Navigation depending on access rights

Similar Messages

• Canos EOS 60D: file access rights differ, dependant on mode of import

  I have stumbled upon the most stupefying and inexplicable inconsistency when importing photos from the Canon EOS 60D into iPhoto 09 via USB cable. I then move these files into a new empty folder on my desktop. Some files have access rights allocated to the user group "staff", and some do not. I discovered that pictures taken in portrait mode (camera rotated 90 degrees) have the "staff" access enabled, and those taken in horizontal mode do not. But this gets better still: when I take the very same Transcend 16 GB SDHC card and import these very same pics via the built-in SD slot and iPhoto on the iMac and move these pics to a new empty folder, ALL of them have "staff" access rights. Strange, right?
  Interestingly, this does not happen when I use a Canon EOS 20D. All pics get the "staff" group allocated with the 20D via USB.
  This is really bothersome, because I usually import via USB and move these pic folders to a 10.4 server. No "staff" means that the ACL´s don´t work properly, and I have to manually change access rights for other users.
  Anyone out there have an idea or an explanation for this? I really am at a loss this time.....
  Harald

  Haven´t tried image capture yet, will do so on Monday. Will also try copying files directly off of the card, into a new folder (bypassing iPhoto) to see what happens.
  Thing is that users on the network rely on the simplicity of the iPhoto import, which is why I am keen to find the cause of this anomaly. Any other ideas out there on what the cause might be?

• OIM & Menu Items + Access Rights

  Hi,
  I am trying to customize groups in OIM. I would like to make a specific group to be able to manage users who are for example, managed by user YYY and ONLY them.
  So far, I updated the Menu Items of the group so users who belongs to that group can manage users. The problem is, when I make a search request for users, OIM tells me back that no user are found...
  My bet is that the group doesn't have the rights to make a lookup query on users. I can't find how to change that. (I already gave all the access rights to the group from the web interface)
  I would also like to know how it is possible to customize that query.
  Thanks a lot!
  Guille

  Hello Suita,
  In a Business Role you can go into "Fields & Actions" and there you will be able to find some standard fields or actions that you can restrict to a role as well.
  We are suing this for some fields changes, or like Account Team modification, Sales Quote creation etc.
  I am not sure you will be able to do everything but it's quite flexible and you can probably forward your specific request to Support to have them help you out. I believe you can easily block Status modification from there for instance. We at least do that for Business Partners/Customers.
  You can check the Admin Guide page 153, maybe in the Help Center in C4C directly there would be better examples for "Fields & Actions".
  Also, the SAP Service Center added a feature called "UI Switches" for us in our of our projects with them to allow us cover some of the fields not protected via the "Fields & Actions" settings. It is working well for us. This can be another solution for specific user right modifications.
  Another thing you can look at as well is the Dynamic Screen Layout feature (with a well done guide). Maybe it can also suit your needs depending on the business scenario you want to do?
  Hope this helps.
  JB.

• Access Rights Assignment per Report/Layout

  Dear SAP Experts,
  Could you give me a hint where access rights for reports (smartforms or sapscript) are assigned?
  To give more requirement, what if we want to be more specific such that for example, we have 2 companies which are using the same report (e.g. Invoice), but we want to assign a different layout for each company automatically (depends on the company code of the invoice)? Is this "customizable" or should be programmed?
  Your advice is highly appreciated.

  Hello,
  This will be the customized one, create an authorization object like ZXYZ in SU21, and now inform the basis guys to assign the auth object to the  required profiles, no win the report program i.e. the print program use Authority-check syntax. If the sy-subrc = then get the one layout or else another layout.

