OS 10.4.11 FTP Permissions set to 640 on Upload

Similar Messages

• FTP Adapter setting filename at runtime not working

  Hi,
  I am facing an issue SOA 11.1.1.5 with FTP Adapter setting the filename at runtime. I have a process that reads a file from local server and puts it over to a remote FTP Server.
  I want to use the same filename that is picked up locally and placed on the ftp location. Below is the snippet of FTP Invoke and the filename is read from a variable which is set before the invoke
  <invoke name="Invoke_PutFile"
  inputVariable="Invoke_PutFile_PutFile_InputVariable"
  partnerLink="PutFile" portType="ns2:PutFile_ptt"
  operation="PutFile" bpelx:invokeAsDetail="no">
  <bpelx:inputProperty name="jca.file.TargetFileName" variable="targetFileName"/>
  </invoke>
  Here is the FTP jca file snippet
  <endpoint-interaction portType="PutFile_ptt" operation="PutFile">
  <interaction-spec className="oracle.tip.adapter.ftp.outbound.FTPInteractionSpec">
  <property name="LogicalDirectory" value="FtpDir"/>
  <property name="FileType" value="ascii"/>
  <property name="Append" value="false"/>
  <property name="TargetFileName" value="setAtRunTime"/>
  <property name="NumberMessages" value="1"/>
  </interaction-spec>
  </endpoint-interaction>
  But when I test I am getting an error, it's complaining Cannot set JCA WSDL Property. Error while setting JCA WSDL Property. Property setTargetFileName is not defined for oracle.tip.adapter.ftp.outbound.FTPInteractionSpec Please verify the spelling of the property. ".
    Fault Details : com.oracle.bpel.client.BPELFault: faultName: {{http://schemas.oracle.com/bpel/extension}bindingFault} messageType: {{http://schemas.oracle.com/bpel/extension}RuntimeFaultMessage} parts: {{ summary=Exception occured when binding was invoked.
  Exception occured during invocation of JCA binding: "JCA Binding execute of Reference operation 'PutFile' failed due to: Exception occured when binding was invoked. Exception occured during invocation of JCA binding: "Could not instantiate InteractionSpec oracle.tip.adapter.ftp.outbound.FTPInteractionSpec due to: Cannot set JCA WSDL Property.
  Error while setting JCA WSDL Property. Property setTargetFileName is not defined for oracle.tip.adapter.ftp.outbound.FTPInteractionSpec Please verify the spelling of the property. ".
  The invoked JCA adapter raised a resource exception. Please examine the above error message carefully to determine a resolution. ".
  The invoked JCA adapter raised a resource exception. Please examine the above error message carefully to determine a resolution. ,detail=Cannot set JCA WSDL Property.
  Error while setting JCA WSDL Property. Property setTargetFileName is not defined for oracle.tip.adapter.ftp.outbound.FTPInteractionSpec Please verify the spelling of the property. ,code=null}
    If I use *<property name="FileNamingConvention" value="%yyMMddHHmmssSS%_%SEQ%.txt"/>* inside the jca file it works but I want to use the filename at runtime and be the same name as it's picked up.
  Any idea what I am doing wrong.
  Thanks

