One connection user with full rights for a bunch of schemas
How can I give all rights of one user to another without declaring each object privilege one by one? For my application I would like to devide the data to maintain into four different schemas to. Never the less I would like to connect to the db by one account and have full access to all of the four schemas. My client denies to give the connect user DBA rights. The connection user is not allowed to have "ANY" grants, either. But my application often creates tables, views etc. and drops it when they aren't usefull any more. So it is nearly impossible to manage the grants on each db object one by one. So, how can I give a user all rights for a bunch of others?
My program uses logical "firms" to allow separation of clients client data. Sounds like Row Level Security - or even Views - would be saving you some grief here.
The most dynamic created tables are used to optimize performance for (sub-)queries builded at runtime by the user. Do you really have benchmarks to prove that building tables through dynamic execution of DDL results in faster response times than plain queries? Are the query structures some various that temporary tables won't do?
Cheers, APC
Similar Messages
-
Install for users with limited rights.
Is there a way to install Flash player so users with limited rights can perform updates? I don't want to touch hundreds of machines each time a minor upgrade is released. Security policies dictate that users cannot have local admin rights.
Hi, not that I have heard of. If you can't update, then most likely you are under Group Policy and the IT Department would be in charge of that.
If it is possible, then someone else would need to reply to you.
Thanks,
eidnolb -
same user with administrative rights on all the servers in single domain user as a part of administrator group in all the servers:
same user is configured as administrator on all the servers in one domain at windows 2003 server. Should this user be made part of domain admin and then this can be set up in the group of administrator for all the servers.
How this is technically different?
If same user is set up as an administrator on all the servers in domain, will it have the same access on all the files as a domain admin user?
dhomyaIf the account is not admin on the domaincontrollers and the account is not member of domain admins or any other privileged AD group, the account has only user privileges on AD and thus cannot perform actions like creating and managing accounts,
groups, OUs,policies, sites, ...in other words cannot potentially ruin Active Directory.
I think that is a pretty big difference.
In fact, it is bad practice to perform you daily server management with an AD privileged account.
In regards of file access. The domain administrator will be just an admin, and thus has the privilies assigned to the local admin group, just as any other admin. But if it are different accounts they might be member of different groups assigning different
privileges. Always be carefull when assuming resulting privileges will be the same.
MCP/MCSA/MCTS/MCITP -
How to Control authorization for users with certain status for level 2 WBS Element
Dear All,
Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
Pre-requisite:
There is only 2 level of project i.e.
Lev_ WBSE_______Description
1___ 7-14.E_______summay outage controller
2___ 7-14.E.2310__ Plant/unit # 2310
2___ 7-14.E.2310__ Plant/unit # 2220
Project Controller (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
User ID_ Plant #
123345_ 2310
122455_ 2220
Issue:
After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
Solution required:
Can any one tell how to control this scenario either by standard or enhancement available to control authorization
BR
Saqib UsmanHi,
Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
Thank you and regards,
Varshal Kachole
The SCN Rules of Engagement -
Additional User with admin rights
Hi all,
i checked the documentation but i could not found a possibility to create an additional user with admin rights to access the Vibe Management Console.
Does anybody know if this is possible and how to do this?
Thanks in advance
AlexHi Willem,
thank you for the great post. It did the job very well.
Alex
>>> <[email protected]> schrieb am 1.8.2013 um 07:46 AM:
> arlorenz;2275156 Wrote:
>> Hi all,
>>
>> i checked the documentation but i could not found a possibility to
>> create an additional user with admin rights to access the Vibe
>> Management Console.
>> Does anybody know if this is possible and how to do this?
>>
>> Thanks in advance
>>
>> Alex
>
> Hey Alex,
>
> Yes, that's possible. It's somewhat a twofold/threefold process, as
> you have to give an accounts right to administer the zone, and then also
> have to give that account rights to the personal workspace root (to be
> able create/delete user accounts) and any workspaces that need to be
> administered.
>
> I always create an vibe-admins group (local group) that gets the rights
> to the zone and workspace roots. Then add the needed users to that
> group.
