Permission based access

Similar Messages

• Role Based Access Control in Java

  Hi,
  we are designing a software solution that makes use of the Role Based Access Control pattern to control access of functions, EJBs, Servlets to certain users based on their "role".
  I have not been able to understand clearly how that pattern can be implemented in Java. In addition, I stumbled on the java.security.acl and I wondering how will the package work together with RBAC pattern (Or is the pattern already implemented in some package)?
  Does any1 have any comments on this? Thnx
  Dave

  Hi David,
  Permissions based on GUI components is a simple & neat idea. But is it rugged? Really secure? It might fall short of Grady Booch's idea of Responsibilities of objects. Also that your Roles and Access components are coupled well with Views!!!!!!!
  My suggestion regarding the Management Beans is only to do with the dynamic modification which our discussion was giong forward.
  If we go back to our fundamental objective of implementing a Role based access control,let me put some basic questions.
  We have taken the roles data from a static XML file during the start up of the container. The Roles or Access are wanted to be changed dynamically during the running of the container. You would scrutinize the changes of Roles and access before permission during the case of dynamic modification.
  Do you want this change to happen only for that particular session? Don't you want these changes to persist??? When the container is restarted, don't you want the changes to stay back?
  If the answer to the above is YES(yes I want to persist changes), how about doing a write operation(update role/access) of the XML file and continue your operation? After all, you can get the request to a web or session bean and keep going.
  If the answer to the above is NO(no, i don't want to persist), you can still get the change role request to a web or session bean and keep going.
  Either way, there is going to be an intense scrutiny of the operator before giving her permissions!!!
  One hurdle could be that how to get all neighbouring servers know about the changes in roles and access??? An MBean or App Server API could help you in this.
  May I request all who see this direction to pour in more comments/ideas ? I would like to hear from David, duffymo, komone and jschell.
  Rajesh

• Help! Time Machine is telling me I don't have permission to access backup

  I recently did a clean SL install to try and correct some issues I am having with Aperture. The install did not correct the problem, and I now have a library of 70,000+ images (years worth of edits, etc..) that I cannot run in Aperture 3. Today I tried to access a copy of that library via time machine, based on the instructions in the FAQ above: I opened a finder window, went to "enter time machine" and tried to restore the library from February 8th (the day before I upgraded the library to AP3) to my newly installed snow leopard. I am getting the following error message:
  The operation can't be completed because you don't have permission to access "Aperture Library".
  Please help. I checked the troubleshooting section, but did not find any helpful info pertaining to this particular issue.

  some additional info about the clean install, I did not Migrate any data over from a Time Machine, I started fresh. Perhaps this could be my issue. Do I need to Migrate over the User account in order to have access to my old data?

• Time Machine:...you don't have permission to access

  Hello People (it's been a while)
  I'm having trouble restoring files from Time Machine to my desktop. Specifically, i accidentally deleted an imovie project i was working on and turned to Time Machine to get it back. Unfortunately when i click restore i get the message "the operation can't be completed because you don't have permission to access..."
  It's a head scratcher, as i've found from hunting around google and these forums. Has anyone come up with a solution?
  I've tried repairing permissions and had a look in the get info box on my external (TM) hard-drive. Nothing appears to be amiss.

  Read the following:
  What to do if Time Machine reports you don't have permission
  This was posted in the Apple Discussions by V.K. I have only modified it slightly to be more generic.
  The problem seems to be that 10.5.6 changes permissions on a file so that even the root user doesn't have write peivileges. I have no idea why they did this. The workaround suggested in [an]other post will probably work, too, but i did something less drastic. Instead of deleting the file I changed permissions on it, and it worked just fine. An added benefit is that the permission change seems to stick, so you don't have to delete the file every time you change a drive.
  [Open the Terminal application in your Utilities folder. At the prompt [enter] the following command:
  sudo chmod 644 /volumes/"TM drive name"/.xxxxxxxxxxxx
  The name of the file .xxxxxxxxxxxx is based on the MAC address of your computer and will be different for every computer. Put the name of the TM drive in the above and keep the quotes.
  You'll have to enter your admin password (which you won't see) which is normal.
  This was edited by Kappy just for cleanup.
  Enable Finder to Show Invisible Files and Folders
  Open the Terminal application in your Utilities folder. At the prompt enter or paste the following command line then press RETURN.
  defaults write com.apple.finder AppleShowAllFiles TRUE
  To turn off the display of invisible files and folders enter or paste the following command line and press RETURN.
  defaults write com.apple.finder AppleShowAllFiles FALSE
  Alternatively you can use one of the numerous third-party utilities such as TinkerTool or ShowHideInvisibleFiles - VersionTracker or MacUpdate.
  Also, see User Tips for Time Machine for help with TM problems. Also you can select Mac Help from the Finder's Help menu and search for "time machine" to locate articles on how to use TM. See also Mac 101- Time Machine.

