Search Results

Search found 587 results on 24 pages for 'acl'.

Page 5/24 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • cake php AppController and inheritance

    - by RSK
    hello folks........ In many tutorial of Acl component in cakephp i got instruction that add component either in AppController or in all the other controllers which inherits AppController....... but problem is var $components=array('Auth',Acl); when i use the above line in AppConroller i cant use the Auth or Acl component... but when i use the same code in all the child classes it works fine........ what will be the problem thanks in advance any help will be appreciated.

    Read the article

  • How do large sites accomplish row-level permissions?

    - by JayD3e
    So I am making a small site using cakephp, and my ACL is set up so that every time a piece of content is created, an ACL rule is created to link the owner of the piece of content to the actual content. This allows each owner to edit/delete their own content. This method just seems so inefficient, because there is an equivalent amount of ACL rules as content in the database. I was curious, how do big sites, with millions of pieces of content, solve this problem?

    Read the article

  • Retrieve Access Control List of Documents for Specific User on Google Docs?

    - by viatropos
    I have a large website at www.mydomain.com. There are 1000 new documents per month and 100 new users per week lets say. I need to be able to programmatically do the following: user goes to www.mydomain.com/documents user sees list of all documents they have access to (not ALL of the docs) I know you can retrieve an ACL for each document individually. But is there a way to retrieve an ACL for each "user", a list of all the documents they have access to, in one HTTP request? Something like this, but for Docs (and not just for document "owners"): Retrieving only calendars that a user owns. I'd love to know, because it seems like I'd have to parse 10,000 document "entry" tags, find the ACL, see if user is in ACL... That seems crazy. What am I missing? Thanks!

    Read the article

  • Will backup using rsync preserve ACLs?

    - by Khaled
    I am using backuppc to backup my server. The backups are done using rsyncd. Currently, I am not using ACLs, but I am think it is good to activate it to have finer control over permissions. My question: Will backing up my files using rsync preserve the defined ACLs? BTW, I read an article about ACLs. They are saying that ubuntu does not support ACLs with tar. Is this real/old or not? I may not have this problem if I am using rsync. Is this right?

    Read the article

  • Unexpected Access Denied error while accessing EFS encrypted file

    - by pozi
    I am getting Access Denied error when I try to access some files. ACL is OK, all ACE's all intherited, I have full access to these files and I am the owner of these files. ACE's are exactly same as other files in the same directory which are accessible without problems (doublechecked through Security Tab on file properties and cacls command). Files are EFS encrypted, however I should have access to these files, because they were encrypted by the same user account I am trying to access (decrypt) them. EFS settings are exactly same as other files in the same directory which are also encrypted and accessible without problems (doublechecked through cipher command and efsdump command (SysInternals)). In ProcMon utility (SysInternals) I am getting Access Denied entry while accessing these files. Files are not used (locked), checked by Unlocker utility. Up to now, I tought I understand NTFS ACL's and EFS mechanisms fairly well, but now I am completely stuck and I do not know how to access these files. Any thoughts?

    Read the article

  • Exim4: Deny outgoing emails with specific destination domains to being sent to the smarthost

    - by Yoann P
    I try to deny outgoing emails with specific destination domains to being sent to the smarthost but unsuccessfully. I'm on a debian "squeeze" configured to use a smarthost. vi /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt Add right after "acl_check_rcpt:" deny message = Domain $domain is prohibited for outgoing mails domains = lsearch;/etc/exim4/restricted_domains Reload exim, but the mails to the restricted domains continue to go out I also tried to add the acl_not_smtp after reading this post but without success either. vi /etc/exim4/conf.d/main/02_exim4-config_options Add "acl_not_smtp = acl_check_not_smtp" vi /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt And add at the top of the file acl_check_not_smtp: deny message = Domain $domain is prohibited for outgoing mails domains = lsearch;/etc/exim4/restricted_domains Can anybody point me what i'm doing wrong please? Thanks, Best regards,

    Read the article

  • CentOS Default ACLs on Existing File System Objects

    - by macinjosh
    Is there a way to have existing file system objects inherit newly set default ACL settings of their parent directories? The reason I need to do this is that I have an user who connect via SFTP to my server. They are able to change directories in their FTP client and see the root folder and the rest of the server. They don't have permissions to change or edit anything but their own user directory but I would like to prevent them from even view the contents of other directories. Is there a better way to do this than ACLs? If ACLs are the way to go I'm assuming a default ACL on the root directory would be the best way to do restrict access. I could then selectively give the user permission to view certain directories. The problem is default ACLs are only inherited by new file system objects and not existing ones.

