Public grants and permissions

Similar Messages

• Grants and Permissions

  Need to find out how to implement grants and permissions for a Page. Which module/responsibility/navigation path we have to select to set this

  Hi,
  could any one please answer to these queries.
  1.)what is the difference between normal grants and
  permissions & public grants and permissions?
  You may be granted Permissions to write or read from certain folder or to access or execute certain objects.
  A privilege granted to normal user (private) is only to that specified user. A grant to Public means every user in the database has access to it (for security, this is not recommended unless you know what you are doing)
  2.)what is the sql to find out public
  permissions/grants in databaseQuery the DBA_xxx_PRIVS views
  DBA_AQ_AGENT_PRIVS
  DBA_COL_PRIVS
  DBA_ROLE_PRIVS
  DBA_SYS_PRIVS
  DBA_TAB_PRIVS
  E.g
  SQL> select * from dba_tab_privs where grantee ='PUBLIC';

• Outlook Public Folder access and permissions

  How do I add an account to a public Folder and grant management permissions to that account?

  Hi,
  To add permissions for client users to access Public Folder content, we can use Exchange Management Shell to add it as what ManU PhiliP posted.
  Alternatively, we can use the Public Folder Management Console to add public folder permissions for a client user. For detailed steps about this, please refer to the following official article:
  https://technet.microsoft.com/en-us/library/aa998834(v=exchg.141).aspx
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Winnie Liang
  TechNet Community Support

• Forms Authentication Error: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed

  I created a custom security extension following the steps listed in the Readme_Security Extension Sample. It works fine if I login as the user that is specified AdminConfiguration section of the rsreportserver.config file but if I
  log in as another user, I get this error: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.  I've added the user to both System Administrator
  and System User roles to try to get it to work but still no luck.
  Does anyone know how to fix this?
  Thanks.

  Hi MetronM,
  The issue is due to that user have no permission to access the report server. In report manager, Reporting Services includes predefined roles that we can assign to users and groups to provide immediate access to a report server. Each role defines a collection
  of related tasks.
  You can refer to the following steps to assign corresponding role to the user.
  Open report manager.
  Click “Folder Setting” button. 
  Click “New Role Assignment” icon.
  Type the user name and select the corresponding role.
  There is an article about Granting Permissions on a Native Mode Report Server, you can refer to it.
  http://technet.microsoft.com/en-us/library/ms156014.aspx
  Regards,
  Alisa Tang
  Alisa Tang
  TechNet Community Support

• Per-service SID's are not being granted correct permissions

  Hi,
  I had posted this here :
  https://connect.microsoft.com/SQLServer/feedback/details/770984/per-service-sid-s-are-not-being-granted-correct-permissions, but no response as yet.
  When installing SQL 2012 (on a VMWare VM), based on the following article :
  http://msdn.microsoft.com/en-us/library/ms143504(v=sql.110), I have noticed that the SQL per service SIDs are not being granted the correct permissions. From the initial install, the following is what was observed (the red x's being permissions that
  should have been granted but were not).
  When re-installing and changing from specifying a domain account, to the default values, during set-up, the 4 service SIDs that were not added to 'Log on as a Service' initially were then correctly granted permission, but the other 4 in 'Bypass traverse
  checking', 'Adjust Memory Quotas for a process' and 'Impersonate a Client after authentication' were still not added.
  When running a repair on this install, 'NT Service\MSSQLFDLauncher' was then granted the correct permissions, but 'NT SERVICE\MsDtsServer110' was still missing 'Bypass traverse checking' and 'Impersonate a Client after authentication'.
  This also resulted in the installation of Reporting Services - Native failing in the original installation with 'Attempted to perform an unauthorized operation'.
  If anyone has recently installed SQL 2012, can you check (via gpedit.msc) that the correct 'User Right Assignment' was granted to the per Service SIDs as per
  http://msdn.microsoft.com/en-us/library/ms143504(v=sql.110) ?

  Have you resolved this yet?  Group policy for the OU with my desktop removes all SQL per-service rights.  If group policy is your issue, I'd be interested in how some are retained.  
  Randy in Marin

• Fastest way to grant cube permissions per AMO (250 roles, 30 cubes)?

