Users with diff. access

Similar Messages

• Users with direct access to tables

  I need to find out which users have direct access to tables, not through the roles.
  Is dba_tab_privs the right table to query or table_privileges is the correct one.
  Please let me know the difference between these two.
  I have gone through the documentation but I am still not clear about the difference between them.
  Let me know whatever your thoughts are on this.
  Thanks,
  Rushi

  Ah, an opportunity to illustrate the value of COMMENTs:
  SQL> select * from dict where table_name = 'TABLE_PRIVILEGES';
  TABLE_NAME
  COMMENTS
  TABLE_PRIVILEGES
  Grants on objects for which the user is the grantor, grantee, owner,
  or an enabled role or PUBLIC is the grantee
  SQL> select * from dict where table_name = 'DBA_TAB_PRIVS';
  TABLE_NAME
  COMMENTS
  DBA_TAB_PRIVS
  All grants on objects in the database
  SQL>So, TABLE_PRIVILEGES is a view relevant to the user who is currently connected and SELECTing from it.
  DBA_TAB_PRIVS is what you want to use to find users with direct access granted to tables.

• Security batch job to evaluate users with SAP_ALL access:

  Hello,
  I need to run some kind of batch report or program that runs for users that have SAP_ALL access.
  Basically we need to run a report or program that shows what these users that currently have SAP_ALL are executing on a daily basis.
  Do you have or know of a report/program that we can schedule nightly to find this information out ?
  Thanks,
  Steve

  Hi Steve,
  I don't think any SAP standard report or query is available for this. You probably have to design your own Z report/query to achive this.
  However since SAP_ALL is a restricted access and you will have very few users with this access, if you want to find it out programs/transation being executed by these users, it can be done manually from ST03, through "Memory Use Statistics", probably this may help to identify the tables using which you can design your own report.
  Regards,
  Sanujit
  Edited by: Sanujit Purohit on Jul 20, 2010 2:25 AM

• Set Single user with reviewer access to multiple conference room calendars

  Want to add a single user with reviewer access to multiple conference room calendars, used the below but it given a below error , Single user i am able to add but single user for multiple confernce room calendars hot happening.
  Import-csv C:\smtp1.csv | foreach-object {Add-MailboxFolderPermission -identity $_mail":\Calendar" -User "Mike" -AccessRights "Reviewer"}
  Smtp1.csv
  mail
  [email protected]
  [email protected]
  Error:--
  [PS] C:\>Import-csv "C:\smtp1.csv" | foreach-object {Add-MailboxFolderPermission -identity "$_mail:\Calendar" -User "Mike" -AccessRights "Reviewer"}
  The specified mailbox "\Calendar" doesn't exist.
      + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : 78C23328,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission
  The specified mailbox "\Calendar" doesn't exist.
      + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : 78C23328,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission
  The specified mailbox "\Calendar" doesn't exist.
      + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : 78C23328,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission
  The specified mailbox "\Calendar" doesn't exist.
      + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : 78C23328,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission

  i tried with that as well but getting the below
  A positional parameter cannot be found that accepts argument ':\Calendar'.
      + CategoryInfo          : InvalidArgument: (:) [Add-MailboxFolderPermission], ParameterBindingException
      + FullyQualifiedErrorId : PositionalParameterNotFound,Add-MailboxFolderPermission
  A positional parameter cannot be found that accepts argument ':\Calendar'.
      + CategoryInfo          : InvalidArgument: (:) [Add-MailboxFolderPermission], ParameterBindingException
      + FullyQualifiedErrorId : PositionalParameterNotFound,Add-MailboxFolderPermission
  A positional parameter cannot be found that accepts argument ':\Calendar'.
      + CategoryInfo          : InvalidArgument: (:) [Add-MailboxFolderPermission], ParameterBindingException
      + FullyQualifiedErrorId : PositionalParameterNotFound,Add-MailboxFolderPermission
  Cannot process argument transformation on parameter 'Identity'. Cannot convert value "" to type "Microsoft.Exchange.Configuration.Tasks.MailboxFolderIdParameter". Error: "Valu
  e cannot be null.
  Parameter name: mailboxFolderId"
      + CategoryInfo          : InvalidData: (:) [Add-MailboxFolderPermission], ParameterBindin...mationException
      + FullyQualifiedErrorId : ParameterArgumentTransformationError,Add-MailboxFolderPermission

