Repository Access Rights

Similar Messages

• Access rights specifically on the repository

  Hi,
  Is it possibe to have a user id having access right only on the livecycle repository ? If yes then how ?
  Somebody please help .

  I'm not sure what you are asking.  Rights Management is used to apply encryption, control access (authentication) and to enforce specific permissions (i.e. print, no print) on PDF amd MS Office documents.
  It is not used to control access to a repository, but is can protect documents in a repository.
  Hope this helps.
  Steve

• Subscribe : No access rights to perform action

  Hi
  There is one problem I am facing when an end user tries to subscribe to resource discussion. I get an error which says "<b>No access rights to perform action</b>". When I try the same operation with Super_Admin user it works perfectly fine. Please note that at the folder level both end user and administrator user has got same permission and service permissions. Also both Subscription and Collaboration_Subscription services are enabled for the said repository.
  The same problem happens when user wants to subscribe to room discussions.
  Any idea why end user is not able to subscribe ?
  Best Regards
  Prabhakar Lal

  hi
  I was able to solve the problem. The service permission on folder collaboration --> discussions has to be modified for end user.
  Best Regards
  Prabhakar Lal

• Migrating Designer 2.1.2 to 9.2.0.9, access rights problem

  Hi,
  I am trying to migrate Designer from 2.1.2 to 9.2.0.9 and got some problems in access rights. We have about 30 sub-ordinate users and over 30 different applications in our Repository.
  In Designer 2.1.2, if a user shared a table from an application to another user's application, that user was not allowed to change any properties of the original table. In Designer 9.2.0.9 it seems that you can change the properties in the property palette, but if you try to save the changes, you then get an error message.
  Can somebody tell me if this is really an error or just a feature of Designer 9i?
  Liisa

  Just for the record. I found the solution to my problem. Checking more logs I read this:
  The installation has encountered a unrecoverable internal error. For further assistance report the following information to your support provider.
  "/usr/local/cm/script/cm-dbl-ontape_backup-install RU PostInstall 9.1.2.11900-12 7.1.5.30000-1 /usr/local/cm/ /common/component/database /common/log/install/capture.txt " terminated. Exceeded max time (240)
  The system will now halt.
  So I accessed the Dissaster Recovery Section on CUCM and deleted the tape backup device that was configured there. After deleting it the upgrade went well.

• External sites and access rights

  After a search in oracle portal, only results are shown for item of which a user has access rights. That's great.
  Ultrasearch is capable of searching other (non-oracle) sites as well, so the result of a search may include both portal and non-portal results.
  How to deal with external sites which haver their own access scheme? We have two sites, one oracle portal site, one of a different vendor. In the future, hopefully, usermanagement will be centralized in one LDAP repository.
  I'd love to have one integrated search engine for both sites, which is capable of indexing all pages, but give only those results of which a user is authorized to.
  Can this be achieved by ultrasearch?

  Hi Ton
  In iAS 902, Ultra Search supports crawling of only public data from Portal page groups. These Portal page groups be from different portal instances. Currently, there is no support for limiting the data obtained from Portal page groups to that which a specific user may view.
  We are currently working on supporting authorized crawls/searches.
  This feature will allow you to perform a search as a specific user X. The search results returned for this user X will only contain links to documents that X is explicitly allowed to view. These documents can reside in multiple portal instances as long as all the portal instances have the same user space (i.e. share the same LDAP server).
  So, to summarize, in iAS 902 (and Oracle 92), Ultra Search only supports public searches.
  Regards
  Edward

• Ultrasearch, external sites and access rights

  After a search in portal, only results are shown for item of which a user has access rights. That's great.
  Ultrasearch is capable of searching other (non-oracle) sites as well, so the result of a search may include both portal and non-portal results.
  How to deal with external sites which haver their own access scheme? We have two sites, one oracle portal site, one of a different vendor. In the future, hopefully, usermanagement will be centralized in one LDAP repository.
  I'd love to have one integrated search engine for both sites, which is capable of indexing all pages, but give only those results of which a user is authorized to.
  Can this be achieved by ultrasearch?

  At the moment, Ultra Search has no notion of Access Control for items that it searches so, in effect, Ultra Search can only crawl public content.

• How do I fix an access rights error when launching Image Processor in Adobe Bridge CC?