  .bpel file
  <?xml version = "1.0" encoding = "UTF-8" ?>
  <!--
    Oracle JDeveloper BPEL Designer
    Created: Mon Jun 03 10:33:49 CDT 2013
    Author: 
    Type: BPEL 1.1 Process
    Purpose: Empty BPEL Process
  -->
  <process name="SharedServiceFtpFileMove"
                 targetNamespace="http://xmlns.oracle.com/SOALocal/SharedServiceFtpFileMove/SharedServiceFtpFileMove"
                 xmlns="http://schemas.xmlsoap.org/ws/2003/03/business-process/"
                 xmlns:client="http://xmlns.oracle.com/SOALocal/SharedServiceFtpFileMove/SharedServiceFtpFileMove"
                 xmlns:ora="http://schemas.oracle.com/xpath/extension"
                 xmlns:bpws="http://schemas.xmlsoap.org/ws/2003/03/business-process/"
           xmlns:ns1="http://xmlns.oracle.com/pcbpel/adapter/file/SOALocal/SharedServiceFtpFileMove/FilePoller"
           xmlns:ns2="http://xmlns.oracle.com/pcbpel/adapter/ftp/SOALocal/SharedServiceFtpFileMove/PutFile"
           xmlns:bpelx="http://schemas.oracle.com/bpel/extension"
           xmlns:xsd="http://www.w3.org/2001/XMLSchema"
           xmlns:xp20="http://www.oracle.com/XSL/Transform/java/oracle.tip.pc.services.functions.Xpath20"
           xmlns:bpel="http://docs.oasis-open.org/wsbpel/2.0/process/executable"
           xmlns:oraext="http://www.oracle.com/XSL/Transform/java/oracle.tip.pc.services.functions.ExtFunc"
           xmlns:hwf="http://xmlns.oracle.com/bpel/workflow/xpath"
           xmlns:ids="http://xmlns.oracle.com/bpel/services/IdentityService/xpath"
           xmlns:bpm="http://xmlns.oracle.com/bpmn20/extensions"
           xmlns:xdk="http://schemas.oracle.com/bpel/extension/xpath/function/xdk"
           xmlns:xref="http://www.oracle.com/XSL/Transform/java/oracle.tip.xref.xpath.XRefXPathFunctions"
           xmlns:ns5="http://xmlns.oracle.com/SharedServiceEmailNotification/xsd/V1"
           xmlns:ns4="http://xmlns.oracle.com/pcbpel/adapter/opaque/"
           xmlns:ldap="http://schemas.oracle.com/xpath/extension/ldap">
    <!--
       ORCHESTRATION LOGIC                                              
       Set of activities coordinating the flow of messages across the   
       services integrated within this business process                 
    -->
    <partnerLinks>
      <partnerLink name="FilePoller" partnerLinkType="ns1:ReadFile_plt"
                   myRole="ReadFile_role"/>
      <partnerLink name="PutFile" partnerLinkType="ns2:PutFile_plt"
                   partnerRole="PutFile_role"/>
    </partnerLinks>
    <variables>
      <variable name="Receive_ReadFile_InputVariable"
                messageType="ns1:ReadFile_msg"/>
      <variable name="sourceFileName" type="xsd:string"/>
      <variable name="targetFileName" type="xsd:string"/>
      <variable name="Invoke_PutFile_PutFile_InputVariable"
                messageType="ns2:PutFile_msg"/>
      <variable name="FtpJndi" type="xsd:string"/>
    </variables>
    <faultHandlers>
      <catchAll>
        <sequence name="Sequence1">
          <terminate/>