• My iPhone 4 has been saying You do not have permission to access the requested resource whenever I try to watch one of the episodes I bought from iTunes. It will not let me watch them and I don't know why.

  A few days ago I bought a season of the series Psych off of iTunes. I was able to watch the first bunch without a problem but now all of a sudden when I try to watch one it says "You do not have permission to access the requested resource". I tried restarting my phone but that do not help. I cleared up a lot of space on my phone as well. I have and iPhone 4 with the update of iOS 6.1.3.

  Are you using the same Apple ID that the purchase was linked to?  I had this issue with a shared device, and the other person had logged out of my ID and logged in with hers.
  If it's the same ID, then try redownloading the purchase.

• Apache user dir (13)Permission denied: access to /~simha/ denied

  I am getting Access forbidden! when I am trying to connect to http://localhost/~simha/ where simha is my user name
  my /var/log/httpd/error_log says
  [Thu Jul 08 17:44:30 2010] [error] [client 127.0.0.1] (13)Permission denied: access to /~simha/ denied
  I tried a lot and gave up. Can any one help me in this in regard
  The following are the permisions of my home dir simha and public_html
  drwx--x--x 130 simha users 16384 Jul 8 17:04 simha
  drwxr-xr-x 2 simha users 4096 Jul 8 17:02 public_html
  The following are my httpd.conf
  # This is the main Apache HTTP server configuration file. It contains the
  # configuration directives that give the server its instructions.
  # See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
  # In particular, see
  # <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
  # for a discussion of each configuration directive.
  # Do NOT simply read the instructions in here without understanding
  # what they do. They're here only as hints or reminders. If you are unsure
  # consult the online docs. You have been warned.
  # Configuration and logfile names: If the filenames you specify for many
  # of the server's control files begin with "/" (or "drive:/" for Win32), the
  # server will use that explicit path. If the filenames do *not* begin
  # with "/", the value of ServerRoot is prepended -- so "/var/log/httpd/foo_log"
  # with ServerRoot set to "/etc/httpd" will be interpreted by the
  # server as "/etc/httpd//var/log/httpd/foo_log".
  # ServerRoot: The top of the directory tree under which the server's
  # configuration, error, and log files are kept.
  # Do not add a slash at the end of the directory path. If you point
  # ServerRoot at a non-local disk, be sure to point the LockFile directive
  # at a local disk. If you wish to share the same ServerRoot for multiple
  # httpd daemons, you will need to change at least LockFile and PidFile.
  ServerRoot "/etc/httpd"
  # Listen: Allows you to bind Apache to specific IP addresses and/or
  # ports, instead of the default. See also the <VirtualHost>
  # directive.
  # Change this to Listen on specific IP addresses as shown below to
  # prevent Apache from glomming onto all bound IP addresses.
  #Listen 12.34.56.78:80
  Listen 80
  # Dynamic Shared Object (DSO) Support
  # To be able to use the functionality of a module which was built as a DSO you
  # have to place corresponding `LoadModule' lines at this location so the
  # directives contained in it are actually available _before_ they are used.
  # Statically compiled modules (those listed by `httpd -l') do not need
  # to be loaded here.
  # Example:
  # LoadModule foo_module modules/mod_foo.so
  LoadModule authn_file_module modules/mod_authn_file.so
  LoadModule authn_dbm_module modules/mod_authn_dbm.so
  LoadModule authn_anon_module modules/mod_authn_anon.so
  LoadModule authn_dbd_module modules/mod_authn_dbd.so
  LoadModule authn_default_module modules/mod_authn_default.so
  LoadModule authz_host_module modules/mod_authz_host.so
  LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
  LoadModule authz_user_module modules/mod_authz_user.so
  LoadModule authz_dbm_module modules/mod_authz_dbm.so
  LoadModule authz_owner_module modules/mod_authz_owner.so
  LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
  LoadModule authz_default_module modules/mod_authz_default.so
  LoadModule auth_basic_module modules/mod_auth_basic.so
  LoadModule auth_digest_module modules/mod_auth_digest.so
  LoadModule file_cache_module modules/mod_file_cache.so
  LoadModule cache_module modules/mod_cache.so
  LoadModule disk_cache_module modules/mod_disk_cache.so
  LoadModule mem_cache_module modules/mod_mem_cache.so
  LoadModule dbd_module modules/mod_dbd.so
  LoadModule dumpio_module modules/mod_dumpio.so
