Restrict Access and Viewing of Individual subfolders within a Share

I'm looking around for the simplest solution and not quite arriving at what I'm looking for. I'm moving our files over from Windows Server 2003 to 2012 and it's both simpler and more confusing for me.I understand that sharing and permissions are different, what I don't get is how to prevent sharing on a sub-folder - I can block some permissions, but not all without "too" much work.Basically here's our file structure:CompanySharedFolder (All Employees - read/write access)
--- Folder A (all access)
--- Folder B (all access)
----- Private (access for only user A or group A)
--- Folder C (all access)And my OU structure:
All Employees
--- Employee Group A
--- Employee Group B
--- Employee Group C
AdministratorsSo, if I want to prevent all but a select group or user from being able to access/view/edit a certain subfolder like "Private" above -...
This topic first appeared in the Spiceworks Community

Security roles are additive. if all users are in the default roles, which are not queue scoped, they will have that access PLUS what ever other access you define. In this case, they will have Incident Resolver to all work items PLUS incident resolver to
all work items in the queues you select. 
you'll need to work backwards on this. Create a queue for all incidents that DON'T match your security filter. (i.e. an "everything else" queue) and put this into a new role. remove all users from all roles and only add them to the new Everything
Else Incident Resolvers. 
Essentially, public access work items would be in a public access queue, and "secured" work items would only be visible to people in the default roles, or people who were specifically given access to that secured queue. 
Of course, you're still going to run into the the problem that new work items don't exist in ANY queue until the Group Calc process runs and stamps them. the default time for this is 30 seconds, so if an analyst creates a work item, they won't be able to
see their own creation until up to 30 seconds after the first save. 

Similar Messages

  • How to restrict access to views for some users in the app?

    Hi SDN!
    I have an WD application wich embedded in the portal. Appication has 2 iViews (and 2  pages respectively). These iViews consist several views connected with each other (e.g. one view provide list data, second view is add/edit form for this data). I need to restrict access for some users for view with add/edit form. I can't make separate page for this view.
    What I've done:
    1) create yet another UIContainer for this view in main window and embed view to this container. It was be done for create separate iView for form.
    2) in the portal I create iView for this form but don't embedd in any page.
    When I try to call my form from list data (that is one iView from another) I get exception:
    <b>com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: duplicate usage of view .MyCarRentalAddCity</b>
    Is there a way to get needed functional?
    Thanks,
    Lev

    Hi,
    do you need to remove the IView from the portal menu or do you just want to make a View container in your WD application invisible if the user doesn't have the rights to see it.
    If so, you could create your own roles on the app server:
    You need to create a new class that extends NamePermission like:
    import com.sap.security.api.permissions.NamePermission;
    public class ApplicationAccessPermission extends NamePermission {
               * @param name
              public ApplicationAccessPermission(String name) {
                   super(name);
               * @param name
               * @param action
              public ApplicationAccessPermission(String name, String action) {
                   super(name, action);
    Also, you have to create an Action.XML file that looks like this:
    <BUSINESSSERVICE
         NAME="com.vendor.administration">
         <DESCRIPTION
              LOCALE="en"
              VALUE="actions view usage"/>
         <ACTION
              NAME="View Permission">
              <DESCRIPTION
                   LOCALE="en"
                   VALUE="Show view"
                   />
              <PERMISSION
                   CLASS="com.vendor.utilities.ApplicationAccessPermission"
                   NAME="ShowView"
                   />
         </ACTION>
    </BUSINESSSERVICE>
    If you have created these to files in your packages, you can access this function like:
    IUser user ;
    try {
              user = WDClientUser.getCurrentUser().getSAPUser();
              if(user.hasPermission(new ApplicationAccessPermission("Show view"))){
                   wdContext.currentV_UIElement().setViewVisibility(WDVisibility.VISIBLE);
              }else{
                   wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
         }catch (WDUMException e1) {
              wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
                    e1.printStacktrace();
    You have to bind the ViewVisibility attribute of the context to the View Container you want to hide.
    The applicationAccessPermission you defined in the XML File will be visible in the UME Manager of you J2EE engine. With this action you can create a new role and group that you can map to the users that should see you view.
    But, the exception you get is because you have embedded one view twice, which is not possible.
    Hope this helps.
    Regards,
    Dennis

  • Restrict Access and Multiple Upload with Insert

    I continue to have problems with using Restrict Access to Folder with Multiple Upload with Insert. When the restrict access is enabled the uploader does not work, when it's removed it works. Any ideas?

