Script of user grants

Similar Messages

• How and where can i do a "User GRANT to SYSADM,SYSCTRL,.." ?

  Hello all,
  the first time we installed a new SAP-System with sapinst on DB2/LUW V9.
  SAP works. (As yet we "drove" DB2 only on z/os)
  SAP Created four db2 User : DB2<SID>, <SID>ADM, SAP<SID> and SAP<SID>DB!
  They all have no "Grant" privilege?
  How and where can i do a User grant to SYSADM,SYSCTRL,.. ,
  there's no admin?
  Thanks a lot!
  Markus

  Hi Markus,
  in addition to explicit GRANTs DB2 LUW has the concept of privileges.
  db2<dbsid> is instance owner and part of the SYSADM group db<dbsid>adm.
  <sapsid>adm is part of the SYSCTRL group db<dbsid>ctl.
  sap<sapsid> is part of the SYSMAINT group db<dbsid>mnt.
  In addtion to that <sapsid>adm is DBADM. This right is explicitly granted during the installation with SAPInst.
  The relationship between OS group and privilege is controlled by the database manager configuration parameters SYSADM, SYSCTRL and SYSMAINT.
  The rights of these privileges are described in the DB2 documentation.
  Regards, Jens

• Auditing non-dba user grants?

  Hi,
  I'm trying to audit if an user grants a privilege on their objects to another user. ex:
  show user
  USER is "TESTUSER1"
  grant select on mytable1 to testuser2I'm trying with "AUDIT GRANT ANY OBJECT PRIVILEGE BY ACCESS" but it only audit grants/revokes performed by DBA user.
  Also I'm trying whit "AUDIT GRANT TABLE BY ACCESS" but nothing appears in audit trail.
  How can I do it?
  Oracle version 11.1.0.6
  audit parameters:
  audit_sys_operations                 boolean     TRUE
  audit_trail                          string      DBRegards