  Often when I am working on files and want to batch process Jpegs for clients I get an error message from Image Processor.  It will state "I am unable to create a file in this folder.  Please check your access rights to this location ...."
  I have cleared cache and up'd my history levels.  I checked to make sure the files were not locked and read/write was enabled.  I am not sure why this error keeps occurring.  I am using Adobe Photoshop CC 2014 (2014.2.2 release) with Adobe Bridge CC (6.1.0.115)

  It's an endless circle.
  See if these instructions help: iTunes repeatedly prompts to authorize computer to play iTunes Store purchases

• How to define a new user in Enterprise manager with Specific access rights?

  Hi,
  I want to create a new user in OEMS 11g who should be able to access only the scheduler jobs section.
  How can this be acheived?

  You can create new administrators via the Setup --> Administrators page
  You can grant certain access rights to targets, you can not however grant priv to only access the job system
  Take a look at http://download.oracle.com/docs/cd/E11857_01/em.111/e14586/security3.htm#sthref235
  Regards
  Rob
  http://oemgc.wordpress.com

• You do not have sufficient access rights, pls help

  Hi folks,
  I'm getting the "You do not have sufficient access rights" error accessing the Identity System Console. The same admin account can access User/Group/Org Manager screen, however, for some reasons user and group searches return no results. This is the second OIS install against the same ldap dir (ovd to sun 6.3), so I had to specify Id server was not the first one to avoid profile conflict with oblix DBAgents. The admin user had been selected during prev install, and exists under o=Oblix in both cn=Web Masters and cn=Directory Administrators.
  I have LDAPMaxNoOfRetries set to the number of dir servers +1 in all globalparams.xml on OIS. I also can modify ldap dir via both ldapmodify and ldap browser binding to OVD as same user. Turning the TRACE on didn't showed any errors except for the following:
  DB_RUNTIME WARNING 0x00000504 ldap_config_db.cpp:187 "Exception during DB runtime code" function^LDAPConfigDB::Open() status^17
  DB_RUNTIME WARNING 0x00000504 ldap_config_db.cpp:355 "Exception during DB runtime code" function^LDAPConfigDB::ReadOblixDBConfig()status^17
  SCHEDULER_FRAMEWORK ERROR 0x00000501 ../obschedulerthread.cpp:316 "ObError exception caught" ObScheduledTaskLiaison::LoadTasks^ObWFScheduledTaskLiaison
  PPP INFO 0x000008C7 obeventcatalog.cpp:183
  Cannot find the action
  function^ObEventCatalog::GetActionEntry2Modify()
  actionName^front_page_admin_klogin_post
  APP_BASE WARNING 0x00000833 oblixbasecommon2.cpp:1235
  Login failed
  Error^You do not have sufficient access rights
  numLoginFailures^1
  There's nothing in the ldap logs either. The only warning I get per that user is in the ovd log:
  DoSManager: Found unbound connection from active ip addresses
  DoSManager: Found unbound connection from active users
  The Oracle Support is clueless, please help.
  Thank you, Roman

  Hi Vinod,
  Thanks for the post. OK, if I got it right, I have two entries under obcontainerId=DBAgents for each of my primary Id servers. For the one I currently use, I have this towards the bottom:
  obname=oblixConfig-OIS_mdi-oamlx-3
  obname=default-OIS_mdi-oamlx-3
  Both entries have obdbusedby set to OIS_mdi-oamlx-3 which is my OIS id. The obsearchbasestr is different: o=Oblix,o=paychex inc for the oblixConfig, and o=paychex inc,c=us for the default one. Is that's the way it should be?
  Thanks Roman
  P.S: I've noticed I get same error accessing My profile under User Manager.

• Can not access CRM from outside the office network - Access denied You do not have sufficient access rights or privileges to perform this action.

  Hi,
  I can not access CRM from outside the office network - Access denied You do not have sufficient access rights or privileges to perform this action.  I can access CRM with same user id and password from our office inside the network.  I can get
  the page to give login details once I have login details I got below error. Please help me to solve this issue.  It was working before.
  Access denied You do not have sufficient access rights or privileges to perform this action. 
  Regards,
  Noushad
  [email protected]

  On Premise system Configured with AD FS server for claims-based authentication you need to update your host file with server url to access it from outside office network.
  Refer
  this on how to update host file.
  Regards, Saad

• Oracle access manager: "You do not have sufficient access rights."

