ORA-20001: Security Group ID (your workspace identity) is invalid
Hi,
I'm exploring with the concept of creating a user in a predefined workspace, from an APEX application (in development, in a different workspace)
I get the following when executing the following on submit of a page in a "SAGE" workspace
(within package compiled in SYS)
-- id for workspace 'WS' - predefined, empty workspace
apex_util.set_security_group_id(123001);
ORA-20001: Security Group ID (your workspace identity) is invalid
Might this be because I'm attempting this within the context of an APEX session? Am I walking into a dead end?
Cheers
Hi Scott,
I guess you created the package with invoker rights.
That's the catch or a security protection in other words ;-)
If you create the procedure with standard definer rights, you can switch between different SGIDs (assuming there are multiple workspaces associated to the same oracle schema), but you get the error you've just experienced when this is attempted from a procedure running with invoker rights.
Or, at least, this is my current understanding of the "problem" that, funnily enough, I encountered yesterday.
Flavio
http://oraclequirks.blogspot.com
http://www.yocoya.com
Similar Messages
-
ORA-20001 when creating my first workspace.
Hi,
I'm sure this must be an easy one to answer.
I am trying to create a new workspace in my new install of Application Express 3.1.2.00.02 (Oracle 11g 11.1.0.6.0).
I get the error:
ORA-20001: Request 1030503661329735 could not be processed. -20001 ORA-20001: Unable to create user. ORA-01031: insufficient privileges
Do I need to grant something to my ADMIN user?
Surely this should have been done as part of the install.
(I did a quick search and couldn't see the same problem anywhere else)
Regards
MichaelHi Scott,
SQL> select privilege from dba_sys_privs where grantee='FLOWS_030100';
PRIVILEGE
DROP PUBLIC SYNONYM
SELECT ANY TABLE
DROP USER
UNLIMITED TABLESPACE
DROP TABLESPACE
CREATE JOB
ALTER SYSTEM
EXECUTE ANY PROCEDURE
CREATE PUBLIC SYNONYM
ALTER SESSION
10 rows selected.
SQL> Select granted_role from dba_role_privs where grantee='FLOWS_030100';
GRANTED_ROLE
RESOURCE
CONNECT
SQL>
I am sure nothing has been revoked.
Is there a script I have not run?
Regards
Michael -
ORA-20001: Unauthorized access (security group package variable not set).
I'm creating an app that uses APEX authentication and features self-registration (working) and forgot password (not working) forms.
My forgot password is public (requires no authentication). The user provides username and secret answer, which are validated, then provides the new password. I attempt to use htmldb_util.reset_pw to reset the user's password, but it's not working.
I have a process on the new password page calling a PL/SQL anonymous block that looks like this (see below), where P16_ITEM1 = username and P18_ITEM1 = new password.
BEGIN
apex_040000.htmldb_util.reset_pw( V('P16_ITEM1'), V('P18_ITEM1') );
END;
I also don't know how to send accurate success/failure messages from such PL/SQL block back to APEX, but that's a separate issue I guess.
Anyway, when testing via SQL Developer as the user with APEX_ADMINISTRATOR_ROLE, I get the following error:
ORA-20001: Unauthorized access (security group package variable not set).
ORA-06512: at "APEX_040000.WWV_FLOW_FND_USER_API", line 22
ORA-06512: at "APEX_040000.WWV_FLOW_FND_USER_API", line 1220
ORA-06512: at "APEX_040000.HTMLDB_UTIL", line 1253
ORA-06512: at line 8
I've searched previous threads and tried different suggestions with no luck.
I'm on Oracle DB XE 11g and APEX 4.x.
Any help will be appreciated. Thanks,
Alex.Anyway, when testing via SQL Developer as the user with APEX_ADMINISTRATOR_ROLE, I get the following error:
ORA-20001: Unauthorized access (security group package variable not set).When running code outside Apex that depends on the Apex security group being set, run the following before your own code:
wwv_flow_api.set_security_group_id(apex_util.find_security_group_id('YOUR_SCHEMA_NAME'));Google "wwv_flow_api.set_security_group_id" for more details, such as this blog post:
http://www.easyapex.com/index.php?p=502
- Morten
http://ora-00001.blogspot.com -
ORA-20001: error 29th ORA-24344 When creating a workspace
Hi,
I just installed APEX 4.0 on 10g (10.2.0.4).