  Ok, I know what was happening.
  I was testing it without closing the test-user session. I didn't know that the AUDIT GRANT won't work in the active sessions at activation time.
  ex:
  TERMINAL 1:
  $ sqlplus '/as sysdba'
  SQL*Plus: Release 11.1.0.6.0 - Production on Vie Abr 26 11:44:04 2013
  Copyright (c) 1982, 2007, Oracle.  All rights reserved.
  Conectado a:
  Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> show parameter audit_trail;
  NAME                                 TYPE        VALUE
  audit_trail                          string      DB
  SQL> audit resource, connect;
  Auditoría terminada correctamente.
  SQL> create user testuser1 identified by ****;
  Usuario creado.
  SQL> create user testuser2 identified by ****;
  Usuario creado.
  SQL> grant resource, connect to testuser1;
  Concesión terminada correctamente.TERMINAL 2:
  sqlplus
  SQL*Plus: Release 11.1.0.6.0 - Production on Vie Abr 26 11:45:19 2013
  Copyright (c) 1982, 2007, Oracle.  All rights reserved.
  Introduzca el nombre de usuario: testuser1
  Introduzca la contraseña:
  Conectado a:
  Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> create table TEST_TABLE (n number);
  Tabla creada.
  SQL> grant select on TEST_TABLE to testuser2;
  Concesión terminada correctamente.
  SQL> revoke select on TEST_TABLE from testuser2;
  Revocación terminada correctamente.
  SQL> drop table TEST_TABLE;
  Tabla borrada."testuser1" session still open in terminal 2.
  TERMINAL 1:
  SQL> set linesize 190
  SQL> col OBJECT format A30
  SQL> select USERNAME, TIMESTAMP, ACTION_NAME, OWNER || '.' || OBJ_NAME OBJECT, SES_ACTIONS from dba_audit_trail where USERNAME='TESTUSER1' order by TIMESTAMP;
  USERNAME                       TIMESTAMP            ACTION_NAME                  OBJECT                         SES_ACTIONS
  TESTUSER1                      26-ABR-2013 11:45:22 LOGON                        .
  TESTUSER1                      26-ABR-2013 11:45:35 CREATE TABLE                 TESTUSER1.TEST_TABLE
  TESTUSER1                      26-ABR-2013 11:46:00 DROP TABLE                   TESTUSER1.TEST_TABLE
  SQL> AUDIT GRANT TABLE;
  Auditoría terminada correctamente.The AUDIT GRANT TABLE is now activated, but it won't work yet...
  TERMINAL 2 (testuser1 session was still opened):
  SQL> create table TEST_TABLE2 (n number);
  Tabla creada.
  SQL> grant select on TEST_TABLE2 to testuser2;
  Concesión terminada correctamente.
  SQL> revoke select on TEST_TABLE2 to testuser2;
  revoke select on TEST_TABLE2 to testuser2
  ERROR en línea 1:
  ORA-00905: falta una palabra clave
  SQL> revoke select on TEST_TABLE2 from testuser2;
  Revocación terminada correctamente.
  SQL> drop table TEST_TABLE2;
  Tabla borrada.TERMINAL 1:
  SQL> select USERNAME, TIMESTAMP, ACTION_NAME, OWNER || '.' || OBJ_NAME OBJECT, SES_ACTIONS from dba_audit_trail where USERNAME='TESTUSER1' order by TIMESTAMP;
  USERNAME                       TIMESTAMP            ACTION_NAME                  OBJECT                         SES_ACTIONS
  TESTUSER1                      26-ABR-2013 11:45:22 LOGON                        .
  TESTUSER1                      26-ABR-2013 11:45:35 CREATE TABLE                 TESTUSER1.TEST_TABLE
  TESTUSER1                      26-ABR-2013 11:46:00 DROP TABLE                   TESTUSER1.TEST_TABLE
  TESTUSER1                      26-ABR-2013 11:47:16 CREATE TABLE                 TESTUSER1.TEST_TABLE2
  TESTUSER1                      26-ABR-2013 11:47:52 DROP TABLE                   TESTUSER1.TEST_TABLE2Lets close and reopen "testuser1" session
  TERMINAL 2:
  SQL> exit
  Desconectado de Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  $ sqlplus
  SQL*Plus: Release 11.1.0.6.0 - Production on Vie Abr 26 11:48:19 2013
  Copyright (c) 1982, 2007, Oracle.  All rights reserved.
  Introduzca el nombre de usuario: testuser1
  Introduzca la contraseña:
  Conectado a:
  Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> create table TEST_TABLE3 (n number);
  Tabla creada.
  SQL> grant select on TEST_TABLE3 to testuser2;
  Concesión terminada correctamente.
  SQL> revoke select on TEST_TABLE3 from testuser2;
  Revocación terminada correctamente.
  SQL> drop table TEST_TABLE3;
  Tabla borrada.Now the grant/revoke is audited:
  TERMINAL 1:
  SQL> select USERNAME, TIMESTAMP, ACTION_NAME, OWNER || '.' || OBJ_NAME OBJECT, OBJ_PRIVILEGE, GRANTEE from dba_audit_trail where USERNAME='TESTUSER1' order by TIMESTAMP;
  USERNAME                       TIMESTAMP            ACTION_NAME                  OBJECT                         OBJ_PRIVILEGE    GRANTEE
  TESTUSER1                      26-ABR-2013 11:45:22 LOGOFF                       .
  TESTUSER1                      26-ABR-2013 11:45:35 CREATE TABLE                 TESTUSER1.TEST_TABLE
  TESTUSER1                      26-ABR-2013 11:46:00 DROP TABLE                   TESTUSER1.TEST_TABLE
  TESTUSER1                      26-ABR-2013 11:47:16 CREATE TABLE                 TESTUSER1.TEST_TABLE2
  TESTUSER1                      26-ABR-2013 11:47:52 DROP TABLE                   TESTUSER1.TEST_TABLE2
  TESTUSER1                      26-ABR-2013 11:48:26 LOGON                        .
  TESTUSER1                      26-ABR-2013 11:48:39 CREATE TABLE                 TESTUSER1.TEST_TABLE3
  TESTUSER1                      26-ABR-2013 11:48:46 GRANT OBJECT                 TESTUSER1.TEST_TABLE3          ---------Y------ TESTUSER2
  TESTUSER1                      26-ABR-2013 11:48:56 REVOKE OBJECT                TESTUSER1.TEST_TABLE3          ---------N------ TESTUSER2
  TESTUSER1                      26-ABR-2013 11:49:02 DROP TABLE                   TESTUSER1.TEST_TABLE3
  10 filas seleccionadas.Anyway, thanks Balazs Papp because i was looking for the AUDIT GRANT ON DEFAULT ;)
  Regards

