Best Practice - Securing Schema from User Access

Similar Messages

• What are the best practices to migrate VPN users for Inter forest mgration?

  What are the best practices to migrate VPN users for Inter forest mgration?

  It depends on a various factors. There is no "generic" solution or best practice recommendation. Which migration tool are you planning to use?
  Quest (QMM) has a VPN migration solution/tool.
  ADMT - you can develop your own service based solution if required. I believe it was mentioned in my blog post.
  Santhosh Sivarajan | Houston, TX | www.sivarajan.com
  ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
  Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
  Blogs: Blogs
  Twitter: Twitter
  LinkedIn: LinkedIn
  Facebook: Facebook
  Microsoft Virtual Academy:
  Microsoft Virtual Academy
  This posting is provided AS IS with no warranties, and confers no rights.

• Securing data from dba access , like Credit Card Details

  Hello ,
  is there any way of hiding CC details from all users in db level except specifc users
  enrypting cc data like oracle hashed passwords
  for ex,
  case (1)
  user 1 ( has access to these details )
  select acc#,customer_name from cc_details
  output : it will show all the details decrypted
  case (2)
  user 2 : ( doesnt have access )
  select acc#,customer_name from cc_details
  output : it will show all the details encrypted
  both in db level , like using sqlplus or toad
  any idea!
  thanks and regards,

  Hi, Peter,
  You wrote:
  Can you please document the problems you mention for Patch Sets/ CPU?
  What are the vulnerabilities? Search Alex's Web site but didn't find anything in regards to >DBVault.I've told about these
  http://dms.aladdin.ru/file.php?id=d7eb03f7f47ec3c68f4b1f1fe3317119
  http://dms.aladdin.ru/file.php?id=88cf1d7a962eddf7e57e2447d1e5b207
  and may be this
  http://dms.aladdin.ru/file.php?id=232eb8ed58d04295bb3920dbe805358d
  (Note: The link will be valid until 26 Jun 2008 GMT).
  In reg's to reading data from datafile, that's where TDE comes into the picture; then no-one can read from data file directly.
  There is no user who owns TDE; TDE is enabled on a database-wide level. So the >normal data owner (who is the only who should have full access to his own data with >DBVault) can use TDE to encrypt; no extra privileges needed.I’ve told about the user who is the owner of the database wallet (usually SYS). He can temporary disable encryption, takes the data, then restore encryption.
  DBVault and TDE should be the perfect match for 'securing data from dba access , like >Credit Card Details'In other words we have yet another administrator (DV owner) instead of the good old SYS :)
  And I have a question: in case the protection with DV of some tables was made from the SYS, can he make (in example) full backup or full export of the data (his ordinary administrative tasks)? If yes, then it isn't protection, if no, then...what?
  The solution is somewhere else, I think

• Best practice for exporting from iMovie '08 to iDVD

  I am looking to find out what is the best practice for exporting from iMovie '08 to iDVD. I have read the other postings that give the basic howto (export to Media Browser then select the video in iDVD). However, my question is a little more technical. I have 1080i HD projects. I am interested in burning them to DVD in the best possible quality. What setting should I be using when I publish to Media Browser?
  I am wondering about quality loss due to more than one conversion/compression. I suspect that when I export to the Media Browser then this is occurring. If I am not mistaken iMovie is using something like H.264 for this. Then, when I run iDVD I suspect it will it do another conversion/compression, I think to get to MPEG2. Not only could this result in a loss of quality but also it will take extra time. I am interested to know what others think about this.
  Finally, I am looking to create DVDs for a lot of video. I am wondering if there are any USB or firewire hardware devices out there that could speed up the compression. I use the Elgato Turbo.264 when I want to encode to H.264 but I wonder if there is something similar for DVD creation.
  Thanks in advance.