When I tried to create a new workspace, at the last step (after clicking "Create Workspace" button), it fails with the following error.
ORA-20001: error 29th ORA-24344: success with compilation error
Error provisioning test.
I could not find any errors in PLSQL debug error, and in DBA_ERRORS table.
Could you help me to fix this problem? I ran utlrp.sql to make sure we don't have invalid objects. And I read the installation log and found no errors. XDB, OWA installed.
I have another APEX 4.0 instance on 11g R2, and it works fine.
Thanks
Jung
Edited by: jwryoo on Jul 15, 2010 8:37 AMthanks.
Yes, that's I already checked and confirmed that the privilege is granted.
DBA_ERRORS did not show any errors owned by APEX% users.
But I did see some errors owned by XDB.
PL/SQL: Item ignored
PLS-00201: identifier 'UTL_FILE' must be declared
PL/SQL: Statement ignored
PLS-00201: identifier 'DBMS_LOB' must be declared
It seems the DB has revoked some public access for security reasons.
So, I am trying to ask DBA to grant the privileges to XDB. -
ORA-20001: Maximum number of email messages per workspace exceeded
Greetings. We are running APEX 4.1.1. I have an application where we have to send out email messages to a list of emails. Currently there are 2469 email addresses. Originally we put the email addresses in the BCC but we received an error that we had exceeded the size limit of the BCC. So we modified our procedure to send one email at a time, in a loop.
Now we are receiving the following error message:
"ORA-20001: You have exceeded the maximum number of email messages per workspace"
Has anyone else run into this issue? What is maximum number or email messages per workspace? Is it a limit per day, per session?
We have not added emails to this table since last year, so the maximum number of email messages allowed may have changed recently?
I did find this Forum post that addressed the issue but no one responded:
How many mails i can send at a time per day using APEX mail system?
Thanks,
JohnHi jfosteroracle,
You are getting the error may be the following reason,
Check the following,
Login as ADMIN and Goto -->Manage Instance-->Instance Settings--> Mail-->Maximum Emails per workspace
Actually this number denotes the Number of mails can be sent per 24 hour for the workspace,It may exceeded.
It may be the reason.
Thank you.
Regards,
Gurujothi
Edited by: Gurujothi on Jun 27, 2012 5:54 AM -
ORA-20001: Invalid parsing schema for current workspace ID
I recently upgraded Apex version from 4.0 to 4.2 successfully. Everything looks good except in one of the applications, I am running into
ORA-20001: Invalid parsing schema for current workspace ID ( see below for detailed debug info). It seems this page region code is still looking at
old apex scehma APEX_040000 instead of APEX_040200 somehow. Any ideas.
is_internal_error: true
apex_error_code: APEX.REGION.UNHANDLED_ERROR
ora_sqlcode: -20001
ora_sqlerrm: ORA-20001: Invalid parsing schema for current workspace ID
component.type: APEX_APPLICATION_PAGE_REGIONS
component.id: 21560330709310725
component.name: Calendar
error_backtrace:
ORA-06512: at "APEX_040000.WWV_FLOW_ASSERT", line 377
ORA-06512: at "APEX_040000.WWV_FLOW_ASSERT", line 386
ORA-06512: at "APEX_040000.WWV_RENDER_CALENDAR2", line 462
ORA-06512: at line 27
ORA-06512: at "SYS.DBMS_SYS_SQL", line 1926
ORA-06512: at "SYS.WWV_DBMS_SQL", line 1064
ORA-06512: at "APEX_040200.WWV_FLOW_DISP_PAGE_PLUGS", line 4613
ORA-06512: at "APEX_040200.WWV_FLOW_DISP_PAGE_PLUGS", line 3220
OKThanks Patrick. Just wanted to make you're referring to the below code. what package I would be using instead of 'wwv_render_calendar2.show'
wwv_render_calendar2.show (
p_query => q,
p_max_rows => '5',
p_heading_bgcolor => '#CCCC99',
p_table_bgcolor => 'WHITE',
p_monday_friday_only => 'NO',
p_non_curr_month_attr => 'bgcolor="#F7F7E7"',
p_month_font_face => 'Arial',
p_month_font_size => '+1',
p_month_font_color => 'BLUE',
p_day_font_face => 'Arial',
p_day_font_size => '+1',
p_day_font_color => 'BLACK',
p_cell_font_face => 'Arial',
p_cell_font_size => '-2',
p_cell_font_color => 'BLACK',
p_page_width => '95%',
p_show_month_above_tab => 'YES',
p_min_blank_cell_height => '45',
p_calendar_day_date_fmt => 'MM/DD/YYYY',
p_cur_local_date => '');
end; -
APEX4 : Create new Workspace error ORA-20001:
Hi
I've just installed Apex4 on my DB. I've just logged in as admin, changed the password and I then when to create a workspace. I input all the requested details.
