I have been wracking my brain on how to solve this issue for hours now, and I know I'm not the first one to encounter it.
I am having trouble granting anonymous users access to node content in Drupal 6.15. I have tried everything, including inserts to MySQL, checking and double-checking every permissions setting available (yes, I have enabled "Access content"), rebuilding permissions, and clearing the cache. I have disabled custom modules in hopes of clearing out a conflict but still no luck. Anonymous users get the "Access Denied" page everywhere but on a custom calendar View page.
I have tried these queries, but they are just duplicates of what is already there:
INSERT INTO users (uid, name, mail) VALUES (0, '', '');
INSERT INTO users_roles (uid, rid) VALUES (0, 1);
INSERT INTO node_access VALUES (0, 0, 'all', 1, 0, 0);
My only glimmer of hope: the Devel Module's "Access Permissions by User" display indeed shows that user:Anonymous cannot view content (SEE IMAGE). It raises a baffling question: how is it that "All users may view all nodes" while user:Anonymous simultaneously has "NO:access content" ???
This is driving me nuts. If anyone can alert me as to what I am doing wrong, I will jump up and down in excitement, and buy you a beer if you are in Seattle.
THANKS!
alt text http://seethreeblog.com/images/devel.png
This is very typical of Drupal: permissions problems. While I'm aware I'll probably be unable to offer the correct answer, maybe at least I'll trigger some revolutionary idea in you that will help you solve the problem.
While node access is a standard permission that should be on, there are others that might restrict the users. Do you have freelinking on? If so, check that the freelinking access is also on. You might want to make sure that access control modules (ACL and ones that rely on it, such as Forum Access) don't get in the way. Also, taxonomy access control can be a pain: I've had problems with Taxonomy Access Control Lite (tac_lite). Try disabling it too if you have it.
I apologise for not being able to offer anything more specific than this, but Drupal is just like that. Solving permissions issues rarely requires hacking the code.
Via Drupal: http://drupal.org/node/64114
This one did it for me:
'Did you try rebuilding permissions? Go to admin/content/node-settings and click "Rebuild permissions".'
I've had exactly the same problem since upgrading from 6.14 to 6.15. Tried only on 2 difference local OSX systems, so intrigued to find your server related problems... is PHP version related - I'm running PHP5.2 on all installs.
Rebuilt permissions table and looked at every conceivable user permission, but anon users get the same 'Please Login to Continue'. Looks like it's worth posting an issue in the Drupal issue queue.
Since I went to 6.15 I've had problems with permissions left and right. The site wasn't 100% debugged in 6.14 so I can't say logically it definitely was 6.15's fault, but my intuitions can and do say so.
I have a role I call content manager that has all the CRUD (create, read, update, delete) permissions on all content types.
To let the System Admin (user #1) edit stories I had to give it that role. Right now I'm having problems letting that role edit stories. A user with that role assigned gets 'access denied' errors.
The only other module I have that manipulates permissions is 'role delegation' so certain end users can be given access to assigning roles, but not edit roles or to assigning permissions to roles. I still have to chase down this and the possibility of a corrupt permission table. But the possibility that 6.15 is the culprit still exists.
Related
I have 2 issues going on with TFS.
We have 2 active directory roles set up for TFS and Visual Studio 2015: ADMINS and USERS. And we have one main Team Project.
We recently hired two contractors and added them to our USERS role. But what we have noticed is that on their machines, as soon as they start to edit the files, it shows as [lock, edit] where everyone else shows just [edit]. The primary difference that we know of is they have Windows 10 where the other developers are on Windows 7. I have been trying to troubleshoot this for the past week with no success. Any suggestions on what I can look at/query to find this? This isn't stopping us, but still having to workaround it.
Then mid morning one of these contractors was trying to edit some Shared Datasets. And now he keeps getting "Access to path [filepath] is denied" but so far it looks to only be happening on *.rsd and *.rds. He was able to create a Dataset, commit it to TFS. But then is unable to edit it. But he can then delete and commit the deletion to TFS. This is completely stopping him for working on these, so this is more of an issue currently.
I saw a post about checking the local file properties to see if it is read only. We did try to change the readonly setting. The file updated but it won't show in TFS Pending Changes or allow him to Undo the change. We currently have 3 solution with a ssrs project. He gets the same issue in all. I had another developer who is in the USERS role validate that she can edit.
