection users = oWeb.Users;
  SPFieldUserValueCollection hm = (SPFieldUserValueCollection)item["HiringManager"];
  SPFieldUserValueCollection pm = (SPFieldUserValueCollection)item["ProjectManager"];
  SPFieldUserValueCollection pmChiefs = (SPFieldUserValueCollection)item["ProjectManagerChief"];
  item.BreakRoleInheritance(true);
  item.RoleAssignments.Add(groupRoleAssignment);
  foreach (SPFieldUserValue staffMember in hm)
  SetRightsOnItem(item, staffMember, editRole);
  foreach (SPFieldUserValue staffMember in pm)
  SetRightsOnItem(item, staffMember, guestRole);
  foreach (SPFieldUserValue staffMember in pmChiefs)
  SetRightsOnItem(item, staffMember, guestRole);
  item.Update();
  private void SetRightsOnItem(SPListItem item, SPFieldUserValue staffMember, SPRoleDefinition role)
  SPUser employeeUser = staffMember.User;
  var userRoleAssignment = new SPRoleAssignment(employeeUser);
  userRoleAssignment.RoleDefinitionBindings.Add(role);
  item.RoleAssignments.Add(userRoleAssignment);
  Nothing is happening though... Is the event handler the right place to do this?
  thank you

  Hi ,
  You can refer to the code working in my environment:
  using System;
  using System.Security.Permissions;
  using Microsoft.SharePoint;
  using Microsoft.SharePoint.Utilities;
  using Microsoft.SharePoint.Workflow;
  namespace ItemLevelSecurity.ItemSecurity
  /// <summary>
  /// List Item Events
  /// </summary>
  public class ItemSecurity : SPItemEventReceiver
  /// <summary>
  /// An item was added.
  /// </summary>
  public override void ItemAdded(SPItemEventProperties properties)
  SPSecurity.RunWithElevatedPrivileges(delegate()
  try
  using (SPSite oSPSite = new SPSite(properties.SiteId))
  using (SPWeb oSPWeb = oSPSite.OpenWeb(properties.RelativeWebUrl))
  //get the list item that was created
  SPListItem item = oSPWeb.Lists[properties.ListId].GetItemById(properties.ListItem.ID);
  //get the author user who created the item
  SPFieldUserValue valAuthor = new SPFieldUserValue(properties.Web, item["Created By"].ToString());
  SPUser oAuthor = valAuthor.User;
  //assign read permission to item author
  AssignPermissionsToItem(item,oAuthor,SPRoleType.Reader);
  //update the item
  item.Update();
  base.ItemAdded(properties);
  catch (Exception ex)
  properties.ErrorMessage = ex.Message; properties.Status = SPEventReceiverStatus.CancelWithError;
  properties.Cancel = true;
  public static void AssignPermissionsToItem(SPListItem item, SPPrincipal obj, SPRoleType roleType)
  if (!item.HasUniqueRoleAssignments)
  item.BreakRoleInheritance(false, true);
  SPRoleAssignment roleAssignment = new SPRoleAssignment(obj);
  SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetByType(roleType);
  roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
  item.RoleAssignments.Add(roleAssignment);
  Thanks,
  Eric
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected].
  Eric Tao
  TechNet Community Support

• AD - SunDS 5.2 minumal access rights required to set passwords in DS

  Hi,
  I am doing Identity Integration for one of our clients with MIIS 2003.
  Among other connections we will have:
  MS Active Directory -> Sun DS 5.2
  I have already set up password synchronization pushed out from AD to DS and it works just fine.
  What I need to accomplish though, is to state minimum access requirements for access to DS.
  Client will not give us a user with administrative priveleges so we need to recommend a user with minumum access rights.
  Obviously this user must have a 'write' for userPassword.
  What else?