• Users with read access to the site unable to view Managed Metadata Navigation

  Hi everyone,
  I created a Managed Metadata service and created group, term-set and terms
  I gave read access to users
  I set up navigation to use Managed Navigation
  I am logged in as farm admin and able to view the navigation when i browse site. But user are not seeing navigation.
  One thing i noticed is when i give users full access or designer access to site they will be able to see the navigation. but i don't want to give users full access or designer access to the site.
  How can users with read only access to site can view Managed Metadata Navigation...Please help?

  Hi Sunil,
  Have you given your users permissions to actually read the MMS data from the service application?
  http://technet.microsoft.com/en-us/library/ff625176.aspx covers permissions on the MMS.
  Regards
  Paul.
  <<edit>> On reflection you might be hitting the issue in this Stackexchange post..
  http://sharepoint.stackexchange.com/questions/75636/permissions-and-managed-metadata-in-navigation Is yours behaving the same way?
  Please ensure that you mark a question as Answered once you receive a satisfactory response. This helps people in future when searching and helps prevent the same questions being asked multiple times.

• User with Full Access to mailbox cannot view calendar

  I have a user who one of several users that manages the schedules for several conference rooms using regular mailboxes on Exchange Server 2007.  She (and she alone), has lost the right to manage the mailbox calendar.  When she tries to access the
  calendar she gets the error message, "You do not have permission to view this calendar".
  I verified her rights as Full Access and even ran the cmdlet below which says, "Appropriate ACE is already present on object ".
  [PS] C:\Windows\system32>Add-MailboxPermission -Identity "mailbox" -User user -AccessRights FullAccess -InheritanceType All
  WARNING: Appropriate ACE is already present on object "CN=mailbox
  49,OU=Service Accounts,OU=  xxx,OU=xxxxx),OU=xxx,DC=xxx,DC=xx,DC=xxx" for
   account "user".
  Identity             User                 AccessRights        IsInherited Deny
  Domaim      domain\user       {FullAccess}        False       False
  When I get the permissions on the mailbox she has the following:
  AccessRights    : {FullAccess}
  Deny            : False
  InheritanceType : All
  User            : domain\user
  Identity        : domain/OU/OU/OU/mailbox
  IsInherited     : False
  IsValid         : True
  ObjectState     : Unchanged
  Any help out there?
  [email protected]

  Hi,
  According to your post, the permission seems to be configured properly in your Exchange server. This user has full access permission to Domaim’s mailbox.
  Please try to open shared mailbox in OWA to check whether she can access the calendar. In Outlook, we can open shared calendar in Calendar panel by clicking Open Calendar > Open shared calendar. If it fails, please try the following steps:
  1. Click File > Account Settings > Change > More Settings > Advanced.
  2. Add the Shared mailbox that you want to open and click OK.
  If there is any updates, please feel free to let us know.
  Best Regards,
  Winnie Liang
  TechNet Community Support

• How do I create admin console users with full access to configuration and the directory in every instance?

