User accounts, directory structures and selective access privileges

Bought a new MacBook Pro back in April and only now am I getting down to using it. I was thinking of creating the following user accounts in the hope of creating a scheme that allows selective access to certain folders:
Root -a super user account
Admin - I don’t think I should be logged in as the administrator all the time
Jai Gill - my main account with all my work files including client information that is organised in a Workflow folder containing a Projects folder and a Clients folder (within which, each of my clients has a folder)
Show Time - a secure Simple Finder type account for when I am running a client specific presentation or workshop to ensure all data for other clients is kept secure and away from prying eyes.
When using the Show Time account, I would like to set it up so that only those files relating to the client in question are available for use. For instance, if I am running a workshop for Client G, I only want the folder for Client G available for use in this account and not any other clients. A few hours or days later, this could change to Client B or F or J etc so I need a way to easily secure the current client’s data and switch over to the other client’s data i.e., put away work and pull up new work.
Would it be possible to create a scheme using aliases placed in Show Time’s Documents folder pointing at a client folder in my documents folder to allow this to happen? Would I have to create a group with the right access privileges to enable this to happen? Or is there an alternative method based on using the Shared files folder and some sort of script or application to create a duplicate of a client folder and use a scheme to synchronise it with the original client folder?
Is this possible in Mac OSX? Any thoughts? Ideas? Applications/utilities that already enable this to happen?
MacBook Pro   Mac OS X (10.4.9)  

Hi Kiraly
I cracked it today. Took a couple of hours to figure out some idiosyncrasy but I'm now set.
Here's what I did:
1. Got a copies of Sharepoint, Workgroup Manager and ChronoSync.
2. Logged into the MacBook Pro as myself, went into System Preferences and used the normal approach to set up an account for a user called Show Time
3. Using Workgroup Manager, created an addition workgroup called macshow
4. Made myself and Show Time members of macshow
5. Attached the MBP to my G5 using my 2gen iPod's FireWire cable and cranked it up in target disk mode
6. Using ChronoSync, did a 'bi-directional' synchronisation of my Workflow folder into a location in the MBP's Shared folder (going to do this all the time)
7. Shut down, detached then restarted the MBP and logged on as myself.
8. Located the Workflow folder in the Shared folder and by getting information, set that folder and all it's contents to be owned by me but accessible and R/W for the group macshow
9. Went two levels into the Workflow folder [Workflow/4 Delivery/Client T] and using SharePoint, made the folder Client T accessible to the group macshow.
10. Logged in as Show Time and accessed the Shared folder to find that my scheme had worked and I had access to the folder for Client T and all it's contents.
11. Logged out and went back in under my ID and now using System Preferences, crippled the Show Time account down to Simple Finder with access limited to just a handful of applications like KeyNote, Word, Excel, Powerpoint and Safari.
12. Went back in as Show Time and it went into Simple Finder and thereafter, everything works great. Workflow showed up as did the folder for Client T plus all its contents. Opened a few documents and presentations and they wrked great.
New learning points for me:
1. I had to log out then log back in to make the access privileges stick when using the Show Time accounts
2. A number of locked Excel files prevented access privileges being set - had to locate and unlock each
3. Using both SharePoint and Workgroup Manager may be seem to be overkill but it works as these two applications helped in getting the groups sorted out as well as access to a specific folder.
The best part of the above scheme is that I can at anytime, using SharePoint, change the client folder being shared with the user Show Time through the use of the group macshow i.e., change Client T back to my group and then pick say Client J or any number of other client folders and assign them to the group macshow.
Thanks to you and the others who have posted on this and all other threads on this topic, I have sorted this out in one go.
Jai
PS in case you're wondering why it took me so long to get down to do it, it is something called client work. And may there be more of it too!
iMac G5 and MacBook Pro   Mac OS X (10.4.10)   MacUser since 1984

Similar Messages

  • I have had a new hard drive installed. On start up I transferred all my settings and documents from my time capsule. Once complete I have two user accounts. Mine and guest. I cannot access either. Mine says password incorrect even though its not.

