With SSMS Can a user with VIEW DEFINITION permissions on a procedure, see its source?
Is there a way directly within the GUI itself to see the definition of a procedure if a user has VIEW DEFINITION permissions (as well as EXECUTE), or will they need to use sp_helptext?
Yes, there is a way. Right-click procedure from Object Explorer and select Script from the context menu.
Erland Sommarskog, SQL Server MVP, [email protected]
Similar Messages
-
We have a Webservice deployed on a Sharepoint 2010 deployment with a method as follows:
public static string ensureParentFolder(SPWeb parentSite, string destinationUrl)
destinationUrl = parentSite.GetFile(destinationUrl).Url;
int index = destinationUrl.LastIndexOf("/");
string parentFolderUrl = string.Empty;
if (index > -1)
parentFolderUrl = destinationUrl.Substring(0, index);
SPFolder parentFolder
= parentSite.GetFolder(parentFolderUrl);
if (!parentFolder.Exists)
SPFolder currentFolder = parentSite.RootFolder;
foreach (string folder in parentFolderUrl.Split('/'))
try
currentFolder = currentFolder.SubFolders.Add(folder);
catch (Exception ex)
FINEOSLogger.Medium(LoggerCategory.FINEOSToSharePointDMS, "User could not create SP folder so elevating permissions");
SPSecurity.RunWithElevatedPrivileges(delegate()
currentFolder = currentFolder.SubFolders.Add(folder);
return parentFolderUrl;
When invoked by a User with only Contribute rights the SubFolders.Add( ) call appears to fail and the
SPSecurity.RunWithElevatedPrivileges
code is invoked, which also fails.
1. So the first question is should you be able to invoke SubFolders.Add() with only Contribute? It works with Design privileges for the Customer. You can add folders on the Sharepoint website as a Contribute user so why not on the API.
Customer raising this as a security concern.
2. Also why would the
SPSecurity.RunWithElevatedPrivileges
part fail, is the syntax incorrect for Sharepoint 2010? We migrated this code from Sharepoint 2007 project.
The error I get when I try run the code as a Contribute user is
com.fineos.ta.dms.external.DMSException: The exception [A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18".] was caused by the exception [A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18".]., Ta Exception info,Exception Class=class com.fineos.ta.dms.external.DMSException,Root cause ID=10,Root cause host=IEL163,Localized message=A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18"
at com.fineos.integration.dms.internal.thirdparty.GenericDMS.add(GenericDMS.java:149)
at com.fineos.frontoffice.documentmanager.DocumentManager.saveToThirdPartyDMS(DocumentManager.java:280)
at com.fineos.frontoffice.documentmanager.fileupload.UploadDocumentWidget.save(UploadDocumentWidget.java:401)
at org.apache.jsp.sharedpages.documentmanager.fileupload.uploaddocumentpage_jsp._jspService(uploaddocumentpage_jsp.java:77)
Caused by: com.fineos.integration.dms.external.services.SharePointDmsException: A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18".
at com.fineos.integration.dms.external.services.GenericDMSClient.uploadDocument(GenericDMSClient.java:139)
at com.fineos.integration.dms.internal.thirdparty.GenericDMS.add(GenericDMS.java:132)
... 88 more
Caused by: org.apache.axis2.AxisFault: Error_occured_sharepoint [Message Details = An Exception occurred in SharePoint; System.UnauthorizedAccessException: <nativehr>0x80070005</nativehr><nativestack></nativestack>Access denied.
at Microsoft.SharePoint.Library.SPRequest.AddOrDeleteUrl(String bstrUrl, String bstrDirName, Boolean bAdd, UInt32 dwDeleteOp, Int32 iUserId, Guid& pgDeleteTransactionId)
at Microsoft.SharePoint.SPFolderCollection.AddInternal(String strUrl, Int32 userId)
at FINEOSIntegration.FINEOSToSharePointDMS.SharePointDMSUtilities.<>c__DisplayClass9.<ensureParentFolder>b__5()
at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass4.<RunWithElevatedPrivileges>b__2()
at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)
at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)
at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode)
at FINEOSIntegration.FINEOSToSharePointDMS.SharePointDMSUtilities.ensureParentFolder(SPWeb parentSite, String destinationUrl)
at FINEOSIntegration.FINEOSToSharePointDMS.FINEOSToSharePointDMS.uploadDocument(String UserName, String FolderPath, String Filename, Byte[] File, DocumentProperties DocumentProperties, Boolean NotifyFINEOS, Boolean NotifyFINEOSSpecified, Boolean OverwriteIfExists, Boolean OverwriteIfExistsSpecified, String& DMSDocType)]
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
at com.fineos.frontoffice.thirdpartydms.operationtypes.ThirdPartyDmsServicesStub.uploadDocument(ThirdPartyDmsServicesStub.java:761)
at com.fineos.integration.dms.external.services.GenericDMSClient.uploadDocument(GenericDMSClient.java:119)
... 89 more
Note that the user SPWeb being passed into the method is from an impersonated user, don't know if that matters.
