Selective impersonation?

Similar Messages

• Creating a workflow to give permissions to a SharePoint folder using Impersonation Step

  Hi There,
  I have been tasked with creating a workflow in my organise that will allow our users with (Contributor access) to grant people access upon creating a folder in our Shared Documents library.
  Currently when our users create a folder, they need to logged a call with site administrators to granted the relevant people access to the folder and its contents.
  Is it possible to create a solution that will kick off automatically upon creation of a folder and allow the Creator Only to grant a subset of users permissions to the folder using the Impersonation Step?
  Any suggestions would be highly appreciated.
  Regards
  Tibz
  regards Tibz

  Hi There
  Thank you for your response.
  I managed to create a workflow that can be started automatically upon the creation of a folder in my document library. I then added an Impersonation step where I used the "Remove list Item Permissions" & "Add List Item Permissions" actions.
  The challenge I am faced with is on the Remove Permissions action, I want to remove all inherited permissions for all existing users and only leave Users with Full Control. Is there a way to select All Existing Users in one function and perhaps
  pass that as a "Selected Users" parameter? Currently I have to select the users/groups individually and there are over 100 existing users/groups to choose from.
  Any thoughts on how I can work around this?
  regards Tibz

• Select Listener Port Number from which_table?

  I'm writing a SQL script that, among other things, disconnects from Oracle and then reconnects to the same instance as a different user. I'm able to query v$database and v$instance to get most of the information I need (host, service name, etc) for the reconnect part. The only part I'm missing is the listener port number. I could hard code it to 1521, but that isn't very flexible. Currently, I'm prompting the user (which is normally me) for the listener port number in the SQL script, but that just seems a little bit lame. So my question is this: is there a view or table somewhere in the sys schema that I could use to view the listener configuration? I'm mostly working with 10gR2+ databases.

  cleavitt wrote:
  That is possible, but it needs to be a standard Oracle configuration if the script is to remain generic and portable. The script is actually working fine as-is. I was just trying to go the extra mile and determine the port number automatically. I could also prompt for a TNSNames entry as suggested by others, but I don't always have an entry defined for all of the Oracle instances in my company on every workstation that I work from.
  Here is the script for anyone that is interested. It started out as a script that I found online, but the original did not work with 11g case-sensitive passwords and it only worked for local connections on the server.
  Description:
  Allows a DBA user to impersonate another user (without knowing the user's password).
  Similar in function to using the SU command in Unix/Linux.
  Note:
  This script temporarily changes the impersonated user's password and may cause other
  connection attempts by that user to fail during the moment that the temporary password is in effect.
  WHENEVER SQLERROR EXIT
  SET VERIFY OFF
  ACCEPT username CHAR PROMPT 'Enter the username: '
  ACCEPT listenerport NUMBER DEFAULT 1521 PROMPT 'Enter the listener port [1521]: '
  -- Define substitution variables and column mapping.
  COLUMN username NEW_VALUE username
  COLUMN password_hash NEW_VALUE password_hash
  COLUMN host_name NEW_VALUE hostname
  COLUMN instance_name NEW_VALUE servicename
  -- Populate substitution variables.
  SELECT
  name AS username,
  -- Get the user's password hash(s) and apply appropriate formatting for case-sensitive password if needed (11g+ passwords).
  NVL2(spare4, spare4 || ';' || password /* 11g+ */, password /* pre-11g */) AS password_hash
  FROM sys.user$
  WHERE name = UPPER('&username');
  SELECT host_name, instance_name
  FROM v$instance;
  -- Set the user's password to a temporary value.
  ALTER USER &username IDENTIFIED BY TempPass;
  -- Use the temporary password to connect to the database as the user.
  CONNECT &username/TempPass@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=&hostname)(PORT=&listenerport))(CONNECT_DATA=(UR=A)(SID=&servicename)));
  -- Reset the user's password to the original value using the original password hash(s).
  ALTER USER &username IDENTIFIED BY VALUES '&password_hash';
  SHOW USER
  UNDEFINE username
  UNDEFINE password_hash
  UNDEFINE hostname
  UNDEFINE servicename
  UNDEFINE listenerport
  WHENEVER SQLERROR CONTINUE
  SET VERIFY ONAnd by so doing you just kicked the user's password expiration on down the road, negating the benefit of havng a password expiration.
  Also, you locked out the legitimate user of this account, until such time as you reset it back to the original. And in the mean time, if this happens to be an account used by some automated process, that process doesn't know the new "temporary" password and runs a risk of locking the account from too many invalid connection attempts. Try to become SYSMAN or DBSNMP from this, and you will very quickly kill OEM.
  This has "bad idea" written all over it. What problem is it supposed to be be solving?

• Verizon Customer Service - Impersonal, scripted, unhelpful.

  This email correspondence began because this is the 2nd time in 4 years that my service as degraded at my house for some unknown reason and in both cases, Verizon has been unwilling to do anything to help resolve that situation. I had good coverage in both of these locations initially but then something happened on Verizon's end that degraded the service. This is my attempt at getting some kind of resolution.
  I'm not sure of this but in my current location, 4g service seems to be just fine but I have a 3g phone and have no need to upgrade to 4g and I don't want to be forced to have to upgrade two handsets just because the 3g service is degraded. Could this be on purpose? According to Verizon 3g and 4g should be the same.
  By the way, my repeated request for escalation to upper management was ignored.
  In any case, I'm posting this so others can see that VZW is a mail order phone company that has no personal interest in customer communication. Customer service is entirely script driven as you will see by the over use of "I'm delighted to help you" "I'm deeply sorry for...". This is not at all sincere as VZW was delighted to close the call without a resolution and happy for me to take a survey because they are "always looking to provide a better experience for our customers".
  Perhaps other carriers are just as bad, but after 4 years of being treated like the lucky person who gets to use VZW, I'm going to find out first hand by moving to another carrier in July when my contract expires.
  I'm sure some will see this as simply an unreasonable customer demand being handled by skilled customer service reps... until you call with a legitimate complaint. Then you will understand.
  My original message Sent: Sun Feb 12 03:41:19 MST 2012:
  Message Body: Please forward this email to someone in upper management. I have been a customer for 4yrs and have been paying nearly $200/mo for phone coverage and have HAD to upgrade my phones several times in order to try to get better service. Since 2010 I have had very poor phone performance and had to buy a network extender (non 3g) in August of 2010 just to receive phone calls in an area that was supposed to have good coverage. I found out only 2months later a 3g version of the network extender had been released. I was told there was NO 3g network extender when I purchased the one I did. I can't imagine no one at Verizon knew this. Last year, I have moved to another location and finally freed myself of the Network Extender until about 4 months ago when the service began to degrade. I was told by CSR I 'should' have good connectivity. The service has become so poor now that I often see missed calls, and voice mails when the phone never rang. I drug out the old network extender just to be able to receive calls again and I found I can no longer receive MMS texts. After calling CS I found it's because it is not 3g and was advised to upgrade to a 4G phone. My wifes' contract ends in July 2012 and mine has already expired.
  I'm growing weary of this dance with Upgrade-degraded service service loop. My phones are 3G. I am happy with the performance when I can get coverage. I work from home and use my phone often from home. PLEASE, don't make me pay for another network extender. Send me a 3G network extender so I can use my phones. I have been a faithful customer for 4 years and all 3 of my kids are also customers. We want to stay with VZW but am forced to look for alternate Solutions. I have friends that come over to my house and show me their AT&T 3g Iphones with full coverage. It's very tempting to switch.
  PLEASE RESPOND BY EMAIL because of lack of coverage.
  VZW Response On 02/14/12 12:28 - 2 days later:
  (Things to notice: Non-personal, scripted response that completely ignores the clear message that I no longer am willing to upgrade.)
  Good afternoon David,
  My name is Ariel and I am sorry to hear about the issues you have been experiencing with your service. I will be more than happy to assist you with forwarded your email to management today. I have forwarded your email to management. I also recommend contacting our Technical Support team at 800-922-0204 so we can do troubleshooting in your area
  and to make sure the Network Extender will fix this issue. We may be able to fix the service in the area if it worked before.
  I am delighted to inform you that your line ending in -xxxx is eligible to receive promotional pricing on a new wireless device. When participating in our Equipment Upgrade Program, the discounted price is contingent upon you accepting a two year Customer Agreement. To view your promotional pricing and to process your order, please sign
  in to "My Verizon" on www.verizonwireless.com using your Account Owner Number and password. Next, click on the "Upgrade" icon located under "Device" in the "I Want To" section at the bottom of your home page and follow the instructions provided.
  You also have the following options to process your order:
  1. Complete the upgrade process by visiting a local Verizon Wireless store. To obtain a list of stores in your area, please click on the following link, which will direct you to the "Store Locator" page of our website:
  www.verizonwireless.com/storelocator
  2. Call Customer Service at 800-922-0204 or by dialing *611 (Send) airtime free from your wireless device. Regular delivery time is three to five days.
  3. Call me directly at xxx-xxx-xxxx ext xxxx and I can get your new phones sent out with overnight shipping for free!
  Based on your equipment history, I recommend that you upgrade this line to the Motorola DROID 3 for $149.99 (after $50 New Every Two). The retail price of this phone is $459.99, however; due to your loyalty and additional discounts, you will save $260 on this device! The NE2 and Annual Upgrade programs have been retired since the
  beginning of 2011. You will not be eligible for these programs after you upgrade.
  I also wanted to let you know that I performed a quick analysis of your account and I found you have the best calling plan and features for your wireless needs.
  If you would like to perform an analysis of your account, you may go to www.verizonwireless.com and log into the "My Verizon" account attached to the account owner. After you have successfully logged in, you may select "More Actions" link under the "I Want To..." section of the homepage. The "Run Account Analysis" option will be under "Plan."
  David, I appreciate you allowing me to assist you with forwarding your email. Again, I recommend also contacting Technical Support to ensure the Network Extender is the correct path. Feel free to reply to this email if you have any other questions or concerns regarding your account. Thank you for your time and for being a part of the Verizon
  Wireless family since 2008.
  Have a great day!
  Sincerely,
  Ariel
  Verizon Wireless, Customer Service
  Internet Response Team
  My Response Tue Feb 14 13:48:18 MST 2012:
  Ariel,
  I did contact technical support which is why I opened this email correspondence. They did the same thing, recommending I pay more money in hopes of finally getting decent service. If you were me, you would understand why that is not only the wrong path but insulting. How many years of buying new equipment while still receiving consistently poor service would should I endure? It's been 2 years already. Giving another several hundred dollars for another set of device upgrades as I have already been doing? No. I think it's time VZW gave me $150/mo worth of good service first. Look at my usage on both phone and it's clear VZW is benefiting and I'm not. My phones are nothing more then cordless extensions with wifi. Texting is intermittent, MMS only works if I turn off the wifi, stand in the right corner of the room, get the text after many retries and then turn the wifi back on, data is wifi only. We can hardly use our 3G phones at home where we spend the majority of our time since we both work from home. I will be seriously considering an alternate carrier if this continues until July. You have my address, you can check if there is a 3G coverage problem in my area. If there is (or isn't) then VZW can provide the appropriate devices/solution as a customer service. I'm tired of paying to test faulty equipment.
  Very frustrated,
  David Ford
  VZW Response On 02/16/12 16:19 - 2 days later:
  (Things to notice: Different CSR, ignores email about trying to call because I'm not receiving phone calls reliably, wants me to call and "discuss". In other words, as you will see later, WE ARE NOT GOING TO GIVE YOU ANYTHING.)
  Hello David ,
  My name is Clyde. I was sorry to learn of all the issues that you are having with your service. I can definitely assist you with your concern. Please call me at xxx-xxx--xxxx ext. xxxx, and I will be glad to go over your options. I will provide additional information below in this email.
  I attempted to reach you on 02/16/2012, and did leave a message. I was able to see that you form your previous emails, that you are interested in getting a free Network Extender. When you call me, we can discuss your options for the 3G Extender.
  In closing, I was glad to give you my number, so that we can discuss your options for the 3G Network Extender from Verizon Wireless. It was a privilege to serve you! Should you have additional questions, please call me at xxx-xxx-xxxx ext.xxxx, or reply to this email. Thank you for choosing Verizon Wireless!
  Respectfully,
  Clyde
  Verizon Wireless, Customer Service
  Internet Response Team
  My Response Thu Feb 16 19:09:01 MST 2012 :
  Clyde,
  I mentioned in my email to please correspond by email as I often miss calls. I can tell by your super positive response that you are going to offer me discounts against purchasing more equipment. I don't know if this is a Verizon programming thing, but discounts are not savings when you are forced to have to make a purchase. I'm only hope the government doesn't catch on to this. "What, you don't like paying 85% tax? You still save 15%!". Perhaps I can Verizon-speak my dilemma. In July my contract ends and I stop paying Verizon $152.00+ a month for service. Sooo... If you send me a 3G wireless extender and that solves my coverage problems, I'll continue to pay Verizon $152.00+ per month. Over one year that will be more the 7 TIMES THE VALUE OF THE ROUTER!!!! And the "savings" will continue on as long as I'm a happy customer. Isn't that a bargain?
  I'm not meaning to be factious but offering me a discount is like a crappy restaurant offering coupons for a free meal to compensate for the crummy food and poor service.
  Please, if FREE is on the table then I will gladly call you to discuss. Otherwise, hasta Julio (until July). Thanks for at least contacting me,
  David
  VZW Response 02/20/12 09:25 - 4 days later:
  (Things to notice: 4 days later because of "higher then normal call volumes, yet it only took one day, see the end, to send a case closed email. No offer of any compensation or resolution apart from me having to upgrade and pay more money for a faulty service. More impersonal scripted response)
  Hello David,
  My name is Larry and I am sorry to learn about the service issues you have been experiencing. I am happy to address your request to receive a network extender. Please know, we are unable to guarantee service indoors and this is why the Network Extenders are not offered at no cost. We thank you for your understanding.
  We appreciate your business and will be happy to offer further troubleshooting if you call. However, we are unable to offer a free Network Extender and apologize for any inconveniences this may cause.
  The Verizon Wireless Network Extender enhances indoor voice and data coverage in areas with minimum or no in-building coverage, allowing customers to get the most of their plan minutes while indoors.
  This indoor coverage solution operates with existing Verizon Wireless-branded devices and installation is simple - just "plug and play."
  For additional information regarding Verizon Wireless Network Extender visit the following website:
  Network Extender
  Again, my name is Larry and I am sorry we are unable to offer the Network Extender at no cost.
  Because my reply was not prompt, I would like to apologize for the delayed response to your email as we have been receiving a higher than normal rate of email inquiries. We appreciate your business and would like to thank you for helping to make Verizon Wireless the most reliable network in America.
  Did you know, most of your questions can be answered with out calling or emailing? Simply visit www.verizonwireless.com/support any time, day or night!
  Sincerely,
  Larry
  Verizon Wireless
  Internet Response Team
  My Response 02/20/12 15:03:
  Ok, well. It looks like I will be canceling my service in July and moving to a better carrier that cares for it's customers. Please forward this email to management as I asked in the beginning for further review.
  VZW Response 02/21/12 14:26 - 1 day later:
  (Things to notice: Only 1 day response, case closed. No resolution. No concern for losing a customer to due faulty service. Impersonal scripted response.)
  Dear Verizon Wireless Customer,
  Thank you for your recent inquiry on verizonwireless.com. We are always looking to provide a better experience for our customers, so your opinion is important to us. Please take just a moment to give us your thoughts about your experience.
  Just click on the link below to take a quick 3-question survey.
  It is part of our commitment to making your wireless experience the best that it can be.
  Sincerely,
  Verizon Wireless
  >Edited internal VZW phone numbers and extensions<
  Message was edited by: Verizon Administrator

  David, Don't give up. That's what they want by giving you and everyone else who has legitimate complaints the run around.
  Send the FCC a complaint. You will get a response. I did after 5 months of getting the **. Please pass this along to everyone, that the FCC responds. They will log the complaint with Verizon and then you can followup with a confirmation number. It took approx. 30 days to receive a letter from Verizon. A few weeks later my issue was resolved.
  I think it's time to gather enough willing customers to file a class action lawsuit. It is unfortunate that corporations won't take responsibility with customer complaints/issues unless they are threatened with a lawsuit. We need to hold businesses and their employees accountable.  WWW.esupport.fcc.gov/ccmsforms  888-225-5322  email [email protected]

• EWS API - Impersonating to update a calendar item created by any other user than a service account, raise an error "Access is denied. Check credentials and try again."

  Hi,
  I am new to using EWS managed APIs.
  Following is the issue:
  1. I am using a service account e.g. [email protected]. This user is a global administrator and also has ApplicationImpersonation role assigned. (Sign into Online Office 365 account -> Admin -> select "Exchange" tab- > select Permissions
  on the left panel -> create an impersonation role -> assign ApplicationImpersonation in Roles: and [email protected] in Members: -> Click on save)
  2. Create a calendar item by other user for e.g. [email protected], and invite an attendee - [email protected].
  3. In a c# program, I connect to EWS service using a service account - [email protected], fetch its calendar events. If organizer of an event is some other user - [email protected] then
  I use impersonation in the following way to update the calendar event/item properties- subject, body text etc.
          private static void Impersonate(string organizer)
              string impersonatedUserSMTPAddress = organizer;
              ImpersonatedUserId impersonatedUserId =
                  new ImpersonatedUserId(ConnectingIdType.SmtpAddress, impersonatedUserSMTPAddress);
              service.ImpersonatedUserId = impersonatedUserId;
  4. It was working fine till yesterday afternoon. Suddenly, it started throwing an exception "Access is denied. Check credentials and try again." Whenever I try to
  update that event.
         private static void FindAndUpdate(ExchangeService service)
              CalendarView cv = new CalendarView(DateTime.Now, DateTime.Now.AddDays(30));
              cv.MaxItemsReturned = 25;
              try
                  FindItemsResults<Item> masterResults = service.FindItems(WellKnownFolderName.Calendar, cv);
                  foreach (Appointment item in masterResults.Items)
                      if (item is Appointment)
                          Appointment masterItem = item as Appointment;
                          if (!masterRecurEventIDs.Contains(masterItem.ICalUid.ToString()))
                              masterItem.Load();
                              if (!masterItem.Subject.Contains(" (Updated content)"))
                                  //impersonate organizer to update and save for further use
                                  Impersonate(masterItem.Organizer.Address.ToString());
                                  // Update the subject and body
                                  masterItem.Subject = masterItem.Subject + " (Updated content)";
                                  string currentBodyType = masterItem.Body.BodyType.ToString();
                                  masterItem.Body = masterItem.Body.Text + "\nUpdated Body Info:
  xxxxxxxxxxxx";
                                  // This results in an UpdateItem operation call to EWS.
                                  masterItem.Update(ConflictResolutionMode.AutoResolve);
                                  // Send updated notification to organizer of an appointment
                                  CreateAndSendEmail(masterItem.Organizer.Address.ToString(), masterItem.Subject);
                                  masterRecurEventIDs.Add(masterItem.ICalUid.ToString());
                              else
                                  Console.WriteLine("Event is already updated. No need to update again.:\r\n");
                                  Console.WriteLine("Subject: " + masterItem.Subject);
                                  Console.WriteLine("Description: " + masterItem.Body.Text);
              catch (Exception ex)
                  Console.WriteLine("Error: " + ex.Message);
  5. What could be an issue here? Initially I thought may be its a throttling policy which is stopping same user after making certain API call limits for the day, but I am still seeing this issue today.
  Any help is appreciated.
  Thanks

  Your logic doesn't sound correct here eg
  2. Create a calendar item by other user for e.g. [email protected], and invite an attendee - [email protected]
  3. In a c# program, I connect to EWS service using a service account - [email protected], fetch its calendar events. If organizer of an event is some other user - [email protected] then
  I use impersonation in the following way to update the calendar event/item properties- subject, body text etc.
  When your connecting to [email protected] mailbox the only user that can make changes to items within
  abccalendar is abc (or ABC's delegates). If your impersonating the Organizer of the appointment pqr that wouldn't work unless the organizer had rights to abc's calendar. If you want to make updates to a calendar
  appointment like that you should connect to the Organizers mailbox first update the original, send updates and then accept the updates.
  When you impersonate your impersonating the security context of the Mailbox your impersonating so its the same a logging on as that user in OWA or Outlook.
  Cheers
  Glen

• SSO + OBIEE + Impersonation :: Invalid user/password

  I am running the following setup:
  OBIEE
  Oracle Business Intelligence Product Version 10.1.3.3.2 (Build 071217.1900)
  Physical Presentation Catalog Path /apps/installs/OracleBIData/web/catalog/paint/root
  Oracle BI Server Data Source AnalyticsWeb
  Analytics WebApp
  Turned off OC4J, and deployed Analytics.war file on its own Apache-Tomcat instance
  The Tomcat instance listens on port 9090
  Siteminder (SSO) / Proxy Tier
  I am running an Apache Web Server instance protected by CA Siteminder's SSO policy
  AWS is listening on port 80, and acting as a proxy to redirect requests for Analytics.
  Example:
  Tomcat Analytics: http://localhost:9090/analytics/
  AWS: http://localhost:80/obiee/ ==> http://localhost:9090/analytics/
  I am doing testing with the out of the box PAIN repository & set of dashboards. My goal is to:
  1. Protect OBIEE behind SSO
  2. Allow ANY SSO authenticated user to gain access to OBIEE Analytics
  3. Remove OBIEE's own authentication / login screen
  Effectively:
  1. Browse to http://localhost/obiee/
  2. Get redirected to SSO login landing page
  3. Authenticate via SSO
  4. Upon successful SSO authentication, get redirected to the default OBIEE dashboard
  So far, so good. I followed the guide for SSO integration found here: http://download.oracle.com/docs/cd/E12096_01/books/AnyDeploy/AnyDeploySSO.html
  I've added the necessary entries on my instanceconfig.xml ($ORACLEBIDATA_HOME/web/config/instanceconfig.xml) as follows
  <Auth>
  <SSO enabled="true">
  <ParamList>
  <Param name="IMPERSONATE" source="httpHeader" nameInSource="eid"/>
  </ParamList>
  </SSO>
  </Auth>
  <CredentialStore>
  <CredentialStorage type="file" path="/apps/installs/OracleBIData/web/config/credentialstore.xml" passphrase="***********"/>
  </CredentialStore>
  I've created an Impersonator user and impersonation alias on my credentialstore.xml file using:
  cryptotools credstore -add -infile $ORACLEBIDATA_HOME/web/config/credentialstore.xml
  Credential Alias: impersonation
  Username: Impersonator
  Password: ***********
  Do you want to encrypt the password? y/n (y):
  Passphrase for encryption: ***********
  Do you want to write the passphrase to the xml? y/n (n):
  File "<OracleBIData>/web/config/credentialstore.xml" exists. Do you want tooverwrite it? y/n (y):
  I've also added the Impersonator user to the repository using BI Administrator. I opened the respository online and added Impersonator as a user, with the same password I defined when I user cryptotools. I included the Impersonator user on the same groups as the default Administrator (Administrators & XMLP_ADMIN) and subsequently checked my changes back into the server. After everything was done, I bounced presentation and BI servers through:
  $run-sa.sh stop
  $run-saw.sh stop
  $run-sa.sh start
  $run-saw.sh start
  Presentation services starts up fine, BI server starts up fine as well. When I browse to the Apache Web Server site, I get redirected to SSO, I pass my credentials, and the wind up on the /saw.dll?Dashboard URI but I get the following message:
  You are not currently logged in to the Oracle BI Server.
  If you have already logged in, your connection might have timed out, or a communications or server error may have occurred.
  Here are the relevant log entries from $ORACLEBIDATA_HOME/web/log
  sawlog0.log -I replaced the actual username with <SSOUID>. <SSOUID> is the actual SSO header I need.
  Oracle BI Presentation Services have started successfully.
  Type: Error
  Severity: 40
  Time: Fri Jul 23 12:02:57 2010
  File: project/webodbcaccess/odbcconnectionimpl.cpp Line: 371
  Properties: ConnId-1,1;ThreadID-4096981904
  Location:
  saw.odbc.connection.open
  saw.connectionPool.getConnection
  saw.threadPool
  saw.threads
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43001] Authentication failed for <SSOUID> in repository Star: invalid user/password. (08004)
  Type: Error
  Severity: 42
  Time: Fri Jul 23 12:02:57 2010
  File: project/webconnect/connection.cpp Line: 276
  Properties: ThreadID-4096981904
  Location:
  saw.connectionPool.getConnection
  saw.threadPool
  saw.threads
  Authentication Failure.
  Odbc driver returned an error (SQLDriverConnectW).
  I am at a total loss with this. If I am understanding the OBIEE stack correctly, this would seem to indicate:
  a. The impersonation credentials on the credentialstore.xml file are not being decrypted correctly, or the password actually doesn't match. But I've triple checked this.
  b. The impersonation alias is not being recognized by presentation services.
  I would really appreciate any input here. If I've left out any relevant items, please ask questions and I'll try to be as thorough as possible.
  Thanks in advance!
  Miguel.-
  Edited by: user11343977 on Jul 23, 2010 11:49 AM

  Changes made. Here are the log entries:
  sawlog0.log
  Type: Error
  Severity: 40
  Time: Mon Jul 26 12:27:59 2010
  File: project/webodbcaccess/odbcconnectionimpl.cpp Line: 371
  Properties: ConnId-13,13;ThreadID-4091849616
  Location:
  saw.odbc.connection.open
  saw.connectionPool.getConnection
  saw.threadPool
  saw.threads
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43001] Authentication failed for 7880429329 in repository Star: invalid user/password. (08004)
  Type: Error
  Severity: 42
  Time: Mon Jul 26 12:27:59 2010
  File: project/webconnect/connection.cpp Line: 276
  Properties: ThreadID-4091849616
  Location:
  saw.connectionPool.getConnection
  saw.threadPool
  saw.threads
  Authentication Failure.
  Odbc driver returned an error (SQLDriverConnectW).
  And here is the relevant entry from the NQQuery.log -which is enlightening if I should say:
  --------- Oracle BI Version: 10.1.3.3.2.071217.1900 : New Session Timestamp: 2010/07/26 12:34:33
  +++Impersonator:fffe0000:fffe0004:----2010/07/26 12:34:59
  -------------------- An initialization block named 'Authorization', on behalf of a Session Variable, issued the following SQL query:
  SELECT ':USERID','Administrators','GuestAccount' from dual
  Returned 0 rows. Query status: Failure

• Can Impersonalized form be attached to an email notification

  Hi All,
  I have a requirement where a filled in offline form should be sent (emailed) to a user.
  I have created an Impersonalized form which triggers a process. I have mapped the Interactive form field to attachment field of the email (Send an email in background with attachment) callable object in the process.
  When the form is submitted, I get an email with an attachment but it is an xml file.
  Is there anyway to get the actual submitted Impersonalized form (PDF) as an attachment?
  Version:
  Adobe Live Cycle Desinger 8.0
  Netweaver 2004s SP15
  Thank you,
  Vasu

  hi,
  select the submit by email button in ur form
  select the event : click  language : javascript
  and use the following code there
  event.target.submitForm();
  so wen u click the submit by email button  the form will be sent to uraddres @ yyy .com as a pdf attachment
  Regards
  Jay

• "NI Network Browser Error!" When Using 'DataSocket Select URL'

  We have two LV 7.1.1-built executables running on two different computers that are networked together.  Each executable starts the DataSocket Server on their own computer and then attempts to read from the other computer's DataSocket Server.  Everthing works well if both computers are running XP SP2 or SP3.
  The problem occurs when one of the OS's is Windows 2000  SP3.  The executable on the XP computer can see the DataSocket items in the 'DataSocket Select URL' window on the Windows 2000 computer.  However, on the Windows 2000 computer, if you open the 'DataSocket Select URL' window, and try to browse the DataSocket items on the XP computer, one of the following dialogs appears:
  NI Network Browser Error!
  Cannot enumerate items in this hierarchy
  Cannot open a network enumeration
  0x000004b8
  An extended error has ocurred.
  OR
  NI Network Browser Error!
  Cannot enumerate items in this heirarchy
  Cannot open a network enumeration
  0x00000035
  The volume path was not found
  This is usually followed by a DataSocket Read error of 214701483 (this looks like a COM object error, but for once, Google didn't have anything to say about it).
  There was a similar post to this one in which Manuel Wielander suggests setting the 'Authentication Level' to 'Connect' and the 'Impersonation Level' to 'Identify'.  He also suggested adding 'ole.AuthnLevel=1' to the executable's ini file.  None of these suggestions work.  I have also added every exception imaginable to the Windows XP firewall with no luck.
  Anyone dare to step into the networking abyss with me on this one?  Much thanks in advance for any help or suggestions.
  Chris_Mitchell
  Product Development Engineer
  Certified LabVIEW Architect

  Hello Archimedes,
  This problem is a bit difficult to track down. I have Win 2k SP4 and WinXP Pro computers and am unable to reproduce the issue at the moment. However, I have found information that this issue has occurred in the past. In some instances it appears that changing the DataSocket Select URL.vi's Preferred Execution System to something other than "user interface" (eg. "Same as caller" or "standard") from VI Properties>>Execution resolves the problem. However, this is not a guaranteed workaround. R&D is aware of the problem and is working to fix it. I apologize for any inconvenience.
  Best Regards,
  Chris J
  National Instruments

• GP - CAF : How to capture data from impersonalized form.

  Hi All,
            I have a requirement where in I have submit the data offline using an Adobe form and this data should be fed to an RFC any no if times.
  I have created a interactive callable object (Impersonalized form) using a form template. I'm able to download the form and submit any no of times.
  But the problem I have here is: I do not see any way to capture the data from the form and input it to the RFC. Please let me know if any of you have any ideas.
  Version: Netweaver 2004s SP15
  Thank you,
  Vasu Mullapudi

  I got the solution.
  GP Process in design mode have a tab Forms. Here, we can add the Interactive form callable object (Impersonalised form) and can map the fields to the process context.
  Thats it. Whenever you submit the form, the process is run with the form data and the job is done.
  Note: If the data is not sent to the process, try from the callable object in design mode -> Configuration tab.
  Here while selecting the Start process Upon completion, you have a option for mapping fields.
  Thank you,
  Vasu

• Grant Application Impersonation Rights for UPN on Exchange Server 2007

  Hi,
  I would like to know , how to grant application impersonation rights for UPN account in exchange server 2007 . As i am working for mailbox migration , i should have this rights . I can do impersonation rights for domain\username but not for [email protected]
  Please anyone help me , how to grant permission for [email protected] . 
  Big thanks in advance.
  .Thanks & Regards,
  vinoth

  Hi,
  I have a test in my environment using Exchange 2007, you can use the following cmdlet to assign Application Impersonation rights to an account using UPN.
  Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity
  [email protected] | select-object).identity -extendedRight ms-Exch-EPI-Impersonation}
  Get-MailboxDatabase | ForEach-Object {Add-ADPermission -Identity $_.DistinguishedName -User
  [email protected] -ExtendedRights ms-Exch-EPI-May-Impersonate}
  Note: Please change the "[email protected]" to the UPN you want to use.
  Hope my clarification is helpful.
  Best regards,
  Amy Wang
  TechNet Community Support

• Report to download impersonal account balances

  Hello together,
  I am currently preparing data migration. I also have to migrate the impersonal account balances.
  I was told to use a standard transaction for account balances (S_ALR_87012277 or S_ALR_87012279 or ...) and then download the selected values into Excel. So far so good.
  My problem is the legacy system. It's a 4.6C and there I only get lists and when you try to download them into excel ......
  it doesn't look good and I would have to delete hundreds of lines and a lot of columns.
  So - does anybody know a better way to download or extract the data a different way?
  Regards
  Heiko

  Solution was a Z-Copy of an SAP standard report with modifications to download the needed data.

• Impersonation of FullTextSqlQuery search query

  Hello,
  I am using FullTextSqlQuery class (http://msdn.microsoft.com/en-us/library/microsoft.office.server.search.query.fulltextsqlquery_members.aspx) to perform search for SharePoint 2010 sites.
  I would like to execute search query under some specific user permissions. I suppose I should use FullTextSqlQuery.PersonalizationData to impersonate search query. This property requires User's GUID as parameter. The question is how may I get user Guid for
  some user. SPUser.ID returns integer value. Is there any way to get user guid as System.Guid type? or impersonate search query in some other way. It should work both for windows and claims users so windows impersonation is not acceptable.
  Thanks beforehand,
  -Petro

  public static Int32 ImpersonatedQuery(string userName,string domain,string password)
  WindowsIdentity tempWindowsIdentity;
  IntPtr token = IntPtr.Zero;
  IntPtr tokenDuplicate = IntPtr.Zero;
  WindowsImpersonationContext impersonationContext = null;
  Int32 count = 0;
  DataTable retResults = new DataTable();
  if (RevertToSelf())
  try
  if (LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
  LOGON32_PROVIDER_DEFAULT, ref token) != 0)
  if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
  tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
  impersonationContext = tempWindowsIdentity.Impersonate();
  if (impersonationContext != null)
  using(SPSite site = new SPSite("http://basesmcdev2/sites/tester1"))
  FullTextSqlQuery fts = new FullTextSqlQuery(site);
  fts.QueryText = "SELECT Title,FileExtension,ContentType,Path FROM SCOPE() WHERE Title LIKE '%c%mp%r%'";
  fts.ResultTypes = ResultType.RelevantResults;
  fts.RowLimit = 20;
  ResultTableCollection rtc = fts.Execute();
  if (rtc.Count > 0)
  using (ResultTable relevantResults = rtc[ResultType.RelevantResults])
  retResults.Load(relevantResults, LoadOption.OverwriteChanges);
  count = retResults.Rows.Count;
  return count;
  return count;
  finally
  if (impersonationContext != null)
  impersonationContext.Undo();
  if (token != IntPtr.Zero)
  CloseHandle(token);
  if (tokenDuplicate != IntPtr.Zero)
  CloseHandle(tokenDuplicate);
  return count;
  The personalizationdata will not work, nor is it used by the FullTextSQLQuery. It is only used for KeywordQuery class. The only way to impersonate to do a query is to logon as that user and execute the query. The SPSite is not used by the FullTextSQLQuery
  to impersonate. You can try the following code which uses the windows api advapi32.dll to logon and execute the query. Unfortunately you will need to know the users password.
  Blog | SharePoint Field Notes Dev Tool |
  ClassMaster

• Impersonation NT authority\IUSR insufficient permission

  Can someone please help with this error.
  EVENT LOG
  Application
  EVENT TYPE
  Error
  OPCODE
  Info
  SOURCE
  Microsoft-SharePoint Products-SharePoint Foundation
  CATEGORY
  Database
  EVENT ID
  5214
  USERNAME
  NT AUTHORITY\IUSR
  DATE / TIME
  4/1/2015 4:25:57 PM
  COMPUTERNAME 
  ICBWFE
  MESSAGE
  Insufficient SQL database permissions for user 'Name: NT AUTHORITY\IUSR SID: NT AUTHORITY\IUSR ImpersonationLevel: Impersonation' in database 'SP_CONTENT_MySites' on SQL Server instance 'PRODSQLSPCONTENT'.
  Additional error information from SQL Server is included below. The EXECUTE permission was denied on the object 'proc_GetTpWebMetaDataAndListMetaData', database 'SP_CONTENT_MySites', schema 'dbo'.
  also, the "SQL Server instance 'PRODSQLSPCONTENT'" isn't even the name of our SQL server instance.