    I have had a new hard drive installed. On start up I transferred all my settings and documents from my time capsule. Once complete I have two user accounts. Mine and guest. I cannot access either. Mine says password incorrect even though its not. Any idea what is wrong here and how I can reset my password. I don't have a start up disc. Thanks very much

    From System Preferences/Help:
    Reset your login password using your Apple ID
    Before you can use your Apple ID to reset your login password, make sure that FileVault isn’t enabled on your computer.
    Also make sure that an Apple ID is associated with your user account, and that an administrator has given you permission to reset your own password using an Apple ID. For more information, see this help topic:
    Associate Apple IDs with your user account
    Make sure your computer is connected to the Internet.
    In the login window, click the question mark in the password field, and then click the arrow in the dialog that appears.
    Enter an Apple ID and password, and then click Reset Password.
    I don't know if it works.

  • User account control won't let access to hp mediasmart photo

    user account control won't let  access to mediasmart photo.

    Thank you for the additional information.
    Here are all of the MediaSmart Software downloads provided by Daniel Potyrala:
    Hi,
    Below you will find the latest versions of MediaSmart applications:
    MediaSmart SmartMenu here (version 3.1.2.2  for 32-bit & 64-bit Windows 7)
    MediaSmart DVD here (version 4.2.5122  for 32-bit & 64-bit Windows 7)
    MediaSmart Webcam here (version 4.2.3303  for 32-bit & 64-bit Windows 7)
    MediaSmart Music here (version 4.2.4604 for 32-bit & 64-bit Windows 7)
    MediaSmart Video here (version 4.1.4322  for 32-bit & 64-bit Windows 7)
    MediaSmart Photo here (version 4.1.4327  for 32-bit & 64-bit Windows 7)
    MediaSmart DVD Menu Pack here (version 4.1.4121  for 32-bit & 64-bit Windows 7)
    You should reinstall MediaSmart Photo (second from the bottom) to see if that helps.
    Please click the "Thumbs Up+ button" if I have helped you and click "Accept as Solution" if your problem is solved.
    Signature:
    HP TouchPad - 1.2 GHz; 1 GB memory; 32 GB storage; WebOS/CyanogenMod 11(Kit Kat)
    HP 10 Plus; Android-Kit Kat; 1.0 GHz Allwinner A31 ARM Cortex A7 Quad Core Processor ; 2GB RAM Memory Long: 2 GB DDR3L SDRAM (1600MHz); 16GB disable eMMC 16GB v4.51
    HP Omen; i7-4710QH; 8 GB memory; 256 GB San Disk SSD; Win 8.1
    HP Photosmart 7520 AIO
    ++++++++++++++++++
    **Click the Thumbs Up+ to say 'Thanks' and the 'Accept as Solution' if I have solved your problem.**
    Intelligence is God given; Wisdom is the sum of our mistakes!
    I am not an HP employee.

  • No User accounts after Archive and Install ?

    Today I tried to salvage a 20" iMac G5 for a friend. He had done something that screwed up his hard drive. Disk Utility Disk Repair run of the startup partition always failed. Using an external FW disk, I was able to use Disk Utility Repair successfully, but drive would still not boot. Decided Archive and Install was the right way to go, did that and everything seemed OK but I found I could not log in to his account. Thought it was just a lost password, so tried using the OSX Tiger Install DVD to Reset Password. His *Macintosh HD* Startup drive shows only the "root" user available, neither of the two previous user account names appear.
    I can think of nothing to do to recover except an Erase & Install (I have his User files saved). Is there an alternative?
    I would assume performing another Archive & Install would yield the same result.

    I continued work on this issue today. First, I checked and the three User account folders were present in the Users folder along with the one new account created as part of the Mac OSX Tiger A&I. For some reason, not one of these 4 was accessible from the Login screen; it acted exactly if there were no user accounts.
    Purchased and installed DiskWarrior 4 on the FW drive and rebuilt the directory of the iMac's internal drive. Ran all other tests available w/ DW. Still no joy on logging in. I should NOT have had to see the Login screen at all if the new user had been created properly.
    Punted. Copied everything I thought I would need to the external drive, then did an Erase & Install of OS X Tiger. Applied all updates, no problems logging in. Copied all the original User/username files and folders and restored a few apps.
    Finally, after much wasted time, I have all but one App running and all data files, folders, pics, music restored.
    Adobe Photoshop Elements 3.0 fails because I apparently failed to save a .plist file somewhere and now I learn too late that PE 3.0 will not install on a 10.4.x system. Sigh.