  LoadModule ext_filter_module modules/mod_ext_filter.so
  LoadModule include_module modules/mod_include.so
  LoadModule filter_module modules/mod_filter.so
  LoadModule substitute_module modules/mod_substitute.so
  LoadModule deflate_module modules/mod_deflate.so
  LoadModule ldap_module modules/mod_ldap.so
  LoadModule log_config_module modules/mod_log_config.so
  LoadModule log_forensic_module modules/mod_log_forensic.so
  LoadModule logio_module modules/mod_logio.so
  LoadModule env_module modules/mod_env.so
  LoadModule mime_magic_module modules/mod_mime_magic.so
  LoadModule cern_meta_module modules/mod_cern_meta.so
  LoadModule expires_module modules/mod_expires.so
  LoadModule headers_module modules/mod_headers.so
  LoadModule ident_module modules/mod_ident.so
  LoadModule usertrack_module modules/mod_usertrack.so
  #LoadModule unique_id_module modules/mod_unique_id.so
  LoadModule setenvif_module modules/mod_setenvif.so
  LoadModule version_module modules/mod_version.so
  LoadModule proxy_module modules/mod_proxy.so
  LoadModule proxy_connect_module modules/mod_proxy_connect.so
  LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
  LoadModule proxy_http_module modules/mod_proxy_http.so
  LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
  LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
  LoadModule ssl_module modules/mod_ssl.so
  LoadModule mime_module modules/mod_mime.so
  LoadModule dav_module modules/mod_dav.so
  LoadModule status_module modules/mod_status.so
  LoadModule autoindex_module modules/mod_autoindex.so
  LoadModule asis_module modules/mod_asis.so
  LoadModule info_module modules/mod_info.so
  LoadModule suexec_module modules/mod_suexec.so
  LoadModule cgi_module modules/mod_cgi.so
  LoadModule cgid_module modules/mod_cgid.so
  LoadModule dav_fs_module modules/mod_dav_fs.so
  LoadModule vhost_alias_module modules/mod_vhost_alias.so
  LoadModule negotiation_module modules/mod_negotiation.so
  LoadModule dir_module modules/mod_dir.so
  LoadModule imagemap_module modules/mod_imagemap.so
  LoadModule actions_module modules/mod_actions.so
  LoadModule speling_module modules/mod_speling.so
  LoadModule userdir_module modules/mod_userdir.so
  LoadModule alias_module modules/mod_alias.so
  LoadModule rewrite_module modules/mod_rewrite.so
  LoadModule php5_module modules/libphp5.so
  <IfModule !mpm_netware_module>
  <IfModule !mpm_winnt_module>
  # If you wish httpd to run as a different user or group, you must run
  # httpd as root initially and it will switch.
  # User/Group: The name (or #number) of the user/group to run httpd as.
  # It is usually good practice to create a dedicated user and group for
  # running httpd, as with most system services.
  User http
  Group http
  </IfModule>
  </IfModule>
  # 'Main' server configuration
  # The directives in this section set up the values used by the 'main'
  # server, which responds to any requests that aren't handled by a
  # <VirtualHost> definition. These values also provide defaults for
  # any <VirtualHost> containers you may define later in the file.
  # All of these directives may appear inside <VirtualHost> containers,
  # in which case these default settings will be overridden for the
  # virtual host being defined.
  # ServerAdmin: Your address, where problems with the server should be
  # e-mailed. This address appears on some server-generated pages, such
  # as error documents. e.g. [email protected]
  ServerAdmin [email protected]
  # ServerName gives the name and port that the server uses to identify itself.
  # This can often be determined automatically, but we recommend you specify
  # it explicitly to prevent problems during startup.
  # If your host doesn't have a registered DNS name, enter its IP address here.
  #ServerName www.example.com:80
  # DocumentRoot: The directory out of which you will serve your
  # documents. By default, all requests are taken from this directory, but
  # symbolic links and aliases may be used to point to other locations.
  DocumentRoot "/srv/http"
  # Each directory to which Apache has access can be configured with respect
  # to which services and features are allowed and/or disabled in that
  # directory (and its subdirectories).
  # First, we configure the "default" to be a very restrictive set of
  # features.
  <Directory />
  Options FollowSymLinks
  AllowOverride None
  Order deny,allow
  Deny from all
  </Directory>
  # Note that from this point forward you must specifically allow
  # particular features to be enabled - so if something's not working as
  # you might expect, make sure that you have specifically enabled it
  # below.
  # This should be changed to whatever you set DocumentRoot to.
  <Directory "/srv/http">
