Permit Read on a dimension

Similar Messages

• Permissions "read only" after copying files FROM server

  Hi everyone!
  OK, just setup a Leopard server. Clients all at Tiger - level..for now. This is what I want to do:
  I want a read only - network library drive so that the clients can grab files from but then modify locally on their machines. No need to put back on that server as I have another system in place for things like that.
  *The problem:* If I propagate permissions at "read only" then when the user copies to their local drives, the owner changes but the permissions remain. They have to manually change the permissions back to match their local, then they can work with the file. When we're talking about hundreds of files for 15+ users a day, then it is quite a pain and a show stopper.
  I had this setup previously on a panther server with no trouble. I've maintained settings as close as possible but still having trouble.
  Any ideas as to what I'm missing?
  FYI- I don't want to change permissions to read/write to protect the library from tampering.
  thanks

  +If I propagate permissions at "read only" then when the user copies to their local drives, the owner changes but the permissions remain.+
  OK, from your description, you'd have to have the POSIX owner's permissions set to just read-only or read and execute. As you've observed, a copy obtains permissions in the following manner:
  The POSIX owner changes to match the account performing the copy (the action-bearing account), and the POSIX group is inherited from the copy's destination parent. The POSIX permissions stay the same, though. (Inherited ACL entries on the original are also lost; explicitly-defined ones are preserved, and new inherited entries apply to the copy from its destination parent.)
  All of this is proper behavior, and there's an easy way to make it work to suit your needs.
  Since the POSIX owner changes to the action-bearing account for the copy, you'll want to ensure that the original POSIX owner's permissions are read and write. This does not require that you make the original's POSIX owner the same as that of the action-bearing account. An example would better illustrate the situation:
  Example POSIX Permissions for the Original on the server:
  Owner root can read and write
  Group somegroup can only read
  Everyone else can only read
  Thus, let's say that tsmith is the action-bearing account. So tsmith copies the file to his desktop, and the POSIX permissions now look like this:
  Owner tsmith can read and write
  Group staff can only read
  Everyone else can only read
  Thus, tsmith receives the POSIX permissions of the POSIX group or everyone else field on the server - let's say there are no ACLs for the time being - and he becomes the owner of the copy. Since the original owner, root on the server, had read and write permissions, those permissions are preserved and given to tsmith for the copy.
  Another way to deal with this situation would be to use ACLs by placing an inheritable ACL granting full control or read and write for tsmith on his home folder. Any new items copied to or created in his home folder would inherit that ACL. Similarly, an inherited ACL deny entry (but not an explicitly-set entry) affecting tsmith and the delete and delete_child controls could be placed on the affected server share point's top-level before the original was copied there. Then, any subsequent copies from the server volume would drop this inherited ACL entry entirely. These would, however, be much more complicated situations, and your scenario is best handled in the POSIX-only fashion. (This doesn't mean that you have to disable ACLs on the server - just don't apply them for the share point!)
  --Gerrit
  search:Owner read only

• Question about NTFS Permissions (Read Permissions)

  Hello All,
  I hope somebody can help me. I am wondering about the ACL Atribute "Read Permissions"
  Lets say I created a shre named "Share1"  were "User1" has read Access. I created a Folder named "Folder1" in share. In the NTFS Permssions I specified that User1 can "Traverse Folder and List Folder" . With These
  t atributes set the User is able to Access Folder1. But when I copy a File there - doesnt matter if it is a text document, an exe file, or so, the user is not able to Access the ressource. He gets an Acces Denied Error. Only if I add the Permission "Read
  Permissions" the user is able to open the file.
  I dont get why the user is able to open the Folder but not to execute files with the same permission. Is it possible to open a Folder without "Reading Permession Atribute" but not open a file?
  Why is the Feature available if i cant block users from reading permissions of a specific file?
  Thanks a lot in advance.
  Marco

  Something isn't adding up.  "Read Permissions" should be there by default because just about any basic permission grants the "Read Permissions" advanced permission. See the tables in the following TechNet to see what I mean.
  http://technet.microsoft.com/en-us/library/bb727008.aspx
  Check the Scope for the User1 entry on the Folder1 ACL. The Scope is shown under the "Applies to" section from the screenshot below.  If it doesn't read "This Folder, subfolders, & files" you may want to see if changing to that makes a difference.  