  • What is the default admin user account login id and password in Windows 8?

    Hi all,
    The current admin acccount in Windows 8 system are changed to Standard and no other Admin account is available in the system.
    What is the default admin user account login id and password in Windows 8?
    Or 
    Is there way to change the User role for the account?
    Please use Marked as Answer if my post solved your problem and use
    Vote As Helpful if a post was useful.

    I am able to login as a Normal user, can not login as administrator.Hence can not install any software or change my user settings or create a new user.
    What is the default admin password. How can i reset it form my user account
    C:\Users\Amit>net user Administrator
    User name                    Administrator
    Full Name
    Comment                      Built-in account for administering the computer/domain
    User's comment
    Country/region code          000 (System Default)
    Account active               No
    Account expires              Never
    Password last set            7/26/2012 12:57:03 PM
    Password expires             Never
    Password changeable          7/26/2012 12:57:03 PM
    Password required            Yes
    User may change password     Yes
    Workstations allowed         All
    Logon script
    User profile
    Home directory
    Last logon                   9/16/2013 1:16:30 PM
    Logon hours allowed          All
    Local Group Memberships      *Administrators
    Global Group memberships     *None
    The command completed successfully.

  • How to block user create personal view and select ALL VIEW?

    How to block user create personal view and select ALL VIEW?

    Hello,
    >create personal view
    To restrict creating personal view, you need to modify your existing permission level or create new one. Login with admin account to your site and open role.aspx page (http://siteurl/_layouts/role.aspx). Then click on existing permission or add new permission
    level-->and move to "Personal Permissions" section-->uncheck "Manage Personal Views - Create, change, and delete personal views of lists" option. Later you can assign this permission to all users, whom you don't want
    to allow to create.
    >and select ALL VIEW
    Since SP does not supports view level permission directly so you have to use custom solution or use below designer solution to restrict user to open any view.
    http://www.codeproject.com/Articles/433486/How-to-set-view-level-permissions-out-of-the-box-i
    Hope it could help
    Hemendra:Yesterday is just a memory,Tomorrow we may never see
    Please remember to mark the replies as answers if they help and unmark them if they provide no help

  • Directory structure and files in Oracle Application server 10g and 11g

    Hi all,
    I am doing a lab migration from 10g to 11g based on the use of JAXB. There were some directory structures used in 10g to store the JAXB jar files and some other custom jar files. I want to know the equivalent folder structures in SOA 11g server. The 10g server directories are mentioned below:-
    1.<OracleAS_Home>\webservices\lib.
    2. server.xml located at <OracleAS_Home>\j2ee\home\config in 10g. Where can I find the equivalent file to "server.xml" in 11g server?
    3. <OracleAS_Home>\bpel\system\classes\com\oracle\bpel\xml\util.
    4. <OracleAS_Home> \bpel\system\classes.

    Here are the equivalents as per best of my knowledge:
    1. <WebLogic Home>\server\lib
    For example, D:\Middleware\wls1036\wlserver_10.3\server\lib
    2. config,xml located at <Domain_Home>\config\
    For example, D:\Middleware\wls1036\user_projects\domains\ArunBaseDomain1036\config\config.xml
    3. It should be the same as 10g (instead of OracleAS_Home, it will be ORACLE_Home) if you install the BPEL product. Since, I have not installed BPEL/SOA, I am not very sure.
    4. It should be the same as 10g (instead of OracleAS_Home, it will be ORACLE_Home) if you installed the BPEL product.
    Also, I would recommend that you consider using ORACLE Smart Upgrade (JDeveloper component) to help you with the upgrade process. It exactly points out these mappings of file/directory structures AND the necessary configuration changes as well.
    If you are requirement, is only about making the library jars available to your application, then consider reading the below discussion.
    Re: XIncludeAwareParserConfiguration cannot be cast to XMLParserConfiguration
    Arun

  • How to use the admin user account in reports and dashboards?