>
> Access for the zone can be set within the administration console:
> https://www.novell.com/documentation...ata/bk4saug.ht
> ml
>
> Then add the needed rights on the workspace roots, Global, personal &
> team workspaces.
>
>
> !Do note that admin is the only user that is not allowed to get
> blocked. Other admin users can be filtered out via ACL's.
>
>
> Cheers,
> Willem -
Duplicates. I use iTunes match. Two questions:
When I run exact duplicates on the library on my Mac Air, I get duplicates that say uploaded for one and uploaded with a cloud for the other. Which one do I delete?
Some of the duplicates say matched and matched with a cloud. Same question - which one should I delete?I'm not sure I understand the question.
First I would update your iTunes match. iTunes match will tell you what is duplicates and then you can just delete them from the library.
Second, the course in a situation like this is to delete ONE duplicate and see what happens. Make sure you have that song backed up somewhere just incase it deletes it completely. But usually I'd delete one and then see if it deletes both or just the one you pressed.
Thirdly, update iTunes match. It usually does a good job of locating actual duplicates. -
Can i have a connected mode with lightroom 5 for my SONY SLT-A77V ?
can i have a connected mode with lightroom 5 for my SONY SLT-A77V ?
thanks for anwers.Hi,
Haveee a look here for Tethered Camera Support: http://helpx.adobe.com/lightroom/kb/tethered-camera-support-lightroom-4.html -
If I have a sub site URL and a user with Site Admin, can I list all users in that sub site that have Full Control at that level?
Any C# code sample?Still you can do that, just pass the subsites to your code and from their you can find the users dynamically.
You could also use SPWeb.Users property to get users assigned to a subsite
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.users(v=office.15).aspx
alternatively you can also use SPWeb.SiteUsers to get all users
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.siteusers(v=office.15).aspx
other APIs of help-
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.associatedmembergroup(v=office.15).aspx
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.associatedownergroup(v=office.15).aspx
http://sharepoint.stackexchange.com/questions/101671/object-model-list-all-users-with-full-control-on-a-sub-site-in-sharepoint-2013
Hope this helps!
Ram - SharePoint Architect
Blog - SharePointDeveloper.in
Please vote or mark your question answered, if my reply helps you -
User with admin rights can't access files through the command prompt
I have a strange situation where I have 2 users both setup exactly the same with admin rights on a 2003 (32 bit) server through an AD group membership, but one can do everything as expected but the other can't.
The one that can't is trying to execute a program is a command prompt and keeps getting access denied or invalid directory when trying to cd into the folder. I double and tripled check the permissions and they are correct, this person should have
full admin. In fact I did a effective permissions through explorer and it states full rights. Along those lines this person can also access the folder in question through explorer just not a command prompt.
Has anyone seen this before ? and if so what can be done about it.
ThanksHi,
Can the user execute the program through explorer? In Windows Server 2003, the Users group does not have Read and Execute permissions to the command processor (Cmd.exe).
You could refer to the article below to resolve the issue:
"Access is denied" error message when you run a batch job on a Windows Server 2003-based computer
http://support.microsoft.com/kb/867466
Best Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
User with Full Access to mailbox cannot view calendar
I have a user who one of several users that manages the schedules for several conference rooms using regular mailboxes on Exchange Server 2007. She (and she alone), has lost the right to manage the mailbox calendar. When she tries to access the
calendar she gets the error message, "You do not have permission to view this calendar".
I verified her rights as Full Access and even ran the cmdlet below which says, "Appropriate ACE is already present on object ".
[PS] C:\Windows\system32>Add-MailboxPermission -Identity "mailbox" -User user -AccessRights FullAccess -InheritanceType All
WARNING: Appropriate ACE is already present on object "CN=mailbox
49,OU=Service Accounts,OU= xxx,OU=xxxxx),OU=xxx,DC=xxx,DC=xx,DC=xxx" for
account "user".
Identity User AccessRights IsInherited Deny
Domaim domain\user {FullAccess} False False
When I get the permissions on the mailbox she has the following:
AccessRights : {FullAccess}
Deny : False
InheritanceType : All
User : domain\user
Identity : domain/OU/OU/OU/mailbox
IsInherited : False
IsValid : True
ObjectState : Unchanged
Any help out there?