  Hi there,
  can anybody tell me the fastest way to grant cube permissions in a scenario, where for example 250 roles have to be granted for 30 cubes?
  Now, I do it with AMO, iterating throgh the roles, setting cube permissions.
  My method for granting access looks like this:
  public void GrantCubePermission(Role pRole, Database pDatabase, string pCubeName, ReadAccess pReadAccess, WriteAccess pWriteAccess, ReadSourceDataAccess pReadSourceDataAccess, bool pProcess, ReadDefinitionAccess pReadDefinitionAccess)
  try
  if (pRole == null) return;
  Cube cube = pDatabase.Cubes.FindByName(pCubeName);
  if (cube == null) return;
  CubePermission cubePermission = cube.CubePermissions.FindByRole(pRole.ID);
  if (cubePermission == null)
  cubePermission = cube.CubePermissions.Add(pRole.ID);
  cubePermission.Read = pReadAccess;
  cubePermission.Write = pWriteAccess;
  cubePermission.ReadSourceData = pReadSourceDataAccess;
  cubePermission.Process = pProcess;
  cubePermission.ReadDefinition = pReadDefinitionAccess;
  cubePermission.Update(UpdateOptions.AlterDependents, UpdateMode.UpdateOrCreate);
  catch (Exception ex)
  Msg(ex.ToString(), "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
  Doing it this way, the operation tooks about 4 seconds per role (the given method is executed 30 times per role, the number of the cubes to be granted for).
  Finally, for 250 roles, the operation tooks about 16 minutes.
  Is there a way to do it faster?

  Did you consider XMLA ?
  <
  Createxmlns="http://schemas.microsoft.com/analysisservices/2003/engine">
      <
  ParentObject>
          <
  DatabaseID>DAtabasename</DatabaseID>
      </
  ParentObject>
      <
  ObjectDefinition>
          <
  Rolexmlns:xsd="http://www.w3.org/2001/XMLSchema"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/engine/2"xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/engine/2/2"xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/engine/100/100"xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/engine/200"xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/engine/200/200"xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/engine/300"xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/engine/300/300"xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/engine/400"xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/engine/400/400">
              <
  ID>Role</ID>
              <
  Name>ReadRole</Name>
              <
  Members>
                  <
  Member>
                      <
  Name>domain\user</Name>
                  </
  Member>
                  <
  Member>
              </
  Members>
          </
  Role>
      </
  ObjectDefinition>
  </
  Create>

• Granting different permissions to different codebases : policy file problem

  Hi all. I'm having a bit of a problem with policy files and granting different persmissions to different codebases. What I have at the moment is a server app that copies a class file from the client to a specified directory on the server, and then dynamically loads and runs that class. This all works fine, but obviously as user submitted code is going to be run on the server I want to restrict what they are allowed to do. My app is going to be bundled up in a single jar file, and the directory that the client code is being copied to a subdirectory of the app installtion (not that this should make much difference). What i want to do is grant all permissions to my code in the jar file and resrict the permssions granted to code in the strategies directory. I assumed i would just be able to do this using my own policy file, but at the moment i'm not having much luck.
  Directory structure:
  c:/project/code/
  |
  |-labyrinth.jar
  |-strategies/
  Contents of labyrinth.policy:
  grant codeBase "file:../code/labyrinth.jar" {
  permission java.security.AllPermission;
  Command line arguments:
  java -Djava.security.manager -Djava.security.policy==./labyrinth.policy -classpath .;./labyrinth.jar;./strategies/;%CLASSPATH%; labyrinth.LabyrinthServer
  I've tried specifiying the absolute path to the jar file in the policy file as well as the relative path, i've tried including -Xbootclasspath/a and appending the jar file. All I seem to be able to manage though is either granting all permissions system wide, including the strategies dir, or none and getting security exceptions within my code. Anyone tried doing anything similair or got any idea where I might be going wrong? Any help would be appreciated as its really starting to doing my head in.
  TIA. Matt.

  Did you try putting a slash at the beginning of your "file" specification? e.g., instead of saying
  grant codeBase "file:../code/labyrinth.jar" {
  permission java.security.AllPermission;
  say
  grant codeBase "file:/../code/labyrinth.jar" {
  permission java.security.AllPermission;
  Hope this helps.

