Search Results

Search found 24229 results on 970 pages for 'users rights'.

Page 1/970 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Protecting offline IRM rights and the error "Unable to Connect to Offline database"

    - by Simon Thorpe
    One of the most common problems I get asked about Oracle IRM is in relation to the error message "Unable to Connect to Offline database". This error message is a result of how Oracle IRM is protecting the cached rights on the local machine and if that cache has become invalid in anyway, this error is thrown. Offline rights and security First we need to understand how Oracle IRM handles offline use. The way it is implemented is one of the main reasons why Oracle IRM is the leading document security solution and demonstrates our methodology to ensure that solutions address both security and usability and puts the balance of these two in your control. Each classification has a set of predefined roles that the manager of the classification can assign to users. Each role has an offline period which determines the amount of time a user can access content without having to communicate with the IRM server. By default for the context model, which is the classification system that ships out of the box with Oracle IRM, the offline period for each role is 3 days. This is easily changed however and can be as low as under an hour to as long as years. It is also possible to switch off the ability to access content offline which can be useful when content is very sensitive and requires a tight leash. So when a user is online, transparently in the background, the Oracle IRM Desktop communicates with the server and updates the users rights and offline periods. This transparent synchronization period is determined by the server and communicated to all IRM Desktops and allows for users rights to be kept up to date without their intervention. This allows us to support some very important scenarios which are key to a successful IRM solution. A user doesn't have to make any decision when going offline, they simply unplug their laptop and they already have their offline periods synchronized to the maximum values. Any solution that requires a user to make a decision at the point of going offline isn't going to work because people forget to do this and will therefore be unable to legitimately access their content offline. If your rights change to REMOVE your access to content, this also happens in the background. This is very useful when someone has an offline duration of a week and they happen to make a connection to the internet 3 days into that offline period, the Oracle IRM Desktop detects this online state and automatically updates all rights for the user. This means the business risk is reduced when setting long offline periods, because of the daily transparent sync, you can reflect changes as soon as the user is online. Of course, if they choose not to come online at all during that week offline period, you cannot effect change, but you take that risk in giving the 7 day offline period in the first place. If you are added to a NEW classification during the day, this will automatically be synchronized without the user even having to open a piece of content secured against that classification. This is very important, consider the scenario where a senior executive downloads all their email but doesn't open any of it. Disconnects the laptop and then gets on a plane. During the flight they attempt to open a document attached to a downloaded email which has been secured against an IRM classification the user was not even aware they had access to. Because their new role in this classification was automatically synchronized their experience is a good one and the document opens. More information on how the Oracle IRM classification model works can be found in this article by Martin Abrahams. So what about problems accessing the offline rights database? So onto the core issue... when these rights are cached to your machine they are stored in an encrypted database. The encryption of this offline database is keyed to the instance of the installation of the IRM Desktop and the Windows user account. Why? Well what you do not want to happen is for someone to get their rights for content and then copy these files across hundreds of other machines, therefore getting access to sensitive content across many environments. The IRM server has a setting which controls how many times you can cache these rights on unique machines. This is because people typically access IRM content on more than one computer. Their work desktop, a laptop and often a home computer. So Oracle IRM allows for the usability of caching rights on more than one computer whilst retaining strong security over this cache. So what happens if these files are corrupted in someway? That's when you will see the error, Unable to Connect to Offline database. The most common instance of seeing this is when you are using virtual machines and copy them from one computer to the next. The virtual machine software, VMWare Workstation for example, makes changes to the unique information of that virtual machine and as such invalidates the offline database. How do you solve the problem? Resolution is however simple. You just delete all of the offline database files on the machine and they will be recreated with working encryption when the Oracle IRM Desktop next starts. However this does mean that the IRM server will think you have your rights cached to more than one computer and you will need to rerequest your rights, even though you are only going to be accessing them on one. Because it still thinks the old cache is valid. So be aware, it is good practice to increase the server limit from the default of 1 to say 3 or 4. This is done using the Enterprise Manager instance of IRM. So to delete these offline files I have a simple .bat file you can use; Download DeleteOfflineDBs.bat Note that this uses pskillto stop the irmBackground.exe from running. This is part of the IRM Desktop and holds open a lock to the offline database. Either kill this from task manager or use pskillas part of the script.

    Read the article

  • Information Rights Management 11g Release Highlights

    - by andy.peet
    Broader Enterprise Reach Built on Fusion Middleware and Java EE Broad platform certifications Standard 27 Oracle languages SSO authentication: OAM, Windows auth, Basic auth to LDAP Extensible, First-Class Security Extensible classification model for application integrations FIPS 140-2 certification Hardware Security Module for key storage Usability and Templates New Web-based management console Best practice rights model: global roles and templates For more information see the new information available on OTN, including the Developer Area and whitepaper, and of course the IRM Blog.

    Read the article

  • WCF service hosted in IIS7 with administrator rights?

    - by Allan Baker
    Hello, How do I grant administrator rights to a running WCF service hosted in IIS7? The problem is, my code works fine in a test console application runned as an administrator, but the same code used from WCF service in IIS7 fails. When I run the same console test application without admin rights, code fails. So, how do I grant admin rights to a WCF service hosted in IIS7? Do I grant admin rights to IIS7 service? Can I grant rights to a specific WCF service? How do I do 'Run as an administrator' on IIS7 or specific website? Thanks! (That's the question, here is a more detailed description of a situation: I am trying to capture frames from a webcam into a jpg file using Touchless library, and I can do that from a console application with admin rights. When I run that same console app without admin rights I cannot access a webcam in code. Same thing happens in a WCF service with the same code.)