[email protected]Hi,
According to your post, the permission seems to be configured properly in your Exchange server. This user has full access permission to Domaim’s mailbox.
Please try to open shared mailbox in OWA to check whether she can access the calendar. In Outlook, we can open shared calendar in Calendar panel by clicking Open Calendar > Open shared calendar. If it fails, please try the following steps:
1. Click File > Account Settings > Change > More Settings > Advanced.
2. Add the Shared mailbox that you want to open and click OK.
If there is any updates, please feel free to let us know.
Best Regards,
Winnie Liang
TechNet Community Support -
SP2010: Users with Contribute rights can Add but not edit items in Calendar View
Hello,
One of our users was recently trying to update a Calendar item in the Calendar view, but was unable to do so. Here are the facts of the case:
- The members of the user's group have Contribute rights on the Calendar list, and on each of the specific Calendar items tested
- I logged in as a member of the same group and am able to Add items in the calendar view, but when I click on an item title the Ribbon options (including Edit) are not available - whether I created the item or not
- While logged in as a member of that group, I can edit calendar items using the Allitems view, using the dropdown menu and Edit Item (if I click on the item title, I get the item details without the Ribbon)
- I created a new Calendar view ("Calendar2") but the problem was the same
When logged in with admin rights, I get the Edit ribbon when I click on an item title from the Calendar view. Is there a way to do the same for non-admin users? Thanks.Hi,
According to your post, my understanding is that you were able to add items into a Calendar List, but you couldn’t edit some items of the Calendar List in Calendar View as a member of your group with Contribute rights. And if you edit the Calendar List’s
items in the “All Events” view or log in with admin rights, you can edit these items.
Therefore, I wonder if you use the “Calendar Overlays” to display some items of other Calendar Lists in the current Calendar List as John suggested.
And if you don’t have permissions to edit items of other Calendar Lists, you can’t edit those items of other Calendar Lists in the current Calendar List in Calendar View.
So, I recommend that you should check if using the “Calendar Overlays” to display some items of other Calendar Lists in the current Calendar List at first.
If yes, you need to check if you have permissions to edit items of other Calendar Lists.
For test, I suggest that you can create a new Calendar List and test to see how it works.
Best Regards,
Thanks
Victoria Xia
TechNet Community Support -
Unity Connection - Users with system default password getting locked out
Hi all, hope everyone is well !!
I am experiencing a strange problem and hope someone can give me some direction on where to start digging on this issue.
I am getting a good number of users reporting they are getting locked out of their voice mail and they all claim that they have not changed their password and some user even got their greeting recorded by someone else. One thing in common for the users who reported the issue is that they all using the system default password. I am trying to trace to find out who/what has access to these users' mailbox but so far I have not had any luck.
Thanks in advance !!
DannyThanks, yes am doing that now and cant really find any new/unique pattern. Plus the trace is pretty hard to follow. Cant really figure out any times stamps in the trace also. The current trace file is defaultTrace.18.trc and it has very simiiar content as some of the older ones before the problem. Right now the ESS portal is working and the slddsuser password is not locked. It seems the problem takes place on start up?
/usr/sap/ESS/JC77/j2ee/cluster/server0/log
Tough thing to test in production.
I wonder what takes place at startup that would kick this problem off?
brad -
I've been looking through the Admin Ref Manual and Admin Guide (9.0.42) to see if there is a way to list the users that have been given Administrative rights on any given node within the node network on our server. I thought I remember seeing this documented somewhere but now I can't find it.
Does anyone know if it's possible and if so where is it documented?
Thanks in advance for you words of wisdom! :)
-GailIn the BASIC web browser login popup there is a read-only field called
"Realm". This is what is specified in the tab. It is merely there for
informational purposes for the user logging in.
Neil Smithline
WLS Security Architect
BEA Systems
"veena" <[email protected]> wrote in message
news:3ae5ab86$[email protected]..
does weblogic support different security domains for different web
applications ? if not, what is the purpose of the Auth Realm Field in the
Other Tab when installing a web application ?
Veena.
"Neil Smithline" <[email protected]> wrote in message
news:3ae563d4$[email protected]..