    Read the article

  • Setting per-directory umask using ACLs

    - by Yarin
    We want to mimic the behavior of a system-wide 002 umask on a certain directory foo, in order to ensure the following result: All sub-directories created underneath foo will have 775 permissions All files created underneath foo and subdirectories will have 664 permissions 1 and 2 will happen for files/dirs created by all users, including root, and all daemons. Assuming that ACL is enabled on our partition, this is the command we've come up with: setfacl -R -d -m mask:002 foo This seems to be working- I'm basically just looking for confirmation. Is this the most effective way to apply a per-directory umask with an ACL?

    Read the article

  • configure squid3 to set up a web proxy in ubuntu12.04

    - by Gnijuohz
    I am in a LAN and have to use a proxy given to access the web in a very limited way. I can't even use google, github.com or SE sites. However I can use ssh to log into a server, which I have root access so basically I can do anything I want with it. So I was thinking that maybe I could use that server as a proxy so I can visit sites through it. I tested it using ssh -vT [email protected] which gave a proper response. And In my computer I can't do this. Also I tried downloading something from the gun.org using wget, which can't be done in my computer too. And it succeeded on that server. I don't know if that's enough to say that this server have full access to the Internet. But I assumed so and I installed squid3 on it. After trying some while, I failed to get it working. I got this after I run squid3 -k parse 2012/07/06 21:45:18| Processing Configuration File: /etc/squid3/squid.conf (depth 0) 2012/07/06 21:45:18| Processing: acl manager proto cache_object 2012/07/06 21:45:18| Processing: acl localhost src 127.0.0.1/32 ::1 2012/07/06 21:45:18| Processing: acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 2012/07/06 21:45:18| Processing: acl localnet src 10.1.0.0/16 # RFC1918 possible internal network 2012/07/06 21:45:18| Processing: acl SSL_ports port 443 2012/07/06 21:45:18| Processing: acl Safe_ports port 80 # http 2012/07/06 21:45:18| Processing: acl Safe_ports port 21 # ftp 2012/07/06 21:45:18| Processing: acl Safe_ports port 443 # https 2012/07/06 21:45:18| Processing: acl Safe_ports port 70 # gopher 2012/07/06 21:45:18| Processing: acl Safe_ports port 210 # wais 2012/07/06 21:45:18| Processing: acl Safe_ports port 1025-65535 # unregistered ports 2012/07/06 21:45:18| Processing: acl Safe_ports port 280 # http-mgmt 2012/07/06 21:45:18| Processing: acl Safe_ports port 488 # gss-http 2012/07/06 21:45:18| Processing: acl Safe_ports port 591 # filemaker 2012/07/06 21:45:18| Processing: acl Safe_ports port 777 # multiling http 2012/07/06 21:45:18| Processing: acl CONNECT method CONNECT 2012/07/06 21:45:18| Processing: http_port 3128 transparent vhost vport 2012/07/06 21:45:18| Starting Authentication on port [::]:3128 2012/07/06 21:45:18| Disabling Authentication on port [::]:3128 (interception enabled) 2012/07/06 21:45:18| Disabling IPv6 on port [::]:3128 (interception enabled) 2012/07/06 21:45:18| Processing: cache_mem 1000 MB 2012/07/06 21:45:18| Processing: cache_swap_low 90 2012/07/06 21:45:18| Processing: coredump_dir /var/spool/squid3 2012/07/06 21:45:18| Processing: refresh_pattern ^ftp: 1440 20% 10080 2012/07/06 21:45:18| Processing: refresh_pattern ^gopher: 1440 0% 1440 2012/07/06 21:45:18| Processing: refresh_pattern -i (/cgi-bin/|?) 0 0% 0 2012/07/06 21:45:18| Processing: refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 2012/07/06 21:45:18| Processing: refresh_pattern . 0 20% 4320 2012/07/06 21:45:18| Processing: ipcache_high 95 2012/07/06 21:45:18| Processing: http_access allow all I deleted some allow and deny rules and added http_access allow all so that all the request would be allowed. After configuring my computer, I got this error: Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. And the log in the server showed that my TCP requests had all been denied. So, first of all, is what I am trying to do achievable? If so, how to configure the squid in the server so that I use it as a proxy to surf the Internet? My computer and the server both run Ubuntu11.04. Thanks for any help~

