SQL server Service Accounts permission

I will be changing the existing SQL Server Service accounts from the default to Domain accounts from the SSCM which i believe will set all the required permission. One thing I am not sure whether the service account needs to be added as database logins and if so what are the minimum permission needed.

custom permission level – Sharepoint Restricted View for all sites

I am not getting restricted view for all sites , I have used SharePoint Custom API for setting new role permission. now I want restricted view for all the site, can we add permission through rest API ? Is there any API which provide add custom permission ? I do not want to do it manually . What will be my approach ? Kindly guide me

sharepoint enterprise – “Sorry, something went wrong” on content search web part for users with Read permission

I have the following:-

  1. Team site collection with publishing features enabled.
  2. Inside the Team site collection home page I added multiple content search web parts (6 content search web parts).
  3. When users with Edit or Contribute permission access the home page they can view the content search web-parts without any problems.
  4. When users with Read permission, access the page they will get the following error, one each of the 6 content search web parts:

enter image description here

If I grant this user Edit permission then he can view the webpart, and if I grant him Read permission back the problem will occur again. also I have noted that when users with Read permission do a hard refresh for the browser “CTRL + F5” they can view the results, but if they navigate back to the page, they will receive the same error?

Here is the logs, where the page which will show the error is http://www.tgroup.intra:80/my%20dash/SitePages/Home.aspx:

10/18/2016 18:50:47.02  w3wp.exe (0x23F0)                           0x2660  SharePoint Foundation           Claims Authentication           amge7   Medium      SPFederationAuthenticationModule.IsRedirectToLogOnPage: Detected a redirection but the redirect is not to a known signin page: http://www.tgroup.intra/my dash/SitePages/Home.aspx  79b1ae9d-0cce-c0b7-30fc-0e3f1815a827
10/18/2016 18:50:47.02  w3wp.exe (0x23F0)                           0x1590  SharePoint Foundation           Request Management              adc7v   Medium      Reverse mapping URI from 'http://www.tgroup.intra/my dash/SitePages/Home.aspx' to 'http://www.tgroup.intra/my%20dash/SitePages/Home.aspx'   79b1ae9d-0cce-c0b7-30fc-0e3f1815a827
10/18/2016 18:50:47.02  w3wp.exe (0x23F0)                           0x1590  SharePoint Foundation           Micro Trace                     uls4    Medium      Micro Trace Tags: 0 nasq,0 adc7u,16 adc7v   79b1ae9d-0cce-c0b7-30fc-0e3f1815a827
10/18/2016 18:50:47.02  w3wp.exe (0x23F0)                           0x1590  SharePoint Foundation           Monitoring                      b4ly    Medium      Leaving Monitored Scope (Request (GET:http://www.tgroup.intra/my dash)). Execution Time=18.1161292845878    79b1ae9d-0cce-c0b7-30fc-0e3f1815a827
10/18/2016 18:50:47.02  w3wp.exe (0x23F0)                           0x1590  SharePoint Foundation           Claims Authentication           amge7   Medium      SPFederationAuthenticationModule.IsRedirectToLogOnPage: Detected a redirection but the redirect is not to a known signin page: http://www.tgroup.intra/my%20dash/SitePages/Home.aspx    79b1ae9d-0cce-c0b7-30fc-0e3f1815a827
10/18/2016 18:50:47.14  w3wp.exe (0x23F0)                           0x11DC  SharePoint Foundation           Monitoring                      nasq    Medium      Entering monitored scope (Request (GET:http://www.tgroup.intra/my dash/SitePages/Home.aspx)). Parent No  
10/18/2016 18:50:47.14  w3wp.exe (0x23F0)                           0x11DC  SharePoint Foundation           Logging Correlation Data        xmnv    Medium      Name=Request (GET:http://www.tgroup.intra/my dash/SitePages/Home.aspx)  79b1ae9d-ccd6-c0b7-30fc-0cc9c8b54620
10/18/2016 18:50:47.14  w3wp.exe (0x23F0)                           0x11DC  SharePoint Foundation           Request Management              adc7u   Medium      Mapping URI from 'http://www.tgroup.intra:80/my%20dash/SitePages/Home.aspx' to 'http://sps01/my%20dash/SitePages/Home.aspx' 79b1ae9d-ccd6-c0b7-30fc-0cc9c8b54620
10/18/2016 18:50:47.14  w3wp.exe (0x23F0)                           0x4720  SharePoint Foundation           Monitoring                      nasq    Medium      Entering monitored scope (Request (GET:http://www.tgroup.intra:80/my%20dash/SitePages/Home.aspx)). Parent No    