This is not possible in current WLS releases. Each "administrativedomain"
(referred to simply as a "domain" in WLS doc) corresponds to one andexactly
one "security domain". Users have the same permissions throughout the
domain.
We are currently considering various options for how to support this inthe
future.
Neil Smithline
WLS Security Architect
BEA Systems
"Nick Roberts" <[email protected]> wrote in message
news:[email protected]..
Can anyone provide information about how to have different users
have admin rights to different servers in a domain ?
Is there any documentation on the different resources defined in
the ACLs list of the default server ?
Nick -
Adobe Updater can be run only by users with administrator rights error on 2003 termianl server
I just installed the latest security update of 8.1.7 on my two terminal servers. Now when each users logs in, they get the following error.
Insufficient Rights (title)
Adobe Updater can be run only by usrs with administrator rights.
They simply click OK and it goes away but it is very annoying. It seems like every time their is an update to Adobe Reader, something goes wrong.
Does anybody have any thoughts on how to stop the Adobe Updater from loading when my users login? Thanks,
JustinI ended up finding the solution at this link.
http://forums.adobe.com/message/1770665
Erech_Belt said
5. Aug 14, 2008 7:22 AM in response to: (LeaAnn_Coldren)
Re: Insufficient Rights Window for non-admins after 8.1.2 successful install
Here is the solution I found.
"Renaming %program files%/Common Files/Adobe/updater5 to something else removed the error."
This seems like a brute force approach, but it does work. I checked the event logs after doing this and don't see any errors in the App or System logs. This folder is the location of AdobeUpdater.exe and all of the Adobe .cer files, so it makes sense that this works, but seems like it should generate other errors...
This is not how I wanted to solve the problem but it did solve it.
Justin -
Nal only loads with full rights to public folder
We're running 3.2 sp3 on a NW 6.0 sp4 server. The NAL window that loads
to the users desktop will only work if we grant full rights to the
public folder. Probably don't need them all, but with just RF, it will
not load.
Has anyone seen anything like this?
Thanks
BillThis is definately not normal.
As a starter, try running NALWIN32.EXE instead of NAL.
This will prevent NAL from attempting to update files.
It sounds as if NAL is attempting to update files on the server instead of
updating the local files.
You may also want to grab a sniffer at http://www.ethereal.com to see what
NAL is trying to do.
Quite odd.
I would also try and start with freshly imaged workstation to see if it acts
this way.
Perhaps something odd has been forced onto your workstation to cause this
bizarre behavior.
What Client Version?
Bill wrote:
> We're running 3.2 sp3 on a NW 6.0 sp4 server. The NAL window that loads
> to the users desktop will only work if we grant full rights to the
> public folder. Probably don't need them all, but with just RF, it will
> not load.
> Has anyone seen anything like this?
> Thanks
> Bill
Craig Wilson
CNE3, 4, 5 - MCSE - CCNA
NSC Sysop (http://support.novell.com/forums/)
Tech Writer - http://www.ithowto.com
(I Peter 4:10)
Maybe you are looking for
-
How to Design Report for Excel output?
Hello Experts... I have both versions Crystal Report XI and Crystal 2013 at this time as we are in the process of Upgrading... How to design for excel output with no page size limit. I have several fields going across (crossing width of paper size 11
-
Extension to Force DW to Recognize PHP in HTML files
Hi there, I've got several sites that use PHP code blocks embedded within plain .html files. It's an apache server and I simply use AddHandler application/x-httpd-php in the .htaccess file to tell the server to parse them for PHP. It works fine for t
-
Need hlep! The issue about creating a logical system!
Hi all, When I create a new logical system, and T-code is BD54. My user profile is SAP_ALL and SAP_NEW. The system pop-up the Warning message as follow: You are not allowed to change cross-client customizing. I have looked it into <a href="http://hel
-
Computer doesn't load page correctly and freezes up since installing Yosemite.
Pages don't load correctly and computer freezes up ever since installing Yosemite. Help!!
-
Error while Deploying 2 Bi-directional dependent services
Hi, I have 2 BPEL flows which intern call each other after their execution. At the development time with some hack we could deploy these bi-directional dependent services while at the deployment time how to deploy these services, as at the time of de