    Read the article

  • Use icacls to make a directory read-only on Windows 7

    - by Dave G
    I'm attempting to test some filesystem exceptions in a Java based application. I need to find a way to create a directory that is located under %TMP% that is set to read-only. Essentially on UNIX/POSIX platforms, I can do a chmod -w and get this effect. Under Windows 7/NTFS this is of course a different story. I'm running into multiple issues on this. My user has "administrative" right (although this may not always be the case) and as such the directory is created with an ACL including: NT AUTHORITY\SYSTEM BUILTIN\Administrators <my current user> Is there a way using icacls to essentially get this directory into a state where it is read-only PERIOD, do my test, then restore the ACL for removal? EDIT With the information provided by @Ansgar Wiechers I was able to come up with a solution. I used the following: icacls dirname /deny %username%:(WD) In the page located here I found this in the remarks section: icacls preserves the canonical order of ACE entries as: * Explicit denials * Explicit grants * Inherited denials * Inherited grants By performing the above icalcs command, I was able to set the current user's ability to write or append files (WD) to the directory to deny. Then it was a question of returning it to a state post test: icacls dirname /reset /t /c Done

    Read the article

  • How to whitelist external access to an internal webserver via Cisco ACLs?

    - by Josh
    This is our company's internet gateway router. This is what I want to accomplish on our Cisco 2691 router: All employees need to be able to have unrestricted access to the internet (I've blocked facebook with an ACL, but other than that, full access) There is an internal webserver that should be accessible from any internal IP address, but only a select few external IP addresses. Basically, I want to whitelist access from outside the network. I don't have a hardware firewall appliance. Until now, the webserver has not needed to be accessible externally... or in any case, the occasional VPN has sufficed when needed. As such, the following config has been sufficient: access-list 106 deny ip 66.220.144.0 0.0.7.255 any access-list 106 deny ip ... (so on for the Facebook blocking) access-list 106 permit ip any any ! interface FastEthernet0/0 ip address x.x.x.x 255.255.255.248 ip access-group 106 in ip nat outside fa0/0 is the interface with the public IP However, when I add... ip nat inside source static tcp 192.168.0.52 80 x.x.x.x 80 extendable ...in order to forward web traffic to the webserver, that just opens it up entirely. That much makes sense to me. This is where I get stumped though. If I add a line to the ACL to explicitly permit (whitelist) an IP range... something like this: access-list 106 permit tcp x.x.x.x 0.0.255.255 192.168.0.52 0.0.0.0 eq 80 ... how do I then block other external access to the webserver while still maintaining unrestricted internet access for internal employees? I tried removing the access-list 106 permit ip any any. That ended up being a very short-lived config :) Would something like access-list 106 permit ip 192.168.0.0 0.0.0.255 any on an "outside-inbound" work?

    Read the article

  • Can't reset Windows 7 Registry permissions.

    - by n10i
    hi all, i am trying to reset win 7 registry permissions using secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose /areas REGKEYS But i am receiving the following error: An extended error has occurred. The task has completed with an error. See log %windir%\security\logs\scesrv.log for detail info. The content Of the log file: ------------------------------------------- Friday, April 16, 2010 1:50:43 PM ----Configuration engine was initialized successfully.---- ----Reading Configuration Template info... ----Configure 64-bit Registry Keys... Configure users.default. Warning 5: Access is denied. Error taking ownership of users.default\software\SetID. Warning 5: Access is denied. Error opening users.default\software\SetID. Warning 5: Access is denied. Error setting security on users.default\software\SetID. Configure machine\software. Warning 5: Access is denied. Error setting security on machine\software. Warning 1336: The access control list (ACL) structure is invalid. Error setting security on machine\software\Macrovision. Configuration of Registry Keys was completed with one or more errors. ----Configure 32-bit Registry Keys... Configure machine\software. Warning 1336: The access control list (ACL) structure is invalid. Error setting security on machine\software\Audible. Configuration of Registry Keys was completed with one or more errors. ----Un-initialize configuration engine... plz! help me guys!

    Read the article

  • Best practice ACLs to prepare for auditors?