    I've found that if I have a page that displays the kt_login_id, login and then go to that page it doesn't display the login ID. Then if I add the multiple image uploader w/ DB insert and reload the page the login ID is displayed and the uploader works, however, if I set an uploader field to the login ID it inserts and uploads everything but the login id. I thought this might have to do with the fact the the 'Restrict Access to Page' is not on the page yet. When I add it the uploader and insert stops working. I've placed the 'Restrict Access to Page' code in every possible place in the code (above the head) and the only place where the uploader/insert works is when the resrtict code is after the uploader code. But then again the login id does not get inserted. Please someone help.

  • Restrict access to modify Service Orders operations within IW32

    Hello experts,
    We have a challenge due to our certifications programs. We allow certains users to create services orders and make the selection of the task list via IW31. They also have access to IW32 so that they can release the order later on.
    I am looking for a way to block their capability to modify operations informations (wc, texts, prt,etc). So far I have explored few avenues but I am still not convinced.
    Option 1:
    -use a BADI (WORKORDER_UPDATE) and functions CO_BT* to track detail fields that were changed
    -this involves a good development
    Option 2:
    -use BADI IWO1_ORDER_BADI method AUTHORITY_CHECK_AUART_ACTIVIT
    -I couldn't find authorization object for my need...
    Option 3:
    -a check on changes docs being created or apparently there is a field VBKZ we could use to identify a object change...
    Would you have faced the same requirement?
    Thank you for your time.
    Francois Paquet

    Hi Pete, I am glad to receive an answer from you! Your other answers helped me on some other requirements.
    We have given a try to this badi and as per the documentation it works well to hide information. We will see if we can push other parameters than set invisible because we still want the information to remain visible.
    Thank you.
    Francois P.

  • Keychain displays restricted access message when I try to view passwords in both login and iCloud

    If I try to view a password for either an application or website using Keychain. As soon as I tick the box 'show password' a message pops up saying "Access to this item is restricted" How can I access and view my passwords?

    Maybe:
    Keychain password access is denied.  Any suggestions?  Thanks
    Re: Keychain Access

  • Can iPod wirelessly access and display any other shared media?

    Hi,
    Was wondering, is there any way my iPod could wirelessly access, and view a local, shared iPhoto library?
    Or if i wanted to stream a video from my shared iTunes library to my iPod, is this possible without syncing?
    'Why would i want to do this?' is a good question. Dumb questions, maybe, but just curious.
    Thanks,
    c

    There are apps like Document and FileViewer that allow you to access files on a local computer via wifi. I think there are streaming programs for the iPod but I only know those for the iPad.

  • Closing all folders and subfolders within a window with one command

    In list view, is there a way to close all folders and subfolders within a window with one command, instead of having to close each individually?
    Thanks!

    Thanks, all, for your feedback, but no cigar, yet:
    - opening folders with "option" is possible but problematic
    - none of this solves the question of closing all the folders and subfolders within a window in one shot.
    Any better solution would be appreciated.
    Thanks!

  • I have a new Macbook pro and need to run some Windows software, it appears "Parallel" should work well from what I've have read. Will I have any issues or problems accessing and printing from various printers on my Windows 7 network within Parallel?

    I have a new Macbook pro and need to run some Windows software, it appears "Parallel" should work well from what I've have read. Will I have any issues or problems accessing and printing from various printers on my Windows 7 network within Parallel? Is Parallel in fact the best way to go?

    First, back up all data immediately, as your boot drive might be failing.
    There are a few other possible causes of generalized slow performance that you can rule out easily.
    Reset the System Management Controller.
    If you have many image or video files on the Desktop with preview icons, move them to another folder.
    If applicable, uncheck all boxes in the iCloud preference pane.
    Disconnect all non-essential wired peripherals and remove aftermarket expansion cards, if any.
    Check your keychains in Keychain Access for excessively duplicated items.
    If you have more than one user account, you must be logged in as an administrator to carry out this step.
    Launch the Console application in the same way you launched Activity Monitor. Make sure the title of the Console window is All Messages. If it isn't, select All Messages from the SYSTEM LOG QUERIES menu on the left. If you don't see that menu, select
    View ▹ Show Log List
    from the menu bar.
    Select the 50 or so most recent entries in the log. Copy them to the Clipboard (command-C). Paste into a reply to this message (command-V). You're looking for entries at the end of the log, not at the beginning.
    When posting a log extract, be selective. Don't post more than is requested.
    Please do not indiscriminately dump thousands of lines from the log into this discussion.
    Important: Some personal information, such as your name, may appear in the log. Anonymize before posting. That should be easy to do if your extract is not too long.