When I click on finish I get the following erorr message
ORA-20001: Request 1370207016690509 could not be processed. -20001 ORA-20001: Unable to create user. ORA-01031: insufficient privileges
Error provisioning Dissertations.
Any ideas what I need to do ?
Thanks
BrendanI granted the APEX_040000 user CREATE USER
-
SVG line chart raises ORA-20001 witha valid SQL query
Hi,
I am on version 1.6 & 10g database. I developed an SVG line chart which was working fine, but I wanted to fill in some sparse data by using data densification. So I enhanced my query with a partitioned outer join as follows:
select null l, month_start, issue_count
from
(with dates as
(select add_months
( to_date( '01-jul-2004' ),
column_value-1) dt
from table( vtable(12) )),
iss as
(select trunc(start_date, 'MON') mon , count(*) cnt
from issues
group by trunc(start_date, 'MON'))
select dates.dt month_start, NVL(iss.cnt, 0) issue_count
from dates left outer join iss on (dt=mon)
Now the chart throws an ORA-20001 get_data error. The query is valid as it runs in SQL*plus no problems. What is it choking on?
Thanks,
SteveSteve,
I didn't mean for you to put in on the Studio, just install the app in your workspace on htmldb.oracle.com, use SQL Workshop there to compile your procedures, tell us the app ID, and that's it.
The error message presentation needs some improvement, give us time. We're spending most of our energy on improving the capability of the product.
Scott -
ORA-20001: APP-FND-02604
Hi,
I applied this :
Declare
Cursor C1 is
select d.product_code,b.responsibility_key from FND_USER_RESP_GROUPS_ALL a,fnd_responsibility b,fnd_user c,fnd_application d
where a.user_id = c.user_id
and a.responsibility_id = b.responsibility_id
and b.application_id = d.application_id
and c.user_name ='SYSADMIN'; -- user you want to copy
BEGIN
for v in c1 loop
FND_USER_PKG.AddResp('MYUSER',v.product_code, v.responsibility_key,
'STANDARD', 'DESCRIPTION', sysdate, null);
end loop;
END;
and I have this :
Input truncated to 1 characters
Declare
ERROR at line 1:
ORA-20001: APP-FND-02604:
APPLICATION_SHORT_NAME=GL, RESPONSIBILITY_KEY=GENERAL_LEDGER_SUPER_USER,
SECURITY_GROUP=STANDARD.
ORA-06512: "APPS.APP_EXCEPTION", line 70
ORA-06512: "APPS.FND_USER_PKG", line 2140
ORA-06512: line 11
Do you have any idea ? Thanks for your help.
Regards.It copy the FND responsabilities of a user (for me system) on another user (MYUSER)
It is the package :
/Data/oracle/d03/prdaappl/fnd/11.5.0/patch/115/sql/AFSCUSRB.pls
in which :
-- AddResp (PUBLIC)
-- For a given user, attach a valid responsibility.
-- If user name or application short name or responsbility key name
-- or security group key is not valid, exception raised with error message.