    - by Nic
    An auditor will be visiting our office soon, and they will require read-only access to our data. I have already created a domain user account and placed them into a group called "Auditors". We have a single fileserver (Windows Server 2008) with about ten shared folders. All of the shares are set up to allow full access to authenticated users, and access restrictions are implemented with NTFS ACL's. Most folders allow full access to the "Domain Users" group, but the auditor won't need to make any changes. It takes several hours to update NTFS ACL's since we have about one million files. Here are the options that I am currently considering. Create a "staff" group to assign read/write instead of "Domain Users" at the share level Create a "staff" group to assign read/write instead of "Domain Users" at the NTFS level Deny access to the "Auditors" group at the share level Deny access to the "Auditors" group at the NTFS level Accept the status quo and trust the auditor. I will probably need to configure similar users in the future, as some of our contractors require a domain account but shouldn't be able to modify our client data. Is there a best practice for this?

    Read the article

  • ACL architechture for a Software As a service in Spring 3.0

    - by geoaxis
    I am making a software as a service using Spring 3.0 (Spring MVC, Spring Security, Spring Roo, Hibernate) I have to come up with a flexible access control list mechanism.I have three different kinds of users System (who can do any thing to the system, includes admin and internal daemons) Operations (who can add and delete users, organizations, and do maintenance work on behalf of users and organizations) End Users (they belong to one or more organization, for each organization, the user can have one or more roles, like being organization admin, or organization read-only member) (role like orgadmin can also add users for that organization) Now my question is, how should i model the entity of User? If I just take the End User, it can belong to one or more organizations, so each user can contain a set of references to its organizations. But how do we model the users role for each organization, So for example User UX belongs to organizations og1, og2 and og3, and for og1 he is both orgadmin, and org-read-only-user, where as for og2 he is only orgadmin and for og3 he is only org-read-only-user I have the possibility of making each user belong to one organization alone, but that's making the system bounded and I don't like that idea (although i would still satisfy the requirement) If you have a better extensible ACL architecture, please suggest it. Since its a software as a service, one would expect that alot of different organizations would be part if the same system. I had one concern that it is not a good idea to keep og1 and og2 data on the same DB (if og1 decides to spawn a 100 reports on the system, og2 should not suffer) But that is some thing advanced for now and is not directly related to ACL but to the physical distribution of data and setup of services based on those ACLs This is a community Wiki question, please correct any thing which you wish to do so. Thanks

    Read the article

  • GetEffectiveRightsFromAcl throws invalid acl error

    - by apoorv020
    I am trying to get the effective rights a user has on a file using interop in C#. Following is the code I am using : public static FileSystemRights GetFileEffectiveRights(string FileName, string UserName) { IntPtr pDacl, pZero = IntPtr.Zero; int Mask = 0; uint errorReturn = GetNamedSecurityInfo(FileName, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.Dacl , out pZero, out pZero, out pDacl, out pZero, out pZero); if (errorReturn != 0) { throw new Exception("Win error : " + errorReturn); } Program.TRUSTEE pTrustee = new TRUSTEE(); pTrustee.pMultipleTrustee = IntPtr.Zero; pTrustee.MultipleTrusteeOperation = (int)Program.MULTIPLE_TRUSTEE_OPERATION.NO_MULTIPLE_TRUSTEE; pTrustee.ptstrName = UserName; pTrustee.TrusteeForm = (int)Program.TRUSTEE_FORM.TRUSTEE_IS_NAME; pTrustee.TrusteeType = (int)Program.TRUSTEE_TYPE.TRUSTEE_IS_USER; errorReturn = GetEffectiveRightsFromAcl(pDacl, ref pTrustee, ref Mask); if (errorReturn != 0) { throw new Exception("Win error : " + errorReturn); } return (FileSystemRights)Mask; } This code works fine until I start modifying the ACL structure using the classes FileAccessRule and FileInfo, and then I start getting Windows Error 1336 : ERROR_INVALID_ACL. Same is the case if I debug the process call GetFileEffectiveRights once, pause the process,change the ACL through windows API, and resume and call GetFileEffectiveRights again(the 1st call succeeds but the second gives 1336.) What is going wrong?

