Read user groups from realm. Admin rights to each user ??

Similar Messages

• Cannot view the folder security after removed the default "users" group from folder

  Hi guys
  Due to the domain change, I am doing a windows 2003 server migration to windows 2012 for a file server.
  Tones of data have been copied from the old 2003 server to the new setup 2012 server.
  We need remove the "builtin\users" group from the folder security to maintain correct rights access of user to network folder.
  Once the "builtin\users" group has been removed, the account in domain admin group can no longer read the folder security.
  Has anyone faced the similar situation? 
  Or, is there any change in folder security rights of Windows 2012?
  Thanks in advance
  KC@ITL

  Hi,
  Glad to hear that the issue has been resolved.
  If you need any assistance in the future, please do not hesitate to post in our forum.
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Migrate the users, groups from essbase 7.1.6 to shared services

  Hi
  Our current production is essbase version 7.1.6 and we are planning to migrate to EPM 11.1.2 . We would like to move the security administration from Essbase to Shared Services (want to use Native Directory).
  can somebody please suggest
  1) An utility that Oracle provides with EPM 11.1.2 that helps to migrate the users and groups from 7.1.6 to shared services?
  2) After bringing the users groups from 7.1.6 to 11.1.2, do we need to externalize these users and groups or no need?
  Appreciate the help. Thanks,

  if you have LDAP/MSAD try to configure it first .That will get your users
  Now using maxl
  spool on to GROUP.txt
  display gruoup all;
  spool on to USER.txt
  display user in group all;
  for test purpose create a test group and a test user from the shared services.
  Now using GROUP.txt
  make up maxl statements to create groups(use any advanced text editor or MS excel to get your work done fast)
  create group 'groupname';
  now login into that shared services
  go to FOundation Application group->click sharedservices->drop down native directory ->Right click on Groups and select export for edit.THat will save you Groups.csv file.
  Now
  1.Open that Groups.csv file
  2.Using USER,txt ,paste the users in that file under their respective group.(Look for test group created that should give you an idea!!!)
  3.Paste user correctly and save it to the same file Groups.csv
  4.go to FOundation Application group->click sharedservices->drop down native directory ->Right click on Groups and select IMPORT for edit.
  5.that will get your users into the groups.
  ________filters_______
  Using maxl again
  spool on to FILTER.txt
  display filter row all;
  spool on to GRPRIVILEGE.txt
  display privilege group all;
  Now using FILTER.txt
  create maxl statements
  (use any advanced text editor or MS excel to get your work done fast)
  Ex: create filter app.database.filtername read/write/none/metaread on 'AREA ' ;
  Using GRPRIVILEGE.txt
  create maxl statements
  grant filter app.databse.filtername to 'groupname';
  that should get your filters created and assigned.
  else you can use Advanced Security Manger
  http://www.appliedolap.com/free-tools/advanced-security-manager
  hope that should give you an idea!!!!!!!

• Do users have to have admin rights in order to be able to sync?

  It seems that the Blackberry users at my company have to have admin rights in order for them to be able to sync their devices to their computers.  The company is tightening the controls and soon, only the IT department will have admin rights.  So how will users sync their devices? The company is not willing to spend the money on the BES.  Any guidance to this problem would be GREATLY appreciated!

  hello,
  correct. Either a user groups, or directly the rights granted locally on each computer for its owner.
  I have no idea so the IT guy will have to trial & error by dichotomy.
  patience will be needed.
  => some registry folder in write/modify, some firewall ports opened, some rights on some NTFS folders.
  I wish good luck to the ITman. Maybe theyll find salute with technical documentation on how the Desktop Manager works.
  it's the price to pay for not paying the price of a BES
  The search box on top-right of this page is your true friend, and the public Knowledge Base too:

• Sharepoint 2010 get User Groups from specific site

  Hello,
  I was able to get all User groups from entire site Collection.
  But instead of getting user groups from entire site, I want read user groups only from one specified sub site.
  Please help!
  Thanks

  Assuming you have an SPWeb object named "web", example:
  SPSite site = new SPSite(http://yourdomain/sites/yoursite);
  SPWeb web = site.OpenWeb("mysubsite/subsbusite");
  web.Groups will return a collection of SPGroup objects for the current subsite. If this subsite inherits permissions from a parent site (web.HasUniquePerm = False), the list is the same as the Groups property of the parent site.
  SPWeb.Groups:
  http://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.spweb.groups(v=office.15).aspx
  SPGroup:
  http://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.spgroup(v=office.15).aspx
  You would be better results by posting coding questions in "SharePoint 2010 - Development and Programming" instead of "SharePoint 2010 - General Discussions and Questions".
  Mike Smith TechTrainingNotes.blogspot.com
  Books:
  SharePoint 2007 2010 Customization for the Site Owner,
  SharePoint 2010 Security for the Site Owner

• Provisionusers.cmd and Migrate users/groups from Planningweb

  Hi
  Is the functionality of Provisionusers.cmd and migrateusers/groups from planning web similar?
  I feel Provsionsuers.cmd is an alternative way to migrateusers/groups from planning web.
  Please correct me if i am wrong.
  Thanks and regards
  krishnatilak

  Hi,
  The provisionusers utility basically syncs planning and essbase with the provisioning of users/groups in shared services.
  If you run the utility and a user exists in shared services but has not been created in the planning database the user will be added.
  If the user does not exist in the essbase security file then they are added.
  If it is a user that exists and has security settings on members in planning then these filters are pushed down to essbase.
  It should also remove users/groups from planning if they have been deprovisioned in shared services.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Migrate Rpd Catalog and User ,Groups from OBIEE 11.1.1.3.0 to 11.1.1.5.0

  hi Guys,
  I have got a setup of OBIEE 11.1.1.3.0 on windows 32bit machine and now i am planning to have a setup of 11.1.1.5.0 on windows 64 bit machine.
  please tell me the Detailed steps for Migrating the Rpd Catalog and User ,Groups from OBIEE 11.1.1.3.0 to 11.1.1.5.0
  Like
  1. Do i have to copy the RPD and Catalog Directly to 1.5 or some Upgrade Assistance is to be done
  2. If i am Using the Export Provided in the myrelam ( in 1.3) and taking it to obiee 1.5 (as it already contains some inbuilt policies and groups) does it going to give me error
  Regards
  Ankit

  Check the Oracle reference I have provided earlier. Concept goes like this:
  Important difference is that upgrading from 10g to 11g is called an "out-of-place upgrade" while upgrading to another 11g is called an "in-place upgrade," because the upgrade operates on existing files. Moving from one 11g release to another 11g release is sometimes referred to as "patching."
  http://download.oracle.com/docs/cd/E21764_01/bi.1111/e16452/bi_plan.htm#BABECJJH
  Follow patching and not out-of-place upgrade as you are required to upgrade component
  http://download.oracle.com/docs/cd/E21764_01/doc.1111/e16793/patch_set_installer.htm#PATCH789
  Hope this is clear now

• User in 2 user groups always picks the rights from the group with least access -BOBJ 4.1 SP2

  We have BOBJ 4.1 SP2 installed.
  Lets say User1 is in a role1(User group) that has restricted access(no access to design menu for WEBI report in launchpad). Works fine when User1 logs into the launchpad. Cannot see the Design menu in Launchpad.
  User1 is also in another role2(user group) that has Design access for WEBI report (more like Power user access).
  Now when logged into a launch pad via SAP portal, and opening WEBI report on which role2 (user group) is applied that has Design access, user1 cannot see the Design menu of WEBI report. This is probably happening because User1 is also part of role1 that has restricted access. So it looks like it is always picking
  the role with least access and applying it no matter which report I am opening.
  I would expect the role to regulate the authorizations on the report. And one user could be a simple end user for one report and a power user for another report.
  Please advise if this is a Known issue or expected behavior. Is there a work around?
  Thank you very much
  Suman

  Hello Suman,
  Try avoid denial based security rights assignment instead you can specify the  unspecifed. As Greg said
  Denied + Granted = Denied
  Denied + Not Specified = Denied
  Granted + Not Specified = Granted.
  You should not deny rights for HR End User usergroup, Instead make them as unspecified. If you do so the whenever the user part of both the groups , your security rights aggregation would be
  Granted + Not Specified = Granted.
  Make sure you follow the approach as above.  You can refer the blog below for how to structure the folder, report and User group hierarchy and effective maintenance of security
  BusinessObjects Administration - Content Management Plan
  Regards
  Mani

• Cannot set admin right to my user root account has STANDARD RIGHTS!