So the webservice payload contains the id of the user who wants to do the Sharepoint work while the webservice is invoked by anonymous or some other service user. We then impersonate the user specified in the webservice payload like follows and use
that web SPWeb from then on in the webservice methods:
userToImpersonate = currentWeb.AllUsers[user];
site = new SPSite(fileUrl, userToImpersonate.UserToken);
web = site.OpenWeb();
Any help appreciated.
Thanks,
Ruairi.Ideally, a user with Contribute permissions should be able to add folders. Not sure what is the issue there. But I can see that SPSecurity.RunWithElevatedPrivileges is not written properly. You must create a new SPSite object inside the delegate
because SPSite objects created outside do not have Full Control even when referenced inside the delegate. Use the using keyword to ensure that the object is disposed in the delegate. Example:
SPSecurity.RunWithElevatedPrivileges(delegate()
using (SPSite site = new SPSite(web.Site.ID))
// implementation details omitted
});See this for more information about SPSecurity.RunWithElevatedPrivilegeshttps://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurity.runwithelevatedprivileges%28v=office.12%29.aspx?f=255&MSPPError=-2147217396
Blog | SharePoint Learnings CodePlex Tools |
Export Version History To Excel |
Autocomplete Lookup Field -
Authenticating agains AD with Kerberos, by a user with an explicit UPN
Hello
My situation :
I have a 2008 functionnal level domain with a technical name, lets say tec.domain.com
I have for this domain configured an alternate UPN : domain.com (that is only a DNS domain name, not an existing AD domain)
My users have a SamAccountName like j.doe and a UPN like [email protected] (which is their email address, on our Exchange organization)
Now, from a Linux server (running Apache and kerberos), i can do a kinit with [email protected], but not with [email protected]
When i capture trafic, the DC answers "error-code: eRR-WRONG-REALM (68)", saying it is not able to handle the DOMAIN.COM realm.
According to this article ( http://msdn.microsoft.com/en-us/library/Cc212351.aspx ) , my DC should be able to handle it, as far as i understand it.
Am i missing something ?
Thanks in advance.Hi,
Thanks for your post.
It seems like you could not enable Kerberos authentication for users logon using their alternative UPNs.
Please refer to the similar thread:
Authenticating to Active Directory using an alternate UPN
http://social.technet.microsoft.com/Forums/en-US/f93e23d7-e910-4ae7-96ba-3a8038766f9f/authenticating-to-active-directory-using-an-alternate-upn?forum=winserverDS
Regards.
Vivian Wang -
Is it possible for a Web Part to interact with a list the user does not have permissions for?
Say I have a custom web part that queries a list or adds list items, etc. Does the user have to have the equivalent permissions on the list itself to use the web part? Would the SPSecurity.RunWithElevatedPrivileges Method be a way to get around this? Or is
there a better way?
Basically I want certain users to have a more controlled access to a list. But if I try to access the page with the web part on an account without permissions for the list, I get an Access Denied response.One way of elevating code is, as you already mentioned, using SPSecurity.RunWithElevatedPrivileges which will run SPSecurity.CodeToRunElevated with Full Control rights. From MSDN documentation of the method for SP 2013 (http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurity.runwithelevatedprivileges.aspx)
you can see that this code runs under Application Pool identity:
Type: Microsoft.SharePoint.SPSecurity.CodeToRunElevated
A delegate method that is to run with elevated rights. This method runs under the Application Pool identity, which has site collection administrator privileges on all site collections hosted by that application pool.
Another method, a bit more security fine-grained, can be used. The idea is to instantiate new SPSite object using overloaded constructor which takes Microsoft.SharePoint.SPUserToken as a parameter: http://msdn.microsoft.com/EN-US/library/ms469253(v=office.15).aspx.