  # Possible values for the Options directive are "None", "All",
  # or any combination of:
  # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
  # Note that "MultiViews" must be named *explicitly* --- "Options All"
  # doesn't give it to you.
  # The Options directive is both complicated and important. Please see
  # http://httpd.apache.org/docs/2.2/mod/core.html#options
  # for more information.
  Options Indexes FollowSymLinks includes
  # AllowOverride controls what directives may be placed in .htaccess files.
  # It can be "All", "None", or any combination of the keywords:
  # Options FileInfo AuthConfig Limit
  AllowOverride None
  # Controls who can get stuff from this server.
  Order allow,deny
  Allow from all
  </Directory>
  # DirectoryIndex: sets the file that Apache will serve if a directory
  # is requested.
  <IfModule dir_module>
  DirectoryIndex index.html
  </IfModule>
  # The following lines prevent .htaccess and .htpasswd files from being
  # viewed by Web clients.
  <FilesMatch "^\.ht">
  Order allow,deny
  Deny from all
  Satisfy All
  </FilesMatch>
  # ErrorLog: The location of the error log file.
  # If you do not specify an ErrorLog directive within a <VirtualHost>
  # container, error messages relating to that virtual host will be
  # logged here. If you *do* define an error logfile for a <VirtualHost>
  # container, that host's errors will be logged there and not here.
  ErrorLog "/var/log/httpd/error_log"
  # LogLevel: Control the number of messages logged to the error_log.
  # Possible values include: debug, info, notice, warn, error, crit,
  # alert, emerg.
  LogLevel warn
  <IfModule log_config_module>
  # The following directives define some format nicknames for use with
  # a CustomLog directive (see below).
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  LogFormat "%h %l %u %t \"%r\" %>s %b" common
  <IfModule logio_module>
  # You need to enable mod_logio.c to use %I and %O
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
  </IfModule>
  # The location and format of the access logfile (Common Logfile Format).
  # If you do not define any access logfiles within a <VirtualHost>
  # container, they will be logged here. Contrariwise, if you *do*
  # define per-<VirtualHost> access logfiles, transactions will be
  # logged therein and *not* in this file.
  CustomLog "/var/log/httpd/access_log" common
  # If you prefer a logfile with access, agent, and referer information
  # (Combined Logfile Format) you can use the following directive.
  #CustomLog "/var/log/httpd/access_log" combined
  </IfModule>
  <IfModule alias_module>
  # Redirect: Allows you to tell clients about documents that used to
  # exist in your server's namespace, but do not anymore. The client
  # will make a new request for the document at its new location.
  # Example:
  # Redirect permanent /foo http://www.example.com/bar
  # Alias: Maps web paths into filesystem paths and is used to
  # access content that does not live under the DocumentRoot.
  # Example:
  # Alias /webpath /full/filesystem/path
  # If you include a trailing / on /webpath then the server will
  # require it to be present in the URL. You will also likely
  # need to provide a <Directory> section to allow access to
  # the filesystem path.
  # ScriptAlias: This controls which directories contain server scripts.
  # ScriptAliases are essentially the same as Aliases, except that
  # documents in the target directory are treated as applications and
  # run by the server when requested rather than as documents sent to the
  # client. The same rules about trailing "/" apply to ScriptAlias
  # directives as to Alias.
  ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"
  </IfModule>
  <IfModule cgid_module>
  # ScriptSock: On threaded servers, designate the path to the UNIX
  # socket used to communicate with the CGI daemon of mod_cgid.
  #Scriptsock /var/run/httpd/cgisock
  </IfModule>
  # "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased
  # CGI directory exists, if you have that configured.
  <Directory "/srv/http/cgi-bin">
  AllowOverride None
  Options None
  Order allow,deny
  Allow from all
  </Directory>
  # DefaultType: the default MIME type the server will use for a document
  # if it cannot otherwise determine one, such as from filename extensions.
  # If your server contains mostly text or HTML documents, "text/plain" is
  # a good value. If most of your content is binary, such as applications
  # or images, you may want to use "application/octet-stream" instead to
  # keep browsers from trying to display binary files as though they are
  # text.
  DefaultType text/plain
  <IfModule mime_module>