• Always "Read-only" in dimension detailed view, OWB10gR2

  In OWB10gR2, let's get any dimension open in the "Data Object Editor", then click on dimension object, right button menu and select "Detail View". The editor shows as expected, the dimension itself and the underlying table, however in the lower pane where we can select tabs(Storage, Attributes, Levels, etc.) it always says "Read-only". Why is that? According to my security settings, I do have full control over these objects.
  Can anyone explain this to me?
  Thanks,
  vr

  Everyone, the "detail view" is read only becuase you aren't allowed to change settings here. If you notice, there should be a set of tabs at the top that say "relational", "dimensional", "business definition", and something else for the detail view (can't remember now). It appears that you can only change settings when on the "dimensional" tab - so just click there and you'll be good to go.
  Hope this helps,
  Scott

• Making NTFS permissions read/write without ability to create/delete folders

  Out at one of our job sites we have a server running Windows Server 2012 R2 that's got a file share accessible to our onsite people. Our project managers have devised a very strict folder structure for this file share, and for auditing purposes they want
  to stick as close to this structure as possible.
  Therefore, although people onsite must have read/write access to create, modify and delete files, they do not want them to be able to create or delete folders. They want them to use the existing folders and not tuck stuff away into folders that no one knows
  exists except the person who created them.
  The closest way I've found to do this is to deselect the advanced permissions 'Create folders / append data' and 'Delete subfolders and files.' This has a few side effects however, the most noticeable being that due to not being able to append data to files,
  certain files (such as CAD drawings) can't be edited by anyone except the person who created them.
  Is there a way using just NTFS permissions to accomplish what the project managers want? And if not, are there any useful third-party utilities that will help us do this?
  Thanks in advance for any assistance.

  Hi,
  I'm not much familiar with AutoCAD- what's the exact behavior which is stopped by the restricted folder permission?
  For example, if AutoCAD will create a folder in editing, we will not have a solution as users needed to create folders so that AutoCAD could run properly. 
  And if AutoCAD works like Office files, that create a temp file for editing, this will be the solution:
  1. Give Domain Admins - Full Control - This folder, subfolders and files.
  This is to allow all admin could access and edit all data.
  2. Give SpecificUsers group (a group contain all normal users) - Full Control without "Change permissions" and "Take Ownership" -
  Files Only.
  This is to give that group most permissions to create, edit and delete files but not Folders.
  3. Give SpecificUsers group another permission:
  Traverse folder
  List FOlder
  Read Attributes
  Read extended attributes
  Create files - this is important. Without this permission you will not able to save Office files. 
  Read permissions.
  Give above permissions to "This Folder, subfolders and files".
  This is to allow users to access all subfolders. 
  If you have any feedback on our support, please send to [email protected]

• Problems with file permissions (read only) from Migration Assistant

  So, I just got a new computer (Mac Pro / Leopard) and I used the Migration Assistant to bring in all of my information from my old Powerbook running Tiger. Once that was done I had two accounts: my old admin account (with all of my settings) and my new admin account (the default). I deleted the new admin account because I had no intent to use it any longer, and planned to continue using the old one.
  But since then, I have been having some permissions issues. Pretty much all of my files are Read Only, so I have to set the permissions on them one-by-one as I need to write them. This also prevented me from doing the 10.5.2 update in Software Update (I was able to get it manually from apple.com.
  I need to know if there's any way to fix this. I tried restoring from the discs, but that didn't affect anything. I've tried repairing permissions, and while that may have helped with some system folders, it doesn't help with the rest of the hundreds of files that I'm sure I'll need to "unlock" in the future.
  Please help!

  Repairing permissions won't fix this. Repair permissions can only work on system files and other files which have a bill of materials (BOM) receipt in /Library/Receipts.
  You need to change the ownership of the files. This is very easy to do with terminal if you know what you're doing:
  sudo chown -R username:staff
  where username is your short username (e.g. mine is blloyd).

• Permissions - Read & DropBox?

  I have a partition on my iMac with a movies folder for all accounts to be able to share.
  I want me (admin) to have read/write.
  I want the other accounts (users) to have read, and preferably "drop box" type permissions, so they can "Add" other movies, folders, but not "change" or "delete".
  I have no problem setting up everything so they can simply read and not write - but I can't get the dropbox thing working.
  How can I do this? pure "dropbox" doesn't allow reading....
  Ownership *is enabled* on this partition.
  Thanks!