• Script for Users, Roles,Grant,Tablespace

  Hi,
  Please guide me on the following .
  I am moving database to new Unix server .
  so can I create the script which will check the existing Users, Roles, Grants, Tablespaces from current database and store that data.
  And using same soared data I want to create the same " Users, Roles, Grants, Tablespaces" using the script.
  Can i do this. Please guide me how to do this so I will help me to move database
  Thanks,
  Amol

  You should run ?\rdbms\admin\utlrp (note the ?, which is shorthand for ORACLE_HOME) from the database server. to make sure you have the correct script. You can call sqlplus from Toad easily.
  The script affects PL/SQL only. PL/SQL resides in the SYSTEM tablespace in the SYS schema. You don't have 400G of PL/SQL. It should take a few minutes only.
  The SYSTEM schema WILL be imported. SYS will not be imported, but automagically recreated. The only thing you will miss is Grants which have been made by SYS directly to end-users or roles, outside those defined in catalog.sql
  Sybrand Bakker
  Senior Oracle DBA

• Script to create grants and synonyms for objects in database

  Hello,
  We are building a patch to be applied to the production environment. I want to create a script/sql query that builds a list of grants and synonyms for all the objects created after august 09.
  for ex:
  create or replace synonym abc for schema_name.abc;
  Grant execute on abc to user_xyz;
  How can I use Oracle's data dictionary to do this?
  thankz

  Hi,
  You'll probably want to use these views:
  user_objects - includes created (DATE) column.
  user_synonyms
  user_tab_privs - not just tables (e.g., includes EXECUTE privileges on functions).
  Data dictionary views beginning with 'user_' cover objects owned by the current user only.
  Almost all of the data dictionary views (and all of the three mentioned above) also have 'all_' and 'dba_' versions.
  For example:
  all_objects inculdes everything in user_objects, plus objects in other schemas on which the current user has privileges.
  dba_objects include every object in the database. (Not everyone is allowed to see the dba_ views.)
  Here's one of many possible ways to use these views:
  SELECT     'GRANT '
  ||     privilege
  ||     ' ON "'
  ||     table_name
  ||     '" TO '
  ||     grantee
  ||     CASE
            WHEN  grantable = 'YES'
            THEN  ' WITH GRANT OPTION;'
            ELSE  ';'
       END
  FROM     user_tab_privs
  WHERE     table_name  IN (          -- Only interested in objects created after August 9
                   SELECT  object_name
                   FROM    all_objects
                   WHERE   created >= TO_DATE ( '10-Aug-2009'
                                                         , 'DD-Mon-YYYY'
  ;

• Is there a way to script finding users in Unity and CUCM

  I currently get a list once a month of all users who no longer work for our company. As we roll out more VOIP installs the list grows and the old way of doing things needs to change. Currently I search one by one through CUCM and Unity to see if the user is assigned a phone. I would like to be able to pull a list of all users from both Unity and CUCM put that into a spread sheet and then compare my attrition spread sheet to that spread sheet therby speeding up the process of determining which users might be assigned a phone.
  Note company hires warehouse workers and they come and go frequently and are not assigned phones but, they along with users with phones are all dumped into a spread sheet so I have no way of know who is who.
  1. I have a spread sheet with names on it both people with and without phones
  2. I would like to download a list so I can compare the two and determine which ones have phones
  I am open to other ideas and suggestions to make the laborious task easier.
  Thank You in advance

  Seems easy enough on the face of it - unless there's something I'm not getting - are you talking Unity or Unity Connection (folks often just say "Unity" as shorthand for either) - if you're dealing with Unity then you'll have to dance with ODBC which isnt' the end of the world but doing it from "script" is going to be a challange.  If you're talking about Unity Connection you can also use ODBC but you have the option for an HTTP REST search for users by name.
  So it's just a matter of searching by name and getting matches back (names are not guranteed to be unique of course, assuming you mean name as first/last/display name and not alias).  It can kick out all matches I suppose and include the extension number.  Unity and Unity connecton _always_ have extension numbers (it's required) so I'm unsure what someone "without a phone" would look like in Unity/Connection - that's a bit odd - how do they check messages?  And without a phone why do they have a voice mail account?

• Run Apple Script in User Space

  Hi,
  My application runs in administrator privileges . I want to run an apple script from the application in user space .
  Please guide me .
  Thanks

  Please be more specific about what you're trying to do. An applescript run with administrator permissions should have no problem running within the context of a non-admin user. What problem are you running into?