Example can be seen here: http://www.sharepointdeveloperhq.com/2009/04/how-to-programmatically-impersonate-users-in-sharepoint/. Using this approach, you can run your code in the context of the user who doesn't necessarily have to be site collection admin.
This user can have only access to the list in question. -
I am happy with Firefox4, can Firefox6 go with Google tool-bar?
I am an architect,I have been with Firefox for years, laterly working with Firefox4 beta, works well with Google Tool-bar......
But , when I upgraded to Firefox 5 , my google Tool-bar disapeared !!!and i asked google, they said Google Tool-bar cannot go with Firefox5.
So, my question is " can Firefox-6 works with Google Tool-bar?
Thanks a million for your attention:
Architect RIBA
Kingproblem is I have 2 mail address with Google ,personal, et Professional.......
So should I just ignore the update of Firefox ?....................;
and stay with Firefox 4 Beta ? -
SQLLOADER with 8i can't load into views ?
I'm running Oracle Personnal 8i (8.1.6) under Windows2000.
I have a ctl file that load data into a view (called MyView). This wiew is only a "select * from MyTable"
When i run sqlldr, i have the following message :
SQL*Loader-941: Error during describe of table MyView
If i run the same thing under Oracle Personnal 8.0.4 (with sqlldr80), it works fine.
If i run sqlldr with a ctl file that load data into the table MyTable, it works fine (of course).
So I think that we can't use sqlloader 8i with views...
Can you help me ?
Thanks.
PS : I have granted all privileges on MyView to public, and i run sqlldr with the good userId.
I can't load data directly into MyTable because the name MyTable is not known but the name MyView is fixed.Looks like a caveat I stepped in at another occasion: Granting to public seems not to be as strong ass granting to a role or user.
Try granting the privileges to the importing user directly, it helped in my case -
Can I communicate with a non apple user with iSight?
How can we get family back in the USA up and running so we can have video chats? (Other than buying them a new iMac?)
G5 and Powerbook G4 Mac OS X (10.4.6)In addition to Neils fine comments, you'll need AIM 5.9 for the PC and a little fine tuning.
AIM 5.9 can be found here: http://www.aim.com/getaim/win/otherwin.adp?aolp=
And the fine tuning overview here: http://www.mvldesign.com/videoconferencetutorial.html -
Hello
I have just purchased an imac which I am very happy with. In our household we also have two iphones (one mine and one husbands) and one ipod (my sons). We all have individual itunes accounts set up on our previous computer (not a mac). We have sepereate apps and music, although there may be the odd occasion where we would like to share a song (if this is possible) across devices.
I am just wondering the best way to manage these devices using the new imac. Should I create individual accounts to logon to the imac, then from within these launch our own itunes accounts and sync our devices with these. Or should I be using one version of itunes, logging on to this with our different itunes usernames and storing things in libraries.
Any help would be greatly appreciated.
ThanksI am presuming that we cannot share downloaded apps and music between accounts because of the copyright issue,
Though I'm no copyright lawyer, as long as it's within a household, you can share content among users. Such sharing is, absent specific language preventing it not present in the iTunes Store terms of use, generally considered to be "personal use". So you can share apps and music amongst your users on your computer and with their devices. You just can't give any of that content to friends or relatives who don't live with you.
What I am not clear on, it making sure that this appears in each itunes account - is it easy to find the file storage folders that match the itunes accounts and what would these be?
The iTunes library and files are by default in a user's Home/Music folder. But you don't have to find the folder; in fact putting a file into the folder yourself won't add the file to iTunes. Just drag the file into the iTunes window. iTunes will copy it to the correct location.
Regards. -
My family account has 3 phones, phone 1 does not have an upgrade available but phone 2 does.
Can I order an iphone 5s from apples website with the number for phone 2 to get the upgrade price and then when I receive the phone activate it with phone 1's number?
I asked a Verizon representative and he says I AM ABLE to do this BUT I have been looking at "activation" videos and none of them shows any area where you enter a number to activate the phone which leads me to believe the number for the phone is predetermined. (I have never owned an iphone).
I would love a definitive answer from someone.PhilC506 wrote:
Can I order an iphone 5s from apples website with the number for phone 2 to get the upgrade price and then when I receive the phone activate it with phone 1's number?