  Hi gurus,
  I'm doing self training on OAM, following an exercise I installed OAM and
  created a couple of Master Admins.
  Everything seams to work except the fact that this admins are not allowed
  to create users/orgs/groups and get the message "You do not have sufficient access rights".
  I may have missed something during the setup, however the question is: how can I recover this situation? How I can give more privileges to those admins?
  I tried to create a policy in directory server, without success.
  Please, help.
  Thank you very much.

  You will need to create a create user Workflow.
  Out of the box OAM does not know which attibutes to create for your user.
  Use the quickstart tool as follows
  http://download-west.oracle.com/docs/cd/B28196_01/idmanage.1014/b25343/workflow.htm#sthref961

• OAM- "You do not have sufficient access rights" message with Master Admin

  Customer has configured the OAM system to have both the primary and the secondary side for failover purposes. The back end directory server on both systems are in sync. The primary side of the systems works well as far as this issue is concerned.
  On the secondary side, if you login with the MASTER administrator of the system and click 'Identity System Console' or click any of the configurations under the Configurations in the User Manager, you get the error message saying "You do not have sufficient access rights". However, if they navigate to the Access system on the same browser and access the "Access System Console", and then navigate back to the Identity system, the Master Administrative rights are granted and now have a full access to the system.
  We tried following things to resolve the issue, but could not resolve it:
  1) Tried deleting 'cookieencryptionkey' which is found under "obcontainerid=encryptionkey,o=oblix" and restarted both the Identity Servers.
  2) Confirmed that the OAM administrator is present in cn=Web Masters,o=Oblix,<> and cn=Directory Administrators,o=Oblix,<> from the LDAP.
  3) Under the apps=PSC node, checked the Advance Properties for the 'obuniquememberStr' attribute:
  - Master Web Resource Admins (cn=master web resource admins, obapp=PSC, o=oblix, ...)
  Made sure that the values for the 'obuniquememberStr' attribute has the correct value there.
  4) Reconfigured the Secondary Identity Server.
  None of the above really helped to resolve the issue.
  Could anybody please help here to get rid of this issue.
  -Amol

  Hi Vinod,
  Here is the customer's response to your above 2 questions:
  1. We have 4 Directory server profiles for Identity servers; one for user data and one for configuration data for each server.
  I have at least reduced them to two and used only the ones initially used by the primary identity server as our user and configuration data do not reside together. User data is consumed via OVD.
  However, this does not seem to have any effect on the current behavior.
  2. All components except for the access server are on 10.1.4.2 and the access server is on 10.1.4.1
  Also below are the errors from the oblogs:
  dentity Server log
  =============
  2008/03/19@10:04:16.508530 4332 262160 PPP INFO 0x000008C7 obeventcatalog.cpp:183 "Cannot find the action" function^ObEventCatalog::GetActionEntry2Modify() actionName^ENCRYPTION_cookieEncryptionKey
  Access Server Log
  =============
  2008/03/19@10:03:56.329959 13608 1687633 CONNECTIVITY DEBUG3 0x00000201 /usr/abuild/Oblix/1014lwhf/palantir/netlib/src/obmessagechannel.cpp:601 "Received " ipaddr^10.217.209.81 ipport^1853 seqno^12 opcode^1 opcodeStr^IsResrcOpProtected Message^ro=t%253d0%2520o%253d%2520no%253d%2520r%253d%2520nr%253d%2520wu%253d/identity/oblix/apps/admin/bin/frontpage_admin.cgi%2520wh%253d10.217.209.81%2520wo%253d1%2520wa%253d0%2520ws%253d st=ma%253d2%2520mi%253d2%2520sg%253d0%2520sm%253d version=3 pd=
  2008/03/19@10:03:56.340433 3099 802864 AUTHENTICATION DEBUG2 0x00000201 /usr/abuild/Oblix/1014lwhf/palantir/aaa_server/src/aaa_service_server.cpp:2779 "Authorization successful"
  Webgate Log
  ==========
  2008/03/19@10:04:05.661000 5796 4516 HTTP_REQ DEBUG3 0x00000201 \Oblix\coreid1014\palantir\webgate2\src\isprotected.cpp:185 "Resource is protected" ResourceOperation^GET ResourceType^http Resource^//10.217.209.81/identity/oblix/apps/admin/bin/front_page_admin.cgi authnSchemeName^Oracle Access and Identity Basic Over LDAP
  2008/03/19@10:04:14.661000 5796 4516 LDAP DEBUG3 0x00000201 \Oblix\coreid1014\np_common\db\ldap\util\ldap_util2.cpp:537 "MLK-Memory leak for LDAP error information. This will show up as memory leak in LDAP SDK calls." key^25
  2008/03/19@10:04:14.661000 5796 4516 LDAP DEBUG3 0x00000201 \Oblix\coreid1014\np_common\db\ldap\util\ldap_util2.cpp:537 "MLK-Memory leak for LDAP error information. This will show up as memory leak in LDAP SDK calls." key^25
  2008/03/19@10:05:54.552000 5796 5256 CONFIG DEBUG2 0x00000201 \Oblix\coreid1014\palantir\access_api\src\obconfig.cpp:865 "Client configuration not updated"
  2008/03/19@10:05:54.552000 5796 5256 CONFIG INFO 0x0000182D \Oblix\coreid1014\palantir\access_api\src\obconfig.cpp:866 "The Access Server has returned a fatal error with no detailed information." raw_code^302
  I checked the OVD logs but did not find any error in it. Customer also tried to unprotect the /identity and /access URLs but the issue persist.
  Also I do not feel this as a bug, because this environment was working quite for few months without any such issues, also there were no changes made on the OVD/AD configurations. However, the server that hosts the OVD/AD was shut down and when it was restarted, we started experiencing this issue.

