Securables - Deny Access to Specific Tables

Hello,
I have a group contained in the Logins folder which I want to deny specific access to. These tables contain information that I do not want anyone in the group to access at any level. Under the Login Properties for this user, the "Search..." I'm
unable to select the specific tables I want to deny access to. Any help in how to do this would be greatly appreciated.
Greg
Greg Whipkey

Setup database role, permission it and assign database user(s) to the role.
The following thread is on the same topic:
http://social.msdn.microsoft.com/Forums/en-US/faa9ae0f-9aea-4141-b549-fd0bc2fb4483/user-defined-database-roles
BOL CREATE ROLE:
http://technet.microsoft.com/en-us/library/ms187936.aspx
BOL CREATE (database) USER:
http://technet.microsoft.com/en-us/library/ms173463.aspx
BOL sp_addrolemember:
http://technet.microsoft.com/en-us/library/ms187750.aspx
Kalman Toth Database & OLAP Architect
Free T-SQL Scripts
New Book / Kindle: Exam 70-461 Bootcamp: Querying Microsoft SQL Server 2012

Similar Messages

How To Restric all kind of access to 2 specific tables in SQL Server for all Users.Instead of table we would like users to go through View.

Hi All,
I am looking at an Technical solution for Restricting the direct access some specific tables in my data base to all the users(Except admins and few Service accounts). However views created on top of these tables would be exposed to all Users.
Could any one help me with the best solution.
Thanks in advance,
Regards,
Raja Suri

Hello,
You can try to create a new role "Client_User" in the database and deny access to the new role on the specify tables. And then add all user which you want to restricting the direct access the specific tables to the database role.
For example:
Use Database
CREATE ROLE [Client_User] AUTHORIZATION db_securityadmin;
DENY SELECT ON OBJECT::schema.table TO [Client_User] ;
EXEC sp_addrolemember 'Client_User', 'username';
Regards,
Fanny Liu
Fanny Liu
TechNet Community Support

Applet Error:java.security.AccessControlException: access denied

Hi,
I just successful deploy an business component project to oralce 8.1.6 as an EJB Session bean, and
the test of application module is successful. In the same workspace, I create an new project with
an applet(which contains only an grid control)as a client of the business component. Everything works
fine within the Applet viewer, however, when I trying to load the applet in IE5.5 I got the following
error message in java console:
Java(TM) Plug-in
Using JRE version 1.2.1
User home directory = D:\Documents and Settings\ERic
Proxy Configuration: no proxy
JAR cache enabled.
Failed to query environment: 'access denied (java.util.PropertyPermission jbo.debugoutput read)'
Diagnostics: Silencing all diagnostic output (use -Djbo.debugoutput=console to see it)
Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.timing read)'
Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.function read)'
Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.level read)'
Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.linecount read)'
Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.trace.threshold read)'
Failed to query environment: 'access denied (java.util.PropertyPermission jbo.jdbc.driver.verbose read)'
java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.util.PropertyPermission org.omg.CORBA.ORBClass read)
at java.security.AccessControlContext.checkPermission(Compiled Code)
at oracle.aurora.jndi.orb_dep.Orb.<clinit>(Orb.java:24)
at oracle.aurora.jndi.sess_iiop.sess_iiopURLContext.<clinit>(sess_iiopURLContext.java:9)
at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:588)
at javax.naming.spi.NamingManager.getURLContext(NamingManager.java:537)
at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:274)
at javax.naming.InitialContext.lookup(InitialContext.java:349)
at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.connectToService(AuroraEJBAmHomeImpl.java:179)
at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.createSession(AuroraEJBAmHomeImpl.java:152)
at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.initRemoteHome(AuroraEJBAmHomeImpl.java:123)
at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.<init>(AuroraEJBAmHomeImpl.java:59)
at oracle.jbo.client.remote.ejb.aurora.AuroraEJBInitialContext.createJboHome(AuroraEJBInitialContext.java:47)
at oracle.jbo.common.JboInitialContext.lookup(JboInitialContext.java:72)
at javax.naming.InitialContext.lookup(InitialContext.java:349)
at oracle.dacf.dataset.SessionInfo._createAppModule(SessionInfo.java:2330)
at oracle.dacf.dataset.SessionInfo.connect(SessionInfo.java:1799)
at oracle.dacf.dataset.SessionInfo.openProducerObject(SessionInfo.java:1848)
at oracle.dacf.dataset.ProducerObject.open(ProducerObject.java:94)
at oracle.dacf.dataset.SessionInfo.publishSession(SessionInfo.java:1305)
at oracle.dacf.dataset.SessionInfo.publishSession(SessionInfo.java:1287)
at broadcastapplet.myBroadCastApplet.init(myBroadCastApplet.java:70)
at sun.applet.AppletPanel.run(Compiled Code)
at java.lang.Thread.run(Thread.java:479)
The Oracle 8.1.6 runs on Win2000, I put the JAR & related zip files in the same machine's IIS webserver.
Is anyone can help?
ERic

