Proxy user with limited privileges

Similar Messages

• InDesign crashes when opening with users with limited privileges

  InDesign opens and when the page where you choose to start a project loads, it crashes.
  I have unloaded the plugins but nothing changes. This happens with the final users of the computers.
  As administrator I can run it perfectly.
  I need to solve this because I have 250 students waiting to use this software

  No, PC
  Problem signature:
  Problem Event Name:                        APPCRASH
  Application Name:                             InDesign.exe
  Application Version:                           8.0.0.370
  Application Timestamp:                     4f72c3ee
  Fault Module Name:                          MSVCR100.dll
  Fault Module Version:                        10.0.40219.325
  Fault Module Timestamp:                  4df2be1e
  Exception Code:                                  40000015
  Exception Offset:                                0008d6fd
    OS Version:                                          6.1.7601.2.1.0.256.48
  Locale ID:                                             2058
  Additional Information 1:                  7f56
  Additional Information 2:                  7f56d5316922f11d9c19960fa530c768
  Additional Information 3:                  1720
  Additional Information 4:                  1720f133ce639c9412106776314a8c8e

• Create user with dba privileges

  How do I create a user with DBA privileges in Oracle? The user should be able to create, insert, delete, truncate and other functions without any limits. Do I have to issue GRANT statements?

  Hi,
  I don't believe there's any way to create a user and grant privileges in one command.
  First, create the user:
  CREATE USER  foo  IDENTIFIED BY  bar;Then grant the privileges. There's a pre-defined role called DBA that has all the privileges you mentioned.
  GRANT  dba  TO  foo;It's easy to write a script to do these two commands together, so you could say
  @CREATE_USER  foo  bar  dba

• How to create full new user with all privileges

  how to create full new user with all privileges?
  and how to delete existing users?
  Thanks in advance..

  Common solution is probably to use sudo for privilege elevation, wiki should help

• Install for users with limited rights.

  Is there a way to install Flash player so users with limited rights can perform updates?  I don't want to touch hundreds of machines each time a minor upgrade is released.  Security policies dictate that users cannot have local admin rights.

  Hi, not that I have heard of. If you can't update, then most likely you are under Group Policy and the IT Department would be in charge of that.
  If it is possible, then someone else would need to reply to you.
  Thanks,
  eidnolb

• Using an NT user with DBA privileges does not permit to create schema : why ?

  Hi,
  I use an Oracle 8 on an Windows NT server.
  I have two NT users with DBA privileges.
  But, when I use the migration workbench to create the oracle schema, my users are not granted.
  Why ?
  Regards.
  Pascal

  Please clarify your problem.
  The workbench creates users (which are visible in the oracle model within the tool) with the password oracle .
  I am not sure if you are asking about accessing the database using your OS user identity, or have you found that the users exist but do not have dba privileges.
  Turloch
  Oracle Migration Workbench Team
  null

• Shockwave shows no content when run with limited privileges

  Hi,
  We're deploying showckwave player in our company.
  When installing shockwave player on windows 7 wirh IE9 shockwave shows only content when IE9 is run in Administrative Mode. If IE9 is run with limited privileges which is default shockwave shows no content (i.e. http://www.adobe.com/shockwave/welcome/).
  Any solution for this?

  the ipod touch and iphone where fully functional before the 2.0 update, but since than it seems like everything has gone to crap, it seems like apple can't make any good firmware anymore, iTunes 7.7.1 (which causes the app failures and the music being deleted, and iphone 2.0.2, didn't fix anything for me, man i can't wait to get the new ipod touch, maybe all these problems will be fixed by then

• [OIM] Proxy User with groups

  Dear people,
  I have a scenario where there is a resource with an approval workflow, with 2 steps: in the first the Manager of the requester is the one who must approve. In the second step, a group is assigned as the one who has to make the approve.
  I give a proxy to the Manager and another proxy to one of the group members.
  When the workflow reaches the Manager approval step, it is automatically assigned to the proxy (what I expected).
  The problem arises when the workflow reaches the group approval step, the assignment is still made to the user that is member of the group, not to his proxy user. Is this an OIM limitation? Some workaround?
  Thanks!