• Accessing objects without access rights

  Hi,
  does anybody know if is possible to set object's attributes with no matter on its ACL?
  Describe of situation:
  I have an object SeqNum defining form of sequence number for instances of other objects. For example, documents of class Document can have automatically set attribute with sequence numbers "DOC001", "DOC002", "DOC003", etc. on their insert to iFS.
  Each SeqNum object have its ACL, by what I want to say that only admins can manage (change) definition of sequence numbers.
  SeqNum object has also an attribute, containing last used sequence number. The problem is that I need to increment (in background, with setAttribute method) this attribute every time some user inserts document with created sequence number. In order to do that, every SeqNum object must have Public ACL, else I get error message with insufficient access rights. Any idea to solve this?
  Thanks in advance
  Radek Zeman
  [email protected]

  >
  I get "table or view does not exist" error. Is there a way I can wirte refer to objects in this schema without having to indicate the owner. So instead of writing SCOT.EMPLOYEES I want to write just EMPLOYEES.
  >
  Create a public synonym for the object.
  CREATE PUBLIC SYNONYM EMP32 FOR SCOTT.EMP;Then you do not need to specify the schema.
  --- edited to add doc reference
  See CREATE SYNONYM in the SQL Language doc
  http://docs.oracle.com/cd/B28359_01/server.111/b28286/statements_7001.htm
  >
  CREATE SYNONYM Purpose
  Use the CREATE SYNONYM statement to create a synonym, which is an alternative name for a table, view, sequence, operator, procedure, stored function, package, materialized view, Java class schema object, user-defined object type, or another synonym. A synonym places a dependency on its target object and becomes invalid if the target object is changed or dropped.
  >
  Edited by: rp0428 on Apr 5, 2012 10:56 PM

• Access rights folders all messed up: HELP

  Hi Guys,
  *First the good news:*
  A few days ago I picked up my new (2008 model) iMac. Yeah baby!
  *Yep now the bad news:*
  Because I allready have an MacBook I started migrating all kind off content to my iMac. I started out creating two accounts for my girlfriend and me. Then used my Time Machine backup to restore all kinds of files foto's etc to my iMac.
  Because TimeMachine puts al these files in the account from my MacBook I copied everything from that account to my 2 new accounts and when I didn't have access I just added me with read and write access to the folders true the info pane.
  (Yep I'm a Windows user and didn't know anything about the Unix way of live)
  So what happens now is that when I move a file/folder it doens't move it, it copies the file. Some files/folders even ask for a password when copying. When I try to delete them I also have to putt in a password. ARGRHGRHRGH
  (In finder it says: com.apple.desktopservices)
  For Example:
  Rights folder Pictures:
  Marketeer (Me) Read and Write
  Staff Read and Write
  everyone No Access
  But a picture in this folder
  Everyone Custom
  (Unknown) Read and Write
  Marketeer (Me) Read and Write
  Staff Read and Write
  everyone Only read
  I tried the disktools and to restore access rights but this didn't work and it keeps giving the same errors.
  Can I fix this? Or should I just start over, copy all my files to a FAT32 external windows disk delete my accounts en import everything back?
  Message was edited by: Goldy Goldstone

  My folders do not appear in the right place, what do I do?
  Please do nothing with your folders until you do this:
  Beside the word Folders is a +, click the +"
  The file navigator will appear.
  Navigate to the parent folder of your pictures and choose the folder.
  Lightroom will put the folders in the right place now.
  do i have to do this one folder at a time (there is no "parent" directory in the left panel. I could do a select all for the folders and then choose my lightroom/photos directory, but want to make sure that's what the FAQ is saying,
  thanks

• Repository Access Rights

  There are several right you can grant on a workarea
  -Administrate Grant, revoke or delete access rights on a repository
  object
  -Compile Refresh a workarea
  -Delete Delete an object (or perform force delete or purge if they have
  the necessary repository privileges)
  -Insert Create an object
  -Select Query an object
  -Update Modify an object
  -Update Spec Redefine a workarea
  -Version Check out/check in an object
  What Access Rights are usually applied to a developer in a shared
  workarea?
  null

  Hi,
  Typically, you would want to grant all of those except administrate and delete/purge. But it depends on your own team's security policies (for example, you might decide that developers are not allowed to alter the spec of a shared workarea so that other team members are not affected by changes).
  Brian

• DIS Access right(roles and autorizations of DIS)

  Hello friends,
    I have urgent problem regarding access rights of DIS(Document info. system)
    I would like to know the access rights of DIS( Document management system).
  for example:
  1) For creation of DIS what accesss rights exist and for attaching a file what access rights exist
  Where can i find these roles and autorization.
  Note: I am looking for the entire autoriazaions and roles of DIS ,not for a particular user.
  Rewrad with full points.
  Regards
  Preethi

  Authorization objects:
  C_DRAD_OBJ     Create/Change/Display/Delete Object Link        
  C_DRAW_BGR     Authorization for authorization groups          
  C_DRAW_DOK     Authorization for document access               
  C_DRAW_MUP     Authorization for Markups                       
  C_DRAW_STA     Authorization for document status               
  C_DRAW_TCD     Authorization for document activities           
  C_DRAW_TCS     Status-Dependent Authorizations for Documents

• Overload the default access right policies?