  I found out the answer:
  Basic access rights resulting from standard SunDS behaviour (from Sun manuals):
  All users have anonymous access to the directory for search, compare, and read operations.
  Bound users can modify their own entry in the directory, but not delete it. They cannot modify the aci, nsroledn,and passwordPolicySubentry attributes, nor any of their resource limit attributes, password policy state attributes or account lockout state attributes.
  In order to be able to synchronize passwords we must have (in addition to standard access rights):
  �Write� access right for �userPassword� attribute for a particular dc.
  In order to make password synchronization more secure, we can limit workstations (by selecting IP pool), which can originate password synchronization.

• Problem with access rights in web forms

  <p>Hi</p><p>i am facing the problem in giving access rights to users inplanning application.</p><p>i gave write access to all my forms and all my users were giveninteractives user access.</p><p>but when users tried to open to the forms. they are getting thefollowing error</p><p> </p><p><b>Security and/or filtering has resulted in a requireddimension not being represented on this form</b></p><p> </p><p>i don't where i am missing. please help.</p><p> </p><p>thanks</p><p>Balu</p>

  Balu,<BR><BR>1)Check if the security filter have been refreshed.<BR>2)Check if all the members from all dimensions are defined on the webform<BR><BR>Thanks..

• Overruling inherited access rights does not work properly

  Hello everybody,
  I have encountered an issue when I tried to overrule "Home" level access rights on SSRS (Verion 2009.0100.1600.01).
  The situation is as that there is a third party company which has to setup and edit reports. I created a folder for them and edited security settings there. I confirmed to have different security settings than on parent "Home" level as the third
  party should not have access to the other reports.
  I added the user and assigned "Content Manager" role.
  After that he was able to access the folder, upload reports and data sources.
  BUT: He is not able to edit reports or sources. He always gets the message:
  The permissions granted to user 'XY' are insufficient for performing this operation. (rsAccessDenied) Get Online Help
  I assigned all roles but this did not help.
  Test showed that if the user has the rights inherited from "Home" (added there with Content Manager role) he can edit the reports he uploaded. But in this case he has also access to all other folders (as the inherit also security settings from
  "Home").
  Is it not possible with SSRS to set it up the way I planned? Thanks in advance for any help!
  Br,
  Karsten

  Hi Karsten,
  In Reporting Services, the Content Manager role is a predefined role who has full permission to manage report server content, including the ability to grant permissions to other users, and to define the folder structure for storing reports and other items.
  It contains Manage data sources and Manage reports tasks.
  Besides, if the user has the rights inherited from "Home”, he will have all permissions inherited from “Home” permissions. If we click the “Edit Item Security” button, then we can assign some particular permissions for the user.
  In your scenario, it seems that someone had modify tasks for this predefined role in SQL Server Management Studio. Please change it back. In order to allow the user can only access to the folder, we should create a role with Manage reports task
  in the SSMS, then assign the user with the role in the parent folders. For more details about how to Create, Delete, or Modify a Role in SQL Server Management Studio, please see:
  http://msdn.microsoft.com/en-IN/library/ms156293.aspx
  If there are any other questions, please feel free to ask.
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support

• Access rights - heavy issue

  I have managed to somehow partly corrupt the access rights on my iMac/SnowLeo system.
  Getting a lot of failure messages at the start up and some applications are just not working properly anymore.
  iTunes for instance does not longer recognize my iPhone - just doesn't - and again I get some strange messages.
  Tried to repair access rights be starting OS x from DVD and used hard disk tools (not sure whether it is called exactly this in English - have a German system installed) and used "repair access rights" on the OS volume - seemed to work because a lot has been repaired but after starting iMAC again - same problem.
  Now - what can I do to get this fixed on the access rights? Re-install Mac OS x- what would happen with all applications, e-mails etc?
  Any idea - help - would be very much appreciated
  Robert