• Script for user setup in Discoverer

  Do anyone have a script that I can use to scan a table or spreadsheet with User names and Business areas and setup the users in Discoverer. I need to setup lot of users in Discoverer and manually doing them is a time taking process.
  Thanks in advance

  Darn good idea, but I've never heard of anyone having such a thing.
  Note that if an Oracle Apps EUL, then all the Apps users and responsibilities are already in the EUL per se, just not associated to a business area via security. Likewise, if a non-Apps EUL, then all database user and responsibilities are already in the EUL per se, just not associated to a buseinss area via security.
  So, it's just the security you need to set up. Also, note that user: PUBLIC has the defaults for new users so maybe you can use that to save some time.
  Again, though, I've never heard of it but conceivable as there may be 1 or more EUL tables that can be updated by SQL outside of Disco.
  If you 'crack it', pls post as it would be a valuable bit of code.
  Russ

• Powershell Script: Add users from an OU to an AD security Group

  Hi
  can anybody point me to a link or have a script which I can get a list of users from an OU then put them into an AD security group
  Regards

  Hi - thanks for the info the script didn't run as expected.
  What we are trying to achieve is that we have an OU with several child OU's below and we need to capture all user accounts from al OU's and then either be able to export to a CSV or pipe the out put to an AD group
  dsquery user "OU=organizationalunit,DC=name,dc=com" -limit 0 >>
  filename.txt
  with the filename.txt you can do this:
  for /f "tokens=* delims= " %i in (filename.txt) do dsmod group "CN=groupname,OU=organizationalUnit,DC=name,DC=com" -addmbr %i
  or, just pipe the initial results into the dsmod command:
  dsquery user "OU=organizationalunit,DC=name,dc=com" | dsmod group "CN=groupname,OU=organizationalUnit,DC=name,DC=com" -addmbr

• Business Objects Dashboard External HTML/JAVA Script Link - User Authentication Depolyment Q

  <p>Hello,</p><p>I have a rather unstructured problem here and am relatively new to Business Objects Enterprise. </p><p>We have users who are authenticated through Business Objects. The login sets their access levels and permissions. In addition to the BO reports, we would also like to link through BO Dashboard a JAVA Script webpage.</p><p>The JAVA Script and Business Object software sits on the same webserver.</p><p><strong>The problem is that through BO Dashboard and also an external URL link we can only pass a static link (i.e. /some directory/some doc.html) and not a dynamic userid with the URL, which changes based on the user (i.e. /some directory/some doc.jsp?UID=user1).</strong></p><p>The solution might be to insert a Business Object API call that can determine the user who is currently logged in? Or, if there is some way around the static html link through Business Objects Dashboard?</p><p>Any ideas or thoughts would be deeply appreciated.</p><p>Thanks,</p><p>Joe</p>

  Are you setting Business Objects up as an external application?
  If so, what parameters are you using to set it up?
  Based on the fact that you're seeing the basic auth dialog, you probably need to specify
  that it's using basic auth -- not GET.

• A user granted with alter user privilege

  Dear all
  i have granted a user with create user, alter user system privilege so that he can create or alter users. But i found the user is able to alter the sys and system also.
  Tell me how to restrict the user so that he can not effect sys and system.

  Yes. I have created device collection with
  installed specific software and used  this collection to pull report from out the box report for Primary Device users( Not sure about exact report name but similar) for
  this collection. Did some excel work to find primary device user.
  But looks like there is no straight forward solution. It would be great if i know how to import multiple users from a text/csv file into a User collection.
  Thanks

• Two fields, two scripts. User can enter data into field 1 or 2

  Hi all,
  New here, and to acrobat forms, so please bear with me!
  What I'm trying to achieve is a form that calculates total invoice value, based on a total number of hours worked, and a rate. The user fills in the total hours, but then the problem is that some people know their fixed rate, and others have a changing rate. Those with a changing rate simply know the amount they are invoicing for. What I'd like, is a way for the TotalInvoice value to be calculated by Rate*TotalHours when the user enters a value into the Rate field... OR ... for Rate to be calculated by TotalInvoice/TotalHours when the user enters a value into the TotalInvoice field.
  I can make it go one way or the other (so the script is only in TotalInvoice field or the Rate field), but I can't manage to get it to go both ways. Is this possible?
  To summarise: User can enter manually into Field1 and value of Field2 is calculated, or user can enter manually into Field2 and Field1 is calculated.
  Thanks!