• Grant table permissions

  Hi
  I have created a function that loops through the tables in a given schema and returns a table with the number of instances a given string appears in each column.
  (s_entry IN varchar2, s_ow in varchar2)
  return ind_field_value_table pipelined
  IS
  found_count number(10);
  t_return ind_field_value := ind_field_value(null, null, null, null);
  l_query varchar2(200);
  l_query_debug varchar(200);
  begin
  l_query := 'select count(column_name) from owner.table_name where column_name like ''%entry%'' ';
  dbms_output.put_line(l_query);
  for cur in (select owner, table_name, column_name
  from all_tab_columns
  where owner = s_ow and
  (Data_type = 'CHAR' OR Data_type = 'NCHAR' OR Data_type = 'NVARCHAR2' OR Data_type = 'VARCHAR2')
  Order by owner, table_name, column_name)
  loop
         begin
         l_query_debug := replace(replace(replace(replace(l_query, 'column_name', cur.column_name), 'owner', cur.owner), 'entry', s_entry), 'table_name', cur.table_name);
         dbms_output.put_line(l_query_debug);      
         execute immediate l_query_debug into found_count;
         exception when others then dbms_output.put_line(sqlerrm||' '||l_query_debug);
         end;
         found_count := nvl(found_count, 0);
            t_return.S_OWNER := cur.owner;
            t_return.s_table := cur.table_name;
            t_return.s_field := cur.column_name;
            t_return.s_count := found_count;
            pipe row(t_return);
  end loop;
  return;
  end;I can run the function like this
  select * from table(att_con.fn_find_field_entries('TUK-183442', 'APPS'))the problem i am having is the function only looks at a fraction of the tables in the schema
  so schema apps has lots of tables yet the function only looks at 4 of them and then stops.
  will this be bacause i havent granted read permissions to the tables? if so how will i do that?
  thanks in advance

  Hi;
  Please use select grant for 4 tables and retest issue
  Regard
  Helios

• Firewire and permissions

  I bought a firewire drive to back up all users' data.
  I made just one partition and unchecked "Ignore ownership".
  However, any user can bring up the firewire drive and look at any files. Even those she shouldn't have permission for.
  I notice that if any user does a "cd" to that Volume, an "ls -l" shows all files belonging to the logged-in user.
  This isn't right. We need to keep private files private.
  How can I make it really enforce ownership and permissions?
  Thanks.
  Example:
  As user jimmy:
  admin1:/Volumes/Backup jimmy$ ls -al
  drwxr-xr-x 5 jimmy unknown 170 7 Jan 18:52 .
  As user sharon:
  sharon:/Volumes/Backup sharon$ ls -al
  drwxr-xr-x 5 sharon unknown 170 7 Jan 18:52 .
  various   Mac OS X (10.3.9)  

  Hi Jm,
  Use the following command to check whether the disk has permissions enabled.
  vsdbutil -c /Volumes/Backup
  You should see-
  Permissions on '/Volumes/Backup' are enabled.
  If permissions are not enabled then issue this command.
  vsdbutil -a /Volumes/Backup
  Change the owner of /Volumes/Backup to root and the group to admin with this command.
  sudo chown 0:80 /Volumes/Backup
  Then grant admin users the ability to write to the drive with this command.
  sudo chmod 775 /Volumes/Backup
  Folders and files within the drive may need their permissions tweeked. If any files show as associated with the group unknown then you need to change the owner and group of that file. Files owned by the magic unknown user show as being owned by the current login user.

• EJB ACLs and permissions, help needed urgently

  Hello,
  I am using WL6.1. I need to use weblogic.security.acl.Security.checkPermission
  to check if a user has permission to acess an EJB method. I know one can call
  the method and check the exception to see yes or no. But that requires knowing
  the method signature (parameters and return types etc.).
  I read the documentation and here is what I got:
  ACLs and permissions for WebLogic EJBs differ from ACLs and permissions for other
  kinds of WebLogic Server resources in the following ways:
  1. EJB ACLs are configured in the access control properties of the EJB's deployment
  descriptor.
  2. Permissions are granted on individual methods of a bean; there are no predefined
  permissions.
  3. Permissions on EJBs are granted to Roles, which map to groups in WebLogic Server.
  So if I read it correctly:
  1. One does not need to use WL console to configure EJB ACLs? If otherwise, how
  do we do it?. There is no documentation for it.
  2. What is the ACLName to use when I call the method weblogic.security.acl.Security.checkPermission(java.security.Principal
  principal, java.lang.String aclName,
  java.security.acl.Permission permission,
  char sep)?
  I tried with JNDI name and EJB name and nothing seems to work.
  Can anyone help me out?
  Thanks.
  Ling Wang