-- Usage example in pl/sql
-- begin fnd_user_pkg.addresp('SCOTT', 'FND', 'APPLICATION_DEVELOPER',
-- 'STANDARD', 'DESCRIPTION', sysdate, null); end;
-- Input (Mandatory)
-- username: User Name
-- resp_app: Application Short Name
-- resp_key: Responsibility Key
-- security_group: Security Group Key
-- description: Description
-- start_date: Start Date
-- end_date: End Date
procedure AddResp(username varchar2,
resp_app varchar2,
resp_key varchar2,
security_group varchar2,
description varchar2,
start_date date,
end_date date) is
userid number := -1;
respid number := -1;
appid number := -1;
secid number := -1;
begin
begin
select user_id into userid
from fnd_user
where user_name = AddResp.username;
select application_id into appid
from fnd_application
where application_short_name = AddResp.resp_app;
select responsibility_id into respid
from fnd_responsibility
where application_id = appid
and responsibility_key = AddResp.resp_key;
select security_group_id into secid
from fnd_security_groups
where security_group_key = AddResp.security_group;
exception
when no_data_found then
fnd_message.set_token('USER_NAME', username);
fnd_message.set_name('FND', 'INVALID_RESPONSIBILITY_DATA');
fnd_message.set_token('APPS_NAME', resp_app);
fnd_message.set_token('RESP_KEY', resp_key);
fnd_message.set_token('SECURITY_GROUP', security_group);
app_exception.raise_exception;
end;
if (fnd_user_resp_groups_api.assignment_exists(
userid, respid, appid, secid)) then
fnd_user_resp_groups_api.update_assignment(
user_id => userid,
responsibility_id => respid,
responsibility_application_id => appid,
security_group_id => secid,
start_date => AddResp.start_date,
end_date => AddResp.end_date,
description => AddResp.description);
else
fnd_user_resp_groups_api.insert_assignment(
user_id => userid,
responsibility_id => respid,
responsibility_application_id => appid,
security_group_id => secid,
start_date => AddResp.start_date,
end_date => AddResp.end_date,
description => AddResp.description);
end if;
end AddResp;
Best regards. -
ORA-20001 FLEX-ID DOES NOT EXIST
Hi Experts,
Please am having this issue when running create Grade api for HCM of Oracle EBS.
When i execute this script below to existing Business Group( Vision University 1759 or Vision Corporation 202 ) data is transferred to per_grades and per_grade_definitions tables
But when i execute this same script pointing to a Business Group (TEST BG 7891) we created by ourself it gives error code ORA-20001 FLEX-ID DOES NOT EXIST
I have a strong feeling that creating our Business Group and setting up the Grade Flexfield has a problem, but i can 't trace the fault, am not EBS expert
Please can you please advice where am going wrong !!
Thanks,
Kwesi
SCRIPT BELOW:
Procedure Create_Grade
is
l_Validate Boolean := FALSE;
l_Business_Group_id Number(15,2);
l_Date_From Date;
l_Sequence Number(15,2);
l_Grade_id Number(15,2);
l_Object_Version_Number Number(15,2);
l_Grade_Definition_id Number(15,2);
l_Name Varchar2(100);
l_OVN Number(15,2) := 1;
i Number;
Begin
For Grad In (Select * from chr_Grades where OVN IN l_OVN) loop
Begin
apps.hr_grade_api.Create_Grade(
p_Validate => l_Validate,
p_Business_Group_id =>7891,
p_Date_From => to_Date(sysdate,'DD-MM-YYYY'),
p_Sequence => 11,
p_Grade_id => l_Grade_id,
p_Object_Version_Number => l_Object_Version_Number,
p_Grade_Definition_id => l_Grade_Definition_id,
p_Name => l_Name,
p_segment1 => Grad.Grade_id,
p_segment2 => Grad.Grade_Name,
p_segment3 => Grad.Grade_Description
Update chr_Grades Set OVN = 2
where Grade_id = Grad.Grade_id;
End;
End loop;
Commit;
End Create_Grade;Well, i found the solution to my problem, and is just creating the segment you want to use in your flexfield without PASSING ANY VALUESET.
-
How to set security group as primary site collection admin and secondary site collection admin using powershell in sharepoint online site - office 365?
Hi,
According to your description, my understanding is that you want to set security group as admin of primary and secondary site collection using PowerShell command in office 365.