  Hello,
  We want to use Oracle Content Database to implement a DMS for a bank, who has complex access rights (as an example, imagine that the access rights become more restrictive after 8 PM).
  Hence our question: is it possible to overload the standard access rights of Oracle Content Database with our own hand-crafted policies, e.g. provided in a stored procedure?
  Thanks for any help
  Pascal Sartoretti

  Hi Pascal,
  I understand.
  I think what you wrote is enough for me to get a better understanding of what you're trying to do: each document in CDB may map to a transaction in an external banking application, each of which may imply its own security policy in some way.
  You are correct -- there is no way to override the security model of CDB with another implementation.
  However, you can change the security configuration for folders or documents in CDB programmatically with the CDB API. Therefore, it is possible to update a security configuration in CDB to match a security policy defined by an external application, as long as you can set up a "trigger" mechanism that is invoked when changes are made to the external application that need to be applied to CDB.
  Of course, you will need to come up with a mapping from your external application's security model to CDB's model that is based on users, groups, and roles. Given that you are able to create custom roles and ad-hoc groups in CDB, this should be possible, depending on the complexity of your external application's security model.
  You can also use the CDB EventHandler feature to implement a time-based custom "trigger" that can be implemented to make changes to CDB security at various intervals based on the rules you want to enforce.
  I have another question about the application you are planning:
  - Do you envision end-users accessing CDB directly, and using the built-in user interfaces, such as the Web GUI and ODrive?
  - Or do you think it will be more likely that end-users will access the external "banking application" directly, which would have a custom user interface and specific features for banking?
  In the second scenario, the banking application would use CDB "behind the scenes" to store and retrieve documents required by the banking application. (CDB would not need to have users and passwords for the end-users -- only one (or a few) "application" users that would be used to provide access to the banking application.)
  - Luis

• How do I fix an access rights error when launching Image Processor in Adobe Bridge CC?

  Often when I am working on files and want to batch process Jpegs for clients I get an error message from Image Processor.  It will state "I am unable to create a file in this folder.  Please check your access rights to this location ...."
  I have cleared cache and up'd my history levels.  I checked to make sure the files were not locked and read/write was enabled.  I am not sure why this error keeps occurring.  I am using Adobe Photoshop CC 2014 (2014.2.2 release) with Adobe Bridge CC (6.1.0.115)

  It's an endless circle.
  See if these instructions help: iTunes repeatedly prompts to authorize computer to play iTunes Store purchases

• How to define a new user in Enterprise manager with Specific access rights?

  Hi,
  I want to create a new user in OEMS 11g who should be able to access only the scheduler jobs section.
  How can this be acheived?

  You can create new administrators via the Setup --> Administrators page
  You can grant certain access rights to targets, you can not however grant priv to only access the job system
  Take a look at http://download.oracle.com/docs/cd/E11857_01/em.111/e14586/security3.htm#sthref235
  Regards
  Rob
  http://oemgc.wordpress.com