  # TypesConfig points to the file containing the list of mappings from
  # filename extension to MIME-type.
  TypesConfig conf/mime.types
  # AddType allows you to add to or override the MIME configuration
  # file specified in TypesConfig for specific file types.
  #AddType application/x-gzip .tgz
  # AddEncoding allows you to have certain browsers uncompress
  # information on the fly. Note: Not all browsers support this.
  #AddEncoding x-compress .Z
  #AddEncoding x-gzip .gz .tgz
  # If the AddEncoding directives above are commented-out, then you
  # probably should define those extensions to indicate media types:
  AddType application/x-compress .Z
  AddType application/x-gzip .gz .tgz
  # AddHandler allows you to map certain file extensions to "handlers":
  # actions unrelated to filetype. These can be either built into the server
  # or added with the Action directive (see below)
  # To use CGI scripts outside of ScriptAliased directories:
  # (You will also need to add "ExecCGI" to the "Options" directive.)
  #AddHandler cgi-script .cgi
  # For type maps (negotiated resources):
  #AddHandler type-map var
  # Filters allow you to process content before it is sent to the client.
  # To parse .shtml files for server-side includes (SSI):
  # (You will also need to add "Includes" to the "Options" directive.)
  #AddType text/html .shtml
  #AddOutputFilter INCLUDES .shtml
  </IfModule>
  # The mod_mime_magic module allows the server to use various hints from the
  # contents of the file itself to determine its type. The MIMEMagicFile
  # directive tells the module where the hint definitions are located.
  #MIMEMagicFile conf/magic
  # Customizable error responses come in three flavors:
  # 1) plain text 2) local redirects 3) external redirects
  # Some examples:
  #ErrorDocument 500 "The server made a boo boo."
  #ErrorDocument 404 /missing.html
  #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
  #ErrorDocument 402 http://www.example.com/subscription_info.html
  # EnableMMAP and EnableSendfile: On systems that support it,
  # memory-mapping or the sendfile syscall is used to deliver
  # files. This usually improves server performance, but must
  # be turned off when serving from networked-mounted
  # filesystems or if support for these functions is otherwise
  # broken on your system.
  #EnableMMAP off
  #EnableSendfile off
  # Supplemental configuration
  # The configuration files in the conf/extra/ directory can be
  # included to add extra features or to modify the default configuration of
  # the server, or you may simply copy their contents here and change as
  # necessary.
  # Server-pool management (MPM specific)
  #Include conf/extra/httpd-mpm.conf
  # Multi-language error messages
  Include conf/extra/httpd-multilang-errordoc.conf
  # Fancy directory listings
  Include conf/extra/httpd-autoindex.conf
  # Language settings
  Include conf/extra/httpd-languages.conf
  # User home directories
  Include conf/extra/httpd-userdir.conf
  # Real-time info on requests and configuration
  #Include conf/extra/httpd-info.conf
  # Virtual hosts
  #Include conf/extra/httpd-vhosts.conf
  # Local access to the Apache HTTP Server Manual
  #Include conf/extra/httpd-manual.conf
  # Distributed authoring and versioning (WebDAV)
  #Include conf/extra/httpd-dav.conf
  # phpMyAdmin configuration
  Include conf/extra/httpd-phpmyadmin.conf
  # Various default settings
  Include conf/extra/httpd-default.conf
  # Secure (SSL/TLS) connections
  #Include conf/extra/httpd-ssl.conf
  Include conf/extra/php5_module.conf
  # Note: The following must must be present to support
  # starting without SSL on platforms with no /dev/random equivalent
  # but a statically compiled-in mod_ssl.
  <IfModule ssl_module>
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  </IfModule>
  The following are my /etc/httpd/conf/extra/httpd-userdir.conf
  # Settings for user home directories
  # Required module: mod_userdir
  # UserDir: The name of the directory that is appended onto a user's home
  # directory if a ~user request is received. Note that you must also set
  # the default access control for these directories, as in the example below.
  UserDir public_html
  # Control access to UserDir directories. The following is an example
  # for a site where these directories are restricted to read-only.
  <Directory /home/*/public_html>
  AllowOverride FileInfo AuthConfig Limit Indexes
  Options MultiViews Indexes SymLinksIfOwnerMatch ExecCGI
  <Limit GET POST OPTIONS PROPFIND>
  Order allow,deny
  Allow from all
  </Limit>
  <LimitExcept GET POST OPTIONS PROPFIND>
  Order deny,allow
  Deny from all
  </LimitExcept>
  </Directory>
  I also tried adding user to the group http. BUt nothing is working.