  I want to be able to create directory user ID for the iPlanet administrators. They should be able to access the admin console and all the instances created. They should be able to configure each instance and directory. I was able tocreate Admin Server Administrators but they were only able to modify the directory(tab) and not the configurations(tab). Any help would be greatly appreciated!
  Thanks.
  Keith

  Hi Keith,
  In o=netscaperoot, edit the static group called cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot - this group contains the admins peer to your config admin. Since the console is quirky and doesn't let you add in users not in netscaperoot, just click advanced and put in the full dn of whoever you want in by hand, e.g., uid=scarter, ou=people, dc=mydomain,dc=com as a static member. then rebind to the console with the full dn and passwd, and away you go :)
  james

• Giving List Permission to users with no access to the main site

  On my sub site I have a list (where users from a specific store can report errors). This list I want to share with another group of users, those who will do something about the errors (entrepreneurs). I want them to be able to Edit in this list: they don't
  need delete and create items, just being able to change an item is fine. 
  The problem is, I don't want them to have access to the sub site itself, because there is  information on the sub site that they don't need to know about, they should only see this list. So they don't have any access at all to the sub site, but I'm giving
  them permission to the list. 
  However, it seems like since they can't access the sub site, no matter what permission I give them to the list (Edit, Contribute, Full Control), in the end they only have Reading-access to the list and can't even update an item. 
  This error message turns up whenever they try:
  "Unable to communicate with server".
  The entrepreneur group is external users, but that shouldn't matter, should it? I've added them to SharePoint groups with the right permissions.
  Is there any possible way to solve this problem?

  Hi  ,
  Here is the steps you can refer to:
  Go to your site ->Site Settings ->Site permissions ->Permission Levels ->Click “Add a Permission Level” and create a custom permission level with following permissions : 
  Edit Items, View Items, Open Items, View Pages , Open.
  Go to your list ->Shared With -> INVITE PEOPLE : 
  input your group, click  “SHOW OPTIONS” 
  and select the new custom permission level.
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• SecurityAgent seems to be thrashing when ParentalControls logs out a user with limited access time.

  I have a 2007 iMac running OS X Lion, all latest updates and patches applied.
  My daughter has an account on the system, which I have limited to only being able to be used for a few hours a day.
  The problem arises when she leaves herself logged in, but walks away, and the time runs out.  When I sit down at the console, the first thing that happens is that the cursor disappears, and the systems starts to go into a logout.  Makes sesne so far, I guess.  However, the system then goes into what I can only presume is some sort of loop.  The cube animation starts, and rotates back and forth several times between two screens, both equally hessian wrapped, with no distinguising features.
  I can log into the system via ssh, and I can confirm that the system is spiking out on SecurityAgent:
  Processes: 661 total, 5 running, 29 stuck, 627 sleeping, 2082 threads                                                     
  19:59:08 Load Avg: 1.68, 3.07, 5.24  CPU usage: 43.38% user, 23.52% sys, 33.8% idle  SharedLibs: 3620K resident, 1948K data, 0B linkedit.
  MemRegions: 104350 total, 1295M resident, 189M private, 2974M shared.
  PhysMem: 1166M wired, 3312M active, 1655M inactive, 6133M used, 9560K free.
  VM: 1611G vsize, 1118M framework vsize, 34169473(356) pageins, 5796949(92) pageouts.
  Networks: packets: 100372238/47G in, 162918821/146G out.  Disks: 23914908/3252G read, 27697160/2570G written. 
  PID    COMMAND      %CPU      TIME     #TH  #WQ  #PORT #MREG RPRVT  RSHRD  RSIZE  VPRVT  VSIZE  PGRP  PPID  STATE    UID  FAULTS
  27013  SecurityAgen 98.0      37:41.27 2/1  1    88    84    508K   3904K  2664K  31M    2410M  27013 1     running  92   3028
  28561  top          25.9      02:27.05 1/1  0    32    43    3752K  216K   4176K  20M    2381M  28561 28505 running  0    1924014+
  1      launchd      4.6       50:43.63 3    0    3159- 343   2804K+ 2836K  2128K+ 15M+   2405M  1     0     stuck    0    553252+
  0      kernel_task  1.5       08:01:03 71/2 0    2     976   14M    0B     595M-  15M    5487M- 0     0     running  0    23008
  197    WindowServer 0.7       01:57:50 5    1    6653  6448  22M+   885M   486M+  137M   40G    197   1     sleeping 88   25934192+
  18548  Transmission 0.5       01:59:18 7    1    175   372   10M    7352K  16M-   47M    2550M  18548 282   sleeping 501  10297632
  14     opendirector 0.4       02:27.27 13   13   617+  108+  6072K+ 1872K  6860K+ 32M+   2417M+ 14    1     stuck    0    407028+
  25117  mcxalr       0.2       00:40.33 4/1  3    43    41    200K   252K   1780K  30M    2391M  25117 1     running  54   1580
  26441  SecurityAgen 0.2       00:01.55 2    1    121   245   2856K  19M    6820K  35M    2503M  26441 1     stuck    92   27427
  28001  ManagedClien 0.1       00:00.11 4    3    98+   86    1196K+ 4900K  3748K+ 31M    2413M  28001 27998 sleeping 0    3718+
  294    UserEventAge 0.1       00:20.22 3    1    212   140   976K+  3964K  2632K+ 34M    2422M  294   282   sleeping 501  294201+
  28006  ManagedClien 0.0       00:00.11 4    3    97    86    1184K+ 4904K  3700K+ 32M    2414M  28006 28003 sleeping 0    3725+
  28573  mdworker     0.0       00:00.41 4/1  2    55    101   8648K  6052K  13M    38M    2422M  28573 28443 running  89   4766+
  27831  loginwindow  0.0       00:00.50 4    2    153+  108+  1692K+ 4804K  3252K+ 35M+   2425M+ 27831 197   sleeping 0    4875+
  15     configd      0.0       00:33.57 6    1    2316  230   2392K  1788K  3524K+ 27M    2420M  15    1     sleeping 0    320735+
  28318  loginwindow  0.0       00:00.54 3    1    151   101   924K+  4712K  3120K+ 33M+   2423M  28318 197   sleeping 0    4778+
  Now, obviously, because I can ssh in, I can start a clean shutdown and restart, but I'd like a way to do this that doesn't involve me bringing down the system, when the whole point of multiple users and parental controls is that a system can be shared cleanly.
  Thoughts?
  Thanks,
  Will