  I have a partition on my iMac with a movies folder for all accounts to be able to share.
  I want me (admin) to have read/write.
  I want the other accounts (users) to have read, and preferably "drop box" type permissions, so they can "Add" other movies, folders, but not "change" or "delete".
  I have no problem setting up everything so they can simply read and not write - but I can't get the dropbox thing working.
  How can I do this? pure "dropbox" doesn't allow reading....
  Ownership *is enabled* on this partition.
  Thanks!

• FTP server permissions "Read Only"

  I manage my own website, and would like to use Finder as my FTP medium. I can log into it, and download from it, but I cannot write to it. I have web admin privileges, but I'm unable to UPload to my ftp server.
  It runs on the basic port 21, and has run normally in the past, but this is the first time that I've tried to mount it as a volume on a mac.
  This way would be so much easier to use than the FTP online protocol that I use.
  Thanks in advance,
  Superd@ve

  Hi, yes,FTP is Read only in the finder in .4. at least.
  You can use Terminal commands or a free FTP client such as Cyberduck to get both R&W rights..
  http://cyberduck.ch/

• PERMIT_READ to limit dimensions

  Hi,
  I have a 9.2.0.6 EE DB running on Linux RHEL ES3.0. I am using AW to build a Cube and present it through Discoverer plus 10g. Everything is currently working fine and Discoverer produces great looking presentations out of OLAP.
  What I am trying to do now is to build a security mechanism restricting the users to view the data based on product dimension. My product dimension has three level hierarchy: All Products -> Product Groups -> Products.
  So, if user1 is logged in then I want that user to view only GRP1 and its children, user2 for GRP2 and its children and so on so forth.
  In order to do this, I have an ALL_USERS dimensions containing all the available users and user_variable dimensioned by ALL_USERS and PRODUCT. I store 1 to the variable if a user has access to a particular product group and its chidren. And in the PERMIT_READ program, I use the following.
  CONSIDER ALL_USERS
  PERMIT READ WHEN ALL_USERS EQ USERID
  CONSIDER PRODUCT
  PERMIT READ WHEN USER_VARIABLE EQ 1
  When I open the AW in OLAP worksheet and report the Product dimension, it properly displays the dimension values of product. However, in the Discoverer Query wizard, nothing comes up for Product dimension value window. Then I put 1 for user_variable for 'All Products' variable as well. That showed the top level product hierarchy, but was not able to drill down probably because I limited to one Product group.
  Obviously, I am not doing something right! What's the better way to implement this logic?
  Thanks for all your help
  Suresh.

  Ok, here's What I do.
  1. a Load program loads the database Users with specific Cube access role into ALL_USERS dimension.
  2. Product Dimension is refreshed daily.
  3. a Load program gets the Product/User Combination from a relational table and updates PRODUCT_USER_VARIABLE with 1 where the combination matches.
  In the PERMIT_READ program, I have following lines
  CONSIDER ALL_USERS
  PERMIT READ WHEN ALL_USERS EQ USERID
  CONSIDER PRODUCT
  PERMIT READ WHEN nafill(USER_PRODUCT_VARIABLE,0) EQ 1
  In order to test whether it selects the right products, I had an outfile setup in permit_read program which reports the product dim after permits have been set. Output file correctly reported out the list of products enabled for the user logged in, when discoverer was launched.
  However, when I build a query, the Product Dimension value window comes up with top level and was not able to drill down. My product has following hierarchy (ALL PRODUCTS -> PRODUCT GROUPS -> PRODUCT). The way I set the value in the user_variable was like following:
  Value in the variable:
  Product User1 User2 User3
  All Products 1 1 1
  GROUP1 1 NA NA
  PROD1 1 NA NA
  PROD2 1 NA NA
  GROUP2 NA 1 NA
  PROD3 NA 1 NA
  GROUP3 NA NA 1
  PROD4 NA NA 1
  PROD5 NA NA 1
  the result I want is when I logged in as User1, show up All Products in the product dim window and able to drill down to group1 and products. It shows up All products, but not able to drill down.
  What am I doing wrong here?
  Thanks for your help
  Suresh.

