Sharepoint Permissions Application user with read only permissions
Friends,
I am trying to create a separate permission Group for an Executive(Department) Team who can access all the documents and lists in the portal with only read permissions because they need to see all the documents and lists in the libraries.
I can add them in to SP_Application_User group but i don't want them to edit the documents.
If i create a new group and set a separate permission level with read only setting, they cannot access all the documents in the document libraries and lists because some of the document libraries and lists have separate permission which overrided parent permissions.
Hope i will get help from any of you.
Thanks in advance,
Regards,
Chakri
Hi,
For your issue, you could add the users to Central Administration > Application Management > Policy for Web Application and grant Full Read permissions.
With the configuration, these users have Read permission to the whole web application.
-lambert
Sincerely,
Lambert Qin
Posting is provided "AS IS" with no warranties, and confers no rights.
Similar Messages
-
How to create sharepoint Group with read only permissions using powershell for entire site ?
How to create sharepoint Group with read only permissions using powershell for entire site (including subsites and top level site)
Hi
using (SPSite site = new SPSite(url))
using (SPWeb web = site.OpenWeb())
SPUserCollection users = Web.AllUsers;
SPUser owner = users[string.Format("{0}{1}", "Domain", "Owner Username")];
SPMember member = users[string.Format("{0}{1}", "Domain", "Default Member Username")];
SPGroupCollection groups = Web.SiteGroups;
string GroupName = “Super Exclusive”;//your group name
string GroupDescription = “Super exclusive group description.”;
groups.Add(GroupName, owner, member, GroupDescription);
SPGroup NewSPGroup = groups[GroupName];
SPRoleDefinition role = Web.RoleDefinitions["Read"];
SPRoleAssignment roleAssignment = new SPRoleAssignment(NewSPGroup);
roleAssignment.RoleDefinitionBindings.Add(role);
Web.RoleAssignments.Add(roleAssignment);
Web.Update();
Please 'propose
as answer' if it helped you, also 'vote
helpful' if you like this reply. -
DI API - accessing objects with Read only permissions
Scenario: I have setup a user in B1 with "Read Only permissions" on the Business Partner. When I log into the DI API as this user and try instantiating the BP object, I get a message "Loged on user does not have permissions".
Why am I getting this? Shouldnt I be able to instantiate the object and read the property values. i understand that I cannot Add or Update because of read only permissions.
Is there a way we can retreive values for users using the DI API or should the best option be to write a SQL statement.
Thanks,
GopalRequiring the user to have full authorization to instantiate an object is a serious limitation for the DI API. It makes it virtually useless. After all it is supposed to be OOP and all the trimmings isnt it? It also takes a lot of control away from the user.
+1
Hi,
I have confirmation from B1 product definition, the DI API access for objects with Read only permissions will not be included in the 2007A version. It will be considered for the following version after 2007A.
There is a chapter called "Authorization Checks" in the SDK Help file specifying:
"SAP Business One performs authorization checks for the business objects and the infrastructure and meta data objects. If a user does not have full authorization to access the objects in SAP Business One, the user will not have permission to access the data belonging to the business objects using the DI API."
Regards
Trinidad.
*sigh* -
How to create a user with read only access for ESB / BPEL Console
I need to create a user with read only access to ESB Console & BPEL Console. I have created a user
(esbreadonly) and assigned ascontrol_monitor role but user is still able to
delete services from ESB systems (such as DefaultSystem). Is there any way to
create a user that has strickly read only access to ESB Console & BPEL
Console
Thanks
Dinesh PatelCheck out this post.. I'm in the process of testing.
http://chintanblog.blogspot.com/2007/12/i-saw-numerous-people-asking-about-bpel_290.html -
Error when mapping drive with read only permissions - unc path works fine
Hello,
we have user shares that we map to drive H:. the shares are in the form \\server\user\<loginname>. The shares have full permission and the files and folders have full permission for the user. To be clear, the shared folder is \\server\user. <loginname>
are several folders, one for each user.
We use a vb script to check if a user stores too much data and if yes, we set the permissions for the user to read only and delete (with icacls).
Unfortunately, it this happens, we cannot map the drive anymore on Windows 7 (on Windows XP it works fine). The error is "Permission denied". Interestingly, the user can still open the share with the unc - path.
Is there anything I can do, so that the user still has his drive mapped? Most user are not tech savvy enough to open their share with the unc - path.