• I can't sync my iPod classic with iTunes 10 anymore. A notice comes "You don't have the adequate access rights to make modifications." What happend?

  I can't sync my iPod classic with iTunes 10 anymore. A notice comes "You don't have the adequate access rights to make modifications." What happend?

  bump

• Access rights in case of a tree-like structure, with inheritance

  Hello,
  the project I've just started to work on should include an easy way (from the user's point of view) to grant/revoke access rights on a tree-like structure with inheritance.
  Basically we are working for several international companies who want to use our application to watch/manage some of their web projects - each project belongs to one company and consisting of several 'campaigns' in several countries (there can be several campaigns per country, but each campaign belongs to exactly one country).
  From our point of view this is a tree-like structure, with a 'root' node at the top level, 'companies' at the first level, 'countries' at the second level, 'campaigns' at the third level, and modules of our application (for example a module to display overall stats of the campaing, and so on) at the fourth level. There could be (and probably will be) some more levels, but that's not important at this point - it will always be a tree-like structure.
  The customer's reqirements are natural - the administrators should be able to grant/revoke access to 'subtrees' of this structure. For example the top managers should be able to see all the data related to their company, the local managers should be able to see all the data related to their company in the country they work in, etc. On the other hand the relular employees should not see some of the modules (with details about clients of the company).
  I wonder whether this can be solved using JAAS in an elegant and flexible manner - from the documents / whitepapers / tutorials I've seen till now it seems to me it seems to me not too suitable.
  All the data will be stored in relational database (Oracle, and in some cases PostgreSQL), and it would be nice to have the access rights stored in the same way (but it's not required). We have some ideas how to solve that using a single table containing paths in the tree, but at this point it's only an idea (not a single line of code written).
  We are sure somebody has already to solve such a problem - maybe using JAAS, maybe some other technology - and we don't want to reinvent a wheel. Do you have an idea how to solve this (using JAAS or something else)?

  Well, I forgot to explain what the 'inheritance' means ...
  We do not want to set the access right on each node of the tree - we prefer (as well as the users) to set/store only as much information as needed. We'd like the nodes to inherit the access rights from their parent nodes. For example we'd like granting access to particular project to mean granting access to all campaigns in all countries (related to the project), without the need to set and store these rights for each of the campaigns/countries.