    Read the article

  • New Oracle Information Rights Management release (11.1.1.3)

    - by Simon Thorpe
    Just released is the latest version of the market leading document security technology from Oracle. Oracle IRM 11g is the result of over 12 years of development and innovation to allow customers to provide persistent security to their most confidential documents and emails. This latest release continues our refinement of the technology and features the following; Continued improvements to the web based Oracle IRM Management Website New features in the out of the box classification model New Java APIs improving application integration support Support for DB2 as the IRM database. Over the coming months we will see more releases from this technology as we improve format support, platform support and continue the strategy to for Oracle IRM as the most secure, scalable and usable document security solution in the market. Want to learn more about Oracle IRM? View our video presentation and demonstration or try using it for your self via our simple online self service demo. Keep up to date on Oracle via this blog or on our Twitter, YouTube and Facebook pages.

    Read the article

  • New Supervised Users Feature Added to Beta Channel of Google Chrome and ChromeOS

    - by Akemi Iwaya
    Are you someone who loves using Google Chrome or ChromeOS, but have been frustrated by the lack of parental controls? Then this bit of news will definitely cheer you up! Google has introduced a new supervised users feature into the beta channels of Chrome and ChromeOS that will help you lock your browser or system down and better protect your children. Screenshot courtesy of Google Chrome Blog. The process of setting up supervised user accounts is basically the same as adding additional user accounts to your browser and/or system. Once you have the new user accounts added, then log into the supervised users homepage to start managing the level of access for each new account. You can learn more about the new supervised users feature, access instructions for setting up supervised accounts, and access the supervised users homepage via the links below. A beta preview: supervised users [Google Chrome Blog] Creating Supervised User Accounts [Google Support] Chrome Supervised Users Homepage     

    Read the article

  • The rights needed to change a AD LDAP password

    - by Luuky19
    What are the bare minimum rights you need to change an other persons LDAP password?. I'm working on a tool that allows a user to change his password. as the tool needs to be written in PHP the only problem is that you can't use a user account to change the password. to work around this we want to use an manger/admin account that can only change the passwords of all the other users. now the problem. we could not find the right rights to set so that the account was allowed to change the passwords. the only way it worked for us was if we made him domain-admin and that is something we don't want. So what are the minimum rights that some one needs to change a other person password with PHP? EDIT: Changed the title to fit the question better.

    Read the article

  • rake migration aborted: could not find table 'roles'

    - by user464180
    I just inherited code that I'm attempting to run the migrations for but I keep getting a rake aborted error. I've come across others that have what appears to be similar issues, but most involved Heroku and I'm trying to run this locally (to start.) I've tried troubleshooting using both PostgreSQL and SQLite, and both produce the same issue. The table "roles" referenced is the second migration called, so I'm having a hard time figuring out what is causing it to not get built. Any and all assistance is greatly appreciated. Thanks in advance. Here's the roles migration: class CreateRoles < ActiveRecord::Migration def change create_table :roles do |t| t.string :name t.timestamps end end end Here is the trace for SQLite: ** Invoke db:migrate (first_time) ** Invoke environment (first_time) ** Execute environment rake aborted! Could not find table 'roles' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/connection_adapters/sqlite_adapter.rb:470:in `table_structure' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/connection_adapters/sqlite_adapter.rb:351:in `columns' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/connection_adapters/schema_cache.rb:12:in `block in initialize' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/model_schema.rb:228:in `yield' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/model_schema.rb:228:in `default' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/model_schema.rb:228:in `columns' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/model_schema.rb:248:in `column_names' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/model_schema.rb:261:in `column_methods_hash' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/dynamic_matchers.rb:69:in `all_attributes_exists?' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/dynamic_matchers.rb:27:in `method_missing' /Users/sa/Documents/AptanaWorkspace/recprototype/config/initializ ers/constants.rb:1:in `<top (required)>' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:245:in `load' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:245:in `block in load' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:236:in `load_dependency' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:245:in `load' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/engi ne.rb:588:in `block (2 levels) in <class:Engine>' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/engi ne.rb:587:in `each' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/engi ne.rb:587:in `block in <class:Engine>' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/init ializable.rb:30:in `instance_exec' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/init ializable.rb:30:in `run' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/init ializable.rb:55:in `block in run_initializers' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/init ializable.rb:54:in `each' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/init ializable.rb:54:in `run_initializers' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/appl ication.rb:136:in `initialize!' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/rail tie/configurable.rb:30:in `method_missing' /Users/sa/Documents/AptanaWorkspace/recprototype/config/environme nt.rb:5:in `<top (required)>' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:251:in `require' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:251:in `block in require' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:236:in `load_dependency' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:251:in `require' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/appl ication.rb:103:in `require_environment!' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/appl ication.rb:292:in `block (2 levels) in initialize_tasks' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :205:in `call' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :205:in `block in execute' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :200:in `each' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :200:in `execute' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :158:in `block in invoke_with_call_chain' /Users/sa/.rvm/rubies/ruby-1.9.2-p318/lib/ruby/1.9.1/monitor.rb:201:in `mon_synchronize' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :151:in `invoke_with_call_chain' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :176:in `block in invoke_prerequisites' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :174:in `each' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :174:in `invoke_prerequisites' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :157:in `block in invoke_with_call_chain' /Users/sa/.rvm/rubies/ruby-1.9.2-p318/lib/ruby/1.9.1/monitor.rb:201:in `mon_synchronize' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :151:in `invoke_with_call_chain' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :144:in `invoke' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:116:in `invoke_task' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:94:in `block (2 levels) in top_level' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:94:in `each' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:94:in `block in top_level' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:133:in `standard_exception_handling' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:88:in `top_level' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:66:in `block in run' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:133:in `standard_exception_handling' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:63:in `run' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/bin/rake:33:in ` <top (required)>' /Users/sa/.rvm/gems/ruby-1.9.2-p318/bin/rake:19:in `load' /Users/sa/.rvm/gems/ruby-1.9.2-p318/bin/rake:19:in `<main>' Tasks: TOP => db:migrate => environment Here is the trace for PostgreSQL: ** Invoke db:migrate (first_time) ** Invoke environment (first_time) ** Execute environment rake aborted! PG::Error: ERROR: relation "roles" does not exist LINE 4: WHERE a.attrelid = '"roles"'::regclass ^ : SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a .attnotnull FROM pg_attribute a LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum WHERE a.attrelid = '"roles"'::regclass AND a.attnum > 0 AND NOT a.attisdropped ORDER BY a.attnum /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/connection_adapters/postgresql_adapter.rb:1106:in `async_exec' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/connection_adapters/postgresql_adapter.rb:1106:in `exec_no_cache' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/connection_adapters/postgresql_adapter.rb:650:in `block in exec_query' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/connection_adapters/abstract_adapter.rb:280:in `block in log' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/notifications/instrumenter.rb:20:in `instrument' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/connection_adapters/abstract_adapter.rb:275:in `log' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/connection_adapters/postgresql_adapter.rb:649:in `exec_query' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/connection_adapters/postgresql_adapter.rb:1231:in `column_definitions' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/connection_adapters/postgresql_adapter.rb:845:in `columns' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/connection_adapters/schema_cache.rb:12:in `block in initialize' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/model_schema.rb:228:in `yield' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/model_schema.rb:228:in `default' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/model_schema.rb:228:in `columns' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/model_schema.rb:248:in `column_names' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/model_schema.rb:261:in `column_methods_hash' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/dynamic_matchers.rb:69:in `all_attributes_exists?' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activerecord-3.2.1/lib/active _record/dynamic_matchers.rb:27:in `method_missing' /Users/sa/Documents/AptanaWorkspace/recprototype/config/initializ ers/constants.rb:1:in `<top (required)>' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:245:in `load' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:245:in `block in load' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:236:in `load_dependency' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:245:in `load' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/engi ne.rb:588:in `block (2 levels) in <class:Engine>' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/engi ne.rb:587:in `each' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/engi ne.rb:587:in `block in <class:Engine>' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/init ializable.rb:30:in `instance_exec' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/init ializable.rb:30:in `run' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/init ializable.rb:55:in `block in run_initializers' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/init ializable.rb:54:in `each' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/init ializable.rb:54:in `run_initializers' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/appl ication.rb:136:in `initialize!' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/rail tie/configurable.rb:30:in `method_missing' /Users/sa/Documents/AptanaWorkspace/recprototype/config/environme nt.rb:5:in `<top (required)>' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:251:in `require' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:251:in `block in require' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:236:in `load_dependency' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/activesupport-3.2.1/lib/activ e_support/dependencies.rb:251:in `require' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/appl ication.rb:103:in `require_environment!' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/railties-3.2.1/lib/rails/appl ication.rb:292:in `block (2 levels) in initialize_tasks' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :205:in `call' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :205:in `block in execute' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :200:in `each' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :200:in `execute' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :158:in `block in invoke_with_call_chain' /Users/sa/.rvm/rubies/ruby-1.9.2-p318/lib/ruby/1.9.1/monitor.rb:201:in `mon_synchronize' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :151:in `invoke_with_call_chain' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :176:in `block in invoke_prerequisites' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :174:in `each' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :174:in `invoke_prerequisites' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :157:in `block in invoke_with_call_chain' /Users/sa/.rvm/rubies/ruby-1.9.2-p318/lib/ruby/1.9.1/monitor.rb:201:in `mon_synchronize' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :151:in `invoke_with_call_chain' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/task.rb :144:in `invoke' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:116:in `invoke_task' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:94:in `block (2 levels) in top_level' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:94:in `each' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:94:in `block in top_level' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:133:in `standard_exception_handling' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:88:in `top_level' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:66:in `block in run' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:133:in `standard_exception_handling' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/lib/rake/applica tion.rb:63:in `run' /Users/sa/.rvm/gems/ruby-1.9.2-p318/gems/rake-0.9.2.2/bin/rake:33:in ` <top (required)>' /Users/sa/.rvm/gems/ruby-1.9.2-p318/bin/rake:19:in `load' /Users/sa/.rvm/gems/ruby-1.9.2-p318/bin/rake:19:in `<main>' Tasks: TOP => db:migrate => environment