  What you propose can be difficult, becuase you're describing a circular reference between the two fields. When the 1st value changes, you want the 2nd value to be calculated based on the 1st value. But when the 2nd value changes, you want the 1st value to be calculated based on the 2nd, ad infinitum. There are ways to short-circuit the loop, but it depends on whether you need to do the calculation only when there is manual entry, or whether you need it to work when either field value changes programmatically or by importing form data.
  Sometimes it's just easier to have the user press a button to calculate and set the other field value.

• App-V 5 and scripts in user context

  Hello,
  I'm trying to figure out how scripting works in App-V 5, and I'm having an issue with it.
  I've read
  Scripting and Embedded Scripting for AppV 5.0 (Dynamic Deployment and User Configuration Scripting) and
  About Scripts in App-V 5.0, but still have a question about scripting in version 5.
  Via the UserConfig.xml I start a StartVirtualEnvironment and a StartProcess, just to test the behavior:  
  <UserScripts> 
  <StartVirtualEnvironment  RunInVirtualEnvironment="false">
    <Path>cmd.exe</Path>
    <Arguments>/c "\\servername\content$\batchtest_StartVirtualEnvironment.cmd"</Arguments>
    <Wait RollbackOnError="false"/>
  </StartVirtualEnvironment> <StartProcess RunInVirtualEnvironment="false">
  <Path>cmd.exe</Path>
  <Arguments>/c "\\servername\content$\batchtest_StartProcess.cmd"</Arguments>
  <Wait RollbackOnError="false"/>
  <ApplicationId>[{AppVPackageRoot}]\7zFM.exe</ApplicationId>
  </StartProcess>
  </UserScripts>
  This is one of the batch scripts that is triggered using the UserConfig.xml-file:
  REM batchtest_StartVirtualEnvironment
  echo username: %username% > c:\temp\AppV5ScriptTest.txt
  echo hostname: %computername% >> c:\temp\AppV5ScriptTest.txt
  echo userdomain: %userdomain% >> c:\temp\AppV5ScriptTest.txt
  echo ALLUSERSPROFILE: %ALLUSERSPROFILE% >> c:\temp\AppV5ScriptTest.txt
  echo USERPROFILE: %USERPROFILE% >> c:\temp\AppV5ScriptTest.txt
  echo APPDATA: %APPDATA% >> c:\temp\AppV5ScriptTest.txt
  echo LOCALAPPDATA: %LOCALAPPDATA% >> c:\temp\AppV5ScriptTest.txt
  After starting the app on the client, this is the output of both batch scripts:
  username: MachineName$
  hostname: MachineName
  userdomain: DomainName
  ALLUSERSPROFILE: C:\ProgramData
  USERPROFILE: C:\Windows\system32\config\systemprofile
  APPDATA: C:\Windows\system32\config\systemprofile\AppData\Roaming
  LOCALAPPDATA: C:\Windows\system32\config\systemprofile\AppData\Local
  Only %userdomain% and %hostname% are correct. It seams that all other things are running in SYSTEM context? For example %AppData% isn't pointing to C:\USERS\ ..
  I'm I doing something wrong here?
  (I'm on Windows 7 x64 SP1 as client with App-V 5.0 RTM, sequencing machine is a Win7x86 SP1) 

  We experience the following:
  When creating a App-V 5.0 package for a network application we receive the following error
  Environment:
  Windows 7 x86 Sequencer
  Sequencer: 5.0.285.0
  Sequencing the application
  Start the sequencer
  Give the package a name
  Set the PVAD to C:\Users\Administrator\Desktop
  Create a shortcut on the desktop to
  \\server\share\application.exe
  Set 3 HKLM keys in the registery under HKLM/Software/Vendor/Application
  Save the package.
  Results
  When starting the package we receive the following error message:
  Toepassingspop-up: Ats.exe - Toepassingsfout : Kan de toepassing niet correct starten (0xc0000142). Klik op OK om de toepassing te sluiten.
  Also the following notification is presented in the App-V/Admin event logs:
  The virtual application '\\FQDN\SHARE$\PROGRAM.exe' could not be started because the App-V Subsystem 'Virtual Shell' could not be initialized. {error: 0x8DC02325-0x5}
  Seems like the same issue...

• Launchd - can it run a script when users log in OR switch?