    Read the article

  • FreeBSD high load loopback interface

    - by user1740915
    I have a problem with a FreeBSD server. There is a FreeBSD 9.0 amd64, two network cards em1 (internet), em0 (local network) configured firewall ipfw, natd, squid (not transparent), the server acts as a gateway for access to the Internet. Next problem: upload via squid is very low. At this moment I see next: natd, dhcpd load the cpu at that time when uploading through squid and there are a lot of traffic through the loopback interface. ipfw show output 0100 655389684 36707144666 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 00400 0 0 deny ip from any to ::1 00500 0 0 deny ip from ::1 to any 00600 4 292 allow ipv6-icmp from :: to ff02::/16 00700 0 0 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 1 76 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 0 0 allow ipv6-icmp from any to any ip6 icmp6types 1 01000 0 0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 01100 1615 76160 deny ip from 192.168.1.1 to any in via em1 01200 0 0 deny ip from 199.69.99.11 to any in via em0 01300 46652 3705426 deny ip from any to 172.16.0.0/12 via em1 01400 3936404 345618870 deny ip from any to 192.168.0.0/16 via em1 01500 4 336 deny ip from any to 0.0.0.0/8 via em1 01600 4129 387621 deny ip from any to 169.254.0.0/16 via em1 01700 0 0 deny ip from any to 192.0.2.0/24 via em1 01800 917566 33777571 deny ip from any to 224.0.0.0/4 via em1 01900 147872 22029252 deny ip from any to 240.0.0.0/4 via em1 02000 1132194739 1190981955947 divert 8668 ip4 from any to any via em1 02100 3 248 deny ip from 172.16.0.0/12 to any via em1 02200 35925 2281289 deny ip from 192.168.0.0/16 to any via em1 02300 1808 122494 deny ip from 0.0.0.0/8 to any via em1 02400 3 174 deny ip from 169.254.0.0/16 to any via em1 02500 0 0 deny ip from 192.0.2.0/24 to any via em1 02600 0 0 deny ip from 224.0.0.0/4 to any via em1 02700 0 0 deny ip from 240.0.0.0/4 to any via em1 02800 960156249 1095316736582 allow tcp from any to any established 02900 64236062 8243196577 allow ip from any to any frag 03000 34 1756 allow tcp from any to me dst-port 25 setup 03100 193 11580 allow tcp from any to me dst-port 53 setup 03200 63 4222 allow udp from any to me dst-port 53 03300 64 8350 allow udp from me 53 to any 03400 417 24140 allow tcp from any to me dst-port 80 setup 03500 211 10472 allow ip from any to me dst-port 3389 setup 05300 77 4488 allow ip from any to me dst-port 1723 setup 05400 3 156 allow ip from any to me dst-port 8443 setup 05500 9882 590596 allow tcp from any to me dst-port 22 setup 05600 1 60 allow ip from any to me dst-port 2000 setup 05700 0 0 allow ip from any to me dst-port 2201 setup 07400 4241779 216690096 deny log logamount 1000 ip4 from any to any in via em1 setup proto tcp 07500 21135656 1048824936 allow tcp from any to any setup 07600 474447 35298081 allow udp from me to any dst-port 53 keep-state 07700 532 40612 allow udp from me to any dst-port 123 keep-state 65535 1990638432 1122305322718 allow ip from any to any systat -ifstat when uploading via squid Load Average ||| Interface Traffic Peak Total tun0 in 79.507 KB/s 232.479 KB/s 42.314 GB out 2.022 MB/s 2.424 MB/s 59.662 GB lo0 in 4.450 MB/s 4.450 MB/s 43.723 GB out 4.450 MB/s 4.450 MB/s 43.723 GB em1 in 2.629 MB/s 2.982 MB/s 464.533 GB out 2.493 MB/s 2.875 MB/s 484.673 GB em0 in 240.458 KB/s 296.941 KB/s 442.368 GB out 512.508 KB/s 850.857 KB/s 416.122 GB top output PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 66885 root 1 92 0 26672K 2784K CPU3 3 528:43 65.48% natd 9160 dhcpd 1 45 0 31032K 9280K CPU1 1 7:40 32.96% dhcpd 66455 root 1 20 0 18344K 2856K select 1 119:27 1.37% openvpn 16043 squid 1 20 0 44404K 17884K kqread 2 0:22 0.29% squid squid.conf cat /usr/local/etc/squid/squid.conf # # Recommended minimum configuration: # acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 192.168.1.1:3128 # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/squid/cache 100 16 256 # Leave coredumps in the first cache dir coredump_dir /var/squid/cache I understand that the traffic passes through the SQUID several times. But can not find why.