    Read the article

  • No more admin users?

    - by Kevin
    I am trying to install 12.04 on a Windows 7 machine. I used the Windows installer because I can't get the USB to work. When using the Windows installer it uses the user name on Windows 7. I wanted to change the admin name and set up some standard users. For some reason the admin password would not work and it changed all the users to 'standard.' Now I cannot add any users. Should I just reinstall?

    Read the article

  • Who Are the BI Users in Your Neighborhood?

    - by Brian Dayton
    Forrester's Boris Evelson recently wrote a blog titled "Who are the BI Personas?" that I enjoyed for a number of reasons. It's a quick read, easy to grasp and (refreshingly) focuses on the users of technology VS the technology. As Evelson admits, he meant to keep the reference chart at a high-level because there are too many different permutations and additional sub-categories to make such a chart useful. For me, I wouldn't head into the technical permutations but more the contextual use of BI and the issues that users experience.  My thoughts brought up more questions than answers such as: Context: -          HOW: With the exception of the "Power User" persona--likely some sort of business or operations analyst? -          WHEN: Are they using the information to make real-time decisions on the front lines (a customer service manager or shipping/logistics VP) or are they using this information for cumulative analysis and business planning? Or both? -          WHERE: What areas of the business are more or less likely to rely on BI across an organization? Human Resources, Operations, Facilities, Finance--- and why are some more prone to use data-driven analysis than others? Issues: -          DELAYS & DRAG ON IT?: One of the persona characteristics Evelson calls out is a reliance on IT. Every persona except for the "Power User" has a heavy reliance on IT for support. What business issues or delays does that cause to users? What is the drag on IT resources who could potentially be creating instead of reporting? -          HOW MANY CLICKS: If BI is being used within the context of a transaction (sales manager looking for upsell opportunities as an example) is that person getting the information within the context of that action or transaction? Or are they minimizing screens, logging into another application or reporting tool, running queries, etc.?   Who are the BI Users in your neighborhood or line of business? Do Evelson's personas resonate--and do the tools that he calls out (he refers to it as "BI Style") resonate with what your personas have or need? Finally, I'm very interested if BI use is viewed as  a bolt-on...or an integrated part of your daily enterprise processes?