I suggest you can use the command below to set the group to site owner, then it will have the site collection admin permission.
Set-SPOSite -Identity https://contoso.sharepoint.com/sites/site1 -Owner [email protected] -NoWait
Here are some detailed articles for your reference:
https://technet.microsoft.com/en-us/library/fp161394(v=office.15)
http://blogs.realdolmen.com/experts/2013/08/16/managing-sharepoint-online-with-powershell/
Thanks
Best Regards
Jerry Guo
TechNet Community Support -
I have two questions:
1. If I have only single organization, Do I need to set up multi-org? We will be using AR, AP, and GL modules only.
2. Is there any step-by-step process to set up multi-org?
I am getting error: "Oracle error -20001 ORA-20001 APP-FND-02901. You do not have access to any operating unit. Please check if your profile option MO:Security Profile includes any operating unit or the profile option MO: operating unit is set has been detected in MO_GLOBAL_INIT" when I access any form for Entry.
Thanks1. If I have only single organization, Do I need to set up multi-org? We will be using AR, AP, and GL modules only.Yes.
2. Is there any step-by-step process to set up multi-org?https://forums.oracle.com/forums/search.jspa?threadID=&q=MultiOrg&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
I am getting error: "Oracle error -20001 ORA-20001 APP-FND-02901. You do not have access to any operating unit. Please check if your profile option MO:Security Profile includes any operating unit or the profile option MO: operating unit is set has been detected in MO_GLOBAL_INIT" when I access any form for Entry.Does this happen to all responsibilities?
Please see the steps in (ORA-20001: APP-FND-02901 Errors Encountered When "Requests" Tab is Selected from PFT or EPF [ID 859072.1]) to set the profile option at the responsibility level for the responsibility you are trying to access.
Thanks,
Hussein -
SVG: Chart error: ORA-20001:
Hi,
We are using 1.6.1.00.02 . I got a problem with SVG chart. The query returns following error:
SVG: Chart error: ORA-20001: bar_char_error ORA-20001: get_data_error: ORA-20001 Fetch error: ORA-01782
The column names are correct. The same query works perfectly in HTMLDB reports.
Following is the query:
SELECT
TRANSACTION_dATE,
SUM(SALES) SALES,
SUM(COST_OF_SALE) COST_OF_SALE
fROM HTML_SALES_REPORT_View
WHERE transaction_date between
'01-DEC-2004' and '31-DEC-2004'
GROUP BY TRANSACTION_DATE
Help will be appreciated.
Regards,
HamayunHi,
you have to use the following syntax:
SELECT link, label, value
Example
SELECT
null link, TRANSACTION_dATE label,
SUM(SALES) value ,
fROM HTML_SALES_REPORT_View
WHERE transaction_date between
'01-DEC-2004' and '31-DEC-2004'
GROUP BY TRANSACTION_DATE
And to display your cost_of_sale data you have to add a second series like this:
SELECT
null link, TRANSACTION_dATE label,
SUM(COST_OF_SALE) value
fROM HTML_SALES_REPORT_View
WHERE transaction_date between
'01-DEC-2004' and '31-DEC-2004'
GROUP BY TRANSACTION_DATE
because you can't display two lines with just one query.
I hope this will help.
Regards, Jörg -
Exchange 2010 Unable to Assign Full Access Permissions using a Security Group
I've been running into this issue lately. I cannot seem to use groups to allow full access to mailboxes. When I add them from the EMC, it will show up when you go to "Manage Full Access Permission...". After waiting a day and even restarting
the Information Store service, the permissions do not take effect. When I view the msExchDelegateListLink attribute of the mailbox account, the group is not listed.
When I grant a user full permission, it works and updates the attribute. However, on occasion when I revoke the full access permission for a user is doesn't always remove that user from the msExchDelegateListLink attribute. So the mailbox
will still appear in Outlook, but the user isn't able to see new emails.
Any ideas on what may be going wrong?