  • HR data administration and reporting - restricting access

    Hello All
    We have a single role for HR data adminsitrators.  There is no distinction on PA, PSA u2013 no further breakdown u2013 everyone gets to see everything and they have access to change everything.  How may we restrict access?  Any help would be greatly appreciated.

    Hi,
    Please let me know if you are using Structural authorizations.
    For non-structural security, without any breakdown on PA, PSA, EE groups/subgroups, you may use Organizational key (VDSK1 field of Auth object P_ORIGIN) to restrict the data access.
    In the standard configuration, the field is filled with the values of Personnel Area and Cost Center.In Customizing activity, you can set up Organizational Key and define your own rules for the field.  Ex: Organizational Key with an employeeu2019s Organizational Unit and Cost Center. It can be configured to include any of the data from Infotype 0001 (Organizational Assignment) within HR.
    The Organizational Key essentially provides an additional user-defined field to be used for security restrictions.
    Hope it helps!
    Thanks,
    Sandipan

  • Internet access problems and viewing video on internet

    I have very limited interet access most of the time.  I get a message: "You are not currently in an area that can handle data communication.  ..."  I have no problem with email and other features of the phone during this time.  The signal at the top of my phone says "GSM".  When I am able access the internet, it give me a different signal (can't remember what that is, however).  Even then, I cannot view most video clips, such as YouTube clips.  They will not load all the way.  It states, "Error has occurred in attempting to play media."  Help!

    I have unlimited internet access, so that's not the problem.  Right when I got the phone, I replaced the original data card with a 4G card and enabled mass storage.  I have (since my first post) had more access capability by enabling the WiFi (da) which finds my wireless connection at home.  I've also been able to view a video clip, not successfully all the way through, however.  During viewing, the phone appears to crash, i.e. the screen goes white and then it takes 3-5 minutes for it to reboot.  This has also happened when the phone has not even been being used.   Also, as I was surfing the net, the phone asked if I wanted to enable Javascript which I did.  Is there anything else that I need to enable or do to the phone in order to have a more pleasant experience using the internet and viewing video clips? 

  • Multiple users access one iPhoto library and view and edit

    I have 3 Macs and 5 users in our family. I'd like to have one iPhoto library that any user can access from any of the machines and view and/or edit. I don't need simultaneous access (which from reading posts I can see is not possible in iPhoto).
    If I move the library to external HD will I be able to access the libary from each Mac over Wi-Fi? From what I read I'd need to hold ALT when opening iPhoto in each user account, on each Mac, and choose the library on the external drive.
    If I set it up like this then once photos imported any user can see them, and edit if they want to? Presumably any Projects would be in the one central library rather tan being specific to a particular user?

    Yes and no
    the hard drive that the iPhoto sits on must be formatted Mac OS extended (jorunaled)
    iPhoto is not a multi user program and if two different people edit atthe same time it will not wrok correctly
    Most importantly WiFi is not a reliable connection and has many dropouts - if you edit over WiFi you are highly likely to lose data and corrupt yoru library - it is not a good idea - viewing is slow but will work
    LN

  • HT1657 after renting a move and starting viewing I can not stop it and come back to in within the time frame. If i stop it it goes away not able to find it. Just like I did not rent it at all.

    after renting a move and starting viewing I can not stop it and come back to in within the time frame. If i stop it it goes away not able to find it. Just like I did not rent it at all.

    Hi,
    We have rolled out a fix for this issue.
    Please log off and log back in to your machine and the issue should be resolved automatically. In case that does not work, please manually run the msi installer posted here (may require reboot).
    For details, please refer to the KB article here: Multiple RunOnce keys created 11.0.10 and 10.1.13 Acrobat | Reader
    Please let us know if you still face any issues.
    Thanks,
    Ashu Mittal

  • How to copy folder with files and subfolders within it  to another folder

    how to copy a folder with files and subfolders within it to another folder

    http://javaalmanac.com/egs/java.io/CopyDir.html?l=new

  • Importing images from all subfolders within a directory and only within that directory