Also these logs which contain the word error:

10/18/2016 18:50:47.33  NodeRunnerQuery1-9004fabc-2086- (0x1268)    0x4B08  Search                          Query Processing                aizgn   Medium      Microsoft.Office.Server.Search.Query.Pipeline.Executors.QueryPipelineHardWiredFlowExecutor : (FlowExecutor)eventSearchFlowDone: 9004fabc-2086-478e-8581-605309dd8161, , Microsoft.ProductivitySearchFlow, 35,  Error= 874f4e09-3109-480d-aa95-5a33d9619907  874f4e09-3109-480d-aa95-5a33d9619907
10/18/2016 18:50:47.35  NodeRunnerQuery1-9004fabc-2086- (0x1268)    0x2AFC  Search                          Query Processing                aizgn   Medium      Microsoft.Office.Server.Search.Query.Pipeline.Executors.QueryPipelineHardWiredFlowExecutor : (FlowExecutor)eventSearchFlowDone: 9004fabc-2086-478e-8581-605309dd8161, , Microsoft.ProductivitySearchFlow, 47,  Error= 4d643631-bd5d-4843-b3a0-23c9818682b9  4d643631-bd5d-4843-b3a0-23c9818682b9
10/18/2016 18:50:47.36  NodeRunnerQuery1-9004fabc-2086- (0x1268)    0x2744  Search                          Query Processing                aizgn   Medium      Microsoft.Office.Server.Search.Query.Pipeline.Executors.QueryPipelineHardWiredFlowExecutor : (FlowExecutor)eventSearchFlowDone: 9004fabc-2086-478e-8581-605309dd8161, , Microsoft.ProductivitySearchFlow, 66,  Error= af0a51bd-7d11-473d-88c5-eb4fa63dcf2d  af0a51bd-7d11-473d-88c5-eb4fa63dcf2d

Can anyone advise me on this please?

EDIT
After hours of investigation i try changing the Loading Behavior for the content search web part from “Sync option: Issue query from the server. ” to “Async option: Issue query from the browser“. and the error is almost done. it will appear but in very less frequent !!

So now i am totally confused on the relation between; The Loading Behavior & READ/EDIT permission & the “Sorry, something went wrong” Error??

permission – What the heck is going on with Catalina? SIP disabled, sudo mounted -uw etc. Applications folder won’t move!

I have googled everything, I am desperate. I have installed Catalina yesterday and tried all the steps here (and more) that were logical to me. The thing is I have the feeling the current version has changed again (I read of the stuff you could do to get system read/write on Catalina but nothing works in my case). I have a parallel MacOS / Windows System with a third exFat partition and in Mojave and Lower I always create links for /Applications and /Users to put all non systemrelevant data into the exFat, it always worked fine (though, you have to make some adjustments in order to work with iCloud apps etc). I wanted to do the same, so I followed all the normal steps to create links for /Applications (also tried with /System/Volume/Data/Applications). But it does not work at all. Usually for example I ditto the /Application to the exFat partition and mv the old one into /Application.old (just to be safe), then I create the link. But I cannot rename or delete /Applications! Is it because they created Hard/systemlinks in Catalina?? I don’t get it. Will I be able to link out the folders to my exFat partition? Any suggestions?

How to revoke OAuth app permission?

The Microsoft docs explain in great detail how to set up an app and how to grant access. All of this works fine. On the OAuthAuthorize.aspx page I can choose to trust the app.

enter image description here

My question now is: How can I remove access for the app after trusting it?

I know that I can delete the security principal on AppPrincipals.aspx. But that removes app access for all users, right? So if 2 users (or 100 for the sake of the argument) have granted access and one of them doesn’t want to trust the app anymore, how does she/he remove it?

development – SystemUpdate() inside my remote event receive will raise “Access denied. You do not have permission to perform this action or access this resource.”