Environment:
Exchange Server 2010 SP1 Standard
Windows Server 2008 R2 Standard
Outlook 2010 SP1 (tried without SP1 as well)
I was looking over Add-MailboxPermission on Technet (http://technet.microsoft.com/en-us/library/bb124097.aspx) and I noticed that it doesn't mention adding groups. Is this not possible?I never got a proper fix.
I worked around it by creating a script which gets the members of an AD Mail Enabled security group, and updates the full access based on the groups members.
Here's a script I'm running every hour which updates permissions. It's probably not the most efficient script ever, but it works. It has several benefits
1. Managers of the distribution group can add/remove mailbox members using OWA or through the address list
2. New members of groups are added to FULL Access Permissions
3. Members removed from the groups are removed from FULL access permissions
4. Automapping works :)
5. Maintains a log of access added / removed / time taken etc.
Obviously I have had to remove domain related information, replace with whatever your domain requirements are, and PLEASE debug it properly in your environent first, don't complain to me if it wipes out a load of access for you or something like that!
It takes about 5 minutes to run in my environement. Some formatting seems to have got messed up on here, sorry. I hope it is of use!
# Mailbox Permissions Setter for Exchange #
# v1.1 #
# This script will loop through all mailboxes in Exchange and find any where #
# the type is 'SHARED'. These should be determined to be a GROUP/SHARED mailbox #
# and access to these mailboxes are controlled by a single ACL, e.g. 'ACL_Shared_Mailbox'. #
# This script will add any members of these ACLs directly to the Full Access Permissions #
# of the mailbox and also remove them if they no longer need the access. #
# Script created by Jon Read, Technical Administration
# Recent Changes
# 15/11/2012
# 1.1 Added exclusions for ACLs that we don't want automapping to happen for
# 12/11/2012
# 1.0 Initial script
#Do not change these values
Add-PSSnapin *Ex*
$starttime = Get-Date
$logfile = "C:\accesslog.txt"
$logfile2 = "C:\accesslog2.txt"
$totaladditionstomailboxes = 0
$totalremovalsfrommailboxes = 0
$totalmailboxesprocessed = 0
$totalmailboxesskipped = 0
# Exclude any ACLs that shouldn't be processed here if they are used for a non-standard purpose and
# we don't want FULL access mapping to happen. Seperate array values with commas
$ExcludedACLArray = "DOMAIN\ACL_ExcludedExample"
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-Output "#----------------------------------------------------------------#" >> $logfile
Write-Output "# Mailbox Permissions Setter for Exchange #" >> $logfile
Write-Output "# v1.1 #" >> $logfile
Write-Output "#----------------------------------------------------------------#" >> $logfile
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-output "Start time $starttime ">> $logfile
Write-Output " " >> $logfile
Write-Output " " >> $logfile
# Set preferred DCs and GCs
$preferredDC = "preferredDC.domain"
$preferredGC = "preferredGC.domain"
Write-Output " PreferredDC = $preferredDC ">> $logfile
Write-Output " PreferredGC = $preferredGC " >> $logfile
Set-ADServerSettings -PreferredGlobalCatalog $preferredGC -SetPreferredDomainControllers $preferredDC
# The first part of this will ADD permissions to the mailbox, reading from an associated ACL.
# Check for all mailboxes where the type is SHARED. These are the only ones we would
# want to apply group mailbox permissions to.
foreach ($mailbox in get-mailbox -resultsize "unlimited" | where-object {$_.RecipientTypeDetails -eq "SharedMailbox"})
$totalmailboxesprocessed = $totalmailboxesprocessed + 1
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-Output "|-------------------------------------------------------" >> $logfile
Write-Output "| MAILBOX ADDITIONS: $mailbox " >> $logfile
Write-Output "|-------------------------------------------------------" >> $logfile
$mailbox=$mailbox.ExchangeGuid.ToString()
# For each of them, get the distribution list applied to the mailbox (Starting DOMAIN\ACL_)
# We then need it to be turned into a string to use later.
#Declared $changes as 0. if this is set to 0 at the end of the mailbox job, we know no changes were made.