• You do not have sufficient access rights, pls help

  Hi folks,
  I'm getting the "You do not have sufficient access rights" error accessing the Identity System Console. The same admin account can access User/Group/Org Manager screen, however, for some reasons user and group searches return no results. This is the second OIS install against the same ldap dir (ovd to sun 6.3), so I had to specify Id server was not the first one to avoid profile conflict with oblix DBAgents. The admin user had been selected during prev install, and exists under o=Oblix in both cn=Web Masters and cn=Directory Administrators.
  I have LDAPMaxNoOfRetries set to the number of dir servers +1 in all globalparams.xml on OIS. I also can modify ldap dir via both ldapmodify and ldap browser binding to OVD as same user. Turning the TRACE on didn't showed any errors except for the following:
  DB_RUNTIME WARNING 0x00000504 ldap_config_db.cpp:187 "Exception during DB runtime code" function^LDAPConfigDB::Open() status^17
  DB_RUNTIME WARNING 0x00000504 ldap_config_db.cpp:355 "Exception during DB runtime code" function^LDAPConfigDB::ReadOblixDBConfig()status^17
  SCHEDULER_FRAMEWORK ERROR 0x00000501 ../obschedulerthread.cpp:316 "ObError exception caught" ObScheduledTaskLiaison::LoadTasks^ObWFScheduledTaskLiaison
  PPP INFO 0x000008C7 obeventcatalog.cpp:183
  Cannot find the action
  function^ObEventCatalog::GetActionEntry2Modify()
  actionName^front_page_admin_klogin_post
  APP_BASE WARNING 0x00000833 oblixbasecommon2.cpp:1235
  Login failed
  Error^You do not have sufficient access rights
  numLoginFailures^1
  There's nothing in the ldap logs either. The only warning I get per that user is in the ovd log:
  DoSManager: Found unbound connection from active ip addresses
  DoSManager: Found unbound connection from active users
  The Oracle Support is clueless, please help.
  Thank you, Roman

  Hi Vinod,
  Thanks for the post. OK, if I got it right, I have two entries under obcontainerId=DBAgents for each of my primary Id servers. For the one I currently use, I have this towards the bottom:
  obname=oblixConfig-OIS_mdi-oamlx-3
  obname=default-OIS_mdi-oamlx-3
  Both entries have obdbusedby set to OIS_mdi-oamlx-3 which is my OIS id. The obsearchbasestr is different: o=Oblix,o=paychex inc for the oblixConfig, and o=paychex inc,c=us for the default one. Is that's the way it should be?
  Thanks Roman
  P.S: I've noticed I get same error accessing My profile under User Manager.

• Can not access CRM from outside the office network - Access denied You do not have sufficient access rights or privileges to perform this action.

  Hi,
  I can not access CRM from outside the office network - Access denied You do not have sufficient access rights or privileges to perform this action.  I can access CRM with same user id and password from our office inside the network.  I can get
  the page to give login details once I have login details I got below error. Please help me to solve this issue.  It was working before.
  Access denied You do not have sufficient access rights or privileges to perform this action. 
  Regards,
  Noushad
  [email protected]

  On Premise system Configured with AD FS server for claims-based authentication you need to update your host file with server url to access it from outside office network.
  Refer
  this on how to update host file.
  Regards, Saad

• Oracle access manager: "You do not have sufficient access rights."

  Hi gurus,
  I'm doing self training on OAM, following an exercise I installed OAM and
  created a couple of Master Admins.
  Everything seams to work except the fact that this admins are not allowed
  to create users/orgs/groups and get the message "You do not have sufficient access rights".
  I may have missed something during the setup, however the question is: how can I recover this situation? How I can give more privileges to those admins?
  I tried to create a policy in directory server, without success.
  Please, help.
  Thank you very much.

  You will need to create a create user Workflow.
  Out of the box OAM does not know which attibutes to create for your user.
  Use the quickstart tool as follows
  http://download-west.oracle.com/docs/cd/B28196_01/idmanage.1014/b25343/workflow.htm#sthref961

• OAM- "You do not have sufficient access rights" message with Master Admin

  Customer has configured the OAM system to have both the primary and the secondary side for failover purposes. The back end directory server on both systems are in sync. The primary side of the systems works well as far as this issue is concerned.
  On the secondary side, if you login with the MASTER administrator of the system and click 'Identity System Console' or click any of the configurations under the Configurations in the User Manager, you get the error message saying "You do not have sufficient access rights". However, if they navigate to the Access system on the same browser and access the "Access System Console", and then navigate back to the Identity system, the Master Administrative rights are granted and now have a full access to the system.
  We tried following things to resolve the issue, but could not resolve it:
  1) Tried deleting 'cookieencryptionkey' which is found under "obcontainerid=encryptionkey,o=oblix" and restarted both the Identity Servers.
  2) Confirmed that the OAM administrator is present in cn=Web Masters,o=Oblix,<> and cn=Directory Administrators,o=Oblix,<> from the LDAP.
  3) Under the apps=PSC node, checked the Advance Properties for the 'obuniquememberStr' attribute:
  - Master Web Resource Admins (cn=master web resource admins, obapp=PSC, o=oblix, ...)
  Made sure that the values for the 'obuniquememberStr' attribute has the correct value there.
  4) Reconfigured the Secondary Identity Server.
  None of the above really helped to resolve the issue.
  Could anybody please help here to get rid of this issue.
  -Amol