  Thanks - tried it (and seemed to make a lot of sense) but didn't help at the end :-(
  Still same issues
  Am not a Mac OS X specialist or UNIX or whatever - actually I am not very familiar with the details of the OS and all its settings etc etc.
  However, following some messages, Internet, other sources ---- here's what I have managed to find out:
  1) Mac OS starts up - all fine
  2) after the desktop / dock is visible I get some similar but in general the following message (trying to translate since they are in German on my installation)
  "insecure start objects disabled" - ../Library/StartUpItems/Executor" has not be started since the object does not have the correct security settings
  .. I usually get about 10 of them with different "names"(objects) - e.g. "/Executor","/EyeConnect" etc etc.
  Now - this all happens on my iMac; I also have a similar configured MacBook and just checked the security setting for exactly these objects on it - the difference is in "share and access rights" on the MacBook has "System" read and write and all others only read - funnily enough - I can not find "System" within "Share and Access rights" on the iMac!!!! 
  So - next idea: let's add "System" as a user to these folders/shares with "Share and Access rights" - can find a user named "System".
  Uh - it seems I have managed to "kill" something on my iMac ..... just don't know how (but that's not so important) and just don't know how to repair - re-installation of Mac OS X on iMac didn't make a lot of changes.
  Help appreciated!!!
  Robert

• Is it possible to start a windows driver without adm rights?

  I have a situation in which I have a driver, a DLL and one application which loads the DLL, all programmed by me. A second application also opens the DLL but its 3rd party software so I have no control over their code.
  Both applications have to share the handles to the same object of the driver. So I have to instantiate the driver in the DLL, and duplicate the handles so that when the apps open the DLL they share handles to the same driver object. The problem comes on
  starting and stopping the driver, because I need administrator rights to do that and my handle duplication then fails. I have tried changing the security to PROCESS_DUP_HANDLE and it failed anyway. It seems that a process with normal user rights cant duplicate
  handles from a process with administrator rights. Can it?
  I can require adm rights on my app, but the client would need to open the 3rd party app by right clicking and selecting to open it with adm rights, which is no elegant solution.
  So I am thinking about different ways to deal with this situation. Is it possible to start the driver without adm rights? I heard that with named shared memory I wouldnt need to duplicate the handles, however I tried it and it did not work. What other ways
  could I deal with this?
  Thanks guys!

  In the AddService section of the driver INF file it is possible to set the security of the driver loading...
  This will let all users with any rights load and unload the driver for example:
  Security = "D:(A;OICI;GA;;;WD)"
  Then install the driver with the inf file e.g.:
  netcfg -l "path_to_inf" -c class -i ID
  Then when you try to load the driver with:
  net start driver_name
  Or
  sc start driver_name
  It will be loaded even if the command prompt is not with adm privilages.

• Access rights issue on windows formatted HDD

  i have a windows formatted HDD connectd via USB, and there seems to be an access privelidges problem. i can't create folders on it, and can't move/delete "some" files.
  is there any way (without connecting it back to a windows PC) to reset the access rights on the drive/folders/files? there is too much data on it for me to re-format it just now (don't have the space to move all the stuff off it).

  Hi Chenks,
  this isn't most likely a 'rights' or 'permission' problem rather than that the external HD uses the NTFS file system, which OSX can only read but not write.
  Do a right-click on the drive - choose 'Information' to verify if that is the point.
  Without a reformatting to a file system that OSX can rad and write, either HFS+ (when using exclusively with Mac) or FAT32 (when using it with Mac and PC), your only choice is to use MacFuse http://code.google.com/p/macfuse/
  Regards
  Stefan

• Access rights , privileges on XML DB

  Hello,
  I would like to know where can I find information about implementing security and access rights. I have 5 folders under SCOTT/TIGER schema and would like to asign access rights to different user , ie user A can access folder A only, user B can see folder A & Folder B , so on so .
  I will appreciate your help.
  Thanks
  Syed.