        </sequence>
      </catchAll>
    </faultHandlers>
    <sequence name="main">
      <receive name="Receive" createInstance="yes"
               variable="Receive_ReadFile_InputVariable"
               partnerLink="FilePoller" portType="ns1:ReadFile_ptt"
               operation="ReadFile">
        <bpelx:property name="jca.file.FileName" variable="sourceFileName"/>
      </receive>
      <assign name="Assign_Data">
        <copy>
          <from variable="sourceFileName"/>
          <to variable="targetFileName"/>
        </copy>
        <copy>
          <from expression="'eis/Ftp/FtpAdapter'"/>
          <to variable="FtpJndi"/>
        </copy>
      </assign>
      <assign name="Assign_Invoke">
        <copy>
          <from variable="Receive_ReadFile_InputVariable" part="opaque"/>
          <to variable="Invoke_PutFile_PutFile_InputVariable" part="opaque"/>
        </copy>
      </assign>
      <invoke name="Invoke_PutFile"
              inputVariable="Invoke_PutFile_PutFile_InputVariable"
              partnerLink="PutFile" portType="ns2:PutFile_ptt"
              operation="PutFile" bpelx:invokeAsDetail="no">
        <bpelx:inputProperty name="jca.ftp.TargetFileName" variable="targetFileName"/>
        <bpelx:inputProperty name="jca.jndi" variable="FtpJndi"/>
      </invoke>
    </sequence>
  </process>File Adapter Poller jca
  <adapter-config name="FilePoller" adapter="File Adapter" wsdlLocation="FilePoller.wsdl" xmlns="http://platform.integration.oracle/blocks/adapter/fw/metadata">
    <connection-factory location="eis/FileAdapter" UIincludeWildcard="*-*.txt"/>
    <endpoint-activation portType="ReadFile_ptt" operation="ReadFile">
      <activation-spec className="oracle.tip.adapter.file.inbound.FileActivationSpec">
        <property name="DeleteFile" value="true"/>
        <property name="LogicalArchiveDirectory" value="FtpLocalArchive"/>
        <property name="MinimumAge" value="0"/>
        <property name="Recursive" value="true"/>
        <property name="PollingFrequency" value="15"/>
        <property name="LogicalDirectory" value="FtpLocalFiles"/>
        <property name="IncludeFiles" value=".*-.*\.txt"/>
        <property name="UseHeaders" value="false"/>
      </activation-spec>
    </endpoint-activation>
  </adapter-config>Ftp Adapter put jca
  <adapter-config name="PutFile" adapter="FTP Adapter" wsdlLocation="PutFile.wsdl" xmlns="http://platform.integration.oracle/blocks/adapter/fw/metadata">
    <connection-factory location="eis/Ftp/FtpAdapter"/>
    <endpoint-interaction portType="PutFile_ptt" operation="PutFile">
      <interaction-spec className="oracle.tip.adapter.ftp.outbound.FTPInteractionSpec">
        <property name="LogicalDirectory" value="FtpDir"/>
        <property name="FileType" value="ascii"/>
        <property name="Append" value="false"/>
        <property name="TargetFileName" value="setAtRunTime"/>
        <property name="NumberMessages" value="1"/>
      </interaction-spec>
    </endpoint-interaction>
  </adapter-config>Thanks