Hi Shaji,
Are you calling a webservice from within an Xacute Query for your applet? On first glance, it looks like a web service call is being rejected due to security permissions. If you have a webservice call (or HTTP post/get), can you test it separately with the same credentials as the webpage is using?
Regards,
Mike

Read-Only Access to Specific SAP tables

Is it possible to grant a user read-only access to a specific table or tables?
For example, say I wanted to give someone SE16N capability for just EKKO/EKPO/EKBE and NO OTHER tables. Is this possible? How?
Thanks.

Hi,
as it was mentioned the transaction SE16N checks for authorization object S_TABU_DIS. The problem in your case is that the tables EKKO, EKPO and EKBE are already assigned to the authorization group MA - MM Appl. table. But there are many more tables assigned to this group. Changing assignment of standard tables is not a good idea.
Cheers

Java.security.AccessControlException: access denied (java.util.PropertyPerm

Hi All,
I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
could somebody please help or give me a hint how should I start tracing what the problem might be ?
this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
java.lang.ExceptionInInitializerError
at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
at com.sun.ba.tool.baApplet.init(baApplet.java:46)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
... 7 more
any help would be appriciated so much.
thanks
mehmad

I dont know, but It may be that an Applet can only access the local machine. ie. If you run the applet on computer A and you want to edit the config on computer B, I do not believe you can. The applet can only talk to Computer A. You would have to:
1) Run an application on computer A and the applet would tell the application what to change.
2)Maybe sign the applet in a JAR File
You will probably have to do #1.
US101

Java.security.AccessControlException: access denied (java.util.PropertyPer

Hi All,
I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
could somebody please help or give me a hint how should I start tracing what the problem might be ?
this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
java.lang.ExceptionInInitializerError
     at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
     at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
     at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
     at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
     at com.sun.ba.tool.baApplet.init(baApplet.java:46)
     at sun.applet.AppletPanel.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
     at java.security.AccessControlContext.checkPermission(Unknown Source)
     at java.security.AccessController.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
     at java.lang.System.getProperty(Unknown Source)
     at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
     ... 7 more
any help would be appriciated so much.
thanks
mehmad

Hi,
Please make changes in the java.security files present in the jdk1.3/lib/jre/security/java.security.There you make the changes in the property which gives you the error.See if this helps..
regards vickyk

Socket programming + java.security.AccessControlException: access denied

the code below is for a particular port and IP ..what is the command for granting permission for all the sites?
please help, i have been unable to tackle this problem from the past 24 hours.
iam getting an error too..
java.security.AccessControlException: access denied (java.net.SocketPermission yahoo.com resolve)
grant {
permission java.net.SocketPermission
"puffin.eng.sun.com:7777",
"connect, accept";

..