  Hi,
  when we assign the task to a group then if the proxy user is the part of that particular group then he has that task automatically why to duplicate the task and if proxy user is not the memeber of the group then he is not authorize to have that task because he is not the member of that group. As user set him as proxy user for him not for group.
  I hope this answer your query....
  Regards
  Alabhya Goel

• Can a user with Contribute privileges invoke SPFolder.SubFolders.Add(folder) Sharepoint 2010 API in a Webservice?

  We have a Webservice deployed on a Sharepoint 2010 deployment with a method as follows:
  public static string ensureParentFolder(SPWeb parentSite, string destinationUrl)
  destinationUrl = parentSite.GetFile(destinationUrl).Url;
  int index = destinationUrl.LastIndexOf("/");
  string parentFolderUrl = string.Empty;
  if (index > -1)
  parentFolderUrl = destinationUrl.Substring(0, index);
  SPFolder parentFolder
  = parentSite.GetFolder(parentFolderUrl);
  if (!parentFolder.Exists)
  SPFolder currentFolder = parentSite.RootFolder;
  foreach (string folder in parentFolderUrl.Split('/'))
  try
  currentFolder = currentFolder.SubFolders.Add(folder);
  catch (Exception ex)
  FINEOSLogger.Medium(LoggerCategory.FINEOSToSharePointDMS, "User could not create SP folder so elevating permissions");
  SPSecurity.RunWithElevatedPrivileges(delegate()
  currentFolder = currentFolder.SubFolders.Add(folder);
  return parentFolderUrl;
  When invoked by a User with only Contribute rights the SubFolders.Add( ) call appears to fail and the
  SPSecurity.RunWithElevatedPrivileges
  code is invoked, which also fails.
  1. So the first question is should you be able to invoke SubFolders.Add() with only Contribute?  It works with Design privileges for the Customer.  You can add folders on the Sharepoint website as a Contribute user so why not on the API. 
  Customer raising this as a security concern.
  2. Also why would the
  SPSecurity.RunWithElevatedPrivileges
  part fail, is the syntax incorrect for Sharepoint 2010?  We migrated this code from Sharepoint 2007 project.
  The error I get when I try run the code as a Contribute user is
  com.fineos.ta.dms.external.DMSException: The exception [A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18".] was caused by the exception [A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18".]., Ta Exception info,Exception Class=class com.fineos.ta.dms.external.DMSException,Root cause ID=10,Root cause host=IEL163,Localized message=A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18"
  at com.fineos.integration.dms.internal.thirdparty.GenericDMS.add(GenericDMS.java:149)
  at com.fineos.frontoffice.documentmanager.DocumentManager.saveToThirdPartyDMS(DocumentManager.java:280)
  at com.fineos.frontoffice.documentmanager.fileupload.UploadDocumentWidget.save(UploadDocumentWidget.java:401)
  at org.apache.jsp.sharedpages.documentmanager.fileupload.uploaddocumentpage_jsp._jspService(uploaddocumentpage_jsp.java:77)
  Caused by: com.fineos.integration.dms.external.services.SharePointDmsException: A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18".
  at com.fineos.integration.dms.external.services.GenericDMSClient.uploadDocument(GenericDMSClient.java:139)
  at com.fineos.integration.dms.internal.thirdparty.GenericDMS.add(GenericDMS.java:132)
  ... 88 more
  Caused by: org.apache.axis2.AxisFault: Error_occured_sharepoint [Message Details = An Exception occurred in SharePoint; System.UnauthorizedAccessException: <nativehr>0x80070005</nativehr><nativestack></nativestack>Access denied.
  at Microsoft.SharePoint.Library.SPRequest.AddOrDeleteUrl(String bstrUrl, String bstrDirName, Boolean bAdd, UInt32 dwDeleteOp, Int32 iUserId, Guid& pgDeleteTransactionId)
  at Microsoft.SharePoint.SPFolderCollection.AddInternal(String strUrl, Int32 userId)
  at FINEOSIntegration.FINEOSToSharePointDMS.SharePointDMSUtilities.<>c__DisplayClass9.<ensureParentFolder>b__5()
  at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass4.<RunWithElevatedPrivileges>b__2()
  at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)
  at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)
  at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode)
  at FINEOSIntegration.FINEOSToSharePointDMS.SharePointDMSUtilities.ensureParentFolder(SPWeb parentSite, String destinationUrl)
  at FINEOSIntegration.FINEOSToSharePointDMS.FINEOSToSharePointDMS.uploadDocument(String UserName, String FolderPath, String Filename, Byte[] File, DocumentProperties DocumentProperties, Boolean NotifyFINEOS, Boolean NotifyFINEOSSpecified, Boolean OverwriteIfExists, Boolean OverwriteIfExistsSpecified, String& DMSDocType)]
  at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512)
  at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
  at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
  at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
  at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
  at com.fineos.frontoffice.thirdpartydms.operationtypes.ThirdPartyDmsServicesStub.uploadDocument(ThirdPartyDmsServicesStub.java:761)
  at com.fineos.integration.dms.external.services.GenericDMSClient.uploadDocument(GenericDMSClient.java:119)
  ... 89 more
  Note that the user SPWeb being passed into the method is from an impersonated user, don't know if that matters.
  So the webservice payload contains the id of the user who wants to do the Sharepoint work while the webservice is invoked by anonymous or some other service user.  We then impersonate the user specified in the webservice payload like follows and use
  that web SPWeb from then on in the webservice methods:
  userToImpersonate = currentWeb.AllUsers[user];
  site = new SPSite(fileUrl, userToImpersonate.UserToken);
  web = site.OpenWeb();
  Any help appreciated.
  Thanks,
  Ruairi.