  I'm hoping to find someone who knows all the gory details of launchd. Here's the why and what: I'm trying to coerce Aperture into letting two users on the same computer share the same Aperture Library, both able to import photos and see and use what the other has done. Initially it is no problem, change the permissions so everyone has read/write/execute, put the Library in a common area, and point both person's Aperture at it. The problem is that Aperture changes permissions of things inside the Library as you use it, and especially when one person imports, the other person can't see that stuff.
  So I want to run a script whenever someone logs in or becomes the active user by fast user switching; the script will simply change ownership and permissions of the library and everything in it to restore full access.
  After days of research and testing, I made a test launchd plist file (this is the configuration file or agent that launchd looks at and runs your script when criteria are met). It sits in /Library/LaunchAgents/, here it is:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
  <key>Label</key>
  <string>org.jim.test</string>
  <key>LimitLoadToSessionType</key>
  <string>LoginWindow</string>
  <key>ProgramArguments</key>
  <array>
  <string>/Library/Scripts/testscript.sh</string>
  </array>
  <key>RunAtLoad</key>
  <true/>
  <key>StandardErrorPath</key>
  <string>/Users/jim/Desktop/test.err</string>
  <key>StandardOutPath</key>
  <string>/Users/jim/Desktop/test.out</string>
  </dict>
  </plist>
  The actual test script is sitting in /Library/Scripts/:
  #!/bin/bash
  echo "org.jim.test.plist was run at `date`"
  So if the plist is loaded and the script run, the date and time are written in the test.out file on my desktop. This thing runs great when a user logs in. The problem is, it doesn't run when users switch by fast user switching. In reading the documentation, it was vague about this, whether that could be done; I thought it could.
  Can anyone help with a way to get the script to run when any user takes control by any means? As an added complication, which I'll worry about later, the script has to run as root because it's the only way to get the ownership and permissions changed.
  Thanks,
  Jim

  BobHarris is the MAN. ACLs seem to have worked. I put the Aperture Library in /Users/Shared/ApertureLibrary, restored the regular permissions as best I could (me as owner, staff as group, 755), pointed each person's Aperture to the library, then proceeded with the ACL magic. First I created a group for my wife and I, called 'aperture', in the Accounts preference pane. That was to simplify the ACLs (one entry instead of 2) and so that other users (son) aren't able to muck it up.
  It took one stinking Terminal command (note that 'aperture' at the beginning of the quote is the group, not the program, folder or library):
  chmod -R +a "aperture allow list,addfile,search,delete,add_subdirectory,delete_child,file_inherit,directoryinherit" ApertureLibrary.aplibrary
  I was unsure whether this list of permissions was necessary or sufficient, but it seems to have worked so far. Both users can access the library. I imported a different picture by each user, and the other user could then see and delete the picture imported by the other. This was not possible before.
  Bob, thanks for the great idea. After a little more testing I'll post a complete how-to in the latest "how do we share Aperture" thread, and give you due credit. The bad news is all the launchd fun is over
  Jim

• ID CS5 on Mac 10.5.8 can't run java scripts from User folder

  I seem to have a problem with my java scripts in ID on my Mac. I store them in my user scripts folder, but while I can run any applescripts in the folder, doubleclicking on any of the java scripts gets me exactly nothing. If I open the scripts in Extend Script Toolkit and run them from there, they will work, but I can't run them from within ID. The scripts in the Sample Script folder work. I've tried changing the script extentions, I've opened them in the toolkit and resaved them. Still no response at all when I doubleclick on them in the scripts panel. Any idea what could be wrong? I can run the same scripts from within ID on my Windows laptop, so I don't think the scripts themselves are at fault. In fact, I just moved them into the Sample scripts folder, and they run with no problem. Does the User script folder just not work?

  Not sure what a screenshot will tell you, but here you go.
  Well, I was hoping that the icon next to the scripts would be instructive.
  Apparently not, though!
  You said the same scripts work fine if you move them into the Application Scripts folder, specifically the Sample Scripts folder. I assume, then, that the sample scripts also break if moved to the User Scripts folder?
  Is your User Scripts folder (and thus your home directory) on a non-local (network) filesystem? Are the permissions on it wacky? If you Reveal In Finder it, and Get Info, do you see anything out of the ordinary?
  What if you delete it (err, move it aside) and recreate it?
  This seems pretty strange...