  Do you have [or more like lack] +x on the user folder?

• When a Safari download is interrupted, I get the message "You do not have permission to access the requested resource" when I try to restart it.

  I have had this issue with my Macbook Pro ever since I bought it in November.  If I start downloading a file with Safari, and the download gets interrupted, I am unable to resume downloading from the point where it was interrupted.  Clicking on "resume downloading" button in the downloads list works fine it I do it immediately after the download is interrupted, but if a little time has elapsed (as little as a few minutes) since the interruption it will not let me resume the download, and I get the message in the downloads list "You do not have permission to access the requested resource."  I have repaired my permissions...I don't know what else to do.  Here's my system configuration:
  Macbook Pro Mid-2012 Retina Display
  2.3 GHz Intel Core i7
  8 GB RAM
  System 10.8.2
  I just have to editorialize for a moment:  My old Macbook Pro and my Mac Pro both worked great with Snow Leopard, but since upgrading the Mac Pro to Mountain Lion and buying the new Macbook I have had all kinds of issues like this.  Tech support at Panic software, that I contacted because of issues with some of their software, told me that I was only one of many with Mountain Lion issues, but here we're over half a year since the release of 10.8 and we're only on system 10.8.2.  Is anybody at Apple actually trying to fix the issues?
  Thanks for anything you can tell me!

  If you think this is a bug, you can report it here:
  Apple - Mac OS X - Feedback

• Why when I try to login the Itunes Connect with my Apple ID it always says: "Apple ID does not have permission to access iTunes Connect."?

  Why when I try to login the Itunes Connect with my Apple ID it always says: "Apple ID does not have permission to access iTunes Connect."?

  Look on one of your bank statements and be sure to enter the billing address exactly as it shows on the statement. Some folks forget where they actually get the statement. They put their home address in iTunes/Mac App Store and they actually get the statement at their place of employment or vice versa.

• Suddenly cannot connect to server "you do not have permission to access the server"

  I am one of only two Macs in our office.
  Up until now I have been able to connect to our shared folders/server just fine. Occasionally and randomly I would seem to get booted off, but would just log back in.
  Now suddenly I get "Connection Failed You do not have permission to access this server".
  I seem to get it whether its cifs, afp or smb.
  After it denies the connection it also boots me from email. As soon as I cancel the attempt to connect the email recognizes my password again.
  I have tried rebooting, repairing permissions and having our network admin change my password and nothing seems to work.
  If I enter an incorrect pw it recognizes it as such. I only get the above message when I use the correct username and PW.
  Additionally if I go to the other mac in our office I am able to connect using the same credentials without any problem.
  This is via ethernet.

  i also got the same problem on my ipad i have tried every thing i dont knw hw to fix this problme any solution. ???????????????????????????????????????????????????