• Access denied for folder when permissions set with WMI

  Hi,
  When I add/modify access rights based on the Win32_ACE class, there seems to be a difference in the result, then when setting it with the GUI in Windows.
  The situation is as follow:
  I want to set Modify access on a remote folder, but also want to avoid deletion of the folder itself. This can easily be done by setting "deny delete on this folder only" in addition to "allow modify to this folder, files and subfolders".
  So far no issue.
  Now I notice that, although the GUI shows exactly the same result in advanced settings of the security property, the folder set with WMI script gives a deny when opening it with the user account. The same folder, set with the same security and result in
  the advanced tab, but set in the GUI, works fine.
  Note: The reason that I use WMI is because the remote system is a standalone machine, not sharing the same domain or trust.
  I compared the ACEFlags, AceType and AccessMask for both the GUI set and script set permissions, and they are exactly the same.
  GUI => AccessMask:1179817 AceType:0 iAceFlags:3
  Script => AccessMask:1179817 AceType:0 iAceFlags:3
  What a strange world we live in... :-)
  Any idea?

  What Operating System Interface are you referring?  What program?
  You are being obtuse. What is it that you are trying to compare. THe settings in WMI cannot be directly compared to anything in the Security Wizard.
  ¯\_(ツ)_/¯
  Just the properties of the folder in Windows on the security tab. The result is the same for both the permissions set with the interface as well as the one set with the WMI script. The two references you see are just taken with WMI:
  Set by Windows interface => AccessMask:1179817 AceType:0 iAceFlags:3 
  Set by WMI script => AccessMask:1179817 AceType:0 iAceFlags:3
  This are the values "AceFlags", "AceType" and "AccessMask" from management class WIN32_ACE:
  http://msdn.microsoft.com/en-us/library/aa394063(v=vs.85).aspx
  I just want to show that the actual ACE object returns the same values for both methods, but the effect appear to be that the script set permission are denied. And I am looking for the reason why.
  Can you provide the script that you're using to create the ACE(s) and add them? If I'm understanding what you're trying to do, there should be two ACEs created: one to allow the modify access and one to deny the folder deletion. The ACE you're showing is just
  an allow ACE (AceType 0).
  That is correct there are (or should be) two ACEs. I cannot get hold on my source right now (will be later today), but my code is based on this source:
  http://www.minasi.com/forum/topic.asp?TOPIC_ID=7501
  What I basically do is getting the DACL properties, loop through it to check that the user exists that I want to update. If it does I check that the current AceType is of the same type (allow or deny) that I am updating/adding. If that type is a match, I
  replace the ACE object with the new Flag, Type and Mask using a Win32_ACE object. If type type doesn't match, then I add both the current ACE with the new ACE at the same time. I noticed that if I don't do it at the same time, only the last remains. If the
  user doesn't match I check that the AceFlags is not equal to 16 (inherit) and then add the original ACE object in the ACE array. At the end I add the new ACE if the user was not found at all (new). The array of individual ACE objects is added to List of managementobjects
  and then again linked to the DACL value.

• Read all items when when item-level permissions set

  I have a SharePoint 2010 list where the general user population should be able to submit and read only their own items.
  Item-level permissions set as follows:
  Read access : Read items that were created by the user
  Creaed and Edit access : Create items and edit items that were created by the user
  That works fine.
  Now, I have a small group of power users that need read-access to all list items. I can do that by granting 'Contribute' permissions, but I don't want them to be able to modify items, so I prefer granting only read permissions. When I do that, they can't
  see all the items due to the item-level permission settings.
  Is there a permission level that I can use (perhaps a custom permission level) that enables a read-all (and overrides the item-level permission)?

  With these specific settings, there are not. It is possible to do security through obscurity by only showing views that allow the users to see their items and use audience targeting for the others, but that is not true security, so it will depend on your
  requirements.
  Andy Wessendorf SharePoint Developer II | Rackspace [email protected]

• What is factory default "Sharing & Permissions" setting for User folders?

  System:
  Mac OS X Lion 10.7.2
  MacBook Air (Mid 2011)
  Single User – Administrative Account
  Question:
  What is factory default “Sharing & Permissions” setting for User folders (Desktop, Downloads, Library, Movies, Music, Pictures, Public), subfolders, and documents and other contents?
  I’m thinking the factory default “Sharing & Permissions” for all of the above (except Drop Box in the Public folder) is as follows, but not certain.
  Name                          Privilege
  myusername (Me)    Read & Write
  staff                            Read only
  everyone                   Read only

  Are these also the settings on your Documents folder and the various files in the Documents folder?  Same question for your Library folder?
  Name                          Privilege
  myusername (Me)    Read & Write
  everyone                   No Access

• Dear sir/madame,I have tried to use the inbrowser editing capability for Adobe Muse to login to my CMS. To login I have use the exact same FTP details I have used to upload my website, I even checked the page url multiple times but I keep getting the same

  Dear sir/madame,I have tried to use the inbrowser editing capability for Adobe Muse to login to my CMS. To login I have use the exact same FTP details I have used to upload my website, I even checked the page url multiple times but I keep getting the same error (the username and password are invalid for your FTP server. Please check them and try again). The hosting website (Yourhosting.nl) only has this one FTP user, which I cannot expand to more users. Can you please tell me if I am doing something wrong? The url to this page is http://e-divecollege.be/index.html or www.e-divecollege.be

  Dear sir/madame,I have tried to use the inbrowser editing capability for Adobe Muse to login to my CMS. To login I have use the exact same FTP details I have used to upload my website, I even checked the page url multiple times but I keep getting the same error (the username and password are invalid for your FTP server. Please check them and try again). The hosting website (Yourhosting.nl) only has this one FTP user, which I cannot expand to more users. Can you please tell me if I am doing something wrong? The url to this page is http://e-divecollege.be/index.html or www.e-divecollege.be