  Ideally, a user with Contribute permissions should be able to add folders. Not sure what is the issue there. But I can see that SPSecurity.RunWithElevatedPrivileges is not written properly. You must create a new SPSite object inside the delegate
  because SPSite objects created outside do not have Full Control even when referenced inside the delegate. Use the using keyword to ensure that the object is disposed in the delegate. Example:
  SPSecurity.RunWithElevatedPrivileges(delegate()
  using (SPSite site = new SPSite(web.Site.ID))
  // implementation details omitted
  });See this for more information about SPSecurity.RunWithElevatedPrivilegeshttps://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurity.runwithelevatedprivileges%28v=office.12%29.aspx?f=255&MSPPError=-2147217396
  Blog | SharePoint Learnings CodePlex Tools |
  Export Version History To Excel |
  Autocomplete Lookup Field

• Create user with DBA privileges with a restriction to access user data

  Hi
  I need to create a user with all DBA privileges with a restriction to access all user schemas
  Thanks,
  Balaji

  Use Database Vault - http://download.oracle.com/docs/cd/E11882_01/server.112/e16544/toc.htm
  HTH
  Srini

• Create user with select privilege only one schema

  can someone tell me how i can create user with select priviliges only one schema.
  i don't want the user to have any select privileges with other schema.
  can someone advise me.
  Thansk

  In general, you would do something like
  CREATE ROLE abc_read_only;
  FOR x IN (SELECT * FROM dba_tables WHERE owner='ABC')
  LOOP
    EXECUTE IMMEDIATE 'GRANT SELECT ON abc.' || x.table_name || ' TO abc_read_only';
  END LOOP;
  CREATE USER your_user ...;
  GRANT abc_read_only TO your_userYou create a role, grant the role SELECT access to all the tables in the ABC schema (you can extend this to grant access to views, functions, etc depending on the requirements), and then grant that role to your user.
  Justin

• Creating portal users with owner privileges?

  Hello,
  I need to let local adminstrators create users in the portal.
  This is based on instance-specific privileges, not global.
  Setting them to 'owners' of the group in the portal should let them add users.
  Once created and I log in as one of them I do not have the privileges of being an
  'owner', eventhough it's visible in the portal that I am an owner.
  Anybody?
  /

  Hi,
  To make the problem a little clearer.
  I want to have "local adminstrators" that can manage portal users i.e; delete, insert and update portal users.
  However I do not want these "local administrators" to be "Full administrators"- too dangerous.
  The "local adminstrators" should belong to the same group as the users they are set to administer. The
  only difference between a "local administrator" and a user of a group is that the "local administrator" have privileges
  to manage the other users of the group. If I have understood the concept right an owner have these privileges.
  I made them owners of the group, but this did not enable them to manage users.
  This must be a rather common approach, to have some users being able to administer other users without being a fullfledge DBA.
  Right now I'm looking into mapping them(the local administrators) to a different database schema with rights to manage users.
  I realize that to map them to another schema, then the checkbox "Use this schema for Portal Users" have to be checked when creating the
  schema. How do I check if this was checked and if it wasn't checked can I alter it now?
  Another thought is to dynamically upon meeting certain conditions making them Full Administrators, then after finishing the task
  reinstating them as normal users.. but this.. well hmm
  Thanks.
  /

• SecurityAgent seems to be thrashing when ParentalControls logs out a user with limited access time.