GF 3.1.1 - java.security.AccessControlException: access denied - server.log

I am upgrading an old NB4.1 produced JSP system that runs on Netscape iplanet to NB7.0.1 built JSP system running on Glassfish 3.1.1. I have four main files: login.html, login.jsp, ApplicationRmiConnection, and MenuManager.jsp . Three of four are working. The login.html is only a startup means to be sent to the login.jsp. The ApplicationRmiConnection is a servlet called by the login.jsp. It reads a properties file, establishes connection with the RMI and database (currently on the OLD system (Netscape iplanet)) which it does quite well. After the ApplicationRmiConnection is established and working the MenuManager.jsp . The first output from the MenuManager.jsp is a series of application.log calls for verification of data passed in from the successful ApplicationRmiConnection database read.
How does GF 3.1.1 loose AccessControl permissions to the server.log to which it is writing? All I am using is application.log statements and it coughs, chokes, and quits.
My output stacktrace is:
INFO: PWC1412: WebModule[null] ServletContext.log():ApplicationRmiConnect: getRealPath("/") = [C:\Program Files\glassfish\glassfish-3.1\glassfish\domains\domain1\applications\MyApplication\]
INFO: PWC1412: WebModule[null] ServletContext.log():MenuMgr: sParms - RMI Connect = com.company.rmi.ServerAppClientAdapter@19ca6bc
INFO: PWC1412: WebModule[null] ServletContext.log():MenuMgr: caught an Exception
WARNING: StandardWrapperValve[jsp]: PWC1406: Servlet.service() for servlet jsp threw exception
java.security.AccessControlException: access denied (java.io.FilePermission C:\Program Files\glassfish\glassfish-3.1\glassfish\domains\domain1\logs\server.log read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:731)
at com.sun.enterprise.server.logging.GFFileHandler.publish(GFFileHandler.java:676)
at java.util.logging.Logger.log(Logger.java:481)
at com.sun.logging.LogDomains$1.log(LogDomains.java:354)
at java.util.logging.Logger.doLog(Logger.java:503)
at java.util.logging.Logger.logp(Logger.java:619)
at com.sun.enterprise.web.logger.IASLogger.write(IASLogger.java:127)
at com.sun.enterprise.web.logger.LoggerBase.log(LoggerBase.java:190)
at com.sun.enterprise.web.logger.IASLogger.log(IASLogger.java:57)
at org.apache.catalina.core.StandardContext.log(StandardContext.java:6828)
at org.apache.catalina.core.ApplicationContext.log(ApplicationContext.java:449)
at org.apache.catalina.core.ApplicationContextFacade.log(ApplicationContextFacade.java:359)
at org.apache.jsp.MenuMgr_jsp._jspService(MenuMgr_jsp.java from :533)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:111)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:403)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:492)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:378)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1539)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:330)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:725)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1019)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)

The problem area has been found. We need to know the best method to replace the two lines of code we commented out. Here is what we found.
Glassfish 3.1.1 Security does not play well with old RMI security (JDK1.2 vintage). Furthermore, once the old RMI security has messed with the mind of GF3.1.1 security the GF security truly believes it has in some cases no permission to read its own server.log file.
Here is the offending code commented out in the Server Client Adapter (client wrapper):
Note: this is legacy rmi code. i.e. manually executed rmic on the appropriate classfiles as this was originally created for java 1.2.
// if(System.getSecurityManager() == null)
// System.setSecurityManager(new RMISecurityManager());
remote = (com.davisco.rmi.ServerAppServantAdapter_Stub)Naming.lookup(stringbuffer.toString());
A thank you goes out to www.velocityreviews.com/forums/t276590-access-denied-java-lang-runtimepermission-createsecuritymanager.html even if it is five years old.
Again, this is using the original version of RMI. How do we re-implement the RMI Security Manager without offending GF 3.1.1 security?

Re: java.security.AccessControlException: access denied (java.util.PropertyPermission weblogic.kernel.allowQueueThrottling read)

This looks like it might be a bug in 6.1SP5,
          weblogic/kernel/Kernel.java at line 85.
          It's trying to do the right thing to ignore an exception if in
          an applet but it's ignoring the wrong exception
          (SecurityException, when it looks like the stack
          trace is throwing a java.security.AccessControlException).
          If you need a fix, this would need to go through support
          and be filed as a problem with WLS Core.
          "Ram Gopal" <[email protected]> wrote in message
          news:[email protected]...
          >
          > We are in the process of migrating from Weblogic 6.1 SP2 to SP5. We have
          an applet
          > that subscribes to a JMS Topic.
          > The applet is throwing the following exception with SP5:
          >
          > java.lang.ExceptionInInitializerError:
          java.security.AccessControlException: access
          > denied (java.util.PropertyPermission weblogic.kernel.allowQueueThrottling
          read)
          >
          > at java.security.AccessControlContext.checkPermission(Unknown Source)
          >
          > at java.security.AccessController.checkPermission(Unknown Source)
          >
          > at java.lang.SecurityManager.checkPermission(Unknown Source)
          >
          > at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
          >
          > at java.lang.System.getProperty(Unknown Source)
          >
          > at weblogic.kernel.Kernel.initAllowThrottleProp(Kernel.java:79)
          >
          > at weblogic.kernel.Kernel.<clinit>(Kernel.java:54)
          >
          > at
          weblogic.jndi.WLInitialContextFactoryDelegate.<init>(WLInitialContextFactory
          Delegate.java:166)
          >
          > at java.lang.Class.newInstance0(Native Method)
          >
          > at java.lang.Class.newInstance(Unknown Source)
          >
          > at
          weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFact
          ory.java:147)
          >
          > at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
          >
          > at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
          >
          > at javax.naming.InitialContext.init(Unknown Source)
          >
          > at javax.naming.InitialContext.<init>(Unknown Source)
          >
          > at
          com.fedex.efm.frontend.model.JMSMessageProcessor.<init>(JMSMessageProcessor.
          java:266)
          >
          > at
          com.fedex.efm.frontend.view.EFMAbstractApplet.startMessageProcessor(EFMAbstr
          actApplet.java:81)
          >
          > at
          com.fedex.efm.frontend.view.EFMAbstractApplet.start(EFMAbstractApplet.java:1
          87)
          >
          > at com.fedex.efm.frontend.view.EFMApplet.start(EFMApplet.java:430)
          >
          > at sun.applet.AppletPanel.run(Unknown Source)
          >
          > at java.lang.Thread.run(Unknown Source)
          >
          >
          > Any ideas as to what I am missing?
          >
          > Thanks,
          > Ram


I suggest going through customer support, I don't know what
          the resolution was. You might also try the security newsgroup,
          as no JMS code has been called by the application yet at
          the point the exception is thrown.
          Tom
          lee wrote:
          > All:
          > We are upgrading weblogic 6.0 to weblogic 6.1 and encounted exactly the same error. Just wondering if you guys were able to fix the issue with bea.
          >
          > Your response is highly appreciated.
          >
          > Thanks!
          >
          > Li

Java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.util.PropertyPermission weblogic.kernel.allowQueueThrottling read)

We are in the process of migrating from Weblogic 6.1 SP2 to SP5. We have an applet
that
subscribes to a JMS Topic. The applet is throwing the following exception with
SP5:
java.lang.ExceptionInInitializerError: java.security.AccessControlException: access
denied
(java.util.PropertyPermission weblogic.kernel.allowQueueThrottling read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at weblogic.kernel.Kernel.initAllowThrottleProp(Kernel.java:79)
at weblogic.kernel.Kernel.<clinit>(Kernel.java:54)
at weblogic.jndi.WLInitialContextFactoryDelegate.<init>(WLInitialContextFactoryDelegate.java:166)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Unknown Source)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:147)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at com.fedex.efm.frontend.model.JMSMessageProcessor.<init>(JMSMessageProcessor.java:266)
at com.fedex.efm.frontend.view.EFMAbstractApplet.startMessageProcessor(EFMAbstractApplet.java:81)
at com.fedex.efm.frontend.view.EFMAbstractApplet.start(EFMAbstractApplet.java:187)
at com.fedex.efm.frontend.view.EFMApplet.start(EFMApplet.java:430)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Any ideas as to what I am missing?
Thanks,
Ram

Prasad,
It's one thing not to have to modify the security policy on the server,
but on a client and applets have even bigger restrictions this might
very well be the only way since the default applet restrictions would
not allow a lot of permissions granted by default for normal Java
applications.
Dejan
Prasad Peddada wrote:
Deyan D. Bektchiev wrote:
Ram,
You are missing a permission grant in your policy file and the
SecurityManager doesn't allow the code to read that property.
You have either configured a different security manager or have the
wrong file in use.
For applets this file might be in the user's home directory and named
.java.policy
you need to have the following line somethere in it:
grant {
permission java.util.PropertyPermission "*", "read,write";
Which will allow any applet to read and write any JVM property.
Look at Java permissions is you need more info:
http://java.sun.com/j2se/1.3/docs/guide/security/permissions.html
--dejan
Ram Gopal wrote:
We are in the process of migrating from Weblogic 6.1 SP2 to SP5. We
have an applet
that
subscribes to a JMS Topic. The applet is throwing the following
exception with
SP5:
java.lang.ExceptionInInitializerError:
java.security.AccessControlException: access
denied
(java.util.PropertyPermission weblogic.kernel.allowQueueThrottling
read) at java.security.AccessControlContext.checkPermission(Unknown
Source) at java.security.AccessController.checkPermission(Unknown
Source) at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source) at
java.lang.System.getProperty(Unknown Source) at
weblogic.kernel.Kernel.initAllowThrottleProp(Kernel.java:79) at
weblogic.kernel.Kernel.<clinit>(Kernel.java:54) at
weblogic.jndi.WLInitialContextFactoryDelegate.<init>(WLInitialContextFactoryDelegate.java:166)
at java.lang.Class.newInstance0(Native Method) at
java.lang.Class.newInstance(Unknown Source) at
weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:147)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at
javax.naming.InitialContext.init(Unknown Source) at
javax.naming.InitialContext.<init>(Unknown Source) at
com.fedex.efm.frontend.model.JMSMessageProcessor.<init>(JMSMessageProcessor.java:266)
at
com.fedex.efm.frontend.view.EFMAbstractApplet.startMessageProcessor(EFMAbstractApplet.java:81)
at
com.fedex.efm.frontend.view.EFMAbstractApplet.start(EFMAbstractApplet.java:187)
at com.fedex.efm.frontend.view.EFMApplet.start(EFMApplet.java:430)
at sun.applet.AppletPanel.run(Unknown Source) at
java.lang.Thread.run(Unknown Source)
Any ideas as to what I am missing?
Thanks,
Ram
This is a WLS bug. You shouldn't have to modify security policy.
Please approach support for a fix.
Cheers,
-- Prasad

Java.security.AccessControlException: access denied (java.util.PropertyPermission weblogic.kernel.allowQueueThrottling read)

          We are in the process of migrating from Weblogic 6.1 SP2 to SP5. We have an applet
          that subscribes to a JMS Topic.
          The applet is throwing the following exception with SP5:
          java.lang.ExceptionInInitializerError: java.security.AccessControlException: access
          denied (java.util.PropertyPermission weblogic.kernel.allowQueueThrottling read)
               at java.security.AccessControlContext.checkPermission(Unknown Source)
               at java.security.AccessController.checkPermission(Unknown Source)
               at java.lang.SecurityManager.checkPermission(Unknown Source)
               at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
               at java.lang.System.getProperty(Unknown Source)
               at weblogic.kernel.Kernel.initAllowThrottleProp(Kernel.java:79)
               at weblogic.kernel.Kernel.<clinit>(Kernel.java:54)
               at weblogic.jndi.WLInitialContextFactoryDelegate.<init>(WLInitialContextFactoryDelegate.java:166)
               at java.lang.Class.newInstance0(Native Method)
               at java.lang.Class.newInstance(Unknown Source)
               at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:147)
               at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
               at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
               at javax.naming.InitialContext.init(Unknown Source)
               at javax.naming.InitialContext.<init>(Unknown Source)
               at com.fedex.efm.frontend.model.JMSMessageProcessor.<init>(JMSMessageProcessor.java:266)
               at com.fedex.efm.frontend.view.EFMAbstractApplet.startMessageProcessor(EFMAbstractApplet.java:81)
               at com.fedex.efm.frontend.view.EFMAbstractApplet.start(EFMAbstractApplet.java:187)
               at com.fedex.efm.frontend.view.EFMApplet.start(EFMApplet.java:430)
               at sun.applet.AppletPanel.run(Unknown Source)
               at java.lang.Thread.run(Unknown Source)
          Any ideas as to what I am missing?
          Thanks,
          Ram