    Hi Everyone,
    I want to use the admin user account in report and dashboard connections. But the Hyperion is automatically using the current user's credentials to fetch data.
    Hyperion 11.1.1.1
    Thanks
    Syantan

    This has been posted in the essbase forum > How to use the admin user account in reports and dashboards?
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Query: how to use structure and selection and what's the difference between

    Query: how to use structure and selection and what's the difference between these two?
    Would be appreciated if some experts here give examples to demenstrate on how to use structure and selection in query and what's the difference between these two?
    Thanks in advance!

    Hi Kevin,
    1. Well by default all the KF that you include in your query go into a Key Figure Structure. You can additionally have another structure for defining how your chars are laid out. A common example is a Calmonth structure where you have selections for 12 months, quarers and YTD values. This would be a char structure with different selections (for each month, qtr etc)
    2. Yes, a selection with a KF is the same as restricting a KF. You can use am RKF is you have one on the left hand side, or if you need to do this locally in the query, right click the structure and choose New Selection, then proceed to choose your KF and reqd char values.
    Hope this helps...

  • ORACLE_HOME Directory Structure and Content description

    Can anyone show me the Oracle document or website which lists the
    ORACLE_HOME Directory Structure and Content description for windows platform.
    Oracle 10g R2.
    Thank you,
    Smith

    http://download.oracle.com/docs/cd/B19306_01/install.102/b14316/ofa.htm#CBBEDHEB

  • Creating user accounts with OIDDAS and use them from the OS

    Hi,
    I have a customer that is experiencing an error creating user accounts from OIDDAS, and use that user accounts from the operating system.
    My customer is using OID/OAS4OS 10.1.4.2.0, and that version is not longer available to download, then, I will try in my own environment
    with OID/OAS4OS 10.1.4.3.0.
    And the question is the following: is supported to create user accounts with OIDDAS and expect that users can work with OAS4OS and be
    able to authenticate in the operating system?
    For the reference, SR# 7222351.993:
    Thanks,
    Luis Vivero.
    Edited by: LV in ORCL on Dec 11, 2008 6:47 AM

    Hi Jacco,
    I didn't see your post before.
    Nop, unfortulately I don't have a document with that. I just received that answer
    from development (related to the plugin for AD that is not certified, and DAS is
    not intended to work with OAS4OS).
    Anyway, about the plugin to work with AD, this is working for me; at least I tested
    it by configuring the plugin, I configured synchronization, the mapping file, I did
    the bootstrap, and the accounts that were bootstraped now shows the OS attributes
    on DAS.
    Regards,
    Luis Vivero.

  • Hana db filesystem directory structure and process command line

    Hi experts,
    Could someone provide please actual directory structure of Hana db filesystem?
    Generally speaking, I need to model some Hana db(of 1.0, 1.5 versions) entities. Among them:
    Schemas
    Data files
    Log files
    Important configuration files
    Database parameters(guess found in config files and command line)
    Database version
    The question is where i can find such information having access to filesystem?
    One another question is how common Hana db commandline looks like?
    Does it have one process or several?
    It would be perfect if someone give some ps -aef command result grepped with relevant Hana Db processes
    Thanks,
    Eugene
    Edited by: Eugene Kondrashev on Dec 28, 2011 12:51 PM

    Eugene Kondrashev wrote:
    > * What are the processes relevant to Hana Db?
    This is still changing pretty much ...
    Anyhow, just check the running services in HANA studio (landscape tab) and you have all the process at hand.
    > * What is the signature of starting command?
    What is that supposed to mean?
    > * How can I identify running Hana Db instance on a host having shell access?
    How about the HDB command?
    SUSE Linux Enterprise Server 11 (x86_64)
    /usr/sap/HAN/HDB00> HDB help
    Usage: /usr/sap/HAN/HDB00/HDB { start|stop|reconf|restart|version|info|proc|admin|kill|kill-<sig>|term }
      kill or kill-9 should never be used in productive environment!
    /usr/sap/HAN/HDB00> HDB info
    USER       PID  PPID %CPU    VSZ   RSS COMMAND
    hanadm   14682 14677  0.0  85580  2180 sshd: hanadm@pts/0
    hanadm   14683 14682  3.3  16768  2980  \_ -bash
    hanadm   14756 14683 18.1  13652  1680      \_ /bin/sh /usr/sap/HAN/HDB00/HDB info
    hanadm   14782 14756  0.0   6620   892          \_ ps fx -U hanadm -o user,pid,ppid,pcpu,vsz,rss,args
    hanadm   31638     1  0.0  42624  1820 sapstart pf=/usr/sap/HAN/SYS/profile/HAN_HDB00_vml3012
    hanadm   31645 31638  0.0 528216 151400  \_ /usr/sap/HAN/HDB00/vml3012/trace/HDB.sapHAN_HDB00 -d -nw -f /usr/sap/HAN/HDB00/vml3012/daemon.ini pf=/usr/sap/HAN/SYS/profi
    hanadm   31665 31645  0.5 5001972 1002844      \_ hdbnameserver
    hanadm   31723 31645  0.0 4367024 244336      \_ hdbpreprocessor
    hanadm   31744 31645  1.9 5664496 1779448      \_ hdbindexserver
    hanadm   31752 31645  3.6 7197924 3359440      \_ hdbstatisticsserver
    hanadm   31759 31645  0.6 5289164 1507684      \_ hdbxsengine
    hanadm   32017 31645  0.0 429188 124344      \_ sapwebdisp_hdb pf=/usr/sap/HAN/HDB00/vml3012/wdisp/sapwebdisp.pfl -f /usr/sap/HAN/HDB00/vml3012/trace/dev_webdisp
    hanadm   31527     1  0.0 292676 110380 /usr/sap/HAN/HDB00/exe/sapstartsrv pf=/usr/sap/HAN/SYS/profile/HAN_HDB00_vml3012 -D
    > * Does Hana DB started with SAP start profile? If so, could someone point me to the example of such a profile?
    ?? seriously... take a guess
    regards,
    Lars

  • HARD TO SOLVE - User account free space and HD free space do not match

    Hello.
    I just upgraded my iMac from a 320Gb to a 1Tb, so as to have more space (obviously). The APR did install the HD since I did not want to mess myself with the hardware (I'm clumsy). I then reset the data via TimeMachine since all my files are in a filevault protected account.
    I now have a problem they cannot solve. My user account (there's only one account on the whole computer, let's call it XYZ) is protected by filevault. In the user account XYZ there are only about 100Gb of space left, whereas the LocalHD clearly shows that there are more than 475Gb left on the LocalHD. I cannot turn off filevault as it keeps saying that I am missing about 370Gb of free space to turn off filevault.
    And I need more space in my user account XYZ for various reasons, one of them being synchronisation over internet et caetera. Does anyone have a solution which does not consist in moving every single file manually to a new user account?
    My guess was that the filevault account XYZ is limited by size since it comes from the old HD which was only 320Gb, but even that makes no solution, as it occupies a lot more than 320Gb at this point (my iTunes lib is bigger). As I said, the Luxembourg APR have no idea how to solve this issue, I would be more than glad if one of you had a solution to trick the filevault account XYZ into believing it had more space allocated (I'm not that used to the terminal, it may be the key to the problem).
    Thank you so much in advance,
    Laurent