    Read the article

  • ACL architechture for a Software As a service in Sprgin 3.0

    - by geoaxis
    I am making a software as a service using Spring 3.0 (Spring MVC, Spring Security, Spring Roo, Hibernate) I have to come up with a flexible access control list mechanism.I have three different kinds of users System (who can do any thing to the system, includes admin and internal daemons) Operations (who can add and delete users, organizations, and do maintenance work on behalf of users and organizations) End Users (they belong to one or more organization, for each organization, the user can have one or more roles, like being organization admin, or organization read-only member) (role like orgadmin can also add users for that organization) Now my question is, how should i model the entity of User? If I just take the End User, it can belong to one or more organizations, so each user can contain a set of references to its organizations. But how do we model the users role for each organization, So for example User UX belongs to organizations og1, og2 and og3, and for og1 he is both orgadmin, and org-read-only-user, where as for og2 he is only orgadmin and for og3 he is only org-read-only-user I have the possibility of making each user belong to one organization alone, but that's making the system bounded and I don't like that idea (although i would still satisfy the requirement) If you have a better extensible ACL architecture, please suggest it. Since its a software as a service, one would expect that alot of different organizations would be part if the same system. I had one concern that it is not a good idea to keep og1 and og2 data on the same DB (if og1 decides to spawn a 100 reports on the system, og2 should not suffer) But that is some thing advanced for now and is not directly related to ACL but to the physical distribution of data and setup of services based on those ACLs This is a community Wiki question, please correct any thing which you wish to do so. Thanks

    Read the article

  • Is it possible to do DNS-based ACLs on a Cisco ASA?

    - by pickles
    Short of using static IP addresses, is it possible to have a Cisco ASA use a DNS name rather than an IP address? For instance, if I want to limit a host in the DMZ to access only one particular web service, but that web service might be globally load balanced or using DynDNS or cloud, how can the ACL be expressed so that a fixed IP address isn't used and the admin doesn't have to keep opening and closing down IP addresses?

    Read the article

  • Script to reorder ACLs in Windows server 2008?

    - by zimdawg
    I have ran a tool called admnalow.exe that re-grants access to the local administrators (BUILTIN\Administrators) group for all directories and subdirectories in a given path. The problem is it seems to have caused the ACL's to be ordered improperly. I've been looking everywhere and have been unable to find a .vbs or any other script that will parse through a set of directories and reorder the ACLs. This can be done manually but would be incomprehensible for thousands of directories. Can anyone help?!?!

    Read the article

  • Is there a way to HIDE a file/dir from a specific user/group?

    - by Iraklis
    I'm setting up ACL permissions in CENTOS. I'm getting close to the structure that I have in mind however one piece is missing for completing the puzzle. Is there any way to HIDE a file/directory from a specific user/group? I'm not talking about not being able to read, change dir to it. I want to completely hide it from the specific user/group (not to show up on ls -la).

    Read the article

  • Change owner recursively with Powershell?

    - by Mikael Grönfelt
    I'm trying to use Powershell to change owner of a folder, recursively. I'm basically using this code: $acct1 = New-Object System.Security.Principal.NTAccount('DOMAIN\Enterprise Admins') $profilefolder = Get-Item MyFolder $acl1 = $profilefolder.GetAccessControl() $acl1.SetOwner($acct1) set-acl -aclobject $acl1 -path MyFolder This will change ownership at the first level, but not for any subfolders or files. Is there a way to extend the scope to all content of MyFolder?

    Read the article

  • implement acl on field in spring security

    - by Mike
    Hi! I would like implement spring acl for my object fields. does anyone has an idea what do i have to implment for it? for example, i have Purchase object. i would like admin_role to have read on all the fields, and secretary_role to have read only on username and address field

    Read the article

  • Administrator not an Administrator?

    - by Sonny Ordell
    I have copied some files from an XP computer to a PC running Windows 7. I am logged on as a user who is marked as an Administrator. When I try to access the directory, I am told I don't have permission. Understandable, but what is odd is that I as an administrator don't have access to take ownership of the files. I don't have permission to add users in the ACL or to take ownership, indeed such options are greyed out. Why as an administrator user can I not take ownership of files?

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >