Example: Only MyExe.exe and the Administrator is allowed to access folder "c:\MyExeFiles", no other program.
I don't think that this is possible.
But you can run the app under another user account. See the RunAs command.
Folder rights can be limited per user or user groups, so as far as I know the only was is to assign another user exclusive rights to the folder along with Administrators and deny others and use the RunAs command to run the program as that user
Related
Iam trying to determine the minimum user rights , roles I can assign a user just so they can pull information from Azure AD, etc.
Currently the commands I am looking into are : Get-AzureADDevice , Get-AzureADUser, Get-MsolDevice.
All documentation I find just lists uses, examples etc. but not rights and I am currently unable to test out a case by case from normal user up to admin to find which rights are required.
Assigned the Global Reader role to the user and tested one of the given commands (Get-AzureADUser) in the Question.
Tried to update the user but not possible due to the role permission restrictions.
Note: Global Reader - Can read everything that a Global Administrator can, but not update anything.
Updated Answer:
Assigned the Directory Reader Role to the user and checked the workflow, able to get the information but not successful to update or do management work like updating/modifying the information using Azure Active Directory PowerShell Commands:
Workaround Result:
Note: Directory Reader Role - Can read basic directory information. Commonly used to grant directory read access to applications and guests.
Depending on your requirement, you can choose any of the above RBAC for the user.
I want to set a file permission according to user privilege level (like Administrator, Operator, User, etc.,). I want to assign root permissions to user's that who have administrator privilege. If possible how to set. Thanks in advance.
Yes.
"Like Administrator, Operator, User, etc" are all examples of roles. In Linux (as in Windows), a common way implement roles is is to use groups.
Create (or use an existing) group, set ownership and permissions on the resource, and assign users to the group.
You might also be interested in Role Based Access Control (RBAC) provided by SELinux. SELinux is a feature available for most Linux distros:
http://www.ukfast.co.uk/blog/2010/08/16/role-based-access-controls-in-enterprise-linux-6/
http://selinuxproject.org/
http://www.ibm.com/developerworks/library/l-rbac-selinux/
my program (C:\Program Files\MyApp\Myprog) starts with windows startup; at device insertion Myprog.exe invokes another program (C:\Windows\comp.exe). this process works fine in the admin account in which I install the program but Myprog.exe is unable to invoke comp.exe when users account is changed. I want (C:\Windows\comp.exe) to be invoke in each type of account e.g admin group accounts and non-admin accounts. please help
you have to add more information. Is it possible that the invoked program has to be run as administrator because of what it has to accomplish needs elevated permissions?
i'm using Sitecore 6.5.
I want to configure a Sitecore role to access the /system folder from the content editor.
(my end goal is to have certain user to access and edit the webforms in /system/modules/web forms for marketeers)
I have granted read rights to the system folder on the role, but the /system folder does not appear in the content editor tree.
I guess if there is some other security preventing the users to see the system folder?
I can only get a view on the system folder by granting full admin rights to the user.
First off, make sure the user has the Entire Tree and Hidden Items options ticked in the View tab.
Also, to check if it's access rights you can use the Access Viewer to see whether the user has access rights. If they don't you can click on the Read right (for instance) and see why they don't have access to the System node (for example, which role Denies the read access).
For more information, please check the Security Reference document on SDN.
I have a dedicated Linux web server with many user accounts on it. The user accounts are all located in /home/[userid] directories. I am able to create Perl scripts that run within each of my users’ accounts that can access files only within their own account, but now I need to create a script that can run “above” the users’ accounts and be able to access a file within any specified user’s account.
Currently, I have a script that uses Net::FTP to retrieve the needed file from each account so I can extract the necessary data from it, but of course, it’s slow to FTP into every account. Since the accounts are merely directories on the server, I’m looking for a way to run a Perl script in a way that it can access each account directory and simply open the required file and return the requested data for the specified account.
How can I accomplish this?
You should login as a user that has access to all the user directories (e.g. root). For security reasons, it might be safer to use sftp or some other encrypted connection.