    Hi,
    My guess was that the filevault account XYZ is limited by size since it comes from
    the old HD which was only 320Gb,
    Yes, I think this is what happened - see
    *Mac OS X: FileVault-protected Home shows less capacity than what's available on the hard disk*
    http://support.apple.com/kb/TA24068
    but even that makes no solution, as it occupies a lot more than 320Gb at this
    point (my iTunes lib is bigger).
    At least in Snow Leopard, when you create a FileVault account the "potential capacity" of the FileVault volume contained in the sparsebundle is twice the size of the underlying HD! Obviously that capacity could never be realized, since the sparsebundle could not grow larger than the HD that contains it. So for example, my startup HD volume capacity is 320GB. If I create a test Filevault account named "fv" and Get Info on the FileVault mounted volume (the icon in the sidebar), it shows an apparent capacity of 640GB! The reported Used space is apparently artificially inflated so as to make the actual available space seem correct:
    The normal fix for your situation is to turn off Filevault and then optionally turn it on again, but you currently don't have enough free space on the HD to do this. The FileVault sparsebundle is supposed to self-compact when you log out of FileVault, and so compacting it manually may not help. If you do try this via a Terminal command, I think you will have to do it as root - I could not directly access a FileVault sparsebundle from a different admin account.
    The support article above suggests:
    If you do not have sufficient free space on your hard disk, you will need to temporarily reduce the size of your home directory, for example by copying a large amount of data in your home directory to an external hard disk, then deleting the stuff that you moved from your Home. After copying, log out or restart so that FileVault can reclaim the unused space.
    This seems safe, though time-consuming.
    An alternative approach would be to try to directly resize the FileVault sparsebundle and its contained volume. This can apparently be done, but is obviously risky since if something goes wrong you could easily lose everything in the Filevault account. I did some experimenting and was able to increase the size of my test FileVault home volume to 1T by logging out of the Filevault account, logging into a different admin account, and then using this Terminal command:
    sudo hdiutil resize -size 1000g /Users/username/username.sparsebundle
    Here <username> is the name of the FileVault account. I was asked first for the current logged-in admin account password (for the sudo) and then for the password to access the sparsebundle, which is the password for the FileVault account. This seemed to work (it took some time to complete), and I was then able to re-log into the Filevault account. The sidebar Filevault icon Get Info now showed a capacity of 1.07 TB.
    But again, this seems risky - I can't recommend trying it except perhaps on a backup clone.
    Message was edited by: jsd2

  • Can I share user account between mac and PC

    Hi, I would like some help. I have a mac mini and will add osx server on to it soon. Now I also have two Windows PC's and would like to connect everything. I would like to use the mac as my main working device (and as a server) I would then like to be able to logon to my mac account on the PC's. So share user account from the mac onto the PC's?
    Is this possible? If so is there a very details tutorial somewhere I can't seem to find one.
    P.S NOT just file sharing. I don't want the user account or fils to be on the PC's.
    Regards
    Aled

    Windows prefers to authenticate with Microsoft Active Directory.   This configuration is possible, but probably not in the price or complexity range that you might want.   Not unless you're inclined to run both OS X Server and Open Directory and Windows Server with Active Directory (or the Active Directory compatibility available with Samnba installed on a Linux server), which won't be a small investment or a small effort.
    If you want to research this, look for information on the so-called "magic triangle" or "golden triangle" configuration.   I'm not aware of a short tutorial for this, as neither AD nor OD tend to be particularly small projects to configure and deploy.
    Probably closer to your budget, a password manager or the keychain in OS X can store the access credentials.

  • Synching apps with 2 user accounts, 3 devices and one computer only

    I have a question that I can't find a clear answer.
    I previous had one iPod touch and one iPad that I synched with my iTunes library. No problem. But now the wife has finally purchased a verizon iPhone and I want to be able to use my vast app collection for her phone.
    Scenario is we each have separate user accounts (so we can maintain our own calendars and contacts, ect.). We each have our own ITunes accounts and our own iTunes libraries by default. She will not be purchasing much on her account though.
    How do I, without creating a can of worms, create one library to sync to so I can put apps and music on her phone without erasing any of her separate information. I have read a lot on the subject and there does not seem to be a clear answer anywhere. Yes, I have read ht1495 but that does not seem to be exactly on point
    Basically, I have 3 devices, 2 user accounts and 2 iTunes accounts but one computer only. I want to be able to have all iTunes stuff available on both user accounts and be able to have both people be able to read and write to the same library. I am sure there are plenty of people running into this issue with more and more people getting iPhones with verizon. It seems that it is easier to do with multiple computers than one computer.
    So, I am looking for help or advice on the easiest way to accomplish this task.

    In a way, each iTunes libary is considered to be a different account. Your daughter's iTunes account doesn't have access to your wife's data which has all the verification data.
    One option would not only to place the library in a Shared area, but also the verification data. I poked around and am not sure where it's stored. It's a good discussion to have with an Apple store Genius if you have one nearby.

Maybe you are looking for