Any suggestions on how I can trouble shoot these items is appreciated.
For the [lock, edit] issue, if the user select lock type (e.g Check in- ... Check Out-...) when Check Out for Edit... then it will show as [lock, edit].
For the "Access to path [filepath] is denied" issue, seems it's related to permission settings on your local machine or AD. So, please check if the user has the correct permission to access the the shared path/files. For the specific files, make sure they are not read-only.
To troubleshoot that, just try below things:
Try the contractor's account on other clients, (e.g on Windows 7) to
check if it has the same issue.
Try move the user from USERS role, then add the user separately
in TFS and give the corresponding permissions, then check if it has
the same issue.
Check Security and Version Control settings and make sure no
restrics.
Hi i am working on access 2007-2013 application with DSN-less linked, the application is working perfectly, but when i shared it with other users i am getting the following error
Run-time error '3328' table is read-only
i tried to enable the active x component in the application under options then go to trust center, and check [Never show information about blocked content]
also i noticed that when one user open the application the other user get this message
Could not lock file
how can i solve this issue? i know i have to go to do something under options, but what?
thank you
Like #AVG said, you're going to need split architecture.
This has to components:
Back End
This is where all of your tables will be stored. It is just another Access database, without Forms/Queries/Reports/Modules.
Front End
This is where you are going to Link to your Back End, and this WILL contain Forms/Queries/Reports/Modules, and create linked tables as well.
You're going to distribute this Front End to all of your users to solve these concurrency issues you're facing (people are editing records/viewing data and others are trying to write to that table and do other things at the same time, which Access doesn't like).
The Back End needs to be in a location where everyone has access to it.
I think in your question what you're asking for, would be this, but splitting the front end and back end is by far the best route to go. Simply turning off the security checks Access has in place to protect your data isn't advised in the least. It also helps reduce bloat.
For disabling record locks : Click the top left Office Button, Click Options, Click Advances. Select No Locks.
So I've been working on an application that has woeful access control up till now, and needs a proper solution ASAP. I've added in the CakePHP Auth and Acl components as per the tutorial in the Cookbook, and it all works pretty well, insofar as if I add a user manually, it creates an entry in the aros table appropriately, SHA1-hashes the password appropriately, all the good stuff.
Now for the bit that's proving a little beyond my skill level. We have 1000+ names in a database that need to become Users under the new system. I tried dumping them into the Users table with a MySQL query, but there are two issues:
(1) Doing things this way is not creating entries in the aros table. I'm pretty sure I can rig this up to work given time, but are there any shortcuts I might want to know about?
(2) This is the one that's causing me to scratch my head. When I add a user manually, their password is automagically SHA1-hashed. When I log in from the users/login page, the password I enter is correctly matched to the hashed password in the db, and I get access. However, no matter what I do to the passwords I dumped directly into the database, I can't get the log in page to grant access to them. Initially I hashed them with the MySQL SHA1 function; I understand this may not be a good idea, because Cake sprinkles in extra salt. I tried hashing them through Cake's Security::hash function. I tried letting Cake save each password into the Users table itself, letting it do whatever hashing it wanted behind the scenes without interference from me.
In none of these cases am I able to log in using one of these username/password combos. The passwords look good and hashed, and they match the passwords I'm entering after I apply Security::hash to them. What am missing that will enable me to get this working?
If I were in your position I'd build a Shell to handle doing this for you, that way you can utilize all of the stuff Cake has through that such as automatically adding a new ARO record and using Security::hash to handle the hashing prior to saving the record.
For the record, it wasn't a problem with hashing. I wasn't specifying the usergroup_id at the point of saving (was planning to set it later!). I guess you can't log in with an account that isn't part of a usergroup, even if your username/password combo is correct.
We have an access database on a file share that has permissions for everyone in the department to access. The problem i am having is that when multiple users try accessing the database at the same time they are unable to do this. One user can open the database fine but when another user tries to simultaneously, they double click the file icon, get an hour glass for a split second and nothing happens after. We are using Server 2003 as our domain controller. All permissions have been verified on both a domain level and in the access database under tools-options-advanced and setting relevent permissions to shared and no locks. Do you know what could be causing this issue with a "dead link" when user try to open the file simulateneously?