I have the following code inside my remote event receiver (which run on item added):-

 using (ClientContext context = TokenHelper.CreateRemoteEventReceiverClientContext(properties))
            {
              currentItem("OrderAssignToApprover2") = new FieldUserValue() { LookupId = spUser.Id };
              currentItem.SystemUpdate();

now if a non-admin user add an item then the remote event receiver will raise this error on the SystemUpdate():-

Access denied. You do not have permission to perform this action or access this resource.

but if admin user add an item then the remote event receiver will works fine OR if i change the remote event reicever to run using App Permsion, as follow:-

using (ClientContext context = Helpers.GetAppOnlyContext(properties.ItemEventProperties.WebUrl))
            {
              currentItem("OrderAssignToApprover2") = new FieldUserValue() { LookupId = spUser.Id };
              currentItem.SystemUpdate();

so can i assume that the SystemUpdate (unlike Update) require the user to have full control on the site?If this is the case then is there a way to allow non-admin users to execute SystemUpdate?
Thanks

docker-compose ‘Permission denied: ‘/var/lib/containerd” but I am in docker group

This is an odd one. Ive tested a docker-compose file and it builds fine. I then move it and its corresponding Dockerfile to another directory. I also change the docker-compose file as the Dockerfile is now in same dir as docker-compose, previously it was in a subdirectory and also mounted my www directory differently, i.e. (will put full files at end).

$ diff docker-compose.yaml ../lavlamp/docker-compose.yaml
7c7
<     build: /.
---
>     build: laravel/.
10c10
<       - ./:/var/www/
---
>       - ./html:/var/www/html
16d15
<

As I said it was building fine but now the build process does not have access to /var/lib/containerd. also should not I ma using pyenv and running as the same user I used before.

$ docker-compose build
mysql uses an image, skipping
Building laravel
Traceback (most recent call last):
  File "/home/ben/.pyenv/versions/3.7.2/bin/docker-compose", line 11, in <module>
    sys.exit(main())
  File "/home/ben/.pyenv/versions/3.7.2/lib/python3.7/site-packages/compose/cli/main.py", line 72, in main
    command()
  File "/home/ben/.pyenv/versions/3.7.2/lib/python3.7/site-packages/compose/cli/main.py", line 128, in perform_command
    handler(command, command_options)
  File "/home/ben/.pyenv/versions/3.7.2/lib/python3.7/site-packages/compose/cli/main.py", line 303, in build
    progress=options.get('--progress'),
  File "/home/ben/.pyenv/versions/3.7.2/lib/python3.7/site-packages/compose/project.py", line 403, in build
    build_service(service)
  File "/home/ben/.pyenv/versions/3.7.2/lib/python3.7/site-packages/compose/project.py", line 385, in build_service
    service.build(no_cache, pull, force_rm, memory, build_args, gzip, rm, silent, cli, progress)
  File "/home/ben/.pyenv/versions/3.7.2/lib/python3.7/site-packages/compose/service.py", line 1106, in build
    platform=self.platform,
  File "/home/ben/.pyenv/versions/3.7.2/lib/python3.7/site-packages/docker/api/build.py", line 160, in build
    path, exclude=exclude, dockerfile=dockerfile, gzip=gzip
  File "/home/ben/.pyenv/versions/3.7.2/lib/python3.7/site-packages/docker/utils/build.py", line 30, in tar
    files=sorted(exclude_paths(root, exclude, dockerfile=dockerfile(0))),
  File "/home/ben/.pyenv/versions/3.7.2/lib/python3.7/site-packages/docker/utils/build.py", line 49, in exclude_paths
    return set(pm.walk(root))
  File "/home/ben/.pyenv/versions/3.7.2/lib/python3.7/site-packages/docker/utils/build.py", line 214, in rec_walk
    for sub in rec_walk(cur):
  File "/home/ben/.pyenv/versions/3.7.2/lib/python3.7/site-packages/docker/utils/build.py", line 214, in rec_walk
    for sub in rec_walk(cur):
  File "/home/ben/.pyenv/versions/3.7.2/lib/python3.7/site-packages/docker/utils/build.py", line 214, in rec_walk
    for sub in rec_walk(cur):
  File "/home/ben/.pyenv/versions/3.7.2/lib/python3.7/site-packages/docker/utils/build.py", line 184, in rec_walk
    for f in os.listdir(current_dir):
PermissionError: (Errno 13) Permission denied: '/var/lib/containerd'

This has really got me stumped.