$changes = 0
foreach ($distributiongroup in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.User -like "DOMAIN\ACL_*" })
$skipACL = 0
#Get the distribution group and put the name in a useable format
$distributiongroup=$distributiongroup.user.tostring()
Write-Output "Found ACL $distributiongroup" >> $logfile
# Check if this distribution group needs to be excluded and if it shouldn't be processed
# then move onto the next ACL. This will stop FULL access being granted if the mailbox is
# used for a non-standard purpose. See the start of this script
# for where these are excluded (ExcludedACLArray)
foreach ($ACL in $ExcludedACLArray )
if ($distributiongroup -eq $ACL)
$skipACL = 1
Write-Output "ACL $distributiongroup is excluded so skipping mailbox " >> $logfile
$totalmailboxesskipped = $totalmailboxesskipped + 1
if ($skipACL -eq 0)
# Get each user in this group and for each of them, add try to add them to full access permissions.
foreach ($user in Get-DistributionGroupMember -identity $distributiongroup)
# Get the user to try, convert to DOMAIN\USER to use shortly
$user="DOMAIN\" + $user.alias.ToString()
# Check to see if the user we have chosen from the ACL group already exists in the full access
# permissions. If they do, set $userexists to 1, if they do not, leave $userexists set to 0.
# Set $userexists to 0 as the default
$userexists = 0
foreach ($fullaccessuser in get-mailbox $mailbox | Get-MailboxPermission)
# See if the user exists in the mailbox access list.
# Change $fullaccessuser to a useable string (matching $user)
$fullaccessuser=$fullaccessuser.user.tostring()
if ($fullaccessuser -eq $user)
$userexists=1
# Break out of foreach if the user exists so we don't unnecessarily loop
break
# Now we know if the user needs to be added or not, so run code (if needed) to add
# the user to full access permissions
if ($userexists -eq 0)
Add-MailboxPermission $mailbox –user $user –accessrights "FullAccess"
Write-Output "Added $user " >> $logfile
$changes = 1
$totaladditionstomailboxes = $totaladditionstomailboxes + 1
#Now repeat for other users in the ACL
#if changes were 0, then log that no changes were made
if ($changes -eq 0)
Write-Output "No changes were made." >> $logfile
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-Output "---------------------------------------------------------------------------------" >> $logfile
Write-Output " FINISHED ADDING PERMISSIONS" >> $logfile
Write-Output "---------------------------------------------------------------------------------" >> $logfile
Write-Output " " >> $logfile
# The second part of this will REMOVE permissions from the mailbox, reading from an associated ACL.
## Check for all mailboxes where the type is SHARED. These are the only ones we would
## want to apply group mailbox permissions to.
foreach ($mailbox in get-mailbox -resultsize "unlimited" | where-object {$_.RecipientTypeDetails -eq "SharedMailbox"})
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-Output "|-------------------------------------------------------" >> $logfile
Write-Output "| MAILBOX REMOVALS : $mailbox " >> $logfile
Write-Output "|-------------------------------------------------------" >> $logfile
$mailbox=$mailbox.ExchangeGuid.ToString()
#Declared $changes as 0. if this is set to 0 at the end of the mailbox job, we know no changes were made.
$changes = 0
# For the current mailbox, get a list of all users with FULLACCESS, and then for each of them
# check if they exist in the ACL
foreach ($fullaccessuser in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.Accessrights -like "FullAccess" })
# Get the security identifier (SSID) of the FULLACCESS user to store for later.
$fullaccessuserSSID=$fullaccessuser.user.SecurityIdentifier.ToString()
$fullaccessuser=$fullaccessuser.User.ToString()
#If user needs to be excluded then skip this bit
#Users added or removed will only start with 07 (07$, 07T, so only run if the user starts with this.
#This stops it trying to remove NT AUTHORITY\SELF and other System entries
if ($fullaccessuser -like "DOMAIN\07*")
# Set $userexists to be 0. if we find the use user needs to remain, then change it to 1.
$userexists=0
# Check if this user exists in the ACL, if not, remove.
foreach ($distributiongroup in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.User -like "DOMAIN\ACL_*" })
$distributiongroup=$distributiongroup.user.tostring()
#Write-Output "Found associated distribution group $distributiongroup" >> $logfile
# Get each user in this group and for each of them, See if it matches the user in the mailbox.
foreach ($user in Get-DistributionGroupMember -identity $distributiongroup)
# Get the user to try, convert to DOMAIN\USER to use shortly
$userguid = $user.Guid.ToString()
$user="DOMAIN\" + $user.alias.ToString()
if ($fullaccessuser -eq $user)
$userexists=1
#we have found the user exists so no need to continue
break
# If userexists = 0, then they are NOT in the ACL, and should be removed from
# the full access permissions. Run the code to remove them from full access.
#CONVERT FULLACCESSUSER TO GUID AND REMOVE $FULLACCESSUSERGUID NOT $USERGUID
if ($userexists -eq 0)
Remove-MailboxPermission -Identity $mailbox –user $fullaccessuserSSID –accessrights "FullAccess" -Confirm:$false
Write-Output "Removed $fullaccessuser " >> $logfile
$changes = 1
$totalremovalsfrommailboxes = $totalremovalsfrommailboxes + 1
# if changes = 0, no changes were made to this mailbox, so log this fact.
if ($changes -eq 0)
Write-Output "No changes were made." >> $logfile
#Put the time in a displayable format
$endtime = Get-Date
$runtime = $endtime - $starttime
$runtime = $runtime.ToString()
$runtime1 = $runtime.split(".")
$totaltime = $runtime1[0]
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-Output "|-------------------------------------------------------------------------------------- " >> $logfile
Write-Output "| SCRIPT COMPLETE : STATS " >> $logfile
Write-Output "|-------------------------------------------------------------------------------------- " >> $logfile
Write-Output "| Total Mailboxes Processed : $totalmailboxesprocessed " >> $logfile
Write-Output "| Total Additions : $totaladditionstomailboxes " >> $logfile
Write-Output "| Total Removals : $totalremovalsfrommailboxes " >> $logfile
Write-Output "| Total Mailboxes Skipped due to ACL : $totalmailboxesskipped " >> $logfile
Write-output "| Start time : $starttime ">> $logfile
Write-output "| End time : $endtime ">> $logfile
Write-Output "| **END OF RUN** - Elapsed time : $totaltime " >> $logfile
Write-Output "|---------------------------------------------------------------------------------------" >> $logfile
Write-Output " " >> $logfile -
ORA-20001: Secondary key column identified wwas not located in the select l
Error in mru internal routine: ORA-20001: Secondary key column identified was not located in the select list of the query
I am receiving this error when I try and update a record in an updatable report (SQL QUERY Updateable). Two of the values being updated rely on a named LOV.
The SQL query for the report does pull in both the keys (there are two keys)....I am not certain why this is happening...any clues would be appreciated.
thanks. Karensorry. I thought I had made it current. It is now.
I am not certain if you will be able to run it as it is accessing our test tables. Will I need to move those tables to the workspace. I am also checking here to see if anyone has had experience. thankyou for your patience. I really appreciate it.
karen
Maybe you are looking for
-
IPhoto '11 works on one user account but not the other
I upgraded to iPhoto '11 from iPhoto '08 a couple of weeks ago using the MacApp store. After doing so, I opened the application on my main user account, received a message that the library had to be updated, the application did so, and it has been wo
-
I have downloaded JavaHelp using Sun Download Manager (download and extract JavaHelp) to activate Full-text Search in RoboHelp. But, while generating Help in RoboHelp, I get an error that JavaHelp is not installed. I am not able to understand how to
-
Bypassing the /~username on web sharing?
Hello all, I just set up my computer to host a website, and I'm looking how to set up a webpage without using the user name in the address. Right now i have <www.ip.com/~user> going to my user page stored in sites. If i just do <www.ip.com/> i get th
-
Keyboard won't select range of files, except...
Some time ago, I discovered a problem: When I highlight a file in Finder, then highlight another file while holding down the Shift key, none of the files in between are highlighted. In other words, I can't select a range of files for deleting or modi
-
Writing explain plan inside function
I tried to make a function which will explain plan for supplied SQL statement in the plan table. However I'm getting error in following line /* populate the plan */ EXPLAIN PLAN SET STATEMENT_ID = STATEMENT_NAME FOR SQL_STATE