Any help is greatly appreciated.
Thanks.
Ignore the naysayers - Access is perfectly fine for a small number of users. Either you have the default Access settings to open dbs exclusive which will lock out other users or there is some weird network problem.
EDIT
- noticed you already have default shared access
- is record-level locking on?
- also try giving user full control of the shared network folder (Access needs read/write/create/delete to be able to create and delete the ldb file)
This issue occasionally happens to Access databases for almost no apparent reason. Of the suggested responses by Microsoft, you are already doing the second (opening from within Access) but I believe the first provides somewhat of the answer you are looking for.
In the target of the shortcut, include
the path of MSAccess.exe
According to Microsoft Help and Support
When you say share permissions, do the users have full permissions? Full permissions are needed because the share file (.ldb) must be created and deleted.
I am just recently experiencing the same issues, only one person can open the database. We only have 3 people accessing the same database through shorcuts on our desktop.
Now according to Microsoft we need to include the database path in our shortcut, I will tried that. They acknowledge this problem.
MS Access is not worth the trouble in a multi-user setup.
Your time is better spent converting the database over to a server-based RDBMS such as SQL server while you still have hair.
Believe me, you will have to do it sooner or later anyway! Sorry for the bad news.
I maintain an ms-access application splitted to frontend and backend files.
The frontend file is in the users conputers.
The backend file is in a shared folder in the server.
What is the lowest permissions required?
can I give some of the users only read-only permissions in that folder? (or hide it from them in some other way) but still enable them to view the data?
How should I give the best security to the data file and to the folder containing it?
Unfortunately, the lock file (ldb) must be created, updated and deleted. If a user with insufficient permissions opens the database, it will be locked for all other users, therefore all your users need Read/Write/Delete permissions on the back-end.
EDIT #1
The lock file must be created every time the database is opened, this includes via linked tables, and deleted when the database is closed. If a lock file exits and the database is closed, it indicates a problem has occurred. You will also run into problems with compact and repair if it is run with insufficient permissions.
Edit #2
Security for Access is quite a large subject and depends to a great extent on your environment and requirements, for the back-end, it ranges from a database password, which is tissue thin, but quite suitable for most offices, to Access security, which can be complicated and has been dropped in 2007. Here is a link http://support.microsoft.com/kb/207793 for a download for the Microsoft Access Security FAQ for versions < 2007.
Information on security for 2007 can be found here http://www.microsoft.com/technet/security/guidance/clientsecurity/2007office/default.mspx.
Many have suggested that you must give FULL permissions to users, but this is not true. You need only give them MODIFY permissions -- you can deny them DELETE permission, which is a good idea, as it prohibits the users from "accidentally" deleting your data file.
It is true that for a user with DELETE permissions, the LDB file will be deleted on exit when that user is the last user exiting the database. But it is not required that the LDB file be deleted -- indeed, in Access 2 and before, the LDB files were not deleted on exit, but just left there hanging around. This generally has no downside, but occasionally the LDB file gets corrupted and causes problems and really does need to be deleted and recreated afresh.
What I do is have two classes of database users (as defined in custom NT security groups specific to my Access application(s)) -- DBAdmins and everyone else. The DBAdmins have FULL permissions, everybody else only CHANGE. The result is that any time a DBAdmin exits as the final user, the LDB is deleted. This setup works really well, and I've been using it for well over a decade.
Using a hidden share for your back end is really only "security by obscurity," and not really worth the effort. Sophisticated users can figure it out through any number of methods (depending on how you've locked down your front end):
view the MSysObjects table and find
the CONNECT string for the tables,
which will identify the hidden
share.
examine the results of
CurrentDB.TableDefs("name of linked
table").Connect in the immediate window in
the VBE
Now, if you've properly secured your app using Jet user-level security (and it's very easy to think you've secured your database and find out that there are holes, simply because it's really easy to forget some of the crucial steps in the process), they won't be able to do this, but even if you have, Jet ULS security is crackable (it's pretty easy to Google it and find cracking software), so is not really something you should depend on 100%.
Yes - it resolves down to file access permissions as well as read/write. You can't execute any type of data update stuff (you'll get "operation requires an updateable query") unless the user supplies credentials that allow them to write, or you allow write on the file.
Running a query requires only read access.