I don't know what is happening. JMS hasn't been called yet -
          the applet is still setting up its initial context. You might want
          to try posting to the jndi (and perhaps rmi) newsgroup.
          Tom
          Ram Gopal wrote:
          > We are in the process of migrating from Weblogic 6.1 SP2 to SP5. We have an applet
          > that subscribes to a JMS Topic.
          > The applet is throwing the following exception with SP5:
          >
          > java.lang.ExceptionInInitializerError: java.security.AccessControlException: access
          > denied (java.util.PropertyPermission weblogic.kernel.allowQueueThrottling read)
          >
          >      at java.security.AccessControlContext.checkPermission(Unknown Source)
          >
          >      at java.security.AccessController.checkPermission(Unknown Source)
          >
          >      at java.lang.SecurityManager.checkPermission(Unknown Source)
          >
          >      at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
          >
          >      at java.lang.System.getProperty(Unknown Source)
          >
          >      at weblogic.kernel.Kernel.initAllowThrottleProp(Kernel.java:79)
          >
          >      at weblogic.kernel.Kernel.<clinit>(Kernel.java:54)
          >
          >      at weblogic.jndi.WLInitialContextFactoryDelegate.<init>(WLInitialContextFactoryDelegate.java:166)
          >
          >      at java.lang.Class.newInstance0(Native Method)
          >
          >      at java.lang.Class.newInstance(Unknown Source)
          >
          >      at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:147)
          >
          >      at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
          >
          >      at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
          >
          >      at javax.naming.InitialContext.init(Unknown Source)
          >
          >      at javax.naming.InitialContext.<init>(Unknown Source)
          >
          >      at com.fedex.efm.frontend.model.JMSMessageProcessor.<init>(JMSMessageProcessor.java:266)
          >
          >      at com.fedex.efm.frontend.view.EFMAbstractApplet.startMessageProcessor(EFMAbstractApplet.java:81)
          >
          >      at com.fedex.efm.frontend.view.EFMAbstractApplet.start(EFMAbstractApplet.java:187)
          >
          >      at com.fedex.efm.frontend.view.EFMApplet.start(EFMApplet.java:430)
          >
          >      at sun.applet.AppletPanel.run(Unknown Source)
          >
          >      at java.lang.Thread.run(Unknown Source)
          >
          >
          > Any ideas as to what I am missing?
          >
          > Thanks,
          > Ram

Java.security.AccessControlException: access denied

Hi all
While deploying my portal application lots of following exceptions are thrown. Please guide me how I can solve this issue
<Aug 16, 2007 12:27:43 PM PKT> <Warning> <Management> <BEA-400409> <Exception fr
om ApplicationFilePoller while checking for changes in application appsdirDteP
ortal_dir, directory GHQPortal.
java.security.AccessControlException: access denied (java.io.FilePermission D:\b
ea\user_projects\domains\portalDomain\applications\DtePortal\GHQPortal read)
at java.security.AccessControlContext.checkPermission(Ljava.security.Per
mission;)V(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(Ljava.security.Permiss
ion;)V(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(Ljava.security.Permission;)
V(Unknown Source)
at java.lang.SecurityManager.checkRead(Ljava.lang.String;)V(Unknown Sour
ce)
at java.io.File.list()[Ljava.lang.String;(Unknown Source)
        at java.io.File.list(Ljava.io.FilenameFilter;)[Ljava.lang.String;(Unknow
n Source)
        at com.bea.p13n.management.ApplicationFilePoller.searchDirs(Ljava.lang.S
tring;Ljava.util.Map;)V(ApplicationFilePoller.java:719)
        at com.bea.p13n.management.ApplicationFilePoller.searchDirs()Ljava.util.
Map;(ApplicationFilePoller.java:708)
        at com.bea.p13n.management.ApplicationFilePoller.check()V(ApplicationFil
ePoller.java:671)
        at com.bea.p13n.management.ApplicationFilePoller.access$200(Lcom.bea.p13
n.management.ApplicationFilePoller;)V(ApplicationFilePoller.java:145)
        at com.bea.p13n.management.ApplicationFilePoller$PollerThread.checkAllPo
llers()V(ApplicationFilePoller.java:997)
        at com.bea.p13n.management.ApplicationFilePoller$PollerThread.run()V(App
licationFilePoller.java:953)
        at java.lang.Thread.run()V(Unknown Source)
        at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Sourc
e)
Thanks

Hi
Thanks for reply bposner. I am using 'weblogic' user to deploy the application. Please help me to dig out this problem.
This problem seems linked with Java Security manager. How can I disable Java Security Manager or what permission should I add in security file to resolve this problem.
Thanks
Edited by arafique393 at 08/16/2007 11:23 PM
Edited by arafique393 at 08/17/2007 4:47 AM

Java.security.AccessControlException: access denied when loading from a jar

Hello!
I am trying to deploy an applet into a browser but I have encountered a security problem.
The name of the applet is SWTInBrowser(not exactly mine, it's an example from the web).
package my.applet;
import org.eclipse.swt.awt.SWT_AWT;
import java.applet.Applet;
import java.awt.event.ActionListener;
import java.awt.event.ActionEvent;
import java.awt.Canvas;
import org.eclipse.swt.widgets.Shell;
import org.eclipse.swt.widgets.Display;
import org.eclipse.swt.SWT;
import org.eclipse.swt.widgets.Listener;
import org.eclipse.swt.widgets.Event;
import org.eclipse.swt.graphics.Point;
import org.eclipse.swt.layout.FillLayout;
public class SWTInBrowser extends Applet implements Runnable{
     public void init () {
           /* Create Example AWT and Swing widgets */
           java.awt.Button awtButton = new java.awt.Button("AWT Button");
           add(awtButton);
           awtButton.addActionListener(new ActionListener () {
            public void actionPerformed (ActionEvent event) {
             showStatus ("AWT Button Selected");
           javax.swing.JButton jButton = new javax.swing.JButton("Swing Button");
           add(jButton);
           jButton.addActionListener(new ActionListener () {
            public void actionPerformed (ActionEvent event) {
             showStatus ("Swing Button Selected");
           Thread swtUIThread = new Thread (this);
           swtUIThread.start ();
          public void run() {
           /* Create an SWT Composite from an AWT canvas to be the parent of the SWT
          widgets.
            * The AWT Canvas will be layed out by the Applet layout manager. The
          layout of the
            * SWT widgets is handled by the application (see below).
           Canvas awtParent = new Canvas();
           add(awtParent);
           Display display = new Display();
           Shell swtParent = SWT_AWT.new_Shell(display, awtParent);
//           Display display = swtParent.getDisplay();
           swtParent.setLayout(new FillLayout());
           /* Create SWT widget */
           org.eclipse.swt.widgets.Button swtButton = new
          org.eclipse.swt.widgets.Button(swtParent, SWT.PUSH);
           swtButton.setText("SWT Button");
           swtButton.addListener(SWT.Selection, new Listener() {
            public void handleEvent(Event event){
             showStatus("SWT Button selected.");
           swtButton.addListener(SWT.Dispose, new Listener() {
            public void handleEvent(Event event){
             System.out.println("Button was disposed.");
           // Size AWT Panel so that it is big enough to hold the SWT widgets
           Point size = swtParent.computeSize (SWT.DEFAULT, SWT.DEFAULT);
           awtParent.setSize(size.x + 2, size.y + 2);
           // Need to invoke the AWT layout manager or AWT and Swing
           // widgets will not be visible
           validate();
           // The SWT widget(s) require an event loop
           while (!swtParent.isDisposed()) {
            if (!display.readAndDispatch()) display.sleep ();
}It works perfectly in the Applet Viewer, but not in the browser. In the browser, I only get two buttons working, the SWT button doesn't appear, because of this error:
Exception in thread "Thread-21" java.lang.ExceptionInInitializerError
     at org.eclipse.swt.widgets.Display.<clinit>(Display.java:130)
     at my.applet.SWTInBrowser.run(SWTInBrowser.java:52)
     at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission sun.arch.data.model read)
     at java.security.AccessControlContext.checkPermission(Unknown Source)
     at java.security.AccessController.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
     at java.lang.System.getProperty(Unknown Source)
     at org.eclipse.swt.internal.Library.loadLibrary(Library.java:167)
     at org.eclipse.swt.internal.Library.loadLibrary(Library.java:151)
     at org.eclipse.swt.internal.C.<clinit>(C.java:21)
     ... 3 moreI have exported the application in a jar, and in that jar I have put the swt.jar that the application need for the displaying of the third button, swt button.
Here is also the HTML file:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=Cp1252"/>
    <title>
      Test
    </title>
</head>
<body>
    <p>
          <applet code="my.applet.SWTInBrowser"
                    archive="Test.jar"
                    width="1400" height="800">
          </applet>
    </p>
</body>
</html>Could anyone please help me solve this problem?

This is in reply to the first post. I don't know what happened after.
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission sun.arch.data.model read)
     at java.security.AccessControlContext.checkPermission(Unknown Source)
     at java.security.AccessController.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
     at java.lang.System.getProperty(Unknown Source)
     at org.eclipse.swt.internal.Library.loadLibrary(Library.java:167)
     at org.eclipse.swt.internal.Library.loadLibrary(Library.java:151)
     at org.eclipse.swt.internal.C.<clinit>(C.java:21)
If you read the above trace from bottom to top, it shows none of you classes, only classes from that Eclipse library, which seems to loadLibrary() a native DLL. In order to do this, it needs to call System.getProperty( "sun.arch.data.model" ). This call is not allowed from un unsigned applet. So I guess you need to sign the applet and this problem will go away. Many other problems may follow. Just read very very carefully all the related documentation, which I did not.