  I have a 2007 iMac running OS X Lion, all latest updates and patches applied.
  My daughter has an account on the system, which I have limited to only being able to be used for a few hours a day.
  The problem arises when she leaves herself logged in, but walks away, and the time runs out.  When I sit down at the console, the first thing that happens is that the cursor disappears, and the systems starts to go into a logout.  Makes sesne so far, I guess.  However, the system then goes into what I can only presume is some sort of loop.  The cube animation starts, and rotates back and forth several times between two screens, both equally hessian wrapped, with no distinguising features.
  I can log into the system via ssh, and I can confirm that the system is spiking out on SecurityAgent:
  Processes: 661 total, 5 running, 29 stuck, 627 sleeping, 2082 threads                                                     
  19:59:08 Load Avg: 1.68, 3.07, 5.24  CPU usage: 43.38% user, 23.52% sys, 33.8% idle  SharedLibs: 3620K resident, 1948K data, 0B linkedit.
  MemRegions: 104350 total, 1295M resident, 189M private, 2974M shared.
  PhysMem: 1166M wired, 3312M active, 1655M inactive, 6133M used, 9560K free.
  VM: 1611G vsize, 1118M framework vsize, 34169473(356) pageins, 5796949(92) pageouts.
  Networks: packets: 100372238/47G in, 162918821/146G out.  Disks: 23914908/3252G read, 27697160/2570G written. 
  PID    COMMAND      %CPU      TIME     #TH  #WQ  #PORT #MREG RPRVT  RSHRD  RSIZE  VPRVT  VSIZE  PGRP  PPID  STATE    UID  FAULTS
  27013  SecurityAgen 98.0      37:41.27 2/1  1    88    84    508K   3904K  2664K  31M    2410M  27013 1     running  92   3028
  28561  top          25.9      02:27.05 1/1  0    32    43    3752K  216K   4176K  20M    2381M  28561 28505 running  0    1924014+
  1      launchd      4.6       50:43.63 3    0    3159- 343   2804K+ 2836K  2128K+ 15M+   2405M  1     0     stuck    0    553252+
  0      kernel_task  1.5       08:01:03 71/2 0    2     976   14M    0B     595M-  15M    5487M- 0     0     running  0    23008
  197    WindowServer 0.7       01:57:50 5    1    6653  6448  22M+   885M   486M+  137M   40G    197   1     sleeping 88   25934192+
  18548  Transmission 0.5       01:59:18 7    1    175   372   10M    7352K  16M-   47M    2550M  18548 282   sleeping 501  10297632
  14     opendirector 0.4       02:27.27 13   13   617+  108+  6072K+ 1872K  6860K+ 32M+   2417M+ 14    1     stuck    0    407028+
  25117  mcxalr       0.2       00:40.33 4/1  3    43    41    200K   252K   1780K  30M    2391M  25117 1     running  54   1580
  26441  SecurityAgen 0.2       00:01.55 2    1    121   245   2856K  19M    6820K  35M    2503M  26441 1     stuck    92   27427
  28001  ManagedClien 0.1       00:00.11 4    3    98+   86    1196K+ 4900K  3748K+ 31M    2413M  28001 27998 sleeping 0    3718+
  294    UserEventAge 0.1       00:20.22 3    1    212   140   976K+  3964K  2632K+ 34M    2422M  294   282   sleeping 501  294201+
  28006  ManagedClien 0.0       00:00.11 4    3    97    86    1184K+ 4904K  3700K+ 32M    2414M  28006 28003 sleeping 0    3725+
  28573  mdworker     0.0       00:00.41 4/1  2    55    101   8648K  6052K  13M    38M    2422M  28573 28443 running  89   4766+
  27831  loginwindow  0.0       00:00.50 4    2    153+  108+  1692K+ 4804K  3252K+ 35M+   2425M+ 27831 197   sleeping 0    4875+
  15     configd      0.0       00:33.57 6    1    2316  230   2392K  1788K  3524K+ 27M    2420M  15    1     sleeping 0    320735+
  28318  loginwindow  0.0       00:00.54 3    1    151   101   924K+  4712K  3120K+ 33M+   2423M  28318 197   sleeping 0    4778+
  Now, obviously, because I can ssh in, I can start a clean shutdown and restart, but I'd like a way to do this that doesn't involve me bringing down the system, when the whole point of multiple users and parental controls is that a system can be shared cleanly.
  Thoughts?
  Thanks,
  Will