Ben

docker-compose

version: '2'
# define all services
services:
  # our service is called laravel ;-)
  laravel:
    # we want to use the image which is build from our Dockerfile
    build: /.
    # apache is running on port 80 but we want to expose this to port 4000 on our local machine
    volumes:
      - ./:/var/www/
    ports:
      - "4000:80"
    # we depending on the mysql backend
    depends_on:
      - mysql

  mysql:
    # we use the mysql base image, version 5.6.36
    image: mysql:5.6.36
    # we mount a datavolume to make sure we don't loose data
    volumes:
       - db_data:/var/lib/mysql
    # setting some envvars to create the DB
    environment:
      - MYSQL_ROOT_PASSWORD=root
      - MYSQL_DATABASE=malmesbury
    # - MYSQL_ALLOW_EMPTY_PASSWORD=yes
volumes:
    db_data:

Dockerfile

#start with our base image (the foundation) - version 7.1.5
FROM ubuntu:18.04

ENV DEBIAN_FRONTEND=noninteractive

ENV TZ=Europe/Lnndon
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

RUN apt-get update && apt-get install -yq --no-install-recommends 
    apt-utils 
    curl 
    # Install tools
    git  
    openssl 
    nano 
    graphicsmagick 
    imagemagick 
    ghostscript 
    mysql-client 
    iputils-ping 
    locales 
    sqlite3 
    ca-certificates

# PHP 7
RUN apt-get install -yq software-properties-common
RUN add-apt-repository ppa:ondrej/php
RUN apt-get update
RUN apt-get install -yq --no-install-recommends 
    php7.2 php7.2-gd php7.2-mbstring php7.2-xml 
    php7.2-bcmath php7.2-fileinfo php7.2-json 
    php7.2-mbstring php7.2-pdo-mysql php-mysql php-xml php-zip

# Apachie
RUN apt-get install -yq --no-install-recommends apache2 libapache2-mod-php7.2

# cleanup
RUN  apt-get clean && rm -rf /var/lib/apt/lists/*

# Install composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer

#set our application folder as an environment variable
ENV APP_HOME /var/www/html

#change uid and gid of apache to docker user uid/gid
RUN usermod -u 1000 www-data && groupmod -g 1000 www-data

#change the web_root to laravel /var/www/html/public folder
RUN sed -i -e "s/html/html/public/g" /etc/apache2/sites-enabled/000-default.conf

# enable apache module rewrite
RUN a2enmod rewrite
RUN a2dismod mpm_event
RUN a2enmod php7.2

#copy source files and run composer
COPY . $APP_HOME

COPY index.html $APP_HOME
COPY composer.json ./

# install all PHP dependencies
RUN composer install --no-interaction

#change ownership of our applications
RUN chown -R www-data:www-data $APP_HOME

CMD apachectl -D FOREGROUND

applications – Will this Remove a Permission from an App?

So I downloaded an app from the web today, but it had some permissions I was uncomfortable with granting. So, I used APKTool to decompile the APK, removed the suspicious permission from the manifest, and recompiled + resigned the APK. Then, I downloaded the modified APK on my phone.

Does this approach work? My understanding is that now the app will crash if it tries to do something requiring that permission.


*PS: The reason I did this was because the permission to remove (CHANGE_WIFI_MULTICAST_STATE) did not show under settings/app Permissions of my phone. It only showed up under “All Permissions,” where I couldn’t simply disable it.

permission – When I try to delete some old folders on my mac desktop I get error. I have tried some method but failed. Error is shown in description

I have tried several methods in the past as well.

While reflecting on root of problem initially after purchasing mac I had password set which was forgotten within week so I had to used command R feature to reset password. After That everything is working fine but folders and files shown on below screen are not deleted.

enter image description here
Figure 1
enter image description here
Figure 2

When trying to make any changes such as moving, deleting, renaming to shown folder above request pops up for entering admin password. Even after I enter password following error is shown.

enter image description here
Figure 3

After researching some method to solve this issue I changed the disk permission from other to read and write as shown below in Figure 4 but still same issue mentioned above in picture Figure 1, 2, and 3 is repeated.

enter image description here
Figure 4

What further I can do to get rid of those files and folders highlighted on fig 1. I am annoyed as they are useless at the moment and I repeatedly have to encounter them.

Catalina – Textedit not allowing me to save files because I dont have permission

I was able to save fine in a work folder, but when I moved my textedit files to the desktop or any other folder it would tell me I can’t save because i dont have permissions. I followed https://support.apple.com/en-ca/guide/mac-help/mchlp1038/mac and allowed read and write for the folder and each file but it’s still doesn’t help.