    Read the article

  • Creating an Alternate Install CD with pre installed users

    - by juzerali
    I want to create my own customized Ubuntu derivative and this question already gave me a very good start. My requirements are quite specific I want to roll out a CD with Set of users who are supposed to run them (root, admin, guest) pre-installed With their passwords already set Installation not asking for creating users on booting or during OS installation Autologin to guest user Is this even possible? Thanks to the community in advance :)

    Read the article

  • Creating a live CD with pre installed users

    - by juzerali
    I want to create my own customized Ubuntu derivative and this question already gave me a very good start. My requirements are quite specific I want to roll out a CD with Set of users who are supposed to run them (root, admin, guest) pre-installed With their passwords already set Installation not asking for creating users on booting or during OS installation Autologin to guest user Is this even possible? Thanks to the community in advance :)

    Read the article

  • force users to activate account before using service?

    - by fxuser
    i am not sure if this is the correct SE site to post this, but ill go on... So at the moment i force my users to activate their account upon registration if they want to sign in. I see some decent sites let their users sign in and use their features even their account is not activated and just show a message on top of the page letting them know that their account is not yet activated and that you need to activate it. So which practice is best? Should i stick with that i have or change it?

    Read the article

  • How to get useful feedback/bug reports from users

    - by Mikael Eliasson
    I'm sure most webmasters have recived a mail like this: Creating [insert item here] is not working! When you check it out there is no general problem with the function but rather the user has discovered an edge case. Almost every mail I get is like this and in the long run it gets a bit annoying to always have to ask the user for more information. Is there anything I can do to get my users provide more useful feedback? Right now I have a mailto: for the webmaster mail in the page footer. I was thinking of changing this so that they have to report through a form on the site. Anyone got any experience with this? Do you get better/more reports by having a feedback form instead of giving the users the email?

    Read the article

  • Methodologies for Managing Users and Access?

    - by MadBurn
    This is something I'm having a hard time getting my head around. I think I might be making it more complicated than it is. What I'm trying to do is develop a method to store users in a database with varying levels of access, throughout different applications. I know this has been done before, but I don't know where to find how they did it. Here is an example of what I need to accomplish: UserA - Access to App1, App3, App4 & can add new users to App3, but not 4 or 1. UserB - Access to App2 only with ReadOnly access. UserC - Access to App1 & App4 and is able to access Admin settings of both apps. In the past I've just used user groups. However, I'm reaching a phase where I need a bit more control over each individual user's access to certain parts of the different applications. I wish this were as cut and dry as being able to give a user a role and let each role inherit from the last. Now, this is what I need to accomplish. But, I don't know any methods of doing this. I could easily just design something that works, but I know this has been done and I know this has been studied and I know this problem has been solved by much better minds than my own. This is for a web application and using sql server 2008. I don't need to store passwords (LDAP) and the information I need to store is actually very limited. Basically just username and access.

    Read the article

  • Joomla Secondary Users

    - by Gaz_Edge
    Background I have a joomla based application. My customers sign up and they register as a user on the site. My customers (primary customers) then have their own space on the site that they can then setup their own customers (secondary customer). Question/Problem The problem I am having is that I need to tag each secondary customer to a primary customer. I thought about just creating a new component and having a separate table that includes all the secondary customers. The problem is that I then lose out on all the authentication, session handling and login/logout that the core joomla _users component offers. I then thought about just having all the users in the core _users table and add the primary customer associated with each secondary customer to a field in a profile plugin. This would work for the most part, but this means that primary customers cannot create a secondary customer with a user name that already exists in the _users table. I didn't think this would be an issue, but several of my primary customers (currently only test users) have been confused by the site telling them a username is not available, since they can only see the names of their own secondary customers. Any ideas on some architectural changes I could make to solve this?

    Read the article

  • users disappear from options menu when given uids under 1000

    - by Seamus
    I wanted to stop particular user names appearing in the list of names at the log in screen. I remembered reading that this could be achieved by changing the user id of the account to something less than 1000 (I think I made it 990). So I did this. That worked fine, but now when I wanted to change it back, the name is not appearing in the list of user accounts in the users and groups menu under administration. How do I modify the phantom account?

    Read the article

  • Migrate openldap users and groups

    - by user53864
    I have an OpenLDAP server running on one of my ubuntu 8.10 servers. I used command-line only for OpenLdap installation and some basic configurations, everything else I'll configure with the Webmin gui tool. I'm trying to migrate to ubuntu 10.04 and I was able to migrate all other servies, application and databases but not the ldap. I'm an ldap beginner: I have installed OpenLDAP server and client on ubuntu 10.04 server using the link and used the following command to export and import ldap users and groups To export from 8.10 server slapcat > ldap.ldif To import to 10.04 server Stop ldap and slapadd -l ldap.ldif and Start ldap Then I accessed Webmin and checked in Ldap users and groups and I could see all the users and groups of my old ldap server.Whenever I create an ldap user from the webmin(in 8.10 or 10.04) a unix user is also created with the home directory under /home. But the imported users in 10.04 from 8.10 are not present as a unix user(/etc/passwd). How could I make the ldap users available as a unix user, is there any perfect way to export and import?. I also wanted to check the ldap users from the terminal that if password is exported properly but I don't know how to access the ldap users which are not available as unix users. On 8.10, I just use su - ldapuser and it is not working in the 10.04 as unix users are not created for the exported ldap users. If every thing works fine then the CVS works as it is using ldap authentication. Anybody could help me?

    Read the article

  • Rights Expiry Options in IRM 11g

    - by martin.abrahams
    Among the many enhancements in IRM 11g, we have introduced a couple of new rights expiry options that may be applied to any role. These options were supported in previous versions, but fell into the "advanced configuration" category. In 11g, the options can be applied simply by selecting a check-box in the properties of a role, as shown by the rather extreme example below, where the role allows access for just two minutes after they are sealed. The new options are: To define a role that expires automatically some period after it is assigned To define a role that evaluates expiry relative to the time that each document is sealed These options supplement the familiar options to allow open-ended access (limited by offline access and the ever-present option to revoke rights at any time) and the option to define time windows with specific start dates and end dates. The value of these options is easiest to illustrate with some publishing examples: You might define a role with a one year expiry to be assigned to users who purchase a one year subscription. For each individual user, the year would be calculated from the time that the role was assigned to them. You might define a role that allows documents to be accessed only for 24 hours from the time that they are published - perhaps as a preview mechanism designed to tempt users to sign up for a full subscription. Upon payment of a full fee, users can simply be reassigned a role that gives them greater access to exactly the same documents. In a corporate environment, you might use such roles for fixed term contractors or for workflows that involve information with a short lifespan, or perhaps as part of a compliance process that requires rights to be formally re-approved at intervals. Being role-based, the time constraints apply to any number of documents - including documents that have not yet been created. For example, a user with a one year subscription would have access to all documents published in the relevant classification during the year without any further configuration. Crucially, unlike other solutions, it is not the documents that expire, but the rights of particular users. Whereas some solutions make documents completely inaccessible for all users after expiry, Oracle IRM can allow some users to continue using documents while other users lose access. Equally crucially, a user whose rights have expired can always be granted fresh rights at any time - for example, because they renew their subscription or because a manager confirms that they still need the rights as part of a corporate compliance process. By applying expiry to rights rather than to documents, Oracle IRM avoids the risk of locking an organization out of its own information.

    Read the article

  • Oracle Enterprise Manager users present today at Oracle Users Forum

    - by Anand Akela
    Oracle Users Forum starts in a few minutes at Moscone West, Levels 2 & 3. There are more than hundreds of Oracle user sessions during the day. Many Oracle Oracle Enterprise Manager users are presenting today as well.  In addition, we will have a Twitter Chat today from 11:30 AM to 12:30 PM with IOUG leaders, Enterprise Manager SIG contributors and many speakers. You can participate in the chat using hash tag #em12c on Twitter.com or by going to  tweetchat.com/room/em12c      (Needs Twitter credential for participating).  Feel free to join IOUG and Enterprise team members at the User Group Pavilion on 2nd Floor, Moscone West. RSVP by going http://tweetvite.com/event/IOUG  . Don't miss the Oracle Open World welcome keynote by Larry Ellison this evening at 5 PM . Here is the complete list of Oracle Enterprise Manager sessions during the Oracle Users Forum : Time Session Title Speakers Location 8:00AM - 8:45AM UGF4569 - Oracle RAC Migration with Oracle Automatic Storage Management and Oracle Enterprise Manager 12c VINOD Emmanuel -Database Engineering, Dell, Inc. Wendy Chen - Sr. Systems Engineer, Dell, Inc. Moscone West - 2011 8:00AM - 8:45AM UGF10389 -  Monitoring Storage Systems for Oracle Enterprise Manager 12c Anand Ranganathan - Product Manager, NetApp Moscone West - 2016 9:00AM - 10:00AM UGF2571 - Make Oracle Enterprise Manager Sing and Dance with the Command-Line Interface Ray Smith - Senior Database Administrator, Portland General Electric Moscone West - 2011 10:30AM - 11:30AM UGF2850 - Optimal Support: Oracle Enterprise Manager 12c Cloud Control, My Oracle Support, and More April Sims - DBA, Southern Utah University Moscone West - 2011 12:30PM-2:00PM UGF5131 - Migrating from Oracle Enterprise Manager 10g Grid Control to 12c Cloud Control    Leighton Nelson - Database Administrator, Mercy Moscone West - 2011 2:15PM-3:15PM UGF6511 -  Database Performance Tuning: Get the Best out of Oracle Enterprise Manager 12c Cloud Control Mike Ault - Oracle Guru, TEXAS MEMORY SYSTEMS INC Tariq Farooq - CEO/Founder, BrainSurface Moscone West - 2011 3:30PM-4:30PM UGF4556 - Will It Blend? Verifying Capacity in Server and Database Consolidations Jeremiah Wilton - Database Technology, Blue Gecko / DatAvail Moscone West - 2018 3:30PM-4:30PM UGF10400 - Oracle Enterprise Manager 12c: Monitoring, Metric Extensions, and Configuration Best Practices Kellyn Pot'Vin - Sr. Technical Consultant, Enkitec Moscone West - 2011 Stay Connected: Twitter |  Face book |  You Tube |  Linked in |  Newsletter

    Read the article

  • Checking if app can run without admin rights?

    - by overtherainbow
    Hello To get Windows users to log on as regular users instead of admin, I need to check that all their applications run OK with limited rights. Is there an application specifically aimed at checking that an application can run with limited rights, or is SysInternals' Process Monitor what everyone uses for this purpose? Thank you.

    Read the article

  • Adding additional users to Ubuntu server and configuring Samba

    - by Ben
    I have installed Ubuntu Server 12.10 and during the install created a user for myself ben, I now wish to add a second user bill. I have an external drive that I have mounted to /media/storage and created a shared folder called Share, the owner of the folder is ben:ben, how do I grant bill access to the folder? I don't want to put him in the group ben. Once setup, I need to configure Samba & NFS, here is my Samba configuration [Share] path = /media/storage/Share read only = no public = yes writeable = yes force user = ben How do I give both bill and ben access to the share via Samba? Thank you.

    Read the article

  • Unity greeter background not changing for users automatically after upgrade

    - by bioShark
    I have recently upgraded from 11.10 to 12.04. Normal upgrade, no new installation. In 11.10 I was using Simple LightDM Manager tool to set a custom wallpaper on the login screen. This tool unfortunately doesn't seem to do anything since I have upgraded. I have also heard that 12.04 is suppose to have this feature (changing login wallpaper per different user) by default. I have searched in settings but unfortunately in vain. So, to keep it short, could somebody direct me to the option(s) page where I can make the desired changes.

    Read the article

  • What's the best way to move c:\users to d:\users under vista/W7

    - by Scott
    I just installed Windows 7 RC1 and want to move c:\users to d:\users. What's the best way to do this? Due to the fact that Windows 7 creates a reserved partition that is mounted as C: in the recovery console, I had to use the following commands robocopy /mir /xj D:\Users E:\Users mklink D:\Users D:\Users /j Both D's in the mklink command are correct. When the system reboots, the drive that was D in the recovery console becomes the C drive.

    Read the article

  • Users database empty after Samba3 to Samba4 migration on different servers

    - by ouzmoutous
    I have to migrate a Samba 3 to a new Samba 4 server. My problem is that the database on the samba 3 server seems a bit empty. The secrets.dtb file is only 20K whereas the “pbedit -L |wc -l”command give me 16970 lines. On my Samba3 /var/lib/samba is 1,5M After I had migrate the databse (following instructions on http://dev.tranquil.it/index.php/SAMBA_-_Migration_Samba3_Samba4), “pdbedit -L” command on the new server give me only : SAMBA4$, Administrator, dns-samba4, krbtgt and nobody. So I tried to create a VM with a Samba3. I added some users, done the same things I did for the migration and now I can see the users created on the VM. It’s like users on the Samba 3 server are in a sort of cache. I already migrate the /etc/{passwd,shadow,group} files and I can see users with the “getent passwd” command. Any ideas why my users are present when I use pdbedit but the database is so empty ? The global part of my smb.conf on the Samba 3 server : [global] workgroup = INTERNET netbios name = PDC-SMB3 server string = %h server interfaces = eth0 obey pam restrictions = Yes passdb backend = smbpasswd passwd program = /usr/bin/passwd %u passwd chat = *new* %n\n *Re* %n\n *pa* username map = /etc/samba/smbusers unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%U max log size = 1000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/useradd -s /bin/false -m '%u' -g users delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u' -g machines logon script = logon.cmd logon home = \\$L\%U domain logons = Yes os level = 255 preferred master = Yes local master = Yes domain master = Yes dns proxy = No ldap ssl = no panic action = /usr/share/samba/panic-action %d invalid users = root admin users = admin, root, administrateur log level = 2

    Read the article

  • Quick guide to Oracle IRM 11g: Classification design

    - by Simon Thorpe
    Quick guide to Oracle IRM 11g indexThis is the final article in the quick guide to Oracle IRM. If you've followed everything prior you will now have a fully functional and tested Information Rights Management service. It doesn't matter if you've been following the 10g or 11g guide as this next article is common to both. ContentsWhy this is the most important part... Understanding the classification and standard rights model Identifying business use cases Creating an effective IRM classification modelOne single classification across the entire businessA context for each and every possible granular use caseWhat makes a good context? Deciding on the use of roles in the context Reviewing the features and security for context roles Summary Why this is the most important part...Now the real work begins, installing and getting an IRM system running is as simple as following instructions. However to actually have an IRM technology easily protecting your most sensitive information without interfering with your users existing daily work flows and be able to scale IRM across the entire business, requires thought into how confidential documents are created, used and distributed. This article is going to give you the information you need to ask the business the right questions so that you can deploy your IRM service successfully. The IRM team here at Oracle have over 10 years of experience in helping customers and it is important you understand the following to be successful in securing access to your most confidential information. Whatever you are trying to secure, be it mergers and acquisitions information, engineering intellectual property, health care documentation or financial reports. No matter what type of user is going to access the information, be they employees, contractors or customers, there are common goals you are always trying to achieve.Securing the content at the earliest point possible and do it automatically. Removing the dependency on the user to decide to secure the content reduces the risk of mistakes significantly and therefore results a more secure deployment. K.I.S.S. (Keep It Simple Stupid) Reduce complexity in the rights/classification model. Oracle IRM lets you make changes to access to documents even after they are secured which allows you to start with a simple model and then introduce complexity once you've understood how the technology is going to be used in the business. After an initial learning period you can review your implementation and start to make informed decisions based on user feedback and administration experience. Clearly communicate to the user, when appropriate, any changes to their existing work practice. You must make every effort to make the transition to sealed content as simple as possible. For external users you must help them understand why you are securing the documents and inform them the value of the technology to both your business and them. Before getting into the detail, I must pay homage to Martin White, Vice President of client services in SealedMedia, the company Oracle acquired and who created Oracle IRM. In the SealedMedia years Martin was involved with every single customer and was key to the design of certain aspects of the IRM technology, specifically the context model we will be discussing here. Listening carefully to customers and understanding the flexibility of the IRM technology, Martin taught me all the skills of helping customers build scalable, effective and simple to use IRM deployments. No matter how well the engineering department designed the software, badly designed and poorly executed projects can result in difficult to use and manage, and ultimately insecure solutions. The advice and information that follows was born with Martin and he's still delivering IRM consulting with customers and can be found at www.thinkers.co.uk. It is from Martin and others that Oracle not only has the most advanced, scalable and usable document security solution on the market, but Oracle and their partners have the most experience in delivering successful document security solutions. Understanding the classification and standard rights model The goal of any successful IRM deployment is to balance the increase in security the technology brings without over complicating the way people use secured content and avoid a significant increase in administration and maintenance. With Oracle it is possible to automate the protection of content, deploy the desktop software transparently and use authentication methods such that users can open newly secured content initially unaware the document is any different to an insecure one. That is until of course they attempt to do something for which they don't have any rights, such as copy and paste to an insecure application or try and print. Central to achieving this objective is creating a classification model that is simple to understand and use but also provides the right level of complexity to meet the business needs. In Oracle IRM the term used for each classification is a "context". A context defines the relationship between.A group of related documents The people that use the documents The roles that these people perform The rights that these people need to perform their role The context is the key to the success of Oracle IRM. It provides the separation of the role and rights of a user from the content itself. Documents are sealed to contexts but none of the rights, user or group information is stored within the content itself. Sealing only places information about the location of the IRM server that sealed it, the context applied to the document and a few other pieces of metadata that pertain only to the document. This important separation of rights from content means that millions of documents can be secured against a single classification and a user needs only one right assigned to be able to access all documents. If you have followed all the previous articles in this guide, you will be ready to start defining contexts to which your sensitive information will be protected. But before you even start with IRM, you need to understand how your own business uses and creates sensitive documents and emails. Identifying business use cases Oracle is able to support multiple classification systems, but usually there is one single initial need for the technology which drives a deployment. This need might be to protect sensitive mergers and acquisitions information, engineering intellectual property, financial documents. For this and every subsequent use case you must understand how users create and work with documents, to who they are distributed and how the recipients should interact with them. A successful IRM deployment should start with one well identified use case (we go through some examples towards the end of this article) and then after letting this use case play out in the business, you learn how your users work with content, how well your communication to the business worked and if the classification system you deployed delivered the right balance. It is at this point you can start rolling the technology out further. Creating an effective IRM classification model Once you have selected the initial use case you will address with IRM, you need to design a classification model that defines the access to secured documents within the use case. In Oracle IRM there is an inbuilt classification system called the "context" model. In Oracle IRM 11g it is possible to extend the server to support any rights classification model, but the majority of users who are not using an application integration (such as Oracle IRM within Oracle Beehive) are likely to be starting out with the built in context model. Before looking at creating a classification system with IRM, it is worth reviewing some recognized standards and methods for creating and implementing security policy. A very useful set of documents are the ISO 17799 guidelines and the SANS security policy templates. First task is to create a context against which documents are to be secured. A context consists of a group of related documents (all top secret engineering research), a list of roles (contributors and readers) which define how users can access documents and a list of users (research engineers) who have been given a role allowing them to interact with sealed content. Before even creating the first context it is wise to decide on a philosophy which will dictate the level of granularity, the question is, where do you start? At a department level? By project? By technology? First consider the two ends of the spectrum... One single classification across the entire business Imagine that instead of having separate contexts, one for engineering intellectual property, one for your financial data, one for human resources personally identifiable information, you create one context for all documents across the entire business. Whilst you may have immediate objections, there are some significant benefits in thinking about considering this. Document security classification decisions are simple. You only have one context to chose from! User provisioning is simple, just make sure everyone has a role in the only context in the business. Administration is very low, if you assign rights to groups from the business user repository you probably never have to touch IRM administration again. There are however some obvious downsides to this model.All users in have access to all IRM secured content. So potentially a sales person could access sensitive mergers and acquisition documents, if they can get their hands on a copy that is. You cannot delegate control of different documents to different parts of the business, this may not satisfy your regulatory requirements for the separation and delegation of duties. Changing a users role affects every single document ever secured. Even though it is very unlikely a business would ever use one single context to secure all their sensitive information, thinking about this scenario raises one very important point. Just having one single context and securing all confidential documents to it, whilst incurring some of the problems detailed above, has one huge value. Once secured, IRM protected content can ONLY be accessed by authorized users. Just think of all the sensitive documents in your business today, imagine if you could ensure that only everyone you trust could open them. Even if an employee lost a laptop or someone accidentally sent an email to the wrong recipient, only the right people could open that file. A context for each and every possible granular use case Now let's think about the total opposite of a single context design. What if you created a context for each and every single defined business need and created multiple contexts within this for each level of granularity? Let's take a use case where we need to protect engineering intellectual property. Imagine we have 6 different engineering groups, and in each we have a research department, a design department and manufacturing. The company information security policy defines 3 levels of information sensitivity... restricted, confidential and top secret. Then let's say that each group and department needs to define access to information from both internal and external users. Finally add into the mix that they want to review the rights model for each context every financial quarter. This would result in a huge amount of contexts. For example, lets just look at the resulting contexts for one engineering group. Q1FY2010 Restricted Internal - Engineering Group 1 - Research Q1FY2010 Restricted Internal - Engineering Group 1 - Design Q1FY2010 Restricted Internal - Engineering Group 1 - Manufacturing Q1FY2010 Restricted External- Engineering Group 1 - Research Q1FY2010 Restricted External - Engineering Group 1 - Design Q1FY2010 Restricted External - Engineering Group 1 - Manufacturing Q1FY2010 Confidential Internal - Engineering Group 1 - Research Q1FY2010 Confidential Internal - Engineering Group 1 - Design Q1FY2010 Confidential Internal - Engineering Group 1 - Manufacturing Q1FY2010 Confidential External - Engineering Group 1 - Research Q1FY2010 Confidential External - Engineering Group 1 - Design Q1FY2010 Confidential External - Engineering Group 1 - Manufacturing Q1FY2010 Top Secret Internal - Engineering Group 1 - Research Q1FY2010 Top Secret Internal - Engineering Group 1 - Design Q1FY2010 Top Secret Internal - Engineering Group 1 - Manufacturing Q1FY2010 Top Secret External - Engineering Group 1 - Research Q1FY2010 Top Secret External - Engineering Group 1 - Design Q1FY2010 Top Secret External - Engineering Group 1 - Manufacturing Now multiply the above by 6 for each engineering group, 18 contexts. You are then creating/reviewing another 18 every 3 months. After a year you've got 72 contexts. What would be the advantages of such a complex classification model? You can satisfy very granular rights requirements, for example only an authorized engineering group 1 researcher can create a top secret report for access internally, and his role will be reviewed on a very frequent basis. Your business may have very complex rights requirements and mapping this directly to IRM may be an obvious exercise. The disadvantages of such a classification model are significant...Huge administrative overhead. Someone in the business must manage, review and administrate each of these contexts. If the engineering group had a single administrator, they would have 72 classifications to reside over each year. From an end users perspective life will be very confusing. Imagine if a user has rights in just 6 of these contexts. They may be able to print content from one but not another, be able to edit content in 2 contexts but not the other 4. Such confusion at the end user level causes frustration and resistance to the use of the technology. Increased synchronization complexity. Imagine a user who after 3 years in the company ends up with over 300 rights in many different contexts across the business. This would result in long synchronization times as the client software updates all your offline rights. Hard to understand who can do what with what. Imagine being the VP of engineering and as part of an internal security audit you are asked the question, "What rights to researchers have to our top secret information?". In this complex model the answer is not simple, it would depend on many roles in many contexts. Of course this example is extreme, but it highlights that trying to build many barriers in your business can result in a nightmare of administration and confusion amongst users. In the real world what we need is a balance of the two. We need to seek an optimum number of contexts. Too many contexts are unmanageable and too few contexts does not give fine enough granularity. What makes a good context? Good context design derives mainly from how well you understand your business requirements to secure access to confidential information. Some customers I have worked with can tell me exactly the documents they wish to secure and know exactly who should be opening them. However there are some customers who know only of the government regulation that requires them to control access to certain types of information, they don't actually know where the documents are, how they are created or understand exactly who should have access. Therefore you need to know how to ask the business the right questions that lead to information which help you define a context. First ask these questions about a set of documentsWhat is the topic? Who are legitimate contributors on this topic? Who are the authorized readership? If the answer to any one of these is significantly different, then it probably merits a separate context. Remember that sealed documents are inherently secure and as such they cannot leak to your competitors, therefore it is better sealed to a broad context than not sealed at all. Simplicity is key here. Always revert to the first extreme example of a single classification, then work towards essential complexity. If there is any doubt, always prefer fewer contexts. Remember, Oracle IRM allows you to change your mind later on. You can implement a design now and continue to change and refine as you learn how the technology is used. It is easy to go from a simple model to a more complex one, it is much harder to take a complex model that is already embedded in the work practice of users and try to simplify it. It is also wise to take a single use case and address this first with the business. Don't try and tackle many different problems from the outset. Do one, learn from the process, refine it and then take what you have learned into the next use case, refine and continue. Once you have a good grasp of the technology and understand how your business will use it, you can then start rolling out the technology wider across the business. Deciding on the use of roles in the context Once you have decided on that first initial use case and a context to create let's look at the details you need to decide upon. For each context, identify; Administrative rolesBusiness owner, the person who makes decisions about who may or may not see content in this context. This is often the person who wanted to use IRM and drove the business purchase. They are the usually the person with the most at risk when sensitive information is lost. Point of contact, the person who will handle requests for access to content. Sometimes the same as the business owner, sometimes a trusted secretary or administrator. Context administrator, the person who will enact the decisions of the Business Owner. Sometimes the point of contact, sometimes a trusted IT person. Document related rolesContributors, the people who create and edit documents in this context. Reviewers, the people who are involved in reviewing documents but are not trusted to secure information to this classification. This role is not always necessary. (See later discussion on Published-work and Work-in-Progress) Readers, the people who read documents from this context. Some people may have several of the roles above, which is fine. What you are trying to do is understand and define how the business interacts with your sensitive information. These roles obviously map directly to roles available in Oracle IRM. Reviewing the features and security for context roles At this point we have decided on a classification of information, understand what roles people in the business will play when administrating this classification and how they will interact with content. The final piece of the puzzle in getting the information for our first context is to look at the permissions people will have to sealed documents. First think why are you protecting the documents in the first place? It is to prevent the loss of leaking of information to the wrong people. To control the information, making sure that people only access the latest versions of documents. You are not using Oracle IRM to prevent unauthorized people from doing legitimate work. This is an important point, with IRM you can erect many barriers to prevent access to content yet too many restrictions and authorized users will often find ways to circumvent using the technology and end up distributing unprotected originals. Because IRM is a security technology, it is easy to get carried away restricting different groups. However I would highly recommend starting with a simple solution with few restrictions. Ensure that everyone who reasonably needs to read documents can do so from the outset. Remember that with Oracle IRM you can change rights to content whenever you wish and tighten security. Always return to the fact that the greatest value IRM brings is that ONLY authorized users can access secured content, remember that simple "one context for the entire business" model. At the start of the deployment you really need to aim for user acceptance and therefore a simple model is more likely to succeed. As time passes and users understand how IRM works you can start to introduce more restrictions and complexity. Another key aspect to focus on is handling exceptions. If you decide on a context model where engineering can only access engineering information, and sales can only access sales data. Act quickly when a sales manager needs legitimate access to a set of engineering documents. Having a quick and effective process for permitting other people with legitimate needs to obtain appropriate access will be rewarded with acceptance from the user community. These use cases can often be satisfied by integrating IRM with a good Identity & Access Management technology which simplifies the process of assigning users the correct business roles. The big print issue... Printing is often an issue of contention, users love to print but the business wants to ensure sensitive information remains in the controlled digital world. There are many cases of physical document loss causing a business pain, it is often overlooked that IRM can help with this issue by limiting the ability to generate physical copies of digital content. However it can be hard to maintain a balance between security and usability when it comes to printing. Consider the following points when deciding about whether to give print rights. Oracle IRM sealed documents can contain watermarks that expose information about the user, time and location of access and the classification of the document. This information would reside in the printed copy making it easier to trace who printed it. Printed documents are slower to distribute in comparison to their digital counterparts, so time sensitive information in printed format may present a lower risk. Print activity is audited, therefore you can monitor and react to users abusing print rights. Summary In summary it is important to think carefully about the way you create your context model. As you ask the business these questions you may get a variety of different requirements. There may be special projects that require a context just for sensitive information created during the lifetime of the project. There may be a department that requires all information in the group is secured and you might have a few senior executives who wish to use IRM to exchange a small number of highly sensitive documents with a very small number of people. Oracle IRM, with its very flexible context classification system, can support all of these use cases. The trick is to introducing the complexity to deliver them at the right level. In another article i'm working on I will go through some examples of how Oracle IRM might map to existing business use cases. But for now, this article covers all the important questions you need to get your IRM service deployed and successfully protecting your most sensitive information.

    Read the article

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >