READWRITE VS WRITE Access Permissions - Dimension/Dataforms

Similar Messages

• How do I give myself read/write access/permissions for my external drive?

  Im a brand new Mac user, so please stay with me.
  I have an external drive and I can't delete, modify, ANYTHING on it. When I go to "Get Info" it says "You can only read" under sharing & permissions. How do I change this?

  When you get info on the external drive, at the very bottom is a box you can check
  "Ignore ownership on this volume"...
  If you check that, then see if you can delete and move things around.
  If that doesn't work then try clicking on the + sign and adding you as an admin so you can Read & Write.

• In I tunes I cant down load a CD.  I get the message "The file couldn't be convereted.  You don't have write access for you ITunes media folder or a folder with in it. To change permissions, ...  When I do this it still dosen't work

  In I tunes I can't down load a CD.  I get the message "The file couldn't be convereted.  You don't have write access for you ITunes media folder or a folder with in it. To change permissions, ...  When I do this it still dosen't work.

  Thanks C F McBlob but I recursively changed the permissions of my Music directory meaning every file and directory beneath it, as well as the directory itself, had the write permissions added.
  I used "chmod -R u+w ./Music" and chmod -R g+w ./Music" to do it.
  Alas, no cigar. :-(

• My itunes keeps telling me that i do not have the write access for my itunes media folder or a folder within it, what should i do to get permissions?

  my itunes program keeps telling me that i do not have the write access for my itunes media folder or a folder within it, what should i do to get permissions?

  i really need help because my itunes keeps saying "you don't have write access for your Itunes Media Folder or a folder within it. Change permissions (in the Finder) and then choose Store > Check For Available Downloads."

• User has no write access to the selected members of dimension : CATEGORY

  Hello,
  Here is the Scenario:
  I have a script called DAllocate.lgf in an app - Costing. Now I need to run that app from another app called Reporting. I know that Runlogic wont work in my case because in the Dallocate.lgf there are some Runlogic commands being used. and when Runlogic is being used to call a logic that has runlogics in it, it wont work. So what I hae done is in the SSIS package in the reporting app, I have added a logic task to an existing package and specified DAllocate.lgf with the app name costing.
  Here is the issue:
  When I run an SSIS package in costing app called Dallocate(which basically runs dallocate.lgf), it runs successfully. But If I run a package called PtoCA in Reporting that has Dallocate.lgf as a logic task, it gives the following error:
  "user has no write access to the selected members of dimension : CATEGORY "
  Thanks.

  Hi,
  From your explanation it is clear that Dallocate.LGF has been run successfully in one of the logics. This means the issue is not in the Dallocate.LGF. The issue is in some other logic of the same DM package.
  First, check which logic part faces this issue. Based on your explanation, definitely not in Dallocate.LGF.
  Then, check how that particular Catergory dimension member which the user does not have access for, came into the logic calculation. Somewhere in the calculation, it is posting a value in the unauthorized member.
  Karthik AJ

• Could not save "blablablabla" becuse write access was not granted, this users have full permissions.

  We have several MAC OSX 10.9.3 users that use adobe CC and then having trouble save your files on the network the error is Could not save “blablablabla” because write access was not granted, this users have full permissions.

  Some 10.9.3 links
  -next link says After Effects, but check YOUR permissions !!!
  -http://blogs.adobe.com/aftereffects/2014/06/permissions-mac-os-start-adobe-applications.ht ml
  -Mac 10.9.3 workaround https://forums.adobe.com/thread/1489922
  -more Mac 10.9.3 https://forums.adobe.com/thread/1491469
  -Enable Mac Root User https://forums.adobe.com/thread/1156604
  -more Root User http://forums.adobe.com/thread/879931
  -and more root user http://forums.adobe.com/thread/940869?tstart=0

• Having trouble with error message in itunes every since I had a new hard drive installed. Write access are not enough or permissions aren't allowed.  I have changed all of these in the corresponding folders, restarted and nothing works.  I need help bad??

  Got a new hard drive installed and since then, I cannot get purchased song into my itunes.  It is telling me that my write access or permission are wrong.  I have changed all and nothing works.  HELP!!!!!!

  Use the trackpad to scroll, thats what it was designed for. The scroll bars automatically disappear when not being used and will appear if you scroll up or down using the trackpad.
  This is a user-to-user forum and most people will post on here if they have problems. You very rarely get people posting to say there update went smooth. The fact is the vast majority of Mountain Lion users will not be experiencing any major problems with the OS, or maybe with apps which are not compatible, but thats hardly Apple's fault if developers don't update their apps.

• Possibility to limit runtime prompt members to write access only ?

  Hi everyone,
  Here is my issue :
  In my Planning application in 9.3.1, each user have a write access on a defined entity perimeter but a read access on all the dimension.
  If I create a BR with a runtime prompt asking on which entity deleting data for example, I need tu guarantee that the user can only choose his write access permiter and not all the entity.
  I didn't find anything in this forum or in the doc about this, so your advices will be welcome !
  Thanks
  Julien

  In this case you need to have multiple copies of the business rule (one for each entity). Then sssign the run permissions only to user groups that are allowed to delete data for that entity.
  Example:
  Users
  - User 1 - Group US
  - User 2 - Group US
  - User 3 - Group EU
  Business Rules:
  -Cleandatata US (permission for group US)
  -Cleandatata EU (permission for group EU)
  The entity needs to be preselected in the business rules.
  As an administrator, you will see all of the business rules listed - as a user, only those with permissions.
  Sascha.

• When I close Photoshop CS6, the following message appears: "Could not save Preferences because the file is locked, you do not have necessary access permissions, or another program is using the file.

  When I quit Photoshop CS6, the following message appears:
  " Could not save Preferences because the file is locked, you do not have necessary access permissions, or another program is using the file. Use the ‘Get Info’ command in the Finder to ensure the file is unlocked and you have permission to access the file. If the problem persists, save the document to a different file or duplicate it in the Finder."
  If I try to change the Workspace in PS6 from Essentials to any other Workspace, the following messsage appears:
  "Could not apply the workspace because the file is locked, you do not have necessary access permissions, or another program is using the file. Use the ‘Get Info’ command in the Finder to ensure the file is unlocked and you have permission to access the file. If the problem persists, save the document to a different file or duplicate it in the Finder."
  I have checked the Sharing and Permissions section of the "Get Info" panel accessed from the Finder and I have set Read and Write Privileges for my user account for Photoshop CS6. System and Admin are also set to Read and Write.
  I have a MacBook Pro with OS X Version 10.9.5 and have all available updates for Photoshop CS6, Lightroom 5 and Bridge CS6.
  I tried uninstalling the program and downloading it again and reinstalling, but nothing changed.
  Can you help?
  Thanks,
  cjpnm

  You may get better help in Photoshop General Discussion
  The Cloud forum is not about using individual programs
  The Cloud forum is about the Cloud as a delivery & install process
  If you will start at the Forums Index https://forums.adobe.com/welcome
  You will be able to select a forum for the specific Adobe product(s) you use
  Click the "down arrow" symbol on the right (where it says All communities) to open the drop down list and scroll
  If FINDER means Mac, read below (and try to give more information when asking a question)
  Mac 10.9.3 workaround https://forums.adobe.com/thread/1489922
  Enable Mac Root User https://forums.adobe.com/thread/1156604
  -more Root User http://forums.adobe.com/thread/879931
  -and more root user http://forums.adobe.com/thread/940869?tstart=0

• Read-only access permissions for new files/folders?

  System:
  Clean Install on new intel Xserve
  10.4.8 Server w/ Open Directory
  Windows clients can read/write completely fine...
  Clients connecting using AFP (whether Standard or Kerberos authentication) can access files, but when new files/folders are created on the server, they register as full permissions for the user who created them, but not for the rest of the group.
  The share(s) in question are set using POSIX from WGM: Full access for owner/group/everyone (changed it to this thinking it would help, but it does not). Of course, no one can make changes to a newly-created/deposited files/folders, which is just plain silly.
  I can chmod the permissions recursively from a script (which fixes the problem, of course) on a regular basis so that its not (as much of) an issue, but there is still a 5-minute lag for the script to kick in, since we don't want to bombard the server with chmod requests every minute....which is unnecessary in the first place!
  I have plenty of other setups which are identical but have no such issue...
  Any reason why POSIX permissions on the share are being ignored from every user account?
  Thanks,
  k

  "That's default posix behaviour no matter what access permissions you set on the sharepoint."
  I'm afraid this is dead wrong. What matters most is how you set permissions on the share, not if you've chosen to inherit vs. using POSIX. POSIX is still used in inherit functions, though you can use ACL's to override them. In this case, ACL's are not being used on those shares (though we tried it).
  After all, why would Apple (let alone anyone else) even offer the ability to change POSIX permissions on a share if it didn't have any effect? That would be somewhat contradictory in nature.
  Like I said before, I have several other installations which are identically setup that have no such issues.
  As for Windows, it is also not set to inherit permissions; we're setting those explicitly. And they work fine.
  Any other ideas?
  Thanks,
  k

• Write access to a directory for ASP 2.0 application stops working on Windows 2012 Standard Cloud Server

  Just moved our ASP 2.0 based web application to a Windows 2012 Standard Cloud Server.  A directory is used for temporary copying of files for the application.  The Read Write access is properly given and everything works but then stops working
  in about 2.5 hours.  The settings are still there, to make things work again typically I add "Everyone" to the security list and apply and then 3 hours later I remove "Everyone" and this refreshes the security setting and things work
  againg for a couple of hours.  Last Cloud server was 2008 R2 and we had no issues.  Recently moved to this new cloud server.  Code has been functioning fine for years and can not migrate it to newer ASP since will have to make quite a few code
  changes.  Obviously a bug which needs to be addressed.  Again the security settings do not disappear but are no longer handled properly every 3 hours or so.

  Hi,
  Is there any other files have the same issue? Please create a test folder and give the same permissions with the directory for ASP 2.0 application to see if the issue still exists.
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How do I allow users to create folders in a shared folder where we all then have read/write access to those new folders?

  I have three users who need to access a particular folder on one of our other Macs. The folder resides on the desktop of that particular Mac and it is set as "shared" with all of our accounts set to access the folder. When a user creates a new subfolder in that shared folder, the permissions are instantly set to allow the creator read/write access but the other users are only allowed read-only access. Is there a way to set the permissions so that any new folder created in that shared folder automatically gives read/write access to all accounts who are authorized access to that shared folder?

  You should be able to take the permissions you have set and "apply to enclosed items." I am trying to attach a picture of what this looks like so my apologies if it does not work.
  Highlight your folder you want and go to File>Get Info or command+I and at the bottom where it has Sharing and Permissions, click the lock button to authenticate. Click the gear and click "apply to enclosed items". See if that works.

• Why do I get an error message 'write access not granted' when I try to copy paste jpegs from my folder on desktop to an external hard drive/(Transcend)pendrive

  This is a new problem. I transferred some images from my Nikon camera via image capture but converted my raw files to jpegs in the Nikon View nx 2 software and saved them in a new folder on my desktop. I use a 2010 MBP that has OS10.9.5 fully updated. When i tried copying and pasting the jpegs to an external pen drive I got an error message saying the jpg (the number) could not be saved as write access is not granted. I thought the pen drive may be full. So I attached an external hard drive.  got the same message. I then opened the same jpeg in photoshop cc and tried saving it as png on the hard drive, got the same message. Was unable to handover the photographs to my client. Was hugely embarrassed. Pl let me know if there is a way out of this and if its a Mac OSX issue? Thanks.

  right click on the jpeg (the other mouse button then you use to click with) or on trackpad, hold down control and click, in the menu that pops up, click on "get info" next, if the box labeled "locked" is checked, uncheck it. Down at the bottom, there should be a box with your user name, "staff" and "everyone". to the right of this are options to change these you may need to click the small padlock icon and enter in your password. then change all of the permissions to read and write.

• Exchange 2010 Unable to Assign Full Access Permissions using a Security Group

  I've been running into this issue lately.  I cannot seem to use groups to allow full access to mailboxes.  When I add them from the EMC, it will show up when you go to "Manage Full Access Permission...".  After waiting a day and even restarting
  the Information Store service, the permissions do not take effect.  When I view the msExchDelegateListLink attribute of the mailbox account, the group is not listed.
  When I grant a user full permission, it works and updates the attribute.  However, on occasion when I revoke the full access permission for a user is doesn't always remove that user from the msExchDelegateListLink attribute.  So the mailbox
  will still appear in Outlook, but the user isn't able to see new emails.
  Any ideas on what may be going wrong?
  Environment:
  Exchange Server 2010 SP1 Standard
  Windows Server 2008 R2 Standard
  Outlook 2010 SP1 (tried without SP1 as well)
  I was looking over Add-MailboxPermission on Technet (http://technet.microsoft.com/en-us/library/bb124097.aspx) and I noticed that it doesn't mention adding groups.  Is this not possible?

  I never got a proper fix.
  I worked around it by creating a script which gets the members of an AD Mail Enabled security group, and updates the full access based on the groups members.
  Here's a script I'm running every hour which updates permissions. It's probably not the most efficient script ever, but it works. It has several benefits
  1. Managers of the distribution group can add/remove mailbox members using OWA or through the address list
  2. New members of groups are added to FULL Access Permissions
  3. Members removed from the groups are removed from FULL access permissions
  4. Automapping works :)
  5. Maintains a log of access added / removed / time taken etc.
  Obviously I have had to remove domain related information, replace with whatever your domain requirements are, and PLEASE debug it properly in your environent first, don't complain to me if it wipes out a load of access for you or something like that!
  It takes about 5 minutes to run in my environement. Some formatting seems to have got messed up on here, sorry. I hope it is of use!
  # Mailbox Permissions Setter for Exchange #
  # v1.1 #
  # This script will loop through all mailboxes in Exchange and find any where #
  # the type is 'SHARED'. These should be determined to be a GROUP/SHARED mailbox #
  # and access to these mailboxes are controlled by a single ACL, e.g. 'ACL_Shared_Mailbox'. #
  # This script will add any members of these ACLs directly to the Full Access Permissions #
  # of the mailbox and also remove them if they no longer need the access. #
  # Script created by Jon Read, Technical Administration
  # Recent Changes
  # 15/11/2012
  # 1.1 Added exclusions for ACLs that we don't want automapping to happen for
  # 12/11/2012
  # 1.0 Initial script
  #Do not change these values
  Add-PSSnapin *Ex*
  $starttime = Get-Date
  $logfile = "C:\accesslog.txt"
  $logfile2 = "C:\accesslog2.txt"
  $totaladditionstomailboxes = 0
  $totalremovalsfrommailboxes = 0
  $totalmailboxesprocessed = 0
  $totalmailboxesskipped = 0
  # Exclude any ACLs that shouldn't be processed here if they are used for a non-standard purpose and
  # we don't want FULL access mapping to happen. Seperate array values with commas
  $ExcludedACLArray = "DOMAIN\ACL_ExcludedExample"
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-Output "#----------------------------------------------------------------#" >> $logfile
  Write-Output "# Mailbox Permissions Setter for Exchange #" >> $logfile
  Write-Output "# v1.1 #" >> $logfile
  Write-Output "#----------------------------------------------------------------#" >> $logfile
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-output "Start time $starttime ">> $logfile
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  # Set preferred DCs and GCs
  $preferredDC = "preferredDC.domain"
  $preferredGC = "preferredGC.domain"
  Write-Output " PreferredDC = $preferredDC ">> $logfile
  Write-Output " PreferredGC = $preferredGC " >> $logfile
  Set-ADServerSettings -PreferredGlobalCatalog $preferredGC -SetPreferredDomainControllers $preferredDC
  # The first part of this will ADD permissions to the mailbox, reading from an associated ACL.
  # Check for all mailboxes where the type is SHARED. These are the only ones we would
  # want to apply group mailbox permissions to.
  foreach ($mailbox in get-mailbox -resultsize "unlimited" | where-object {$_.RecipientTypeDetails -eq "SharedMailbox"})
  $totalmailboxesprocessed = $totalmailboxesprocessed + 1
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-Output "|-------------------------------------------------------" >> $logfile
  Write-Output "| MAILBOX ADDITIONS: $mailbox " >> $logfile
  Write-Output "|-------------------------------------------------------" >> $logfile
  $mailbox=$mailbox.ExchangeGuid.ToString()
  # For each of them, get the distribution list applied to the mailbox (Starting DOMAIN\ACL_)
  # We then need it to be turned into a string to use later.
  #Declared $changes as 0. if this is set to 0 at the end of the mailbox job, we know no changes were made.
  $changes = 0
  foreach ($distributiongroup in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.User -like "DOMAIN\ACL_*" })
  $skipACL = 0
  #Get the distribution group and put the name in a useable format
  $distributiongroup=$distributiongroup.user.tostring()
  Write-Output "Found ACL $distributiongroup" >> $logfile
  # Check if this distribution group needs to be excluded and if it shouldn't be processed
  # then move onto the next ACL. This will stop FULL access being granted if the mailbox is
  # used for a non-standard purpose. See the start of this script
  # for where these are excluded (ExcludedACLArray)
  foreach ($ACL in $ExcludedACLArray )
  if ($distributiongroup -eq $ACL)
  $skipACL = 1
  Write-Output "ACL $distributiongroup is excluded so skipping mailbox " >> $logfile
  $totalmailboxesskipped = $totalmailboxesskipped + 1
  if ($skipACL -eq 0)
  # Get each user in this group and for each of them, add try to add them to full access permissions.
  foreach ($user in Get-DistributionGroupMember -identity $distributiongroup)
  # Get the user to try, convert to DOMAIN\USER to use shortly
  $user="DOMAIN\" + $user.alias.ToString()
  # Check to see if the user we have chosen from the ACL group already exists in the full access
  # permissions. If they do, set $userexists to 1, if they do not, leave $userexists set to 0.
  # Set $userexists to 0 as the default
  $userexists = 0
  foreach ($fullaccessuser in get-mailbox $mailbox | Get-MailboxPermission)
  # See if the user exists in the mailbox access list.
  # Change $fullaccessuser to a useable string (matching $user)
  $fullaccessuser=$fullaccessuser.user.tostring()
  if ($fullaccessuser -eq $user)
  $userexists=1
  # Break out of foreach if the user exists so we don't unnecessarily loop
  break
  # Now we know if the user needs to be added or not, so run code (if needed) to add
  # the user to full access permissions
  if ($userexists -eq 0)
  Add-MailboxPermission $mailbox –user $user –accessrights "FullAccess"
  Write-Output "Added $user " >> $logfile
  $changes = 1
  $totaladditionstomailboxes = $totaladditionstomailboxes + 1
  #Now repeat for other users in the ACL
  #if changes were 0, then log that no changes were made
  if ($changes -eq 0)
  Write-Output "No changes were made." >> $logfile
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-Output "---------------------------------------------------------------------------------" >> $logfile
  Write-Output " FINISHED ADDING PERMISSIONS" >> $logfile
  Write-Output "---------------------------------------------------------------------------------" >> $logfile
  Write-Output " " >> $logfile
  # The second part of this will REMOVE permissions from the mailbox, reading from an associated ACL.
  ## Check for all mailboxes where the type is SHARED. These are the only ones we would
  ## want to apply group mailbox permissions to.
  foreach ($mailbox in get-mailbox -resultsize "unlimited" | where-object {$_.RecipientTypeDetails -eq "SharedMailbox"})
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-Output "|-------------------------------------------------------" >> $logfile
  Write-Output "| MAILBOX REMOVALS : $mailbox " >> $logfile
  Write-Output "|-------------------------------------------------------" >> $logfile
  $mailbox=$mailbox.ExchangeGuid.ToString()
  #Declared $changes as 0. if this is set to 0 at the end of the mailbox job, we know no changes were made.
  $changes = 0
  # For the current mailbox, get a list of all users with FULLACCESS, and then for each of them
  # check if they exist in the ACL
  foreach ($fullaccessuser in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.Accessrights -like "FullAccess" })
  # Get the security identifier (SSID) of the FULLACCESS user to store for later.
  $fullaccessuserSSID=$fullaccessuser.user.SecurityIdentifier.ToString()
  $fullaccessuser=$fullaccessuser.User.ToString()
  #If user needs to be excluded then skip this bit
  #Users added or removed will only start with 07 (07$, 07T, so only run if the user starts with this.
  #This stops it trying to remove NT AUTHORITY\SELF and other System entries
  if ($fullaccessuser -like "DOMAIN\07*")
  # Set $userexists to be 0. if we find the use user needs to remain, then change it to 1.
  $userexists=0
  # Check if this user exists in the ACL, if not, remove.
  foreach ($distributiongroup in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.User -like "DOMAIN\ACL_*" })
  $distributiongroup=$distributiongroup.user.tostring()
  #Write-Output "Found associated distribution group $distributiongroup" >> $logfile
  # Get each user in this group and for each of them, See if it matches the user in the mailbox.
  foreach ($user in Get-DistributionGroupMember -identity $distributiongroup)
  # Get the user to try, convert to DOMAIN\USER to use shortly
  $userguid = $user.Guid.ToString()
  $user="DOMAIN\" + $user.alias.ToString()
  if ($fullaccessuser -eq $user)
  $userexists=1
  #we have found the user exists so no need to continue
  break
  # If userexists = 0, then they are NOT in the ACL, and should be removed from
  # the full access permissions. Run the code to remove them from full access.
  #CONVERT FULLACCESSUSER TO GUID AND REMOVE $FULLACCESSUSERGUID NOT $USERGUID
  if ($userexists -eq 0)
  Remove-MailboxPermission -Identity $mailbox –user $fullaccessuserSSID –accessrights "FullAccess" -Confirm:$false
  Write-Output "Removed $fullaccessuser " >> $logfile
  $changes = 1
  $totalremovalsfrommailboxes = $totalremovalsfrommailboxes + 1
  # if changes = 0, no changes were made to this mailbox, so log this fact.
  if ($changes -eq 0)
  Write-Output "No changes were made." >> $logfile
  #Put the time in a displayable format
  $endtime = Get-Date
  $runtime = $endtime - $starttime
  $runtime = $runtime.ToString()
  $runtime1 = $runtime.split(".")
  $totaltime = $runtime1[0]
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-Output "|-------------------------------------------------------------------------------------- " >> $logfile
  Write-Output "| SCRIPT COMPLETE : STATS " >> $logfile
  Write-Output "|-------------------------------------------------------------------------------------- " >> $logfile
  Write-Output "| Total Mailboxes Processed : $totalmailboxesprocessed " >> $logfile
  Write-Output "| Total Additions : $totaladditionstomailboxes " >> $logfile
  Write-Output "| Total Removals : $totalremovalsfrommailboxes " >> $logfile
  Write-Output "| Total Mailboxes Skipped due to ACL : $totalmailboxesskipped " >> $logfile
  Write-output "| Start time : $starttime ">> $logfile
  Write-output "| End time : $endtime ">> $logfile
  Write-Output "| **END OF RUN** - Elapsed time : $totaltime " >> $logfile
  Write-Output "|---------------------------------------------------------------------------------------" >> $logfile
  Write-Output " " >> $logfile

• Help - Lion "custom access" permissions mess

  I should start with an apology... I know there are a lot of threads that dance around this very issue, but it's so much I can't make sense of it.
  So I'm asking anew...
  Here's the situation: After months of persuassion, I finally talked my wife into letting me upgrade her Macbook from Snow Leopard to Lion. After installing, I then ran software update and installed everything else recommended. Reboot and everythign seemed to go fine, but then when I tried to delete a few PowerPC apps, the computer kept asking for her password.
  Wanting to find out why on earth I had to retype the password with every toss of a file, I looked online and found someone suggesting I had to log her out as an admin and then log back in. Why that would work, I don't know, but I tried it. Big mistake.
  When I tried to log her back in to make her an admin again, I couldn't get the computer to accept her password. So I then logged out and tried to log back in with my admin account which is set up on the same computer. That worked to get me in, but still wouldn't allow me to upgrade her to an admin in the system prefs.
  So I THEN found this "resetpassword" trick using the Lion Recovery partition and terminal. I did that and was able to restore her password and while there, I also "reset to default ACLs and Permissions" or whatever it says inside this utility, with the logic that repairing permissions has always been a decent failsafe fix.
  Okay... after a reboot and we're back in... and I run into a new problem with not having permission to do much of everything.
  So, I open the "Get Info" on the hard drive to look at the permissions at the bottom of the info window. It says I have "read only" access. I figure this must be an error so, perhaps foolishly (or should I say probably foolishly), I grant Read & Write access across the board, so it reads like this:
  System - Read & Write
  Wheel - Read & Write
  everyone - Read & Write
  And then, don't cringe, I apply to all enclosed items.
  When this is done, I rebooted to the Lion Recovery partition and ran the Disk Utility "repair permissions" there, too.
  Upon reboot...  I remember Keychain First Aid and run that too. It has errors to fix but says it was able to repair them too.
  Right now... it all appears to be working fine, though it says I have "custom access" in the Get Info window for my HD.
  However, I can't shake the nagging feeling that I've just used a flamethrower to clean up the living room.
  For instance, I look now on my own Macbook and see that "wheel" and "everyone" in the Get Info window and see it's Read Only. And yet, I have no permissions problems right now at all.
  (Update: I tried setting hers back to match mine in the same way (via the Get Info window, apply, disk utility, reboot, etc.) and the permissions problems all came back. So I went and made it Read & Write for everyone again. However, this just can't be right.)
  Can anybody tell me (in easy terms, please) what I can do to get it back to what it should be?
  I've seen notes on a program on xnation.com that "fixes ACLs"... and a few posts with Terminal commands... but I'm hesitant to borrow somebody else's solution, just in case it's not so good of a fit or if I don't understand it.
  What do you think?
  P.S. I  promise to rate good solutions offered to up your point totals.

  Something like this?
  System - Read & Write
  Wheel - Read Only
  everyone - Read Only
  Yes.
  ...software from xnation.com that is designed to reset those ACLs?
  I've never heard of it. You already know how to reset user permissions.
  if the system seems to be working fine, does that mean something is still broken/in danger of corrupting or something?
  You set wide-open permissions on all files. That's insecure, and some things won't work at all, maybe not anything you use.