• Ftp permissions in system preferences vs of the directories it accesses

  I'm trying to setup a read only ftp account to access a directory on one of my external drives.
  The external drive doesn't have permissions enabled.
  So:
  - I create an account to login to
  - in its home directory, I create a link to the external drive (using the command line to create it as a soft link). Accidentally, I leave this as read-write by the owner, though read by others
  - in the ftp setup panel I enable ftp for this user - but set it to read only
  I then find that ftp allows this user to write to that directory.
  What I'm at a loss then is to understand what the point of the permissions setup in SystemsPreferences is. I'd expected ftp to use the most restrictive of either those settings and of the file/directory permissions involved (so that its easy to make an account read only for remote access without stopping it being used for read-write when used locally without involving ftp).
  How should this work? Any help gratefully received.

  Good day!
  As you claim it is Flash Player that is changing permissions on your computer the »Photoshop for Beginners« Forum may not be the ideal place to post regarding the issue. You could also try
  http://forums.adobe.com/community/flashplayer
  I find this offensive, intrusive and illegal.
  Offensivenss and intrusiveness notwitstanding are you sure there is nothing about this in the terms of use/license agreement/whatever you or your husband accepted both for this installation and the OS in general? (Please note that I am not an Adobe employee, but I suspect Adobe has sufficient legal counsel not to open themselves to claims of misconduct easily.)
  Regards,
  Pfaffenbichler

• FTP Permissions 10.2.8 . HELP ME Please (I've done my homework)

  Ok,
  So I have spent hours looking.
  Yes I know, its an old Xserve running 10.2.8.
  I wanted to change the default umask for files being sent via FTP.
  I want the GROUP to inherit WRITE Privs. So I believe i am correct in saying
  "umask all 002"
  I found this Apple KB which Appeared to be the ticket but did not work.
  It uses the command "defumask" :
  http://docs.info.apple.com/article.html?artnum=301328
  But it DID NOT Work for me.
  I have also applied the following line at the end of the file:
  Library/FTPServer/Configuration/ftpaccess
  umask all 002
  This is not working,
  and I have tried creating folder etc/ftpd.conf
  and using "umask all 002"
  * I believe this works with "OS X" but not "OS X SERVER 10.2.8"
  So PLEASE PLEASE.
  My hair has been yanked.
  TIA
  Jason Buecker
  Atlanta GA

  When you ftp to a machine, you are logging into that machine. The machine's shell settings are put into your environment. Most FTP servers do have the ability to change those settings according to the FTP server's configuration.
  This basically adds up to 3 ways that the file perms could be set. How the FTP server is configured to set them, the user's settings for how to set them, and the parent directory could have sticky permissions (you're probably used to seeing it as inherited permissions).
  The FTP server can probably change the user's settings, but the filesystem would override the user's settings.
  Roger

• How should I deal with FTP permissions?

  Ok, I'm not sure what would be the best way to deal with this. I have folders set up for several websites that each have a different user that administrates them. So I set each of the intended users home to the website root, and gave them ownership of the folder and it's files. I also have FTP set to chroot to the home directory.
  I have run into a couple problems with this.
  - First, if they were so inclined, the users could log in via SSH or an SCP program and get outside of their home directory. I would prefer that they were unable to. Can I set their shell to ftponly or something as such?
  - Second, I have an on site admin that is often called on by the website clients to make small changes to their site. And I'm not sure how to set up his access so that he can have the ability to FTP in, have full rwx access to the users files, overwrite them, and go about his business without having to than do a chown on the new files so that they are all owned by the end user. Is there an easy way to do this, or should I write a perl script that either triggers on his logout or that he can run, to set the chmod/chown correctly after he's done.

  LavaRider wrote:
  I have to create many LTS for the fact table......
  1 LTS for ProductFact
  1 LTS for ProductFact & PolicyFact (which contain ProductFact and PolicyFact as sources)
  1 LTS for ProductFact , PolicyFact & PolicyCoverFact ........
  and so on.....
  have I understood correctly? Is that what you mean?Yes, the reason why I said to "keep" the firsts fact table in each source is to make the dimension work.
  For example, if the "product dimension" is only linked to "product fact", but not "policy fact" then you won't be able to do a report based on "product dimension" and "policy fact". Right ? To be able to do this report, OBIEE must do a join with "product fact" (this fact table become an intersection table). That's why you will add product fact in the "policy fact" source. Same for others source.
  But the name of "ProductFact & PolicyFact" source can be "policy fact". Because each row of this source is a policy fact.
  For the 3rd table, each row is a "policy cover fact". But to be able to join with "product dimension" and "policy dimension", you need to integrate "policy fact" and "product fact" tables in the logical source.
  and so on.

• AD ignoring PoSiXGroup Permissions set on 10.4.11 Server

  I have an Xserve running 10.4.11 which is joined to AD and uses the AD's kerberos for authentication / single sign-on. The file shares are hosted on a RAID volume connected to the Xserve. Groups are created in OD and populated with the AD users.
  Problem i have is as follows. Around a week ago, AFP seemed to screw up and freeze the Xserve. End result was an attempted restart which locked, forced shut down and cold boot.
  Since then, kerberos just seems to ignore any Group permissions that are set. Tried unbinding / rebinding server, deleting group, creating groups and shares from scratch, overwriting Kerberos config, checked that services are pointed to the right place etc.
  Any suggestions?

  Oops, wrong place - can a moderator please move? Ta

• Permissions set at USER level

  Can I just confirm, that if I open a User within Server settings and I see any of the Global permission tickboxes ticked then these have at some point been set at the User Level. If however, best practice has been observed and users have only ever been
  selected against groups then I should NOT see any boxes in any of the Users permissions ticked at all?  Is that correct?
  Thanks in advance,
  Steve

  Steve --
  You are absolutely right, my friend.  If you see ANY checkboxes selected in the Categories or Global Permissions sections of a User page, then these selections represent an override to the permissions specified by the Groups to which the user belongs.
   Best practice dictates that permissions for each user be controlled by adding the user to Groups, which makes for a simpler and easier to understand security model.  This is a GREAT question, my friend, and I applaud you for asking it.  :)
  Dale A. Howard [MVP]

• How are permissions set for Reader XI Protected Mode?

  Hi, all,
  I've just installed Reader XI, and I immediately ran into an issue with Protected Mode "protecting" me from my workflow.  I'm trying to access a .kml file on my desktop to import some annotations into a Reader Enabled PDF file.  When I get the popup window saying that I don't have permissions to open this file, I head for the Reader security settings.  Adobe kindly provided us with a UI to select files, folders, and hosts to treat as priviledged.  I enter my desktop folder's path using the UI, and save.  I restart Reader, expecting this setting to help.  In fact, the security UI reports that  my desktop folder is priviledged, which is good.  The operation still fails, with the exact same error message.  Is this the anticipated behavior, and if so, what is the privileged file, folder, and host for?  I can't read or write files to my priviledged locations.  Is this correct?
  Thanks
  Joe White

  Does it work if you change the file extension to .xml from .kml?

• Create a folder with permissions set to This Folder, subfolders

  Basically my app creates 4 folders that gives a specific user certain permissions.
  I can create the folder find, and i can give the user the correct permissions, but by defaulse it has Apply To set to this folder only, so if the user creates a folder, they wont have permissions to access it.
  I want to give it permissions that Apply to: This folder, subfolders, and files.
  I have spent hours upon hours trying different things, and trying to find the answer anywhere. Any help is greatly appreciated.
  Here is my code to create the folders:
  string mailDataPath = "E:\\Data\\MailData\\" + logonName;
  string userDataPath = "E:\\Data\\UserData\\" + logonName;
  string userProfilePath = "E:\\Data\\UserProfile\\" + logonName;
  string userSharedPath = "E:\\Data\\UserShared\\" + logonName;
  path[0] = mailDataPath;
  path[1] = userDataPath;
  path[2] = userProfilePath;
  path[3] = userSharedPath;
  //If folders do not exists, create them.
  for (int x = 0; x < pathAmount; x++)
  if (!Directory.Exists(path[x]))
  Directory.CreateDirectory(path[x]);
  //Sets folder permissions dependant on which folder it is
  if (path[x] != userProfilePath)
  DirectoryInfo info = new DirectoryInfo(path[x]);
  DirectorySecurity security = info.GetAccessControl();
  security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.Modify, AccessControlType.Allow));
  info.SetAccessControl(security);
  else if (path[x] == userProfilePath)
  DirectoryInfo info = new DirectoryInfo(path[x]);
  DirectorySecurity security = info.GetAccessControl();
  security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.FullControl, AccessControlType.Allow));
  info.SetAccessControl(security);

  Figured it out. It wasn't as difficult as i made it out to be.
  I just need to use 2 access rules
  DirectoryInfo info =
  new
  DirectoryInfo(path[x]);
  DirectorySecurity security = info.GetAccessControl();
  security.AddAccessRule(new
  FileSystemAccessRule(logonName,
  FileSystemRights.Modify,
  InheritanceFlags.ContainerInherit,
  PropagationFlags.None,
  AccessControlType.Allow));
  security.AddAccessRule(new
  FileSystemAccessRule(logonName,
  FileSystemRights.Modify,
  InheritanceFlags.ObjectInherit,
  PropagationFlags.None,
  AccessControlType.Allow));
  info.SetAccessControl(security);
  this is the code for the setting of the permissions.
  had to play around with it a bunch to get the correct inheritance.
  Im sorry i dont realy understand. Where do i put this code? Is there a guide for were to put this? Thanks for your help! :)

• Does FCSvr read ACL permissions set in OD?

  We have set up a series of permissions using ACL's within OD. I assumed that FCSvr would pick up these permissions to certain areas of an Xsan. However within FCSvr you can still see media from areas that have been denied to certain users - set up in OD.
  Within FCSvr, I have created further permissions within the permission sets for each user group. But, because these are driven by metadata, it then causes further access problems with any media that is scanned in or comes from a watch folder- as metadata is not inputted straight away for this media. My next thought now is to break the areas in the Xsan down as Devices, and then set permissions to these in Fcsvr admin, but I have read in another forum that there is a bug with this process as it denies access to the wrong areas and can mess up the look of the interface.
  Really, FCSvr should be able to read the ACL's in OD, surely?
  Any advice appreciated.

  Actually, FCSvr always operates as admin. It is as if every user is the admin user when working with the devices of FCSvr. As you noted, the only way to limit permissions in FCSvr are via metadata filtering, traits, and devices.
  You should divvy up your SAN into multiple devices. This used to be a problem, but in v1.1.1 the interface problems related to device permissions have been corrected. You can restrict access and activity device by device, group by group. You can also set metadata during scans and with subscriptions + set asset metadata responses. My file naming convention allows me to have FCSvr automatically fill in six different fields just from creating the asset (assuming my users name their files properly of course, but there's only so much an admin can do).

• Folder permissions set in Powershell not visible in Windows Explorer

  Hi
  I have created the following script to grant TestGroup access to c:\MyFolder:
  $MyFolder = "c:\MyFolder"
  $rule = new-object System.Security.AccessControl.FileSystemAccessRule ("TestGroup","FullControl","Allow")
  $acl = Get-ACL $MyFolder
  $acl.SetAccessRule($rule)
  Set-ACL -Path $MyFolder -AclObject $acl
  The script works and grants access. However, if I open the Security pane from Windows Explorer, I cannot see the permissions:
  But the permissions are set:
  Why can't I see the permissions in Explorer when they are set through Powershell?

  I added
  "ContainerInherit, ObjectInherit","None","Allow")
  which seems to have done the trick.