  It all depends on where do you want to keep your ACLs and the rest of security.
  Simplest will be fileRealm, but it has limited capability (10k ACLs I recall).
  You do not heed console to set it up. Here is an excert from ACL file:
  acl.read.OT_INTEGRATIONOBJREF=everyone
  acl.read.OT_ORGTRANSPORT=OrgAdmin,AppAdmin
  acl.read.OT_ORGUNITOFMEASURE=OrgAdmin,AppAdmin
  # from nonWorkflowEvents.template
  acl.execute.ET_QUERY=everyone
  acl.execute.ET_BATCH=everyone
  read/execute is action. Caps keep resource (name). On the right hand is a list
  of roles. The security call will be lokking like:
  boolean result = Security.hasPermission("ET_BATCH",
  new PermissionImpl("read"), '.');
  It does not throw, just returns a boolean.
  Now, this is all about programmatic security. If you are up to declarative, you
  need to assign role names to method names in deployment descriptor of your bean
  and map them to actual roles.
  Also you may have problems while asking security question about another principal
  (nto the one currently logged in). Not that it does not work -- just needs caution.
  Hope it helps.
  "Ling Wang" <[email protected]> wrote:
  >
  Hello,
  I am using WL6.1. I need to use weblogic.security.acl.Security.checkPermission
  to check if a user has permission to acess an EJB method. I know one
  can call
  the method and check the exception to see yes or no. But that requires
  knowing
  the method signature (parameters and return types etc.).
  I read the documentation and here is what I got:
  ACLs and permissions for WebLogic EJBs differ from ACLs and permissions
  for other
  kinds of WebLogic Server resources in the following ways:
  1. EJB ACLs are configured in the access control properties of the EJB's
  deployment
  descriptor.
  2. Permissions are granted on individual methods of a bean; there are
  no predefined
  permissions.
  3. Permissions on EJBs are granted to Roles, which map to groups in WebLogic
  Server.
  So if I read it correctly:
  1. One does not need to use WL console to configure EJB ACLs? If otherwise,
  how
  do we do it?. There is no documentation for it.
  2. What is the ACLName to use when I call the method weblogic.security.acl.Security.checkPermission(java.security.Principal
  principal, java.lang.String aclName,
  java.security.acl.Permission permission,
  char sep)?
  I tried with JNDI name and EJB name and nothing seems to work.
  Can anyone help me out?
  Thanks.
  Ling Wang

• Public,pvt and dmz nodes

  Hi..
  I would like to know the difference between Public, Private and DMZ nodes. BY logging to the server , how can we find out which of the above three, it is ??
  My understanding is Public node is accessible to all, private and dmz are limited to a particular set of people or a geography.
  How many public,pvt and dmz nodes can we have in E-Business suite ( i guess number is not defined, and we can have as many as we want)
  Thx

  Hi,
  You would be better of configuring the public IP address on the "outside" interface of the ASA5505
  By default you will have some Vlan interface which has all the IP address configurations under it. That Vlan is then attached to some interface. In your case it seems to be Ethernet0 Port.
  With the public IP address configured on the "outside" interface you could then use port forward to forward the Web service to the DMZ server
  Heres an example configuration
  interface Vlan2
  description OUTSIDE
  nameif outside
  security-level 0
  ip add 1.1.1.1 255.255.255.252
  interface Vlan1
  description INSIDE
  nameif inside
  security-level 100
  ip add 10.10.10.1 255.255.255.0
  interface Vlan10
  no forward interface Vlan1
  description DMZ
  nameif dmz
  security-level 50
  ip add 192.168.10.1 255.255.255.0
  object network WEB-SERVER
  host 192.168.10.10
  nat (dmz,outside) static interface service tcp 80 80
  access-list OUTSIDE-IN permit tcp any object WEB-SERVER eq 80
  access-group OUTSIDE-IN in interface outside
  The above configuration is meant to illustrate
  "outside" , "inside" and "dmz" interface
  The "dmz" interface is configured with the "no forward interface Vlan1" configuration as that is the only way to active a third Vlan interface on an ASA5505 with only Base License. This will prevent "dmz" host from opening a connection to "inside". Notice though that "inside" host can still open connection towards the "dmz"
  Static PAT or Port Forward configuration between "outside" and "dmz" which provides the DMZ server 192.168.10.10 visibility to Internet using the "outside" interface public IP address. The only service forwarded to the "dmz" server is TCP/80/www
  OUTSIDE-IN in the access-list attached to the "outside" interface to allow Web traffic from any source address to the DMZ server.