  See if this blog post that our support team created helps you with the connection information. This can create the desktop Access application linked up to the Access 2013 web app tables you have.
  http://blogs.technet.com/b/the_microsoft_access_support_team_blog/archive/2014/03/24/how-to-make-external-connections-to-an-access-web-app-new.aspx
  Also, you might just try clicking the Create Reports button in the Access web app client interface and Access will create the reporting database for you with links to the web app tables. On the File menu (when using the Access web app in client) make sure
  to click the option to Allow Any Location under the Manage button. After that, just click the Create Reports button on the File menu (right above the Manage button) and wait a few seconds. Access will create a new desktop database linked up to all of the Access
  web app tables. You can then create as many reports or other desktop objects as you like.
  Hope that helps,
  Jeff Conrad - Access Junkie - MVP Alumnus
  Senior Content Developer - Office Content Development Team - Microsoft Corporation
  Author - Microsoft Access 2013 Inside Out
  Author - Microsoft Access 2010 Inside Out
  Co-author - Microsoft Office Access 2007 Inside Out
  Access 2007/2010/2013 Info: http://www.AccessJunkie.com
  This posting is provided "AS IS" with no warranties, and confers no rights.
  Use of included script samples are subject to the terms specified at
  http://www.microsoft.com/en-us/legal/Copyright/Default.aspx

• Same user with different access rights depending on internet or intranet

  Hi gurus,
  I'm faced with the following situation. Users are able to access our portal (EP7.0) via Intranet as well as via Internet. But via Internet the users shouldn't be able to access security critical content (sitting in an internet cafe and checking accurate BI reports wouldn't be a nice thing).
  So, how can we achvieve this?.
  - Dynamic role assignment? So after login we should determine internet/intranet (eg http header set by our reverse proxy).
  - PCD filtering? In this case we need to set custom attributes on iViews for restricting internet access and then write an PCD filter.
  Any other suggestions?
  Thanks a lot

  Hi,
  R u using SAP Web Despatcher?
  Then use URL Filtering and block the URL'S accessing from the internet in Web despatcher.
  If the user is in intranet any way he can access because he will access the server directly without web-despatcher.
  Thanks,
  gopal

• Want to get the list users with select access to v$ synonyms and v$ views

  I've to write a sql (DB 11.1) to get the list of users who has select access to v$ synonym and v$ views. I've written the following sqls to do this but they both return the same result and I don't know how to verify it. It will be a great help if you could validate the sqls and let me know if something is wrong. Thanks for the help.
  -- v$ views
  select 'vview',
  substr(SYS_CONNECT_BY_PATH(c, '->'),3,512) path, c
  from (select null p, view_name c
  from dba_views
  where view_name like ('V$%')
  union all
  select -- users/roles and roles granted
  granted_role p,
  grantee c
  from dba_role_privs
  where granted_role != 'DBA'
  union all
  select -- users/roles with select on DBA views
  table_name p, grantee c
  from dba_tab_privs
  where privilege = 'SELECT'
  and table_name like ('V$%'))
  where (c = 'PUBLIC' OR c in (select username from dba_users))
  AND c NOT IN('MDSYS','DMSYS','CTXSYS','WMSYS','ORDSYS','OLAPSYS','DBSNMP')
  start with p is null connect by p = prior c
  -- v$ synonyms
  select 'vsynonyms',
  substr(SYS_CONNECT_BY_PATH(c, '->'),3,512) path, c
  from (select null p, SYNONYM_NAME c
  from ALL_SYNONYMS
  where table_name like ('V$%')
  union all
  select -- users/roles and roles granted
  granted_role p,
  grantee c
  from dba_role_privs
  where granted_role != 'DBA'
  union all
  select -- users/roles with select on DBA views
  table_name p, grantee c
  from dba_tab_privs
  where privilege = 'SELECT'
  and table_name like ('V$%'))
  where (c = 'PUBLIC' OR c in (select username from dba_users))
  AND c NOT IN('MDSYS','DMSYS','CTXSYS','WMSYS','ORDSYS','OLAPSYS','DBSNMP')
  start with p is null connect by p = prior c

  I've modified the sql to include GV$ and all select [any] privs.
  select 'vview',
  substr(SYS_CONNECT_BY_PATH(c, '->'),3,512) path, c
  from (select null p, view_name c
  from dba_views
  where view_name like ('V$%') OR view_name like ('GV$%')
  union all
  select -- users/roles and roles granted
  granted_role p,
  grantee c
  from dba_role_privs
  where granted_role != 'DBA'
  union all
  select -- users/roles with select on DBA views
  table_name p, grantee c
  from dba_tab_privs
  where privilege like 'SELECT%'
  and table_name like ('V$%') OR table_name like ('GV$%') )
  where (c = 'PUBLIC' OR c in (select username from dba_users))
  AND c NOT IN('MDSYS','DMSYS','CTXSYS','WMSYS','ORDSYS','OLAPSYS','DBSNMP')
  start with p is null connect by p = prior c
  union
  select 'vsynonyms',
  substr(SYS_CONNECT_BY_PATH(c, '->'),3,512) path, c
  from (select null p, SYNONYM_NAME c
  from ALL_SYNONYMS
  where table_name like ('V$%') OR table_name like ('GV$%')
  union all
  select -- users/roles and roles granted
  granted_role p,
  grantee c
  from dba_role_privs
  where granted_role != 'DBA'
  union all
  select -- users/roles with select on DBA views
  table_name p, grantee c
  from dba_tab_privs
  where privilege like 'SELECT%'
  and table_name like ('V$%') OR table_name like ('GV$%') )
  where (c = 'PUBLIC' OR c in (select username from dba_users))
  AND c NOT IN('MDSYS','DMSYS','CTXSYS','WMSYS','ORDSYS','OLAPSYS','DBSNMP')
  start with p is null connect by p = prior c

• Leopord Users with intermittent access problems

  We have intermittent issues with network users on two separate servers not being able to login, or loading the wrong group permissions from the server. We have tried deleting /Library/Managed Preferences on the local machine to force reloading,and it sometimes fixes the issue but not always. We end up logging in/out and restarting a number of times until the right permissions load. Apple says upgrade to Snow Leopard, but that would mean new intel based servers and we have apps that have not been approved on snow leopard.
  Does anyone have any other ideas how to deal with this issue, ie, does anyone use the computer list in workgroup manager?

  Welcome to the Apple Discussion forums.
  Setting the options using the Print & Fax dialog box seems to be saving the installed options for a test printer I just installed using the lpadmin command. You could also try using the web interface at _http://127.0.0.1:631/printers_. Just click on the printer and then choose set default options from the pop up menu.
  Matt

• Allow dashboard to be accessed by users with no access rights to the plateform

  There are some users which would like to access a specific dashboard without having access rights to the platform, and we are searching for a solution. What we want is a scheduled job that would update the dashboard data or make the dashboard accessible in an offline mode, but it seems that these solutions are not applicabale.
  If you have implemented a solution before or find a work-around, please let me know.
  Regards.

  Hi Sawaf,
  This can be done using "Widgets" which is one of the BO BI Platform client Tools.
  1. You need to create a separate user id for the user and provide view access rights only for the required dashboard that has been saved in BI Launchpad.
  2. User need to install widgets on his local machine, create a new host for the required BI Platform by entering the Server IP address and Login Credentials as below.
  3. After entering all the details, it shows a message that "server logged in successfully". Right click on the widgets icon from the taskbar, click on document list explorer. It shows the documents in the BI Platform, select the dashboard and double click on it. after the dashboard is opened in the Widgets window drag it onto the user desktop and run it.
  4. In this way user can view dashboards or reports on his desktop without any access to BI platform.They can keep the file opened on their desktop all the day also.. Session does not expire in this method.
  5. If you want data to be refreshed for every 1 hour or so.. keep a query refresh button in the dashboard, select all the queries in it and select a trigger cell. You can write a excel function in that trigger cell so that the cell value changes every 1 hour (OR) select refresh every 1 hour option from the bex query properties in the dashboard.

• Creating users with limited access (admin level)

  Hi,
  I have a requirement where in I need to create a user which can only assign business areas to other users. This user should not have access to "Create/Edit" business area or to assign priviledges.
  I tried to achiieve this by using "Allow administration" at the Security level to this user for a biz area. This ensures that the "Priviledges" option is disabled for that user. But I need to give the "Create/Edit" business area privliedge to this user so that he can grant access to business area (which I dont want). I want to ensure that he is able to grant access to business area without having create/edit rights on that business area.
  Could you let me know if you have any way to solve this.
  Thank You.
  Nawaz

  Hi,
  Changing the security access to a business area counts as a edit to the business area therefore the user will need Create/Edit privilege. One way to do what you want is to create a trigger over the EUL5_BAS table that will prevent the user from making changes to this table raising an error if this is attempted. However, this is not an Oracle supported approach but will work fine.
  Rod West

• ACE and ANM RBAC - Single user with Admin access

  Goodday,
  I would like to confirm if one can only assign a single user Admin access to a context via RBAC (either on ANM or ACE native RBAC through ACS). So is this true or not?
  If so, would I be correct in assuming this excludes the default Admin user.
  Also, what do you do if you need to provide Admin access to more that one user? Can it be done?
  Thanks
  Paul

  Actually multiple users can assinged to the pre-defined ADMIN role in ACE RBAC such as the following:
  myaceisnamedthis/Admin(config)# username Bob password weakpass role Admin domain default-domain
  This is also true in ANM, where the user's RBAC is a cross product of the ANM defined role and domains (which is at the ANM level so that it can span multiple ACE devices and contexts).
  In both cases, the AAA can be used for authentication, though authorization is performed by ACE/ANM themselves.
  Cheers,
  David K.