• You do not have permission to access service Personalization

  This is certainly new to me. I am attempting to directly access a MII Application web page by URL in MII V 12.1 and get this message when using my basic user login:
  You do not have permission to access service Personalization
  It works fine with my admin login. I have dug around in Netweaver and MII and can't find where I turn this on. What is the magic bullet? Is there a particular role or group the basic user must be a member of?
  Thanks in advance for your help.
  ...Sparks

  Make sure you belong to SAP_XMII_Users
  http://help.sap.com/saphelp_mii121/helpdata/en/45/5a399bec592a4de10000000a11466f/content.htm
  http://help.sap.com/saphelp_mii121/helpdata/en/48/d0c6efbcb810b6e10000000a421138/content.htm
  This is a change to security and permissioning in 12.1 where UME Actions are used.

• Trying to reload firefox and getting this message, when moving to the applications folder: "The operation can't be completed because you don't have permission to access some of the items."

  Been having problems with Firefox/internet for several days, and all my updates seemed current. I decided to try to reload and have removed the other icons/download attempts from the app file. When I try to drag the icon into apps, I now get this message:
  The operation can’t be completed because you don’t have permission to access some of the items.

  * Download a new copy of the Firefox program: http://www.mozilla.com/firefox/all.html
  * Trash the current Firefox application to do a clean (re)install.
  * Install the new version that you have downloaded.
  Your profile data is stored elsewhere in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Firefox Profile Folder], so you won't lose your bookmarks and other personal data.

• Can't move any files... "The operation can't be completed because you don't have permission to access some of the items."

  This is a strange one... I just recently did a complete format/reinstall of Lion because of very poor performance after upgrading.
  So I'm on a totally fresh system, no TimeMachine restore or anything. I've installed all my apps from scratch - no prefrence file backups or anything. Everything is fresh.
  Yesterday I tried to copy a file from one folder to another and I got the error "The operation can’t be completed because you don’t have permission to access some of the items". Checked file permissions... repaired disk permissions... made sure I was logged in as admin (I only have one account)... everything looks good.
  This is now happening when trying to copy any files anywhere on my machine... Very frustrating.
  There's a couple strange side-effects I've noticed:
  - I can move & copy files just fine in terminal... without sudo...
  - The little lock icon in the bottom right of the Get Info window doesn't do anything - I can't unlock it. I can still edit the permissions for the file/folder but I can't select the "apply to enclosed items..." option.
  Does anybody know what the heck is going on?

  jsd2 wrote:
  Try creating a new admin user account, logging into it, and then creating some new items on the Desktop and elsewhere. Does the same thing happen there?
  Ok the strangeness continues!
  I created a new "TestAdmin" account, but it doesn't show up in the Users & Groups prefrences sidebar... The /Users/testadmin folder was created, but the account doesn't show up in the prefrences or login window...
  I tried a reboot to see if the account would show up and it still doesnt.... However after the reboot I am now able to copy files again!
  I'm paranoid that the problem will show up again since I have no idea what fixed it. I tried rebooting previously after repairing permissions which didn't solve the issue so it's not like I haven't rebooted since it started.
  And now I have the issue of not being able to create user accounts.
  A little dissapointed with Lion to be honest... the new features are cool but there are so many little bugs it really feels half-baked.

• Can't save multiple folders to external drive. Get: "The operation can't be completed because you don't have permission to access some of the items." when dragging large folders to mac os extended journalled external drive from OS 10.6.8