Thank You,
PeterHi Peter,
Sorry for the delay in reply.
Please disable User Account Control in windows 7 to see if you can see the map drive. In the meantime, I suggest to use GPP instead of logon script to map drive.
GP Preferences Will Reduce Logon Scripts : Mapping Drives
http://blogs.technet.com/b/grouppolicy/archive/2009/02/11/gp-preferences-will-reduce-logon-scripts-mapping-drives.aspx
Please refer to the similar thread below to see if it helps:
Windows 7 Drive mapping via Logon script issue
http://social.technet.microsoft.com/Forums/en-US/6cdfae47-1ca0-46e8-8456-6aac2ee616b2/windows-7-drive-mapping-via-logon-script-issue
Regards,
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Can't copy files from NTFS volume with Read Only permissions?
I am trying to copy files from an NTFS volume used previously for Windows onto another volume which is Mac OS X Extended...
However, certain files fail to copy due to the fact that I 'don't have permission to access some of the items'...
So I found the items which are causing the issue and viewed the permissions for them which display as 'You can only read'... I presume I am correct taking these as read-only permissions which (to my knowledge) should allow the files/folders to be copied accross to a new volume assuming that the existing volume is left without any changes attempted.
So can anyone suggest to me why this is? And how I might rectify the issue?
Thanks in advanceOk I've just worked out that 'You can only read' is referring to the fact that I can only view permissions but not add any. Below this statement, no permissions are listed which may explain why I cannot access the files but does not explain why I can copy/access some files, also with no permissions...
-
Create a user with read only access in the weblogic server 10.3.5
Hi Friends,
I am getting the below exception after creating a user (soa_read_only) with read only access in the logs after logging in with this user credentials:
[2011-11-28T13:22:32.781+05:30] [AdminServer] [WARNING] [] [oracle.jps.admin] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: soa_read_only] [ecid: 49233e31d176bb92:78c87a90:133e90b0482:-8000-00000000000005d2,0] Access denied. Required roles: Operator, Admin, executing subject: principals=[soa_read_only, Monitors][[
java.lang.SecurityException: Access denied. Required roles: Operator, Admin, executing subject: principals=[soa_read_only, Monitors]
at oracle.as.jmx.framework.wls.spi.security.WLSMBeanSecurityHelper.isInWlsGlobalSecurityRoles(WLSMBeanSecurityHelper.java:245)
at oracle.as.jmx.framework.wls.spi.security.WLSMBeanSecurityHelper.checkGlobalSecurityRoleBasedAccess(WLSMBeanSecurityHelper.java:139)
at oracle.as.jmx.framework.wls.spi.security.WLSMBeanAccessControllerSPIImpl.checkLogicGlobalSecurityRoleAccess(WLSMBeanAccessControllerSPIImpl.java:35)
at oracle.as.jmx.framework.MBeanAccessControllerImpl.checkLogicGlobalSecurityRoleAccess(MBeanAccessControllerImpl.java:52)
at oracle.security.jps.mas.mgmt.jmx.policy.JpsAdminRoleImpl.checkRole(JpsAdminRoleImpl.java:182)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.doInvoke(OracleStandardEmitterMBean.java:973)
at oracle.adf.mbean.share.AdfMBeanInterceptor.internalInvoke(AdfMBeanInterceptor.java:104)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.internalInvoke(AbstractMBeanSecurityInterceptor.java:190)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor$2.run(JpsJmxInterceptor.java:344)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor.internalInvoke(JpsJmxInterceptor.java:360)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.as.jmx.framework.generic.spi.interceptors.ContextClassLoaderMBeanInterceptor.internalInvoke(ContextClassLoaderMBeanInterceptor.java:103)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.as.jmx.framework.generic.spi.interceptors.MBeanRestartInterceptor.internalInvoke(MBeanRestartInterceptor.java:116)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.as.jmx.framework.generic.spi.interceptors.LoggingMBeanInterceptor.internalInvoke(LoggingMBeanInterceptor.java:524)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.invoke(OracleStandardEmitterMBean.java:887)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterConfigMBean.doInvoke(OracleStandardEmitterConfigMBean.java:398)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterConfigMBean.invoke(OracleStandardEmitterConfigMBean.java:365)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at weblogic.management.mbeanservers.domainruntime.internal.FederatedMBeanServerInterceptor.invoke(FederatedMBeanServerInterceptor.java:349)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:263)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.SecurityMBeanMgmtOpsInterceptor.invoke(SecurityMBeanMgmtOpsInterceptor.java:65)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1367)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
