User admin access

Similar Messages

• How can i give multiple users admin access?

  I would like to give another user on my macbook pro admin access, so that they can install programs without having to ask me for the password each time. I do not want the password to be the same for my profile, because I don't want them getting into my account. So is it possible to have a separate password for admin use only? This might be a dumb question and I know their is probably a simple way to do this, but I'm new to macs so any help would be greatly appreciated. Thank you.

  Convert a standard user to an administrator
  Choose Apple menu > System Preferences, then click Users & Groups.
  Click the lock icon  to unlock it, then enter an administrator name and password.
  Select a standard user or managed user in the list of users, then select “Allow user to administer this computer.”
  http://support.apple.com/kb/PH18891

• Help needed restricting users admin access to devices using ACS 4.2

  I have users that access the network via a VPN client to a PIX 515 which authenticates to the ACS (using the default group for unknown users) which uses an external Active Directory Database.
  The problem I have is that as the ACS authenticates these users, it now allows them admin access to the PIX. How do I restrict access? I have looked at NARs using the 'All AAA clients, *, *' approach but that just stops their VPN access. ( I have a separate group called 'PIX ACCESS' which will contained only defined users for admin access).
  Incidentally I have other devices on the network which are AAA clients, in particular Nortel switches. I can set the group settings for that RADIUS set up to 'Authenticate Only' (RADIUS Nortel option) and that works fine, I was expecting the ACS to have a similar setting for TACACS+.
  So how do I allow the unknown users to authenticate to their AD database but restrict them admin access to the AAA clients?

  Very common problem. I've solved it twice over the last 6 years with ACS. I'm sketchy on the details. But here goes. First option to explore is using RADIUS for VPN access, then TACACS on all the Cisco switches and PIX firewall. That would make it alot easier. I think that with TACACS, you can build a NAR based on TCP port number instead of IP address....
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a0080858d3c.shtml
  So you'd have a group with 3-4 Administrators that can access PIX CLI, and another group of VPN users that can't access the PIX but can VPN in. So on the VPN group, put a NAR that restricts access to SSH/Telnet TCP ports?
  This comes up everytime I install an ACS server, (every 2-3 years), and it's always a trick.
  Please let me know if this works for you. And if it doesn't, let us know how you fixed it. I think I can get back into the ACS I last did this with and take a look, but I'd have to call up and make a special trip.

• ACE and ANM RBAC - Single user with Admin access

  Goodday,
  I would like to confirm if one can only assign a single user Admin access to a context via RBAC (either on ANM or ACE native RBAC through ACS). So is this true or not?
  If so, would I be correct in assuming this excludes the default Admin user.
  Also, what do you do if you need to provide Admin access to more that one user? Can it be done?
  Thanks
  Paul

  Actually multiple users can assinged to the pre-defined ADMIN role in ACE RBAC such as the following:
  myaceisnamedthis/Admin(config)# username Bob password weakpass role Admin domain default-domain
  This is also true in ANM, where the user's RBAC is a cross product of the ANM defined role and domains (which is at the ANM level so that it can span multiple ACE devices and contexts).
  In both cases, the AAA can be used for authentication, though authorization is performed by ACE/ANM themselves.
  Cheers,
  David K.

• Non-admin user cannot access Essbase server level variables

  Version 11.1.1.3
  Essbase Substitution variables are created at server level. Users are getting error in FR report that uses the Subsitution Variable -- Essbase Error(1051085): You do not have sufficient access to get this substitution variable. Also, users cannot access Substitution variable in SmartView. However, users can access variables created at database level. Users are provisioned as "Server Access" to Essbase and filter access to ASO application "MGTRPTG", where MGTRPTG is an ASO essbase application for reporting. We tried the same provisioning in two other environments and it seems to be working fine.
  User is type "Essbase and Planning" provisioned with essbase "server access", application mgtrptg "filter", Reporting and Analysis "analyst", "dynamic viewer" and "Explorer". In addition, it is given a filter "REP_DME_GALB" which restricts 2 dimensions (Division and Geography).
  Steps taken to resolve:
  1. Existing users were deprovisioned and reprovisioned with no effect.
  2. Created brand new identically provisioned users in Prod and QA. QA user can access the server level var and Prod user cannot
  3. Created a brand new server level variable in Prod and this cannot be accessed.
  4. All services have already been restarted several times.
  5. SR has been opened.
  Temporary workaround:
  By creating a duplicate of the same set of variables at the database level, the reports work. This can only be a temporary workaround as the client cannot be expected to maintain two sets of substitution variables since there are 3 applications using these server level variables.
  Thank you for any ideas!
  Jennifer

  You have stumbled on a defect which is resolved in the Hyperion Planning 9.3.1 patch 6 and above. If you have your planning preferences set to indent members it will cause forms which have page selections to show as invalid in SmartView.
  You can either patch Planning or turn off the preference. The patches are available from http://metalink3.oracle.com and require account which has been associated with your client ID.
  P.S. Usually it's not a good practice to use the admin id.
  Regards,
  -John
  Edited by: Jbooth on Nov 3, 2008 2:12 PM

• To create new user for rpd with Admin access in obiee 10g

  Hi All,
  I need to create a user in RPD which has equivalent privileges as Administrator in RPD.Please note that this is for accessing RPD Admin not for Dashboard admin access.Can anyone please let me know of how we shall implement this?..
  Regards,
  Vengatesh.

  Hi,
  Create a user and give the check box for 'Administrators' group and check.
  If required give 'Presentation Service Administrator'group too.
  In Settings->Manage Privileges you can restrict the user to the Answers.
  Hope this helped/ answered
  Kind Regards
  MuRam

• Cannot access user admin

  Hi All,
  Although I'm logged in as Super Admin, I am unable to access or work with the user admin screen in SAP NW Portal 7.0 SP13.
  I tried to access this even in Admin console still it doesnt work. I get the error below -- Please advice -- MS
  Application cannot be started.
     Details:   com.sap.engine.services.deploy.container.ExceptionInfo: Error in starting application [sap.com/com.sap.security.core.admin].
  Below is the snippet of the error in defaultrace log file
  #1.5 #0015C5FD0C91005E0003347B00000FA400044F030E8BC969#1212774454372#com.sap.engine.services.security.roles.SecurityRoleImpl
  #sap.com/irj#com.sap.engine.services.security.roles.SecurityRoleImpl#Guest#35133####4ec68f8030c111dda69a0015c5fd0c91
  #Thread[Thread-56,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/System/Security/Audit/J2EE#Java###:
  Authorization check for caller assignment to J2EE security role [ : ].#3#ACCESS.ERROR#SAP-J2EE-Engine#administrators#
  #1.5 #0015C5FD0C91005E0003347D00000FA400044F030E8BC9F7#1212774454372#com.sap.engine.services.security.roles.SecurityRoleReference#sap.com/irj
  #com.sap.engine.services.security.roles.SecurityRoleReference#Guest#35133####4ec68f8030c111dda69a0015c5fd0c91
  #Thread[Thread-56,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/System/Security/Audit/J2EE#Java###:
  Authorization check for caller assignment to J2EE security role [ : ] referencing J2EE security role [ : ].
  #5#ACCESS.ERROR#service.jms.default.authorization#administrators#SAP-J2EE-Engine#administrators#
  -ms

  Hi
  I am still having the same issue.
  I found out that in VA under the service deploy I do not see com.sap/com.sap.security.core.admin activated. I manually started the application in VA but it fails. Below is the defaultTrace Log File, any help is appreciated- ms
  #1.5 #0015C5FD0C91005E0000145F00000F3400044F56AAE00B7D#1213133559407#com.sap.engine.services.security.roles.SecurityRoleImpl#sap.com/irj#com.sap.engine.services.security.roles.SecurityRoleImpl#Guest#944####883ad0e0372011ddc2780015c5fd0c91#Thread[Thread-56,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authorization check for caller assignment to J2EE security role [ : ].#3#ACCESS.ERROR#SAP-J2EE-Engine#administrators#
  #1.5 #0015C5FD0C91005E0000146100000F3400044F56AAE00C38#1213133559407#com.sap.engine.services.security.roles.SecurityRoleReference#sap.com/irj#com.sap.engine.services.security.roles.SecurityRoleReference#Guest#944####883ad0e0372011ddc2780015c5fd0c91#Thread[Thread-56,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authorization check for caller assignment to J2EE security role [ : ] referencing J2EE security role [ : ].#5#ACCESS.ERROR#service.jms.default.authorization#administrators#SAP-J2EE-Engine#administrators#

• Photoshop cs6 crashes with "appcrash - module ig75icd64.dll; no problem for a local admin user however. i've tried giving specified user full access to photoshop.exe and set it to Win XP compatibility. how do i fix this without giving user local admin acc

  photoshop cs6 crashes with "appcrash - module ig75icd64.dll; no problem for a local admin user however. i've tried giving specified user full access to photoshop.exe and set it to Win XP compatibility. how do i fix this without giving user local admin access?

  Danny,
  Topic or subject titles should be clear, pertinent and concise so that individual users can tell at a glance if they can help or not.
  That field is not for attempting to fit your entire question in there.
  Please keep this in mind next time you post.  Thank you.

• Root/admin access for user account

  I'm not sure the best way to explain this, but, I want my user account to be able to write/read ANY file on my HDD. How do I enable that in Lion? I've already added my user to the admin group, but, to no avail. Essentially I want to do $> sudo chmod -R a+rwx /, but, without having to do that.
  Yes, I understand that your everyday account shouldn't have this type of access and you should only elevate privleges when necessary. W/ that in mind, I'd really appreciate answers (or links) detailing how to do this and not explaining why I shouldn't do this.
  Thanks, and let me know if I should explain what I need in more detail.
  - Matt

  The top level of the hard drive has always been an admin-only area. In 10.6 and earlier, the admin group could write there. Now in 10.7, only root can write there. It was changed for security reasons. Apple realized that not many people are following their security guidelines and are running as admin users all the time, and so they have tightened up security in Lion.
  User files should not be put there. Put them in your home folder or in /Users/Shared if you wish multiple users to access them.

• Exchange 2013 Give domain Admin access to all users inbox

  In the old 2007 exchange server we had domain admin access to everyones mailbox so we could open anyones email box using outlook client.
  But in 2013 exchange the mailbox delegation does not give us the option to add a "group" to the full access area, old allows to add a "user" who has a mailbox setup in exchange. I see there is Exchange Server group listed under Full Access
  , but it does not work added our domain Admin user to that group rebooted exchange and the test machine but did not work.
  Only option that works to allow mounting of xyz users mailbox via abc admin user is to actually add that abc admin user to the xyz mailbox under mailbox delegation > Full Access.
  Is  there a work around this, so we can simply have a group ABCD with user ABC or DEF etc. etc. so they can access everyones mailbox instead of going in and changing all users mailbox delegation one by one for the new user etc. ?

  Have you tried using the Exchange Management Shell?
  Get-Mailbox | Add-MailboxPermission -User Name_of_Group -AccessRights FullAccess -InheritanceType All
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
  I did i tried get-mailboxpermission and other than NT Authority and the end user the Deny was set to True for all inheritance rights. I tried your command, added user to the group i wanted under Enterprise OU in AD and restarted transport on exchange and
  logged in on the test machine again.
  Still no go, the user I am trying to add when using get-mailboxpermission shows up as Denied for fullaccess so is that overriding the group permissions ?
  RunspaceId      : 2xxxxxxx0
  AccessRights    : {FullAccess}
  Deny            : True
  InheritanceType : All
  User            : domain\abc
  Identity        : domain/Users/xyzuser
  IsInherited     : False
  IsValid         : True
  ObjectState     : Unchanged
  And for the group i just added with the above abc user inside it:
  RunspaceId      : 2xxxxxxxxx0
  AccessRights    : {FullAccess}
  Deny            : False
  InheritanceType : All
  User            : domain\newgroupadded
  Identity        : domain/Users/xyzuser
  IsInherited     : False
  IsValid         : True
  ObjectState     : Unchanged
  So is the users deny is causing this ? Not really sure why ABC domain admin/enterprise admin is the only one listed as no deny, there are other mailbox users that do not show up, I am assuming I have to create a new user a domain local user and that might
  work ? I wanted the Domain/Enterprise Manager/admin to have access so we would not have to keep toggling between users just to access someones inbox.
  Also further down the list of mailboxpermission i see the user abc (the user i want to add to the group to have access) is listed with Full access and Deny flag is set to False instead of True.
  So have two entries for user abc one with deny flag set to true and one with deny flag to false.
  AccessRights    : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
  Deny            : False
  InheritanceType : All

• No User, No Admin Access -- Clean install?

  The only user on my laptop does not have admin access so i tried to run this to get admin rights:
  +I lost my admin user (Mac OS X 10.4 and earlier)+
  +If you are unfortunate enough to delete your only admin user, or remove his admin capability, then as long as you have another user with login capability, you can give that user admin rights as shown below. You can then re-create the original user or reinstate the admin capability using NetInfo Manager.+
  +Print this post out in a mono-spaced font, and type carefully, paying attention to spaces and punctuation, since you cannot copy/paste in Single User mode.+
  +Caution: in single user mode you have root privileges. Be careful! Substitute the name of 'youruser' below.+
  +Boot into single user mode (Command-S) at startup which will eventually get you a shell prompt (ending in #). Then type the following:+
  +fsck -fy+
  +Repeat the above until it says your disk is OK. Then continue with+
  +mount -uw /+
  +nicl -raw /var/db/netinfo/local.nidb -merge /groups/admin users youruser+
  +If you get a message saying "invalid path", then type these two commands first:+
  +nicl -raw /var/db/netinfo/local.nidb -create /groups/admin gid 80+
  +nicl -raw /var/db/netinfo/local.nidb -create /groups/admin passwd '*'+
  +and then repeat the "nicl ... -merge" command. Then:+
  reboot
  +You will now be able to login as 'youruser' and have administrative privileges.+
  +Membership of the 'admin' group is the only thing that distinguishes administrative users from ordinary users.+
  Now the computer will boot up but NEVER comes to the desktop. I think my best option is to just clean install. however, the computer will not let me boot from a CD (nor did it before i messed up the user). Is there a way i can wipe the harddrive another way or some other way to reinstall the OS?
  thanks

  I ran the 10.3.9 combo as a stand alone update

• User Interface Access Customisation for non admin users

  Hi,
  It is understood that for non-admin users, some features of the Planning Interface is not enabled and this can be controlled by proper access permissions. But, is it possible to extend the customization to provide some additional features in the menu bar for an user?
  For example, if View User wants to manage task lists. Is it possible by some sort of customization? Please advise.
  Thanks.

  Hi,
  You can create right click menus, and you can also create links on the tools page. Would any of these help you?
  Here is the doc on those subjects:
  Creating and Updating MenusAdministrators can create right-click menus and associate them with data forms, enabling users to click rows or columns in data forms and select menu items to:
  Launch another application, URL, or business rule, with or without runtime prompts
  Move to another data form
  Move to Manage Approvals with a predefined scenario and version
  The context of the right-click is relayed to the next action: the POV and the Page, the member the user clicked on, the members to the left (for rows), or above (for columns).
  When designing data forms, use Other Options to select menus available for Data Form menu item types. As you update applications, update the appropriate menus. For example, if you delete a business rule referenced by a menu, remove it from the menu.
  To create, edit, or delete menus:
  Select Administration, then Manage, then Menus.
  Perform one action:
  To create a menu, click Create, enter the menu's name, and click OK.
  To change a menu, select it and click Edit.
  To delete menus, select them, click Delete, and click OK.>
  Specifying Custom ToolsAdministrators can specify custom tools, or links, for users on the Tools page. Users having access to links can click links from the Tools menu to open pages in secondary browser windows.
  To specify custom tools:
  Select Administration, then Application, then Settings.
  For Show, select Advanced Settings.
  Click Go.
  Select Custom Tools.
  For each link:
  For Name, enter the displayed link name.
  For URL, enter a fully qualified URL, including the http:// prefix
  For User Type, select which users can access the link.
  Click Save.

• How can I allow users to access SQLPLUS?

  Hi everyone,
  I have been charged with the task of creating an Oracle server on a CentOS VM. Installation and configuration is complete and SQL is working fine for the database admin user "oracle." I copied the environment variables to the .bashrc file for "oracle" and SQLPLUS starts without a hitch.
  Here is where I need a little guidance...
  I need to create basic Linux user accounts that will have access to the database, so they can then in turn log into their SQLPLUS accounts. The problem is, all of the database files and software are in located in the user "oracle's" directory. This means that no one but "oracle" and root have access to these files because they are the only ones with proper permissions.
  Before I put a ton of time into this, I thought I would pose these questions to the Oracle Linux community:
  1) Could I enable a specific Linux group (ex. "Oracle Users") to have access to the main database folder or possibly all folders along the path? I am hoping this would allow any users I put in the group access to the folders, and essentially the SQLPLUS application. (here is ORACLE_HOME=/home/oracle/app/oracle/product/11.2.0/dbhome_1)
  2) If that is not an option, will I need to make a completely new database and locate it in a location that all users can access?
  I understand that my first idea may not be the SAFEST method, but this is only for a small class of students learning how to use SQL and writing queries. There will be no sensitive information at risk. This would be a quick fix until I learned more about Oracle and how to use it.
  Thank you everyone.

  It certainly is rather a question for the General Database forum, though I doubt you will get a lot of happy replies for such a basic question.
  You can use / as sysdba OS authentication through SSH or using the server console, provided the user's account belongs to the "dba" user group. For remote connection through sqlnet you need create a $ORACLE_HOME/dbs/orapw$SID password file.
  If you would like to know more about this:
  Connecting / as sysdba is used for OS authentication. It ignores password credentials stored in the database and allows any user belonging to the OSDBA system group to connect to the database. Connections as sysdba will always connect to the SYS schema of the database, regardless of any username or password specified. Using OS authentication relies on the BEQ protocol, which connects to the database directly, without using the Oracle Listener process.
  The "oinstall" group will give access to the database software repository. There could be different oracle home installations, each with a different oracle user/owner like "oracle_prod1" and "oracle_prod2", but both users must be able to read/write the shared oraInventory, in which case both users must have read and write access to the oraInventory directory, hence the oinstall group.

• Read-Only Role For User Admin

  Hi, I am trying to implement a role that would enable a user to have the same functionality as the out-of-the-box User Admin role, but that this user would not be able to actually create or modify users, roles assignments, etc.
  The idea is to have a 'Display' role - with read-only access.
  The solution we are comtemplating right now involves getting the source code from SAP, copying it, and modifying it - disabling any interaction. We would then create new iviews, pages, etc from there only for this role. This is a tedious task.
  Any ideas on how else this can be done?
  Thanks

  I have only managed to do this by creating a role and assigning the relevant User Admin iViews to the role and then changing the End User Permissions on the role.
  I assigned the ReadAll Premission. That did the trick for me.
  Groups unfortunately require the manage_groups Permission, so we do not allow the viewing of groups.

• ISE 1.2 Admin Access via Active Directory

  Hi Experts,
  Good Day!
  I want to configure my ISE 1.2 to authenticate (for admin) against the active directory. I know it is possible but our AD doesn't have any groups named for admins.
  Is it possible for the ISE 1.2 to configure a local user ID and check it to the AD for the password of the UserID?
  Thanks for your great help.
  niks

  Niks,
  I just got done doing this.  First of all you have to have the Active Directory setup as an external data source.  Once you do that Click on Administration - - Admin Access.
  For the Authentication Type ensure that Password Based is toggled and change your data source to Active Directory (or whatever you named it).
  Then click in Administrators - - Admin Users.  Click Add a user - - Create Admin User.  Ensure to check the External box and you will notice the Password field goes away.  Fill out the appropriate information and then assign them to an Admin Group.
  Once you are done with that you can test that user by logging out of your ISE session.  You will notice that when you try to log back in you will have a choice of the data sources used to authenticate the user.  Change the selection to Active Directory and enter the AD user/password for the newly created account you should be good to go.
  Make sure that you don't delete or disable your original admin account in this process.  (Change the password if you like.)