Yes, you can do this. When the phone comes in, you'll need to activate it on line 2 to accept the Terms and Conditions, then you can move the phone to line 1. You then would reactivate the old phone back on line 2. Keep in mind that you may have a day's worth of pro-rated data on line 2 (I'd check via MyVerizon to double-check that the data plan did, indeed, drop off when you reactivated the basic phone). Also keep in mind that now line 2 has a new two-year contract and if for some reason you decide to cancel the line before the contract period is over, the ETF will be based on the smartphone purchased, not on the basic phone that's on the line. Insurance may or may not transfer (I've read that it will since both phones are on the same account, but I'm not positive about that). -
Edited photos with 4 can be opened with 3?
Dear All,
I would to try the beta version of lightroom 4. Actually I have lightroom 3 installed with all my catalogs and I'm really interested in the new features that have been added.
If I edit some of my photos/catalogues with lightroom 4, and for some reason I cannot use it anymore, is it possible to open them again with version 3 or there is no compatibilty?
Thank you for your kind reply,
dkdk,
The standard wisdom about using a Beta version is "Don't do anything that you'll need to keep."
No, changes you make won't be backward compatible. They will be compatible (most likely) with the official release of LR 4, however.
The purpose of the Beta isn't to produce useful work for you or for me, but to do us a different, but very handy goodness: shaking the bugs out of the program while risking nothing. We need those bugs to be found and fixed before we trust the program, and it's good that we can help find them.
Anyway, if you choose to work with the Beta, only use copies of your master files, not the files themselves.
Hal -
Ipad air with cellular can be used with any carrier anywhere in the world?
Currently i'm in the US for business, I want to buy the new ipad air with cellular connection but i don't live in the US, can i use it with any carrier, anywhere in the world?
Hi there,
You may find the information at the website below helpful.
iPad Air
http://www.apple.com/ipad-air/ultrafast-wireless/
Ready to take on the world.
iPad Air offers comprehensive support for fast networks around the world, and you don’t need a long-term contract. You can sign up for cellular connectivity only when you need it. Some cellular carriers even offer flexible shared plans that let you use the data service you already have. If you want a local connection when you’re traveling, iPad Air is ready. Just ask a local carrier about a short-term data plan, pop in a SIM card, and you’re ready to go.
-Griff W. -
How can OIM provision users with same Display Name in AD?
I can create users with same First Name, Middle Name and Last Name (same Display Name) in OIM if they have different UserId.
But I can not provision two users with same Display Name to one Organization Unit in AD, the resource provisioning shows
Status: Rejected
Response: AD user already exists
Can AD be configured to create users with same Display Name (different UserId) in one OU, or would I have to create logic in OIM to modify the display name so it gets accepted by AD?
Thanks!Thanks Nitesh. Also, I can create the user with same DN in different OU's, not in same OU.
I agree once we determine that same cn exists in one OU , I can modify the display name by appending a number at the end or something. I understand the logic but I need more details on how to specify this logic in the pre-pop adapter, can you please share more details.
Thanks a lot! -
Create user with select privilege only one schema
can someone tell me how i can create user with select priviliges only one schema.
i don't want the user to have any select privileges with other schema.
can someone advise me.
ThanskIn general, you would do something like
CREATE ROLE abc_read_only;
FOR x IN (SELECT * FROM dba_tables WHERE owner='ABC')
LOOP
EXECUTE IMMEDIATE 'GRANT SELECT ON abc.' || x.table_name || ' TO abc_read_only';
END LOOP;
CREATE USER your_user ...;
GRANT abc_read_only TO your_userYou create a role, grant the role SELECT access to all the tables in the ABC schema (you can extend this to grant access to views, functions, etc depending on the requirements), and then grant that role to your user.
Justin -
Urgent: Search for user with 'ß' character failed.
Hi all,
I have problem for searching the user with 'ß' character included in the name of user in Identity Management.
When nothing is specified in the search criteria, then the user is displayed.
When the name of user without 'ß' is given in the search criteria, then also the user is displayed.
But when the name is given with 'ß' in search criteria, the user is not recognized and cannot be displayed.
'ß' is the German Character.
Please help me out, why the user is not recognized with the character 'ß' in the search criteria.
Thanks in Advance.
Regards,
Yogita.Hi,
You can ofcourse use ß and all other chars in your search.
It makes no sence that you can create users with these chars, but cannot search using them.
I tried to create user with char ß and also could search with this char. So it is only a local problem on your server.
Is your UME connected with LDAP or DB? My UME where I tested is DB.
So dont give up, open an OSS message with SAP for a solution and also update this thread if you find an answer.
Regards,
Praveen Gudapati -
Error with PHP (can't resolve the connect identifier)
Hello everybody,
I have an issue that I hope you can help me with.
I installed on an OpenSuse the following applications using the guides I found on this web site:
- Apache 2 HTTP Server
- PHP 5.2.9
- Instantclient 11.1
- Oracle 11g
After hours of hard work and web navigation looking for information about the problems I got, I'm stucked and I don't find a way to continue.
When PHP tries to connect to the Database, I get this message:
Warning: oci_connect() [function.oci-connect]: ORA-12154: TNS:could not resolve the connect identifier specified in [...]
ORA-12154: TNS:could not resolve the connect identifier specifiedtnsping from a terminal resolves the name successfully, as you can see:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.4.201)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = Blog.coremain.com)))
OK (0 msec)The problem comes when PHP tries to connect, that's where Oracle doesn't resolve the SID.
Environment variables ($ORACLE_HOME, $ORACLE_SID, $LD_LIBRARY_PATH) are set as guides say.
By the way, maybe it's related: I can't either connect with JDeveloper to this database in other PC from the network. The data is correct (user, password, IP, port, SID/Service Name).
This happens with a Linux O.S. Installing the same stuff on a Windows, PHP and JDeveloper work fine.
Can you help me, please? I read all the info on the Internet I could get and can't find the solution.
Tell me if you need me to show you any log or configuration file.
RegardsHi there,
I agree, I think it's an environment issue, but I don't know how to set it up. Here is the environment section of phpinfo():
Apache Environment
Variable Value
HTTP_HOST 127.0.0.1
HTTP_USER_AGENT Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.0.8) Gecko/2009032600 SUSE/3.0.8-1.1.1 Firefox/3.0.8
HTTP_ACCEPT text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_LANGUAGE es-es,es;q=0.8,en-us;q=0.5,en;q=0.3
HTTP_ACCEPT_ENCODING gzip,deflate
HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_KEEP_ALIVE 300
HTTP_CONNECTION keep-alive
HTTP_REFERER http://127.0.0.1/
PATH /usr/sbin:/bin:/usr/bin:/sbin
SERVER_SIGNATURE no value
SERVER_SOFTWARE Apache/2.2.11 (Unix) PHP/5.2.9
SERVER_NAME 127.0.0.1
SERVER_ADDR 127.0.0.1
SERVER_PORT 80
REMOTE_ADDR 127.0.0.1
DOCUMENT_ROOT /usr/local/apache2/htdocs
SERVER_ADMIN [email protected]
SCRIPT_FILENAME /usr/local/apache2/htdocs/index.php
REMOTE_PORT 61677
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.1
REQUEST_METHOD GET
QUERY_STRING no value
REQUEST_URI /index.php
SCRIPT_NAME /index.php By the way, I can tnsping only with oracle and root user, with sergio.solis user can't do it: "TNS-03505: Failed to resolve name".
Thanks for your answer.
Regards.
Maybe you are looking for
-
How to show icon in a column of a table?
How to display an icon in a column of a table UI element and this icon is to be displayed based on values in the table row?
-
An error ocurred during the installation of assembly 'Microsoft. VC80.crt,type="win32", version="8.0.50727.4053".publickKeyToken="1fc8b3b9a1e18e3b".processorArchitectu re="amd64".Please refer to help and support for more information. HRESULT: 0x80071
-
Req. confirmation on Uninstallation of Oracle
Hi, What are all the action will be taken place while Uninstalling Oracle Database? My Database contains the users, tablespace, datafiles and objects pertaining to the corresponding schema. Will those being deleted while uninstall DB? Else, How could
-
What's with the multiple home screens in 11.1.4.62?
In addition to 11 pages of home screens, some of which have only one app, I have a screen category called Finance and another called Photoggrapy. How can I change the screen names in iTunes? iPhone 5s. Windows 7. Itunes 11.1.4.62
-
Mountain Lion upgrade effects mail rules for all users
After upgrading to Mountain Lion, the mail rules appear to be "shared" for all user on our Mac. When a user adds a rule, everyone sees this rule. Some mail rules are lost in the process. How can we fix this?