• Setting Item level access rights on sharepoint list item in ItemAdding event handler

  Hi ,
  I am using sharepoint 2013. I am trying to set item level access rights when a list item is added using the following code snippet,
  public override void ItemAdding(SPItemEventProperties properties)
  base.ItemAdding(properties);
  ConfigureItemSecurity(properties);
  private void ConfigureItemSecurity(SPItemEventProperties properties)
  var item=properties.ListItem;
  SPSecurity.RunWithElevatedPrivileges(delegate()
  using (SPSite site = new SPSite(properties.SiteId))
  using (SPWeb oWeb = site.OpenWeb())
  item.ParentList.BreakRoleInheritance(true);
  oWeb.AllowUnsafeUpdates = true;
  var guestRole = oWeb.RoleDefinitions.GetByType(SPRoleType.Reader);
  var editRole = oWeb.RoleDefinitions.GetByType(SPRoleType.Editor);
  SPGroup HRGroup = oWeb.SiteGroups.Cast<SPGroup>().AsQueryable().FirstOrDefault(g => g.LoginName=="HR Team");
  SPRoleAssignment groupRoleAssignment = new SPRoleAssignment(HRGroup);
  groupRoleAssignment.RoleDefinitionBindings.Add(guestRole);
  SPUserCollection users = oWeb.Users;
  SPFieldUserValueCollection hm = (SPFieldUserValueCollection)item["HiringManager"];
  SPFieldUserValueCollection pm = (SPFieldUserValueCollection)item["ProjectManager"];
  SPFieldUserValueCollection pmChiefs = (SPFieldUserValueCollection)item["ProjectManagerChief"];
  item.BreakRoleInheritance(true);
  item.RoleAssignments.Add(groupRoleAssignment);
  foreach (SPFieldUserValue staffMember in hm)
  SetRightsOnItem(item, staffMember, editRole);
  foreach (SPFieldUserValue staffMember in pm)
  SetRightsOnItem(item, staffMember, guestRole);
  foreach (SPFieldUserValue staffMember in pmChiefs)
  SetRightsOnItem(item, staffMember, guestRole);
  item.Update();
  private void SetRightsOnItem(SPListItem item, SPFieldUserValue staffMember, SPRoleDefinition role)
  SPUser employeeUser = staffMember.User;
  var userRoleAssignment = new SPRoleAssignment(employeeUser);
  userRoleAssignment.RoleDefinitionBindings.Add(role);
  item.RoleAssignments.Add(userRoleAssignment);
  Nothing is happening though... Is the event handler the right place to do this?
  thank you

  Hi ,
  You can refer to the code working in my environment:
  using System;
  using System.Security.Permissions;
  using Microsoft.SharePoint;
  using Microsoft.SharePoint.Utilities;
  using Microsoft.SharePoint.Workflow;
  namespace ItemLevelSecurity.ItemSecurity
  /// <summary>
  /// List Item Events
  /// </summary>
  public class ItemSecurity : SPItemEventReceiver
  /// <summary>
  /// An item was added.
  /// </summary>
  public override void ItemAdded(SPItemEventProperties properties)
  SPSecurity.RunWithElevatedPrivileges(delegate()
  try
  using (SPSite oSPSite = new SPSite(properties.SiteId))
  using (SPWeb oSPWeb = oSPSite.OpenWeb(properties.RelativeWebUrl))
  //get the list item that was created
  SPListItem item = oSPWeb.Lists[properties.ListId].GetItemById(properties.ListItem.ID);
  //get the author user who created the item
  SPFieldUserValue valAuthor = new SPFieldUserValue(properties.Web, item["Created By"].ToString());
  SPUser oAuthor = valAuthor.User;
  //assign read permission to item author
  AssignPermissionsToItem(item,oAuthor,SPRoleType.Reader);
  //update the item
  item.Update();
  base.ItemAdded(properties);
  catch (Exception ex)
  properties.ErrorMessage = ex.Message; properties.Status = SPEventReceiverStatus.CancelWithError;
  properties.Cancel = true;
  public static void AssignPermissionsToItem(SPListItem item, SPPrincipal obj, SPRoleType roleType)
  if (!item.HasUniqueRoleAssignments)
  item.BreakRoleInheritance(false, true);
  SPRoleAssignment roleAssignment = new SPRoleAssignment(obj);
  SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetByType(roleType);
  roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
  item.RoleAssignments.Add(roleAssignment);
  Thanks,
  Eric
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected].
  Eric Tao
  TechNet Community Support