  Hi Vinod,
  Here is the customer's response to your above 2 questions:
  1. We have 4 Directory server profiles for Identity servers; one for user data and one for configuration data for each server.
  I have at least reduced them to two and used only the ones initially used by the primary identity server as our user and configuration data do not reside together. User data is consumed via OVD.
  However, this does not seem to have any effect on the current behavior.
  2. All components except for the access server are on 10.1.4.2 and the access server is on 10.1.4.1
  Also below are the errors from the oblogs:
  dentity Server log
  =============
  2008/03/19@10:04:16.508530 4332 262160 PPP INFO 0x000008C7 obeventcatalog.cpp:183 "Cannot find the action" function^ObEventCatalog::GetActionEntry2Modify() actionName^ENCRYPTION_cookieEncryptionKey
  Access Server Log
  =============
  2008/03/19@10:03:56.329959 13608 1687633 CONNECTIVITY DEBUG3 0x00000201 /usr/abuild/Oblix/1014lwhf/palantir/netlib/src/obmessagechannel.cpp:601 "Received " ipaddr^10.217.209.81 ipport^1853 seqno^12 opcode^1 opcodeStr^IsResrcOpProtected Message^ro=t%253d0%2520o%253d%2520no%253d%2520r%253d%2520nr%253d%2520wu%253d/identity/oblix/apps/admin/bin/frontpage_admin.cgi%2520wh%253d10.217.209.81%2520wo%253d1%2520wa%253d0%2520ws%253d st=ma%253d2%2520mi%253d2%2520sg%253d0%2520sm%253d version=3 pd=
  2008/03/19@10:03:56.340433 3099 802864 AUTHENTICATION DEBUG2 0x00000201 /usr/abuild/Oblix/1014lwhf/palantir/aaa_server/src/aaa_service_server.cpp:2779 "Authorization successful"
  Webgate Log
  ==========
  2008/03/19@10:04:05.661000 5796 4516 HTTP_REQ DEBUG3 0x00000201 \Oblix\coreid1014\palantir\webgate2\src\isprotected.cpp:185 "Resource is protected" ResourceOperation^GET ResourceType^http Resource^//10.217.209.81/identity/oblix/apps/admin/bin/front_page_admin.cgi authnSchemeName^Oracle Access and Identity Basic Over LDAP
  2008/03/19@10:04:14.661000 5796 4516 LDAP DEBUG3 0x00000201 \Oblix\coreid1014\np_common\db\ldap\util\ldap_util2.cpp:537 "MLK-Memory leak for LDAP error information. This will show up as memory leak in LDAP SDK calls." key^25
  2008/03/19@10:04:14.661000 5796 4516 LDAP DEBUG3 0x00000201 \Oblix\coreid1014\np_common\db\ldap\util\ldap_util2.cpp:537 "MLK-Memory leak for LDAP error information. This will show up as memory leak in LDAP SDK calls." key^25
  2008/03/19@10:05:54.552000 5796 5256 CONFIG DEBUG2 0x00000201 \Oblix\coreid1014\palantir\access_api\src\obconfig.cpp:865 "Client configuration not updated"
  2008/03/19@10:05:54.552000 5796 5256 CONFIG INFO 0x0000182D \Oblix\coreid1014\palantir\access_api\src\obconfig.cpp:866 "The Access Server has returned a fatal error with no detailed information." raw_code^302
  I checked the OVD logs but did not find any error in it. Customer also tried to unprotect the /identity and /access URLs but the issue persist.
  Also I do not feel this as a bug, because this environment was working quite for few months without any such issues, also there were no changes made on the OVD/AD configurations. However, the server that hosts the OVD/AD was shut down and when it was restarted, we started experiencing this issue.