at javax.management.remote.rmi.RMIConnectionImpl_1035_WLStub.invoke(Unknown Source)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
at weblogic.management.remote.wlx.ClientProvider$WLXMBeanServerConnectionWrapper.invoke(ClientProvider.java:291)
at weblogic.management.remote.wlx.ClientProvider$WLXMBeanServerConnectionWrapper.invoke(ClientProvider.java:291)
at oracle.sysman.emSDK.sec.targetauth.emas.EMASConnection.checkTargetRole(EMASConnection.java:222)
at oracle.sysman.emSDK.sec.targetauth.EMTargetAuthService.checkTargetRoleEx(EMTargetAuthService.java:625)
at oracle.sysman.emSDK.sec.targetauth.EMTargetAuthService.checkTargetRoleEx(EMTargetAuthService.java:595)
at oracle.sysman.emSDK.sec.targetauth.EMTargetAuthService.checkTargetRole(EMTargetAuthService.java:577)
at oracle.sysman.emSDK.sec.authz.EMAuthzService.checkPermission(EMAuthzService.java:288)
at oracle.sysman.emSDK.pagemodel.menu.EMMenuCommand.getMenuItem(EMMenuCommand.java:681)
at oracle.sysman.core.app.menu.XMLMenuManager.createEMMenuItem(XMLMenuManager.java:1595)
at oracle.sysman.core.app.menu.XMLMenuManager.createEMMenu(XMLMenuManager.java:1421)
at oracle.sysman.core.app.menu.XMLMenuManager.getTargetMenu(XMLMenuManager.java:529)
at oracle.sysman.core.view.menu.MenuBarUIBean.populateTargetMenu(MenuBarUIBean.java:1023)
at oracle.sysman.core.view.menu.MenuBarUIBean.getFarmMenuComp(MenuBarUIBean.java:696)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.el.BeanELResolver.getValue(BeanELResolver.java:261)
at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:173)
at com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:200)
at com.sun.el.parser.AstValue.getValue(Unknown Source)
at com.sun.el.ValueExpressionImpl.getValue(Unknown Source)
at com.sun.faces.application.ApplicationImpl.createComponent(ApplicationImpl.java:250)
at javax.faces.webapp.UIComponentELTag.createComponent(UIComponentELTag.java:222)
at javax.faces.webapp.UIComponentClassicTagBase.createChild(UIComponentClassicTagBase.java:513)
at javax.faces.webapp.UIComponentClassicTagBase.findComponent(UIComponentClassicTagBase.java:782)
at javax.faces.webapp.UIComponentClassicTagBase.doStartTag(UIComponentClassicTagBase.java:1354)
at org.apache.myfaces.trinidad.webapp.UIXComponentELTag.doStartTag(UIXComponentELTag.java:75)
at oracle.adfinternal.view.faces.unified.taglib.UnifiedMenuTag.doStartTag(UnifiedMenuTag.java:51)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:50)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspNode.execute(OracleJspNode.java:89)
at oracle.jsp.runtimev2.ShortCutServlet._jspService(ShortCutServlet.java:89)
at oracle.jsp.runtime.OracleJspBase.service(OracleJspBase.java:30)
at oracle.jsp.runtimev2.JspPageTable.compileAndServe(JspPageTable.java:665)
at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:387)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:802)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:726)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.sysman.eml.app.JSPFilter.doFilter(JSPFilter.java:93)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:524)
at weblogic.servlet.internal.RequestDispatcherImpl.include(RequestDispatcherImpl.java:444)
at weblogic.servlet.jsp.PageContextImpl.include(PageContextImpl.java:164)
at weblogic.servlet.jsp.PageContextImpl.include(PageContextImpl.java:185)
at oracle.jsp.runtime.tree.OracleJspIncludeNode.execute(OracleJspIncludeNode.java:49)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspIterationTagNode.executeHandler(OracleJspIterationTagNode.java:45)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspIterationTagNode.executeHandler(OracleJspIterationTagNode.java:45)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspNode.execute(OracleJspNode.java:89)
at oracle.jsp.runtimev2.ShortCutServlet._jspService(ShortCutServlet.java:89)
at oracle.jsp.runtime.OracleJspBase.service(OracleJspBase.java:30)
at oracle.jsp.runtimev2.JspPageTable.compileAndServe(JspPageTable.java:665)
at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:387)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:802)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:726)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.sysman.eml.app.JSPFilter.doFilter(JSPFilter.java:93)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:524)
at weblogic.servlet.internal.RequestDispatcherImpl.include(RequestDispatcherImpl.java:444)
at weblogic.servlet.jsp.PageContextImpl.include(PageContextImpl.java:164)
at weblogic.servlet.jsp.PageContextImpl.include(PageContextImpl.java:185)
at oracle.adfinternal.view.faces.taglib.region.IncludeTag.__include(IncludeTag.java:442)
at oracle.adfinternal.view.faces.taglib.region.IncludeTag.doEndTag(IncludeTag.java:232)
at oracle.adfinternal.view.faces.taglib.region.PageTemplateTag.doEndTag(PageTemplateTag.java:162)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:63)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspNode.execute(OracleJspNode.java:89)
at oracle.jsp.runtimev2.ShortCutServlet._jspService(ShortCutServlet.java:89)
at oracle.jsp.runtime.OracleJspBase.service(OracleJspBase.java:30)
at oracle.jsp.runtimev2.JspPageTable.compileAndServe(JspPageTable.java:665)
at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:387)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:802)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:726)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:176)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.sysman.eml.app.JSPFilter.doFilter(JSPFilter.java:93)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.sysman.core.model.targetauth.EMLangPrefFilter.doFilter(EMLangPrefFilter.java:158)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:524)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:253)
at com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:410)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.dispatch(ExternalContextDecorator.java:45)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.dispatch(ExternalContextDecorator.java:45)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.dispatch(ExternalContextDecorator.java:45)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.dispatch(ExternalContextDecorator.java:45)
at org.apache.myfaces.trinidadinternal.context.FacesContextFactoryImpl$OverrideDispatch.dispatch(FacesContextFactoryImpl.java:268)
at com.sun.faces.application.ViewHandlerImpl.executePageToBuildView(ViewHandlerImpl.java:471)
at com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:140)
at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:191)
at org.apache.myfaces.trinidadinternal.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:193)
at oracle.sysman.emSDK.adfext.ctlr.EMViewHandlerImpl.renderView(EMViewHandlerImpl.java:150)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse(LifecycleImpl.java:800)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:294)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:214)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:166)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:447)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:447)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:176)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:183)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.sysman.core.model.targetauth.EMLangPrefFilter.doFilter(EMLangPrefFilter.java:158)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:542)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Why this exception is occurring? Kindly help me with this, its a bit urgent!!!!Hi
1. First create a user like readonlyweblogic using some password in Weblogic Console. In Weblogic Console itself, select this new user and go to his Group Memberships and add a Group named Monitors. This means this user has Monitor role for Weblogic Console. Monitor is a Read Only access role to the weblogic console.
2. NOW, with full admin privileges user, login into EM Console. Select soa_infra, right click mouse -> Security -> Application Roles. On right side, click green arrow and see list of Roles shown. Select the role named SOAMonitors, click on this. And add a User to this that is created above like "readonlyweblogic".
3. Close all the browsers. Open a new browser and test weblogic console and em console with this new user.
I have this setup like this in many envs and they all work fine. They are read only access users for admin console and em console.
Thanks
Ravi Jegga -
User with read only access on a schema - How?
Hi all,
I want to create a user with ready only access to a particular schema. The user should have only 'SELECT' option on all objects of the schema.
Thanks !Ven wrote:
Hi all,
I want to create a user with ready only access to a particular schema. The user should have only 'SELECT' option on all objects of the schema.
Thanks !There is no single command. You have to grant object privelges by object.
Use sql to write sql
connect <schema_owner>
spool doit.sql
select 'grant select on ' || table_name || 'to <selected_user>;'
spool off;Probably best if <selected_use> is a role instead of a specific user, then grant the role to whoever. -
Hello. i need to create user that have read only rights to every table on database, but only read only.
Could you please provide a statment for that or a link where can i find that kind of information.Hi;
Similar topic mention here many times. Please see:
Read only user creation
Read only user creation
PS:Please dont forget to change thread status to answered if it possible when u belive your thread has been answered, it pretend to lose time of other forums user while they are searching open question which is not answered,thanks for understanding
Regard
Helios -
User with Read-Only permission can write
Hi,
I have two Macs on a local network. I am sharing a folder on Mac-A and would like users to have read-only access to it. It is important that users cannot modify the data in this folder.
On Mac-A:
Selecting System Preferences->Sharing->File Sharing, I added the folder to "Shared Folders". Next, I added the user account "bob" and assigned Read-Only access. User bob is not an admin and shows up as a "Sharing Only" account under Accounts.
On Mac-B:
I connect to Mac-A as user bob and I can see the shared folder. I then am able to create and delete files in the "Read-Only" share. I've verified using File->Get Info that user bob does indeed have only read access.
What am I doing wrong and what can I do to enforce read-only access?
Thanks!Maybe your Mac-B user account has the same (short) user name
as your Mac-A user account. Matching user names or short user names
could make the Mac-B account able to Read & Write to your shared folder.
Because I think you can log in with short user names to a server
as well. I guess passwords should be matching as well,
and perhaps the user ID's (System Preferences -> Accounts
-> right-click on user) also?
Cheers,
Vincent Verheyen. -
SharePoint 2013 allows downloaded even for users with "view only" permissions
I have a new on premises SharePoint 2013 server and assigned a single user "view only" rights to a document library. In the "permission levels" window, this permission is described as "Can view pages, list items,
and documents. Document types with server-side file handlers can be viewed in the browser but not downloaded."
Once I gave the user that permission, I noticed he was able to view documents in the library but the "but not downloaded" part does not seem to be working. The user can still download documents to his local desktop and SharePoint does not prevent
it. The "download a copy" option appears and the user can use it.
My goal is to make all documents in this library such that users can only view them in the browser and not download a local copy. How I do that?
Thanks for your help.Not entirely positive :-)
However, you have no server-side handlers in place today without WAC installed, so that portion of the View Only permission wouldn't be applicable.
Note that WAC must be installed on its own server and if your SharePoint server is extranet or public facing, it needs to have a valid, public SSL certificate. Also, WAC should always be run over SSL regardless if it is public facing or not as the token
sent between the SharePoint server and WAC is the same as having a username and password for the user making the request.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Files created in VFS by the user have read only permissions
Hello,
I am currently packaging an application : let's call it 'myapp'. This application is installed in c:\Program Files\myapp (quite classical).
To run properly, the application needs to have Write Access to c:\Program Files\myapp.
I am packaging the application with the APPV5 Sequencer SP3 and I checked the option "Allow virtual applications full write permissions to the virtual file system".
When running the application with APPV5 Client SP3, I see files been created in "C:\Users\%username%\AppData\Local\Microsoft\AppV\Client\VFS\<packageid>\ProgramFilesX64\myapp" and so everything seems to work correctly. The permissions on those
files are set to Full Control for the user who has launched the application.
What I also did is creating 'RunVirtual' registry key in order to run Microsoft Word in the Virtualized Environment of 'myapp' and this works fine also : when I launch WORD, I can save a document in "C:\Program Files\myapp" and this document appears
in "C:\Users\%username%\AppData\Local\Microsoft\AppV\Client\VFS\<packageid>\ProgramFilesX64\myapp".
The strange thing is that the permissions on this DOC file are not the same as the ones set on the other files in the same folder : in fact, the DOC file permissions are set to "Everyone, Read - Read and Execute" (with also permissions the Trusted
Installer, Administrators, etc...). So actually, the user who saved the files can never modify it after. This should not be important because it is not a usual location to save Word document but actually, the application itself launches automatically Word
to perform some document automation tasks and save temporary files in this location. So when this file has been created once, it cannot never be reused or deleted. This is causing troubles for the application.
Any idea to force the Full Control permissions on these files ?
Thanks in advance
OlivierInteresting, I can say I've never seen that, likely due to the fact like you say yourself, it would be unusual to save something to that directory, also most applications these days no longer write to directories other than in C:\ProgramData or in the users
own profile.
I'm honestly not sure of a good way to force that in this situation, unless, perhaps you have a UEM soluion like AppSense. You could have a Powershell script run through the package store and check permissions on the files and then set the persmissions according
to the way you want using something like iCacls, SecEdit, SetACL or maybe using Get-ACL and Set-ACL in Powershell...there's a few different methods for doing this, you could pick the one that suits you best.
If you don't have a UEM solution capable of this, maybe you could use some scripting in your App-V package itself, either on launch or perhaps process exit, you could run a script to do this. It may be better on process exit as it may slow launch times...but
it's also better for a script which may take quite a while to process like this to be run outside of any launch or exit, to be honest
PLEASE MARK ANY ANSWERS TO HELP OTHERS Blog:
rorymon.com Twitter: @Rorymon -
Users with read access to the site unable to view Managed Metadata Navigation
Hi everyone,
I created a Managed Metadata service and created group, term-set and terms
I gave read access to users
I set up navigation to use Managed Navigation
I am logged in as farm admin and able to view the navigation when i browse site. But user are not seeing navigation.
One thing i noticed is when i give users full access or designer access to site they will be able to see the navigation. but i don't want to give users full access or designer access to the site.
How can users with read only access to site can view Managed Metadata Navigation...Please help?Hi Sunil,
Have you given your users permissions to actually read the MMS data from the service application?
http://technet.microsoft.com/en-us/library/ff625176.aspx covers permissions on the MMS.
Regards
Paul.
<<edit>> On reflection you might be hitting the issue in this Stackexchange post..
http://sharepoint.stackexchange.com/questions/75636/permissions-and-managed-metadata-in-navigation Is yours behaving the same way?
Please ensure that you mark a question as Answered once you receive a satisfactory response. This helps people in future when searching and helps prevent the same questions being asked multiple times. -
Problem with Read-only user being able to add and delete files and folders.
The setup:
Computer #1
iMac (intel) running 10.5.5
File sharing ON
Sharing folder on external USB drive called 'iTunes' (but not the drive volume itself)
Users:
- Everyone = Read Only
- Admin(me) = Read/write
- UserA = Read Only (with account PW and username identical to local login for computer below)
Computer #2
UserA's iBook G4 running 10.4.11
When I go to finder>network>iMac>connect it prompts me to login which I do and then select 'iTunes' folder which is visible and mounts successfully. I can see all files, access them all. Life seems great. Then I discover that I can also modify and delete files from the iBook, and create and delete directories.
I'm new to networking and although I've setup and managed minimal networking tasks on PCs before, this is my first foray into the Mac networking world. Please help.
What am I doing wrong? What haven't I set?
Thanks in advance.Sorry, I should have clarified this in the first email.
When I login from the iBook, I am logging in under a read-only user (not as myself, who is admin on the iMac). The user on the iBook has only been given read-only permissions on the iMac yet is able to add and delete files.
This read-only login/PW however, is the admin account on the iBook, but that shouldn't allow this person to write on the iMac so far as I understand things...right? -
Read-Only Permissions for Everyone?
We're running xServe / Tiger 10.4.11.
We're using ACLs and have all users in a group with Read / Write Permissions. Across the board, no matter who creates a new document or directory, anytime a new file is created it's permissions are Read-Only for everyone except the author.
I've checked the permissions in the ACL and everything is set to Read / Write. So why are the permissions defaulting to Read-Only?Hi,
You could have a look at the thread below. Lucas used ProcMon that shows an access denied with the user which he was using. Permission via group wasn't enough. Give your user full share/security access and everything works fine.
https://social.technet.microsoft.com/Forums/en-US/99859604-a803-43f3-a172-159a500fcb90/the-deploy-software-updates-wizard-completed-with-errors-access-is-denied?forum=configmgrsum
Best Regards,
Joyce
Maybe you are looking for
-
Hi , I am creating a PO in "A" SAP System which is autocreating a Sales Order in "B" SAP System . Now I want to know how its creating the Order . Screenshot -> PO was created in A sytem and then it goes on to create SO in B system automatically . I r
-
Printer/Paper profiles not showing up in Lightroom 1.3.1
I installed 2 new paper profiles from Red River over the weekend in XP Pro. Only 1 of them actually show up in lightroom to choose from. The one that can be selected works fine but I can't view the other one. I've tried uninstalled and reinstalling i
-
How to find out the memory status of RT PXI controller from host?
I want to find/read the memory status of the RT controller from host programmatically. Can any one have any idea about it? If yes can please share your valuable suggestion. Regards Vijay
-
My iPod touch's memory is full, and as it's linked to my laptop, I cannot delete photos, which is the cause of memory being full .... This is the problem, as my pics are downloaded from laptop ..... The laptop is dead. So I can't delete from there, h
-
ISync refuses iCal to sync with
Since a week I have the problem that syncing between my Mac and E71 has stopped. The point is that in the (updated to v2.2) iSync plug-in window (when the E71 icon has been clicked) the Calendar-option is ticked to off (which is strange as it was On