• Can we Hide Measure Folders from a Read Only Session?

  Hi ,
  I have implemented security on my workspace by scoping the dimensions and hiding the cubes.It worked.
  For hiding measure folders, i did similar to hiding of cubes, but it did not work. It threw an error message :
  ERROR: (ORA-34706) ACCOUNT_BW.MEASUREFOLDER is not a valid XPRO_OLAP_NON_AGG.OLAP_NON_AGG!ALL_CUBES.
  Iam cannot understand why the OLAP DML is checking a measurefolder in ALL_CUBES .
  Can anyone help ?
  Sample code of Hiding cubes is below.
  Thanks,
  Chakri
  HIDING_MEASUREFOLDERS
  vrb _mfldlist text
  vrb _mfld text
  vrb _hidemfld text
  trap on error
  "Initialize
  oknullstatus = yes
  permiterror = no "Do not throw error when attempting to access scoped data
  limit all_measurefolders to all
  SQL DECLARE c2 CURSOR FOR -
  SELECT distinct cube_name FROM xpro_wh.cube_access -
  WHERE user_profile in ( select to_char(xpro_stage.fn_get_vpd_profile -
  (substr(xpro_stage.fn_get_connected_emp_id,3))) from dual) -
  and expression = 'MEASUREFOLDER'
  if sqlcode eq -1
  then show sqlerrm
  sql open c2
  sql import c2 into -
  :_mfld then <_mfldlist = joinlines(_mfldlist,_mfld)>
  if sqlcode eq -1
  then show sqlerrm
  SQL close c2
  SQL CLEANUP
  "Find all the objects that are measures (has the AW$MEASUREDEF property) and is not a permissible cube
  limit all_measurefolders to _mfldlist
  limit all_measurefolders complement
  "Strip the '.MEASUREFOLDER' from the name of the measurefolders
  hidemfld = changechars(charlist(allmeasurefolders), '.MEASUREFOLDER', '')
  "Find all the measures in the cube
  "limit name to obj(hasproperty 'AW$MEASFOLDERDEF') and inlist(_hidemfld, obj(property 'AW$MEASURE_LIST'))
  limit name to obj(hasproperty 'AW$MEASFOLDERDEF') and inlist(_hidemfld, obj(property 'AW$LOGICAL_NAME'))
  for name
  do
  cns &name
  property 'AW$ROLE' NA
  " property delete 'AW$ROLE'
  " property delete 'AW$MEASUREDEF'
  permit read when false
  doend
  alldone:
  return true
  error:
  return false

  Actually, their should be an easier way - my brain wasn't in full gear yesterday.
  Select the file/folder(s) you want to make aliases for and then hold down the command and option key at the same time. Now drag the files/folders to where you want the aliases to be, and hey presto!
  Slightly easier than the method I mentioned earlier

• When connecting SharePoint Foundation 2013 contacts to Outlook 2013 in Outlook it is read only.

  Hello.
  When I connect Sharepoint 2013 Calendars and Contacts to Outlook 2013 I receive the message " You cannot make changes to contents of this read-only folder" if I try to insert a new contact or a new appointment in SharePoint through Outlook (in
  Account Settings of Outlook, in the SharePoint tab I have "Server version=Not available" and "Permissions=Read Only").
  The same users, through the SharePoint web page, insert a new contact or a new appointment.
  Thank you.
  Regards.
  Alessandro

  It seems there are issues with 64 bit office version
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/1f2280e9-9e1d-4ad3-8042-21efb14e6246/when-connecting-sharepoint-2010-calendar-to-outlook-2013-in-outlook-it-is-read-only-how-do-we-make?forum=sharepointgeneralprevious
  My Blog- http://www.sharepoint-journey.com| Twitter
  If a post answers your question, please click "Mark As Answer" on that post and "Vote as Helpful

• Problem with LR5 Import on MAC, it always shows "file cannot be imported because it could not be read" This happens with file downloads from the memory card as well as with files from the hard drive. Happened out of the blue and I cannot figure out why. P

  I need some instructions to solve this problem, has anyone had the same problems? We just got an imac and changed from windows to mac. At first LR worked perfectly, all of a sudden I cannot import pictures anymore. Please help!!