  See if this blog post that our support team created helps you with the connection information. This can create the desktop Access application linked up to the Access 2013 web app tables you have.
  http://blogs.technet.com/b/the_microsoft_access_support_team_blog/archive/2014/03/24/how-to-make-external-connections-to-an-access-web-app-new.aspx
  Also, you might just try clicking the Create Reports button in the Access web app client interface and Access will create the reporting database for you with links to the web app tables. On the File menu (when using the Access web app in client) make sure
  to click the option to Allow Any Location under the Manage button. After that, just click the Create Reports button on the File menu (right above the Manage button) and wait a few seconds. Access will create a new desktop database linked up to all of the Access
  web app tables. You can then create as many reports or other desktop objects as you like.
  Hope that helps,
  Jeff Conrad - Access Junkie - MVP Alumnus
  Senior Content Developer - Office Content Development Team - Microsoft Corporation
  Author - Microsoft Access 2013 Inside Out
  Author - Microsoft Access 2010 Inside Out
  Co-author - Microsoft Office Access 2007 Inside Out
  Access 2007/2010/2013 Info: http://www.AccessJunkie.com
  This posting is provided "AS IS" with no warranties, and confers no rights.
  Use of included script samples are subject to the terms specified at
  http://www.microsoft.com/en-us/legal/Copyright/Default.aspx

• New user with sysdba privilege gets connected as user sys

  hi ,
  I am using oracle 10g R2 . I have a user named test . I have provided sysdba privilege to this user . Now , when I login to this user as conn tkcsowner/password
  it gets connected , I created a table in that , the table data is fine . But, when I login as conn tkcsowner/password as sysdba , it connects , if I execute show user it shows "user is sys" , and the table is not here .
  My question is ............
  1. if I login to tkcsowner as sysdba , where do I login actually , to sys account or to tkcsowner ?
  2. I want to execute some stored procedures through tkcsowner , which requires sysdba privilege . But , how can I can execute those from tkcsowner , but not from sys ?
  Any additional info on this would be appreciated . thank you.

  My question is ............
  1. if I login to tkcsowner as sysdba , where do I login actually , to sys account or to tkcsowner ?Yes, teh correct behavior. If you would use the o/s authentication, you would be connected as Sys user since Oralce would bypass the supplied username and password of yours over the prompt.
  2. I want to execute some stored procedures through tkcsowner , which requires sysdba privilege . But , how can I can execute those from tkcsowner , but not from sys ?When you are going to connect with Sysdba role, you would be connected as Sys user. I am not sure what you exactly mean by saying that the procedure requires the Sysdba privilege? Procedure doesn't need any Sysdba privilege( there isn't such thing since its a role not a privilege) but the provilege of Execute on that procedure . So you do want to check it out what you are actually looking for and why?
  HTH
  Aman....

• New User with All privileges of Administrator

  Dear All,
  We created one user USER1 in RPD.
  We should give all priveliges to USER1 Like Administrator.(Answer,Dashboard,... should access to USer1)\
  How to set?
  Thanks
  Govind R

  Hi Raj,
  Just a clarification, is your user (user1) in the RPD is grouped under Administrator?
  If the user is grouped under Administrator, then we can follow a simple step in BI front end for the user to access all the front end objects.
  In the BI Dashboard, click the settings there you can find manage presentation catalog groups and users. Here we can add the User 1 to presentation server Administrator group.
  Make sure your Administrator user is set with all the necessary privileges to access Answers, Dashboard etc.
  Thanks,
  Karthikeyan V