  Hi
  I am feeling  VERY desperate!
  After losing an external drive [dont ask....]  -   I got  another one :  2TB WD formatted properly [ OS extended journalled for mac ] ready for action to move  my thousands of files and images and ppts in hundreds of folders across from the laptop to this drive because I travel a bit with the laptop and this is too risky not to back up at home.
  But this message came up after starting on moving folders across [** and not straight away, sometimes after moving  a folder  when  4 of 6 gb of files across  then the message comes up  = very frustrating]:
  "The operation can’t be completed because you don't have permission to access some of the items."
  I am  dragging mixed sometimes large complex folders to this  os extended journalled external drive from my mac book pro OS 10.6.8  - it would take decades to move items one by one or even folder by folder and really confusing. 
  I have  dragged-copied  various small folders and files across successfully, but it is only working 50:50 and I can't leave machine with the idea of things copying eg: overnight - it just won't work....
  I have been browsing google and find some people describing in CODE how they overcome this 'message'   .... but  I  [and I guess some other viewers of this in future & also in desperation]  would need  instructions for beginners....  to try this type of thing.  I don't know any code.
  How can this be happening - I feel ANGRY at APPLE !!!!  for not posting easy fix instructions yet re; this, or better still  updating software so it doesn't happen [ that I can find at least  !!! ] .   There seem to be hundreds of people stuck with this stupid message and inability to back up their projects etc.
  Can anyone help ?
  Many thanks
  Julie
  15 August 2011

  hi Samberl
  thanks a lot for the fast reply.
  I was dragging folders from main folders on the laptop-desktop  onto the external drive icon - to copy them across....
  Your suggestion sounds very promising -  I didn't know about 'cloning'.
  Yes the idea is to backup the laptop -    I thought I would just move it all now, new - and then keep saving/dragging physically   across to the new drive myself each day or two...
  Would this be the sizeof the internal hard drive = c.500 gb  ?   =   under the HD icon on desktop is written  : 
  " 499.76gb , 311.5 gb free  " 
  I can erase and start agin on the new external drive - so this plan is to make two partititions, rather than the one at present, and make one of them 500 gb ?
  I have found CCC [carbon copy cloner] googling - looks good.
  When CCC site says it backs up  the hard drive - would this  mean all my files  [over 100 gb] that are mostly  in folders on the desktop, plus the others in itunes, iphotos etc found in the HD icon,  would all copy across successfully [wherever they are in the computer ]  ?
  thanks again, hope you can clarify these things and then I will go for it. 
  It would be great and amazing if this 'lack of permission' message doesn't show up in the process of doing this ccc transfer - hopeful!
  Julie

• How can I get permission to access my own files?

  I recently got a new Mac Pro, and I used a Time Machine backup to migrate my data.  Then I discovered that Time Machine doesn't actually back up everything; it leaves out all the "Build" folders in all of my Xcode projects for some reason.  I transferred all those folders manually, but I couldn't help but wonder what else Time Machine was omitting.  So I decided that before I permanently retire my old computer (a seven year old iMac), I'd make a full backup of all its data onto BD-Roms.  This it turning out to be quite difficult.
  First I tried using Target Disk Mode and running Disk Utility on a second computer to create a disk image.  But after about 15 hours, it wasn't even a third of the way done, so I cancelled that.  Then I tried connecting an external drive to my old computer and just dragging all the files onto it, which seemed to be working at first, but then after a couple hours, it said something like, "You don't have permission to access the Keychain App," and it stopped transferring.  So I tried again, but I omitted the Applications folder, since that's where the Keychain app is.  Then, after a couple more hours, it said something like, "You don't have permission to access some other file."
  Is there any way I can disable this permissions business?  I tried going to "get info" and giving everyone read and write privileges, but it didn't make any difference.  I wouldn't even mind just skipping the files with permission issues, but the problem is that whenever it gets to an "unpermitted" file, it just completely bails out of the whole transfer and then I have to start all over again.  Is there at least a way to make it just skip those files and go on with the transfer?

  Not in your case. System-level folders cannot be backed up by drag-copying; just drag your home folder to the external drive.
  (124214)

• I get this error code when trying to update from an older version of Firefox: The operation can't be completed because you don't have permission to access some of the items.

  While trying to upgrade from a previous version of Firefox, I get this error code: "The operation can’t be completed because you don’t have permission to access some of the items."
  == installing ==
  == User Agent ==
  Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-us) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7

  I resolved the problem in Snow Leopard by logging out of my (admin) account and logging into my daughter's account on the same machine. She doesn't have admin privileges, so when I tried to install Firefox 4 in her account, I had to authenticate with my admin identity and PW. Installation went smoothly after that. My guess is that you could also simply create a new account on the same machine and install Firefox 4 from that. I have no idea why this works.