• Granting of permissions

  Okay, here is what I am trying to achieve (from my last thread):
  I work at a K-12 school. I have a superintendent that wants to have a folder that only himself and the administrator can have access to. This part seems to be easy. Just do some arranging of folders that are used by other lower-level admins and grant them permissions on the folder that would contain said folders.
  The second part is trickier. I want the admin secretary, bookkeeper, and assistant admin to have the power to add and delete names into the NDS. The only way they can currently enter names is if they have admin powers. I want to remove those powers but still allow them to have the ability to add/remove names from NDS.
  My question is this. Is there a step-by-step ( or can one be provided in this thread) of how to create the permissions necessary for Console One 1.3.6.h or even iManager 2.7x and where to apply said permissions that allows me to grant the power to add/delete an user from NDS.
  Thanks,
  Kevin

  Originally Posted by dgersic
  On Thu, 09 Jun 2011 18:36:02 +0000, wheatonr3 wrote:
  > Okay, that made sense. Now, my next question has to do with those
  > trustee rights after I created the Organizational Container. There are
  > a lot of things on the trustee list when you click on the "Add Property"
  > button. Which properties/rights do I need to assign an user to add and
  > delete users, change accounts from locked to active (and vice-versa),
  > and change passwords when needed.
  Creating objects requires Create rights at the container.
  Deleting objects requires Delete rights.
  By "locked" I'm assuming you mean "disabled". They'll need rights to the
  Login Disabled attribute.
  For password changes, they'll need rights to the "Password Management"
  attribute.
  David Gersic dgersic_@_niu.edu
  Novell Knowledge Partner http://forums.novell.com
  Please post questions in the newsgroups. No support provided via email.
  Okay. This then has no bearings on permissions into folders and whatnot so if I assign some folders with administrator permissions only, then those I assign the permissions you stated cannot get into that folder unless they themselves are administrators.

• I'm trying to log into a public network and while the fan blade shows I have a connection I can not get the user agreement to load in Safari. This was working until yesterday, what changed?

  I've reset my network settings. I've cleared cache and cookies in the browser. Before yesterday the login screen would appear anytime I attempted to use an app or program that required internet access. Pretty much every program. Now I have a brick tablet at work. I've reset everything I can find. I'm at a dead end. 
  I've seen other ipads that had the auto login togle and auto join togle under network selection, my ipad does not have those options. Logging in at home is working fine on my private network. This public network is not being reset or forgotten when I choose "forget network" or Safari is blocking the login page and I don't know how to un block it.

  Well, when I join a public wifi, a log in page displays a few seconds later, displaying the user agreement. But, earlier today, I was trying to connect my friend's 3GS to a public wifi, and it did not show up. So. I don't really know what happen. I think you should toggle the auto Join to on.

• Difference between Public Void and Public Int

  I was wondering what the difference was between 'public void' and 'public int'?

  Yeah,
  Given package forumTest;
  public class ReturnVoid
       public int returnInt()
       public void returnVoid()
  }compiling using the 1.4.2 reference compiler produces the following result:
  $ javac -d classes/ src/forumTest/ReturnVoid.java
  src/forumTest/ReturnVoid.java:6: missing return statement
          ^
  1 error

• I want to change the sharing and permissions of a large number of photos. How can I do this in bulk rather than one at a time?

  I want to change the sharing and permissions of a large number of photos. How can I do this in bulk rather than one at a time?

  Does this involve iPhoto in some way?