  I did and here is the result
  1 select r.res.getClobVal()
  2 from resource_view r
  3* where equals_path(res,'/home/SCOTT')=1
  SQL> /
  R.RES.GETCLOBVAL()
  <Resource xmlns="http://xmlns.oracle.com/xdb/XDBResource.xsd" Hidden="false" Inv
  alid="false" Container="true" CustomRslv="false" VersionHistory="false" StickyRe
  f="true">
  <CreationDate>2003-09-11T15:53:42.672000</CreationDate>
  <ModificationDate>2003-10-01T09:08:15.456000</ModificationDate>
  <DisplayName>SCOTT</DisplayName>
  <Language>en-US</Language>
  <CharacterSet>UTF-8</CharacterSet>
  <ContentType>text/plain</ContentType>
  <RefCount>1</RefCount>
  <ACL>
  R.RES.GETCLOBVAL()
  <acl description="Protected:Readable by PUBLIC and all privileges to OWNER"
  xmlns="http://xmlns.oracle.com/xdb/acl.xsd" xmlns:dav="DAV:" xmlns:xsi="http://w
  ww.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/x
  db/acl.xsd http://xmlns.oracle.com/xdb/acl.xsd">
  <ace>
  <principal>dav:owner</principal>
  <grant>true</grant>
  <privilege>
  <all/>
  </privilege>
  </ace>
  R.RES.GETCLOBVAL()
  <ace>
  <principal>XDBADMIN</principal>
  <grant>true</grant>
  <privilege>
  <all/>
  </privilege>
  </ace>
  <ace>
  <principal>PUBLIC</principal>
  <grant>true</grant>
  <privilege>
  R.RES.GETCLOBVAL()
  <read-properties/>
  <read-contents/>
  <read-acl/>
  <resolve/>
  </privilege>
  </ace>
  </acl>
  </ACL>
  <Owner>SCOTT</Owner>
  <Creator>SYS</Creator>
  <LastModifier>SCOTT</LastModifier>
  R.RES.GETCLOBVAL()
  </Resource>
  and for /home/SCOTT/1999
  SQL> select r.res.getClobVal()
  2 from resource_view r
  3 where equals_path(res,'/home/SCOTT/1999')=1;
  R.RES.GETCLOBVAL()
  <Resource xmlns="http://xmlns.oracle.com/xdb/XDBResource.xsd" Hidden="false" Inv
  alid="false" Container="true" CustomRslv="false" VersionHistory="false" StickyRe
  f="true">
  <CreationDate>2003-09-25T11:56:18.910000</CreationDate>
  <ModificationDate>2003-09-25T11:56:21.023000</ModificationDate>
  <DisplayName>1999</DisplayName>
  <Language>en-US</Language>
  <CharacterSet>WINDOWS-1252</CharacterSet>
  <ContentType>application/octet-stream</ContentType>
  <RefCount>1</RefCount>
  <ACL>
  R.RES.GETCLOBVAL()
  <acl description="Private:All privileges to OWNER only and not accessible to
  others" xmlns="http://xmlns.oracle.com/xdb/acl.xsd" xmlns:dav="DAV:" xmlns:xsi=
  "http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.ora
  cle.com/xdb/acl.xsd http://xmlns.oracle.com/xdb/acl.xs
  d">
  <ace>
  <principal>dav:owner</principal>
  <grant>true</grant>
  <privilege>
  <all/>
  </privilege>
  R.RES.GETCLOBVAL()
  </ace>
  </acl>
  </ACL>
  <Owner>SCOTT</Owner>
  <Creator>SCOTT</Creator>
  <LastModifier>SCOTT</LastModifier>
  </Resource>
  ===========================End====================
  Hope this helped.
  Syed

• Access Rights Error

  I have been using LP 7 for a year and a half and have just encountered a problem for the first time. When trying to add fades to tracks in a file and when trying to bounce audio, I get an error message telling me that I have insufficient access rights to perform these operations. What is that? Any suggestions on how to get my rights back (other than hire a lawyer and petition congress)?
  Thanks.

  Repair permissions on they drive you are recording to.
  Or
  Get info on the folder and be change permissions to read/write and apply to all enclosed items.
  Or both