    Hi All
    I volunteered to oragnise my grandmas photo collection after I started using lightrooom.
    My experience of lightroom started off great but has gone down hill since then. This should be very easy to do. Contanstant propblems now being able to read LR4 catalogs and upgrade them to LR5 format
    My most recent problem is I have copied the entire contents of my grandmas computer to a portable hard driv
    Drive I:\ directory I:\grandma.
    I now want to create a new catalog in lightroom so I can import all her photos (scattered all over the computer in various files, she had no structure) into one single folder, so everything is organised.
    The problem is (I have tried lightroom 4 and 5 each with a different problem):
    In lightroom 5 I open a new catalog, open the import dialog and point it to the directory I:\grandma, then I click the show all subfolders (it only recognises 150 image but there are at least a few thousand) I think it is only recognising the immediate folder even though I have the ALL photos option selected, and the copy all photos and import from subfolders options selected.) At the very least it is not recognising all the subfolders, in some cases there are about seven levels.
    What is the maximum number of images you can import in one go? And how many nested subfolders can you have?
    In lightroom 4 I open a new catalog and open the import dialog and point it to I:\grandma. However this time the import dialog box returns photos which I know are not in the directory I:\ grandmas. It is displaying a lot of my photos in the import dialog box (even though I have clearly selected the I:\grandma directory. when I use show in explorer I can see it is showing images from my C drive that it wants to import.
    Why is it doing this when I have clearly selected I only want to import my grandmas photos into the catalog from the directory I:\grandma?
    I have also followed Pete Green's directions here to 1. optimise the catalog ( I did it however not sure of the point when it is a new catalog with no images in it) and 2. remove xmp files of which there are none (see point 1.) http://forums.adobe.com/thread/1231573
    Please help.

    UPDATE--> Manually adding folders (drag from explorer and drop on music libray) appears to be functioning as a work around. I have been testing individual folders and so far so good.
    While this may be a workaround i have HUNDREDS of folders! =(

  • Restricting access between the hours of 9am and 5pm

    i need help in creating policy to restrict access between office hours. i have created the function,
    but don't know how to link this up with my database. below is the function i created
    create or replace function office_hrs_only
    (p_schema IN VARCHAR2 DEFAULT NULL,
    p_object IN VARCHAR2 DEFAULT NULL)
    return VARCHAR2
    AS
    BEGIN
    RETURN 'to_char(sysdate,''HH24'') between 9 and 17';
    END;
    regards,
    christina

    Hi, Christina,
    christylong wrote:
    i need help in creating policy to restrict access between office hours. i have created the function,
    but don't know how to link this up with my database. below is the function i createdAre you trying to implement a row-level security policy? If so, you need to call dbms_rls.add_policy, as shown in the Packages and Types manual:
    http://download.oracle.com/docs/cd/B28359_01/appdev.111/b28419/d_rls.htm#i1000830
    create or replace function office_hrs_only
    (p_schema IN VARCHAR2 DEFAULT NULL,
    p_object IN VARCHAR2 DEFAULT NULL)
    return VARCHAR2
    AS
    BEGIN
    RETURN 'to_char(sysdate,''HH24'') between 9 and 17';
    END;Remember, TO_CHAR returns a string, so you should compare it other strings, not numbers. Try this:
    RETURN  'to_char(sysdate,''HH24'') between ''09'' and ''16''';If you make the upper limit '16', then people will be able to use the table as late as 16:59:59, that is, one second before 5:00 PM.
    That's not completely intuitive, is it? Maybe it would be better if you said:
    RETURN  'to_char(sysdate,''HH24:MI:SS'') between ''09:00:00'' and ''17:00:00''';Edited by: Frank Kulash on Aug 21, 2011 12:11 AM

Maybe you are looking for

  • How to display multi-line event in Ical

    I read that you could display multiple lines of an event description in ical using Option-enter. This works...However, after I select "All Day" event, it reverts it back to single line display on my monthly view. I want to be able to print my ical Mo

  • Insert returning clause in Batch operation

    I believe "insert returning" clause is not allowed in JDBC Batch operation, Is there any alternative way to achieve the same? version: 10g release 2. My requierment: 1. I would like to know the inserted value(sequence) after insert. 2. It is kind of

  • Universe Objects in DESKI Reports - Usage

    Hi All, I have 100+ DESKI reports and all of the reporting comes from one Universe. What I am trying to understand is which objects get used the most from those 100+ DESKI reports. I am using BOXI Rel 3 SP 3 The reason I am asking this question is fi

  • I do not remember the password to Skype

    I can not connect to Skype I did a reset password, but it does not help. Username: [Mod edit: Please do not include personal/private information when making a public post. Thanks!] Password: I do not remember I want a new password New email - [e-mail

  • How to find the rfc name

    hello, when a rfc is called in another system, there will be rfc name inside which will be connected to the called system. how can we find the rfc name which is connected to the called system ? Required immediately. Point rewarded. Prashanth