  Hi,
  From the error message, we can know that the user NT AUTHORITY\IUSR does not have EXECUTE permission on the object 'proc_GetTpWebMetaDataAndListMetaData' in the database 'SP_CONTENT_MySites'. So we need to grant the permission to
  the user on the database server. Please follow the steps below.
  In the database server, expand
  SP_CONTENT_MySites database and navigate to
  Programmability/Stored      Procedures/dbo.
  proc_GetTpWebMetaDataAndListMetaData
  using      SQL Server Management Studio.
  Right click on the above stored procedure and select
  Properties.     
  On the popup screen, select Permissions on the left and click
  Search      button.
  On the new popup screen, click Search, type the user name in      the box/Check Names and click
  OK.
  Select Execute permissions.
  Click OK again.
  For your reference:
  http://maiomardesouki.com/2012/09/12/686/
  Thanks,
  Lisa Chen
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Error message: "playlists selected for updating no longer exist"

  I tried to update my ipod nano and I guess I had deleted a playlist, but since then, I have not been able to update. Every time I try, I get the following message:
  "Cannot be updated because all of the playlists selected for updating no longer exist."
  I haven't been able to highlight which playlists are selected to begin with.
  I read through the manual and thought that maybe rebooting the whole system might work. So I deleted Itunes from my computer and re-installed.
  Then I tried re-setting my ipod. So now I have nothing on my ipod.
  I also deleted everything from my library, thinking it might help to start from scratch. Nothing has worked.
  How do I "select" and "unselect" playlists so I can get up and running again?

  Here you go.
  http://discussions.apple.com/thread.jspa?messageID=607312&#607312

• Error while calling a select esb service

  javax.resource.ResourceException: RollbackException: Transaction has been marked for rollback:
  I encounter the above error while executing a synchronous bpel process, that invokes an esb db select service to fetch a value from the db.
  the details available for the error are:
  An unhandled exception has been thrown in the ESB system. The exception reported is: "java.lang.ArrayIndexOutOfBoundsException: Array index out of range: 0 at java.util.Vector.get(Vector.java:710) at oracle.tip.esb.server.common.wsif.WSIFInvoker.readResponseHeader(Unknown Source) at oracle.tip.esb.server.common.wsif.WSIFInvoker.executeOperation(Unknown Source) at oracle.tip.esb.server.common.wsif.WSIFInvoker.nextService(Unknown Source) at oracle.tip.esb.server.service.impl.outadapter.OutboundAdapterService.nextService(Unknown Source) at oracle.tip.esb.server.service.impl.outadapter.OutboundAdapterService.processBusinessEvent(Unknown Source) at oracle.tip.esb.server.dispatch.InitialEventDispatcher.dispatchNonRoutingService(Unknown Source) at oracle.tip.esb.server.dispatch.InitialEventDispatcher.dispatch(Unknown Source) at oracle.tip.esb.server.dispatch.BusinessEvent.raise(Unknown Source) at oracle.tip.esb.wsif.WSIFOperation_ESB.executeRequestResponseOperation(Unknown Source) at com.collaxa.cube.ws.WSIFInvocationHandler.invoke(WSIFInvocationHandler.java:431) at com.collaxa.cube.ws.WSInvocationManager.invoke2(WSInvocationManager.java:353) at com.collaxa.cube.ws.WSInvocationManager.invoke(WSInvocationManager.java:192) at com.collaxa.cube.engine.ext.wmp.BPELInvokeWMP.__invoke(BPELInvokeWMP.java:733) at com.collaxa.cube.engine.ext.wmp.BPELInvokeWMP.__executeStatements(BPELInvokeWMP.java:368) at com.collaxa.cube.engine.ext.wmp.BPELActivityWMP.perform(BPELActivityWMP.java:197) at com.collaxa.cube.engine.CubeEngine.performActivity(CubeEngine.java:3266) at com.collaxa.cube.engine.CubeEngine.handleWorkItem(CubeEngine.java:1696) at com.collaxa.cube.engine.dispatch.message.instance.PerformMessageHandler.handleLocal(PerformMessageHandler.java:75) at com.collaxa.cube.engine.dispatch.DispatchHelper.handleLocalMessage(DispatchHelper.java:184) at com.collaxa.cube.engine.dispatch.DispatchHelper.sendMemory(DispatchHelper.java:269) at com.collaxa.cube.engine.CubeE
  Please suggest
  thanx
  AJ

  Done That,
  Thanx a ton Dave, it worked.
  So I am finally moving on :-)
  Just one question Dave, I happened to work on the Beta release of this version too, the problem was not there. How come we have been able to get it in dev preview.