  I had this common problem, my account turned to standard.
  I followed the instructions here.
  I changed the root password from the install DVD, restarted.
  logged in as "root", but the root user has standard rights as well!!
  therefore I cannot change the rights of my user...
  any suggestions?

  Wow, it looks like you went for the deluxe bugs package.
  ..."now I'm the adminstrator. but this didn't change the fact, that folder I'm creating ( doesn't matter where ) have "read only" rights for the admin. system has read write....
  You hadn't mentioned that before, but actually that sounds like a completely different problem, one that can be caused by using "repair permissions" on a 10.5 volume while booted from a 10.4 (or earlier) disk - this might also include having used "DiskWarrior" to repair permissions (something the manufacturer advises against). Unfortunately, Apple is in the process of revising how "repair permissions" works, and the new method in 10.5 doesn't appear to be fully implemented. As a result, it does not fix this problem, which is purely a permissions issue. If this is indeed the problem, the most straightforward way to get back to a normal system is to reinstall - an "archive and install" while preserving network and user settings should be sufficient for this particular issue. If you are comfortable with the command line, it may be possible to change permissions manually - it would be necessary to attempt a permissions "repair" or "verify" under Leopard, and to record and carefully analyze the messages to determine what needs to be fixed, and how.
  The "Finder" crashes are due to another bug - the GUI crashes when there are files or folders with a group ID that doesn't correspond to a group record in "DirectoryService". There are various strategies to use as workarounds: if all of the problem files have the same group ID, it is probably fastest just to create a group record for that group. If there are a number of different groups involved, doing a batch change of group from the command line might be easier. To get an ideal of what groups are involved, the following command can be used to display the various factors regulating access to a particular file or folder - try using it to survey a selection of different items exhibiting the problem:<pre>
  ls -elO /path/to/item</pre>
  Copying the items to an external drive, then copying them back to a folder that does not display "(unknown)" in "Get Info" might be another strategy (but note that there have been some reports of data loss copying large amounts of data - even after the 10.5.1 update, and even copying instead of moving). Ultimately, these are just workarounds and Apple really needs to fix this sooner than later - it's getting stupid.
  But actually, considering all of the different issues you are experiencing, backing up the data to an external drive (and verifying the integrity of the backup), then performing a full "erase and install" might be the one stop solution. I'm not sure about the best strategy for reimporting the data once that is done since I have never used the Apple tools and do not know how they handle ownership and permissions (what is perserved, etc.) - hopefully someone else will be able to fill in those details.
  So you were bitten by the "Get Info" crash bug, a second issue caused directly by following what turned out to be bad advice in an official kb article, and had a permissions problem that couldn't be resolved using the tool that is supposed to deal with permissions problem. I'd call that a Leopard beta hat trick.

• Script to Temporary Elevate the admin rights to local user

  Hi Friends
  i believe this topic was already discussed , however i could not find a solution ..  please help
  i need a script ( vb/power shell/bat ) etc which will run on local user with admin privilege ( will package and make it available in application store / software center ( sccm 2012 ) , it will run with admin rights on local computer ) and grant admin privilege
  to the local user for 24 hours
  My previous org had same, however the source is a .exe file, so not very sure if they have converted script to exe for privacy
  Thank you
  Tanoj
  OSLM ENGINEER - SCCM 2007 & 2012

  Hi,
  Adds/Delets a global group name or user name to a local group.
  net localgroup [GroupName name [ ...] {/add |
  /delete} [/domain]]
  Reference:
  Net localgroup
  http://technet.microsoft.com/en-us/library/bb490706.aspx
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• User property  from realm in ADF form or in BPM variables

  I want use the user property of realm to set BPM variable (for example set variable name with the corrisponding user property of the realm)
  or ADF component (for example insert e-mail in af:inputText)
  Someone can tell me where there is specific documentation.
  Thanks
  Elena

  Well, I explain you
  I have a BPM process, I set all roles of process with users of the realm.
  In the process, when the document changed the state, I must send the message ( via my web service) at the user of the role. I want set the e-mail of the user automaticaly, read this information of the user properties in the realm.
  In the process I have some human tasks and I have some forms. In this forms I want set automaticaly some components: "Creator" with the name of user that is using the form, "user of role" a selectOneChoese with the users of role, "e-Mail" the address e-mail of the user stored in the user properties of realm, and so on.
  I want to take this information from the user properties stored in the realm
  Thanks Elena

• WebDAV only available to users with Homefolders and Admin rights?

  Dear Community,
  I am having trouble to setup WebDAV on the lion Server. I am able to login as an Administrator as well as an OD user who has admin rights as well as a home folder. If a user is missing one of those two things then s/he is not able to login to WebDAV. Does anyone know how to give access to OD users who don't have a homefolder or at least don't have admin rights?
  Thanks already

  Got it to go for about 300 student accounts and works for a no-home user if I define the sharepoints access for that user both in file sharing and in file permissions in Finder.
  You should be able to set up a normal file share like a dropbox with the proper permissions, engage the webdav with the "share with iOS devices" and then be able to access it.
  So for example, I created a folder on the server called Dropbox and gave it permissions for a certain group to access either in Finder or via CLI (you could use individual users also).  Then go into Server App, create a file share of Dropbox and enable "share with iOS devices". Ensure that the user has access on the file share too.
  If you enter https://yourserver.com/webdav/ via your device (or your computer via finder / go / connect to server) and authenticate with the non-admin user, you should be presented with the shares that they have access to. I can also go https://yourserver.com/webdav/Dropbox/ to mount the dropbox directly.
  I have found that sometimes you need to restart web on Server app (or sometimes the whole server) on the server to show the new "share" in its current configuration.  You should also see your shares listed at /etc/apache2/httpd_webdavsharing_sharepoints.conf or /etc/apache2/webdav_sharepoints.conf.
  Hope this helps

• Importing users & groups from one OID to another

  I was wondering what's the fastest and most efficient way of exporting all users, groups, classes & attributes from one OID server and importing them into another OID server. In another way i just need to synchronize both OID servers with the same data. what's the fastest and best way to achieve that please?

  Just use the gray installer discs that came with one of the computers.
  Note that you must then remove from the first computer as you have only a license for one computer.

• Sending Tasklist to user group from collaboration room

  Hi Experts,
        I have to send task list to a user group. This group contains 5 members of this room. When i create a tasklist from my room & send it to group it showing error like this
  " Enter valid assignees for task number 1 " . how can i rectify this?
  Regards,
  Kumar.

  Hi Kumar,
  This is really a **** to do an trial and error method because it consumes lot of time.
  so here is something for u
  A step is assigned to multiple users and has a minimum threshold of approvals assigned (that is, assignees are user 1, user 2, and user 3, and two of the three are required to approve before this step can be completed). In this case,
  u25CF     two of the three users must approve before the step is considered approved
  u25CF     if two of the three users reject it, the step is rejected, and consequently will either return the task to the last Action Item assignees or, if no previous Action Item exists, will conclude the task, with the history reflecting the rejection.
  in my trial i had only two user connected to a group so sometimes second step is recieved by user 1 or user 2 . if one of them approves then document is getting approved and goes to next step
  it is same in the case of rejection too.
  i hope now everything would be clear
  have a look at this [Link|http://help.sap.com/saphelp_nw70/helpdata/EN/a1/eb3f54ab7c4ce39408f38d9eb52f65/frameset.htm]
  Regards,
  vijay.

• Determing NT User Group From JSP

  Hi, I am currently building a web application that gives different access
            privileges to user groups.
            I was just wondering if it is possible to find the NT user group of a user
            from a JSP page.
            If it helps any, I am using Windows2000 Server and the Integrated Windows
            (formerly known as Challenge/Response) for security.
            

  You are in the wrong forum. This is forum is about Java Web Start and the JNLP technology, not about Java Server Pages.