I have a user with the ROLE_USER role (assigned via LDAP group) and I have a folder structure like this:
/root
/Completed Reports
Users with the ROLE_ADMINISTRATOR can write to Completed Reports (specifically, requesting that a report be scheduled/run-in-background with output to a file in that folder), but users with ROLE_USER cannot.
I have set the permissions like this:
/root
ROLE_ADMIMISTRATOR (Administer)
ROLE_ANONYMOUS (No Access*) <-- * means "inherited"
ROLE_USER (Read Only)
/Completed Reports
ROLE_ADMIMISTRATOR (Administer)
ROLE_ANONYMOUS (No Access*)
ROLE_USER (Read + Write)
I also took a specific user and added permissions for that user specifically:
/Completed Reports
ttest (Read + Write)
Yet, when I attempt to run a report in the background and write a PDF file to /root/Completed Reports, I get an error attempting to save the job, saying:
You do not have permission to save the job output to the /Completed_Reports folder. Select another location to save the job.
I checked, and the user ttest can create new folders within /Completed Reports. Why can't I save a completed report to this folder?
It seems this was confusion on my part about what "write" means. Evidently, "write" really means "modify" or something like that. In order to be able to save the output of a report-execution, you need to have the "delete" privilege.
Surprise! (look for "output of a scheduled report")
Related
db2 how to configure external tables using extbl_location, extbl_strict_io. Could you please give insert example for system table how to set up this parameters. I need to create external table and upload data to external table.
I need to know how to configure parameters extbl_location, extbl_strict_io.
I created table like this.
CREATE EXTERNAL TABLE textteacher(ID int, Name char(50), email varchar(255)) USING ( DATAOBJECT 'teacher.csv' FORMAT TEXT CCSID 1208 DELIMITER '|' REMOTESOURCE 'LOCAL' SOCKETBUFSIZE 30000 LOGDIR '/tmp/logs' );
and tried to upload data to it.
insert into textteacher (ID,Name,email) select id,name,email from teacher;
and get exception [428IB][-20569] The external table operation failed due to a problem with the corresponding data file or diagnostic files. File name: "teacher.csv". Reason code: "1".. SQLCODE=-20569, SQLSTATE=428IB, DRIVER=4.26.14
If I correct understand documentation parameter extbl_location should pointed directory where data will save. I suppose full directory will showed like
$extbl_location+'/'+teacher.csv
I found some documentation about error
https://www.ibm.com/support/pages/how-resolve-sql20569n-error-external-table-operation
I tried to run command in docker command line.
/opt/ibm/db2/V11.5/bin/db2 get db cfg | grep -i external
but does not information about external any tables.
CREATE EXTERNAL TABLE statement:
file-name
...
When both the REMOTESOURCE option is set to LOCAL (this is its default value) and the extbl_strict_io configuration parameter is set
to NO, the path to the external table file is an absolute path and
must be one of the paths specified by the extbl_location configuration
parameter. Otherwise, the path to the external table file is relative
to the path that is specified by the extbl_location configuration
parameter followed by the authorization ID of the table definer. For
example, if extbl_location is set to /home/xyz and the authorization
ID of the table definer is user1, the path to the external table file
is relative to /home/xyz/user1/.
So, If you use relative path to a file as teacher.csv, you must set extbl_strict_io to YES.
For an unload operation, the following conditions apply:
If the file exists, it is overwritten.
Required permissions:
If the external table is a named external table, the owner must have read and write permission for the directory of this file.
If the external table is transient, the authorization ID of the statement must have read and write permission for the directory of this file.
Moreover you must create a sub-directory equal to your username (in lowercase) which is owner of this table in the directory specified in extbl_location and ensure, that this user (not the instance owner) has rw permission to this sub-directory.
Update:
To setup presuming, that user1 runs this INSERT statement.
sudo mkdir -p /home/xyz/user1
# user1 must have an ability to cd to this directory
sudo chown user1:$(id -gn user1) /home/xyz/user1
db2 connect to mydb
db2 update db cfg using extbl_location /home/xyz extbl_strict_io YES
I am using the powershell GroupPolicy module to create and link new GPOs. I have a large number of GPOs to create, and thus I wish to automate the process without having to interact with the Group Policy Editor.
I noticed while creating GPOs through the editor that each policy object would be contained in either one or several XML files or .INI files.
Having noted above, I started creating GPOs with the New-GPO command, passing the -Name and -Domain flags. After the GPO has been successfully created, I would (via my script) generate an XML file containing all of the information that the policy would consume. Shown below is an extract of the XML file that I would create to set up a mapped drives policy.
When inspecting the policy in the editor, everything looks fine. The correct drives are showing up and all of the settings appear to be correct. However, the policy is never applied. If I create an identical policy manually via the Group Policy Editor, all of the policies start working, including the ones that I created with powershell.
The error therefore seems to be that the domain controller is never made aware of the changes, but they get applied when a manual change is made.
I have tried running gpupdate /force, which does not seem to update or propagate the changes
New-Item \\$($MappedDrivesGPO.DomainName)\SYSVOL\$($MappedDrivesGPO.DomainName)\Policies\$("{"+$MappedDrivesGPO.Id+"}")\User\Preferences\Drives\Drives.xml -ItemType File -Force
Set-Content \\$($MappedDrivesGPO.DomainName)\SYSVOL\$($MappedDrivesGPO.DomainName)\Policies\$("{"+$MappedDrivesGPO.Id+"}")\User\Preferences\Drives\Drives.xml $xml
<?xml version="1.0" encoding="utf-8"?>
<Drives clsid="{8FDDCC1A-0C3C-43cd-A6B4-71A6DF20DA8C}">
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="P:" status="P:" image="2" changed="2019-04-26 10:41:54" uid="{$guid1}" bypassErrors="1">
<Properties action="U" thisDrive="NOCHANGE" allDrives="NOCHANGE" userName="" path="\\fs1\Projects" label="Projects" persistent="0" useLetter="1" letter="P"/>
<Filters>
<FilterGroup bool="AND" not="0" name="$($domainName)\Drive P Access" sid="$($filterGroupSidDriveP)" userContext="1" primaryGroup="0" localGroup="0"/>
</Filters>
</Drive>
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="S:" status="S:" image="2" changed="2019-04-26 10:39:21" uid="{$guid2}" bypassErrors="1">
<Properties action="U" thisDrive="NOCHANGE" allDrives="NOCHANGE" userName="" path="\\as1\Software" label="Software" persistent="0" useLetter="1" letter="S"/>
<Filters>
<FilterGroup bool="AND" not="0" name="$($domainName)\Drive S Access" sid="$($filterGroupSidDriveS)" userContext="1" primaryGroup="0" localGroup="0"/>
</Filters>
</Drive>
</Drives>
I expected the policy to start working as intended after the XML file had been created
The actual result is that the policy appears to be well formed, but never applied
I managed to resolve this on my own, posting here in case someone else runs into the same issue. If you're creating GPOs programmatically and not via the editor, you will have to extend your script/program to add CSE (in this case for drive mapping) and SnapIn GUID to gPCUserExtensionNames.
[{00000000-0000-0000-0000-000000000000}{2EA1A81B-48E5-45E9-8BB7-A6E3AC170006}][{5794DAFD-BE60-433F-88A2-1A31939AC01F}{2EA1A81B-48E5-45E9-8BB7-A6E3AC170006}]
The 0000.. is the Core GPO Engine, 23EA.. is the Preference Tool CSE GUID Drives, 5794.. is Preference CSE GUID Drives.
If you create the policy manually with the desired changes, you can then open dsa.msc, enable advanced features and then view the policy object properties. Under gPCUserExtensionNames you will be able to see the arrays containing the GUIDs that you need to incorporate in your software.
mngmt-users.properties file. The users are added in the file but when I try to run the localhost it says it's running then if I try to view the admin console it is redirecting to http://localhost:9990/error/index_win.html. That tells the server is running but I could not open admin console.
#
# Properties declaration of users for the realm 'ManagementRealm' which is the default realm
# for new installations. Further authentication mechanism can be configured
# as part of the <management /> in standalone.xml.
#
# Users can be added to this properties file at any time, updates after the server has started
# will be automatically detected.
#
# By default the properties realm expects the entries to be in the format: -
# username=HEX( MD5( username ':' realm ':' password))
#
# A utility script is provided which can be executed from the bin folder to add the users: -
# - Linux
# bin/add-user.sh
#
# - Windows
# bin\add-user.bat
#
#$REALM_NAME=ManagementRealm$ This line is used by the add-user utility to identify the realm name already used in this file.
#
# On start-up the server will also automatically add a user $local - this user is specifically
# for local tools running against this AS installation.
#
# The following illustrates how an admin user could be defined, this
# is for illustration only and does not correspond to a usable password.
#
#admin=2a0923285184943425d1f53ddd58ec7a
tejaswini=25ab658c2861b2e64783aaa9ba95c2e5
aswini#19=388ced81791ddb1760b83dc4ec8b7a61
saisana=ff39d778414ab12d84fc4fa7fdacb634
alekya=d72e9c90345ce4d9290c3a2728b3cd60
prasad=c6c7c67cf343f6862d3b77bae9f61d17
teju=28b9e55b314fd60855a7843b4455dbed
Screen shot of added user
May be u have tried to create specifically application user or management user when u ran the addUser utility,
please refer the below link for steps to register user
https://bgasparotto.com/add-user-wildfly
I am using an rShiny app in RCloud. When I use write.csv the file is saved as nobody nobody and then I am unable to read it back in using read.csv. Is the solution to specify user and file permissions as options in the write.csv function or is there a different way?
I plan to run construct multiple results, append each to a file and then let the user email that file to themselves.
write.csv(lob_comp,'Rcopy.csv')
lob_comp<-read.csv('Rcopy.csv')
-rw-r----- 1 nobody nobody 399 Aug 25 00:51 Rcopy.csv
$ cat Rcopy.csv
cat: Rcopy.csv: Permission denied
an rShiny app user that doesn't have an account is actually logged in as 'nobody' if that is how you have configured RCloud. Since 'nobody' wrote the file then 'nobody' can chmod it. Put this line in your Shiny code.
system("chmod 644 Rcopy.csv")
Once you've chmod'd the file you should be able to read it.
I try to get the non- members of a Sandbox. But I get these erorr message.
si viewnonmembers -sandbox=D:\Sandboxes\project.pj
*** MKS124814: Cannot show view information: MKS125335: Out of tree members and
subprojects (not located in the project directory or a subdirectory of the proje
ct directory) are not supported.
From help of si viewnonmembers you could use option --cwd=value Act as if command executed in specified directory so the command should look like this:
si viewnonmembers --sandbox="D:\sandbox\test\project.pj" --cwd="D:\sandbox\test"
or with --recurse option to skip Do you want to recurse into the directory...
si viewnonmembers --sandbox="D:\sandbox\test\project.pj" --cwd="D:\sandbox\test" --recurse
Depending of your server configuration the .pj could be other than project.pj
Non-members can only be viewed in a sandbox context, and not from any project view operation.
So, before executing the command, you should jump into your local sandbox location:
cd SandboxFolderPath
when you are in your sandbox folder, you can execute
si viewnonmembers