  The destination directory, where Lightroom is trying to copy photos to, does not have WRITE permission. Change your permissions.

• Can't get OPP service started after OATM due to can't open file for reading

  This is my second run on the OATM upgrade. OPP (and thus XML reports) came up fine after the 2nd run. After this run, had some issues with enqueing and solved them in an S/R with Oracle, but now I can't start OPP. I have tried all sorts of things, like aborting it in OATM, restarting, shutting down instance, running cmclean twice, resubmitting request, etc. Here is the error I get:
  As System Administrator in forms, go to:
  Concurrent -> Manager -> Administer
  -> pick Output Post Processor (from the many manager in the list)
  -> by the way it says "Activating" under status, seems stuck there.
  -> then hit the Processes button
  -> it will show a long list of "Terminated" and default to the first
  one at the top.
  -> Hit the "Manager Log" button
  -> you now get
  "APP-FND-01632: Cannot open file
  /sechi/applcsf/log/SECHI_orav880d/FNDOPP1380237.txt for reading
  Cause: [Routine] encountered an error when attempting to open file
  sechi/applcsf/log/SECHI_orav880d/FNDOPP1380237.txt for reading
  Action: Verify that the filename is correct, the environment variables
  controlling that filename are correct, and the file exists.
  Action: Verify that protections on that file permit reading by this
  program
  - but what is wierd is that the permissions on this dir are 777. I can see old OPP logs in that directory from before OATM. I can manually create a file with the name it complains about , then the app opens up the blank file with nothing in it. It seems that file is not getting created, not that it can't be opened.
  If I need to change the log level of OPP please also tell me how to do that if it would provide some clues.
  THanks Marvin

  One more thing I am going to try first....
  I am going to change the service ID of the OPP manager. It keeps trying
  to restart the dead process maybe that it is..
  Starting INVMGR Concurrent Manager : 25-JUN-2010 20:31:34
  Starting INVMGR Concurrent Manager : 25-JUN-2010 20:31:34
  Starting INVMGR Concurrent Manager : 25-JUN-2010 20:31:34
  Starting STANDARD Concurrent Manager : 25-JUN-2010 20:31:34
  Starting STANDARD Concurrent Manager : 25-JUN-2010 20:31:34
  Starting STANDARD Concurrent Manager : 25-JUN-2010 20:31:35
  Starting STANDARD Concurrent Manager : 25-JUN-2010 20:31:35
  Starting STANDARD Concurrent Manager : 25-JUN-2010 20:31:35
  Starting STANDARD Concurrent Manager : 25-JUN-2010 20:31:35
  Starting STANDARD Concurrent Manager : 25-JUN-2010 20:31:35
  Starting STANDARD Concurrent Manager : 25-JUN-2010 20:31:35
  Starting STANDARD Concurrent Manager : 25-JUN-2010 20:31:36
  Starting STANDARD Concurrent Manager : 25-JUN-2010 20:31:36
  Starting STANDARD Concurrent Manager : 25-JUN-2010 20:31:36
  Starting STANDARD Concurrent Manager : 25-JUN-2010 20:31:36
  Starting STANDARD Concurrent Manager : 25-JUN-2010 20:31:36
  Starting STANDARD Concurrent Manager : 25-JUN-2010 20:31:36
  Starting STANDARD Concurrent Manager : 25-JUN-2010 20:31:36
  Starting MRPMGR Concurrent Manager : 25-JUN-2010 20:31:36
  Starting MRPMGR Concurrent Manager : 25-JUN-2010 20:31:36
  Starting MRPMGR Concurrent Manager : 25-JUN-2010 20:31:36
  Starting MRPMGR Concurrent Manager : 25-JUN-2010 20:31:36
  Starting MRPMGR Concurrent Manager : 25-JUN-2010 20:31:36
  Process monitor session ended : 25-JUN-2010 20:31:36
  Process monitor session started : 25-JUN-2010 20:33:36
  Starting WFMGSMD Concurrent Manager : 25-JUN-2010 20:33:37
  Found dead process: spid=(999999), cpid=(1383584), Service Instance=(1012)
  Starting WFMGSMS Concurrent Manager : 25-JUN-2010 20:33:37
  Found dead process: spid=(999999), cpid=(1383585), Service Instance=(1013)
  Starting FNDCPOPP Concurrent Manager : 25-JUN-2010 20:33:37
  Found dead process: spid=(999999), cpid=(1383586), Service Instance=(1011)
  Starting FNDCPOPP Concurrent Manager : 25-JUN-2010 20:33:37
  Found dead process: spid=(999999), cpid=(1383587), Service Instance=(1011)
  Starting FNDCPOPP Concurrent Manager : 25-JUN-2010 20:33:38
  Found dead process: spid=(999999), cpid=(1383588), Service Instance=(1011)
  Starting FNDCPOPP Concurrent Manager : 25-JUN-2010 20:33:38
  Found dead process: spid=(999999), cpid=(1383589), Service Instance=(1011)
  Starting FNDCPOPP Concurrent Manager : 25-JUN-2010 20:33:38
  Found dead process: spid=(999999), cpid=(1383590), Service Instance=(1011)
  Process monitor session ended : 25-JUN-2010 20:33:38
  Process monitor session started : 25-JUN-2010 20:35:38
  Starting WFMGSMD Concurrent Manager : 25-JUN-2010 20:35:39
  Found dead process: spid=(999999), cpid=(1383591), Service Instance=(1012)
  Starting WFMGSMS Concurrent Manager : 25-JUN-2010 20:35:39
  Found dead process: spid=(999999), cpid=(1383592), Service Instance=(1013)
  Starting FNDCPOPP Concurrent Manager : 25-JUN-2010 20:35:39
  Found dead process: spid=(999999), cpid=(1383593), Service Instance=(1011)
  Starting FNDCPOPP Concurrent Manager : 25-JUN-2010 20:35:39
  Found dead process: spid=(999999), cpid=(1383594), Service Instance=(1011)
  Starting FNDCPOPP Concurrent Manager : 25-JUN-2010 20:35:39
  Found dead process: spid=(999999), cpid=(1383595), Service Instance=(1011)
  Starting FNDCPOPP Concurrent Manager : 25-JUN-2010 20:35:40
  Found dead process: spid=(999999), cpid=(1383596), Service Instance=(1011)
  Starting FNDCPOPP Concurrent Manager : 25-JUN-2010 20:35:40
  Found dead process: spid=(999999), cpid=(1383597), Service Instance=(1011)
  Process monitor session ended : 25-JUN-2010 20:35:40

• How do I move a file with 'no access' permissions?

  I have a file on a computer that I do not have administrator access on. The file's permissions are -r--------, so the system can read the file only and no one else can read or write the file (or execute the file, but it's a text file so that's not really applicable).
  Basically, I'm trying either to change the permissions (remember, I am not the administrator of this computer, so Get Info>Permissions doesn't work, and chmod +r "file" in Terminal doesn't work either) or to move the file to another computer (where I'm the admin) where I can change the permissions.
  Having no access to a file is really annoying, because it can't even be moved, or at least easily. I've tried copying to various folders, airdropping, sharing via iMessage, opening the file in various applications, compressing the enclosing folder, burning it to a disk (I have a MBA so that doesn't work lol), creating an alias, moving it to the trash, and even dragging the file into a rich text file in TextEdit. Of all those things I've tried, the only successful attempt was to drag the file into a TextEdit document, but I got the rtf file onto the other computer and had no idea how to extract the file I had seemingly just copied into the rtf document.
  I also tried copying the enclosing folder (and enclosing folders many layers out) but the copies always failed because I need to be an administrator to copy that single file deep within the folders. I guess it was worth a shot
  Is there some obscure way of moving this file? Or of changing the permissions? Remember I have absolutely zero admin access to this computer (long story).
  Anything you can come up with will help! You don't need the whole backstory to my predicament but basically I'm transferring the system key for the system keychain so I can open the system keychain on the computer with admin access. Thanks!

  Contact the machine's administrator. Only they can change the permissions.

• When trying to import photos from a memory card I get error "The following files were not imported because they could not be read.".  When i first installed Lightroom i was able to import from the very same card because there are photos in my library.  I

  Someone please help...I am very annoyed with Lightroom as I have been trying to import photos with no success

  This message means that you don't have permission to write to the destination folder or disk drive. This is an operating system issue that can be resolved by changing permissions. And you can get plenty of information on how to do that by doing a web search for "change disk permissions".