Java.security.AccessControlException: access denied (oracle.security.jazn.J

Hi All.
I am calling the getIdentityStoreFactory() method in the IdentityStoreFactoryBuilder class and I am getting the following error:
oracle.security.idm.ConfigurationException: java.security.AccessControlException: access denied (oracle.security.jazn.JAZNPermission getOC4JIntegrationData)
Any ideas what is going on and any possible fixes?
thanks
james

I will move it to the OC4j and J2ee forum.
Thanks for bring it to my attention.
Message was edited by:
user480263

Java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")

Till morning everything working fine in my applet. I took Java update and everything stopped. I'm dealing with digital certificate using applet. Here is my stack trace. I followed some oracle article but didn't work.
https://blogs.oracle.com/java-platform-group/entry/liveconnect_changes_in_7u45
JAR File Manifest Attributes for Security
http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
Java Plug-in 10.45.2.18
Using JRE version 1.7.0_45-b18 Java HotSpot(TM) Client VM
User home directory = C:\Users\vicky.thakor
java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown Source)
at sun.security.mscapi.KeyStore.engineLoad(KeyStore.java:755)
at sun.security.mscapi.KeyStore$MY.engineLoad(KeyStore.java:62)
at java.security.KeyStore.load(Unknown Source)
at SecurityApplet.initializeBrowserKeyStore(SecurityApplet.java:162)
at SecurityApplet.isCertificateInstalled(SecurityApplet.java:268)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.Trampoline.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
I'm creating .java.policy file in public void init() method of applet. Its before accessing anything in applet. But its not working. Here is my .java.policy file.
grant
permission java.security.AllPermission;
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "<<ALL FILES>>", "write";
permission java.util.PropertyPermission "*", "read, write";
permission java.util.PropertyPermission "user.home", "read";
permission java.util.PropertyPermission "user.dir", "read";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "*";
This is solved by changing java.policy file at C:\Program Files (x86)\Java\jre7\lib\security. I did it manually but our application running all around the world. And I can't go to each user to change the java.policy file. And also some user don't have admin access to change that file. So is there any way we can set runtime parameter(s) or something else... I already posted this question in stackoverflow but couldn't find the way out. I also created MANIFEST.MF file but still not working.
Stackoverflow link: oracle - java.security.AccessControlException: access denied (&quot;java.security.SecurityPermission&quot; &…

Till morning everything working fine in my applet. I took Java update and everything stopped. I'm dealing with digital certificate using applet. Here is my stack trace. I followed some oracle article but didn't work.
https://blogs.oracle.com/java-platform-group/entry/liveconnect_changes_in_7u45
JAR File Manifest Attributes for Security
http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
Java Plug-in 10.45.2.18
Using JRE version 1.7.0_45-b18 Java HotSpot(TM) Client VM
User home directory = C:\Users\vicky.thakor
java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown Source)
at sun.security.mscapi.KeyStore.engineLoad(KeyStore.java:755)
at sun.security.mscapi.KeyStore$MY.engineLoad(KeyStore.java:62)
at java.security.KeyStore.load(Unknown Source)
at SecurityApplet.initializeBrowserKeyStore(SecurityApplet.java:162)
at SecurityApplet.isCertificateInstalled(SecurityApplet.java:268)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.Trampoline.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
I'm creating .java.policy file in public void init() method of applet. Its before accessing anything in applet. But its not working. Here is my .java.policy file.
grant
permission java.security.AllPermission;
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "<<ALL FILES>>", "write";
permission java.util.PropertyPermission "*", "read, write";
permission java.util.PropertyPermission "user.home", "read";
permission java.util.PropertyPermission "user.dir", "read";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "*";
This is solved by changing java.policy file at C:\Program Files (x86)\Java\jre7\lib\security. I did it manually but our application running all around the world. And I can't go to each user to change the java.policy file. And also some user don't have admin access to change that file. So is there any way we can set runtime parameter(s) or something else... I already posted this question in stackoverflow but couldn't find the way out. I also created MANIFEST.MF file but still not working.
Stackoverflow link: oracle - java.security.AccessControlException: access denied (&quot;java.security.SecurityPermission&quot; &…

Securables - Deny Access to Specific Tables

Similar Messages

Maybe you are looking for