  the standards for videoDVD are 720x480, and usually mpeg2 encoded..
  so, your HiDef project HAS to be 'downsampled' somehow..
  I would Export with Qucktime/apple intermediate => which is the 'format' your project is allready, and you avoid any useless 'inbetween encoding'..
  iDVD will 'swallow' this huge export file - don't mind: iDVD cares for length, not size.
  iDVD will then convert into DVD-standards..
  you can 'raise' quality, by using projects <60min - this sets iDVD automatically to highest technical possible bitrate
  hint: judge pic quality on a DVDplayer + TV.. not on your computer (DVDs are meant for TVdelivery)

• Best Practice in Upgrade from ECC 5.0 to ECC 6.0

  Dear All,
  Can someone help in looking for Best practice in Upgrade from ECC 5.0 To ECC 6.0 Project from Functional FI and CO Side.
  Thanks

  Moved to a different forum.

• Best practice video conversion from download

  I am looking for best practice for video conversions.
  I am downloading adobe recordings via this method:
  http://server.adobeconnect.com/xyz/output/filename.zip?download=zip
  From here, I have been converting the FLVs using either freemake video converter or FLV converter. I have tried converting into AVI (XVID), MOV, WMV, etc. (I need the file to be under 600 MB for an hour of recording, therefore it is going to need some type of compression).
  My goal is to import the video into Sony Vegas Pro 10 for further editting. I have found that whatever method I use, the video and audio does not sync properly about 50% of the time. The video time is longer than the audio time usually. Or that there are other various errors, such as the video just freezing halfway through the video.
  I have been using connect for a few years now, but with each update I find (connect 8, 9, etc), that the problems are getting worse. At this point I am just wasting time trying to convert into various formats using various codecs just trying to luck upon one where the video is at least without error.
  What methods are others using to convert the FLV to a workable editable format?

  Can't the FLV files be changed into many different formats through Apple's
  Compressor or Adobe Media Encoder? These formats can then be opened in
  standard video editing software for editing.
  Best practice video conversion from download
  mach5kel
  to:
  jsb152
  05/21/12 01:03 PM
  Please respond to jive-509399086-9dnu-2-2mvb7
  Re: Best practice video conversion from download
  created by mach5kel in Connect General Discussion - View the full
  discussion
  Yes, I use this as a last resort, as the quality of capture this was is
  signifcatnly lower. As well as it is a much more time consuming process. I
  sometimes have over 50 parts of 1 hour video. To use camtasia, you need
  first to record it, then it must be saved in a camtasia format, and then
  lastly rendered into avi or wmv. Therefore, it is does take awhile.
  Really, I feel there shouldnt be so many errors in the conversion process,
  but I am finding the FLV recordings themselves have problems. This last
  file I am looking at, even the recording playback on adobe connect, has
  serious issues with audio and video sync. A problem that is all too common
  Replies to this message go to everyone subscribed to this thread, not
  directly to the person who posted the message. To post a reply, either
  reply to this email or visit the message page: [
  http://forums.adobe.com/message/4426243#4426243]
  To unsubscribe from this thread, please visit the message page at [
  http://forums.adobe.com/message/4426243#4426243]. In the Actions box on
  the right, click the Stop Email Notifications link.
  Start a new discussion in Connect General Discussion by email or at Adobe
  Forums
  For more information about maintaining your forum email notifications
  please go to http://forums.adobe.com/message/2936746#2936746.

• HANA Security - Best Practices for Schema??

  Hi,
  Currently we don'y have a defined Security model in HANA Studio.Neither there is no defined duties of a BASIS / Security / Developers.
  I want to understand what best practices are followed at other customers for defining security for Schema.
  1. Who should be creating the schema for Developers / Modelers?
  2. Should we use our own ID's to create/maintain these Schema or a Generic ID?
  Right now, when developers log in to Studio, by default they are assigned to their own schema (User ID) and they create objects under that.
  We(Security team), face issues when other developers need access to schema of another user as they want to develop objects under schema of different user
  Also, who should be owning the "SYSTEM" user ID and what steps needs to be done whenever a new schema is created.
  Thanks for the help in advance.

  >So, if we follow this approach, who should be creating the schema as design time?
  Not sure what you mean by that.  We call this design time because you are creating an artifact in the repository and the catalog object doesn't get created until you activate that design time object.
  > Security Administrator or Developer/Modeler?
  Doesn't really matter. Depends upon your process. However I would say most of the time the developer creates the schema.  The developer doesn't immediately get access to the new schema.  He/She must create a role and that role has to be granted to them before they can see the objects in the new schema.
  >Also, for our current scenario, where developers are doing changes in their own schema, what should be done as a Security Administrator to assign access to a user schema to other developers?
  They shouldn't be creating objects in their user schema.  That user schema is for internal usage - like the creation of temporary objects. It shouldn't be used for any development.

• Any best practice to apply role based access control?

  Hi,
  I am starting to apply the access permissions for new users as being set by admin. I am choosing Role Based Access Control for this task.
  Can you please share the best practices or any built-in feature in JSF to achieve my goal?
  Regards,
  Faysi

  Hi,
  The macro pattern is my work. I've received a lot of help from forums as this one and from the Java developers community in general and I am very happy to help others and share my work.
  Regarding the architect responsibility of defining the pages according to the roles that have access to them : there is the enterprise.software infrastructure.facade
  java package.
  Here I implemented the Facade GoF software design pattern in the GroupsAndRolesAccessFacade java class. Thus, this is the only class the developer uses in order to define groups and roles of users and to define their access as per page.
  This is according to Java EE 6 tutorial, section VII Security, page 471.
  A group, role or user is created with an Identity Management application or by a custom application.
  Pages of the application and their sections are defined or modified together with the group, role or user who has access to them.
  For this u can use the createActiveGroup and createActiveRole methods of the GroupsAndRolesAccessFacade class.
  I've been in situations where end users very strict about the functionality of the application.
  If you try to abstract web development, u can think of writing to database, reading from database and modifying the database as actions.
  Each of these actions should have suggester, approver and implementor.
  Thus u can't call the createActiveGroup method for example, without calling first the requestActiveGroupCreationHelper and then the approveOrDeclineActiveGroupCreationHelper method.
  After the pages a group has access to have been defined with the createActiveGroup method, a developer can find out the pages and their sections a group has access to by calling the getMinimumInformationAboutGroup method.
  Further more, if the application is very strict, that is if every action which envolves writing to the database must be recorded, this concept of suggester, approver and implementor is available throught the recordActiveGroupAction method.
  For example, there is a web shop, its managers can change the prices of the products, but the boss will want to know who had the dared to lower prices.
  This action of lowering prices, is an action of modifying the information in the database and u can save in the database who suggested it, who approved it and who implemented it.
  Now that I write about the functionality of the macro pattern, I realise that some methods should have more proper names and I haven't had time to write documentation in the API, but this will be a complete when I add the web pages for the architect to use for defining access control and for the end users to view who and what is doing with their application.

• Best practices for setting up users on a small office network?

  Hello,
  I am setting up a small office and am wondering what the best practices/steps are to setup/manage the admin, user logins and sharing privileges for the below setup:
  Users: 5 users on new iMacs (x3) and upgraded G4s (x2)
  Video Editing Suite: Want to connect a new iMac and a Mac Pro, on an open login (multiple users)
  All machines are to be able to connect to the network, peripherals and external hard drive. Also, I would like to setup drop boxes as well to easily share files between the computers (I was thinking of using the external harddrive for this).
  Thank you,

  Hi,
  Thanks for your posting.
  When you install AD DS in the hub or staging site, disconnect the installed domain controller, and then ship the computer to the remote site, you are disconnecting a viable domain controller from the replication topology.
  For more and detail information, please refer to:
  Best Practices for Adding Domain Controllers in Remote Sites
  http://technet.microsoft.com/en-us/library/cc794962(v=ws.10).aspx
  Regards.
  Vivian Wang

• Best Practice for Deleted AD Users

  In our environment, we are not using AD groups. Users are being added individually. We are running User Profile Service but I am aware that when a user is deleted in AD, they stay in the content database in the UserInfo table so that some metadata can be
  retained (created by/modified by/etc).
  What are best practices for whether or not to get rid of them from the content database(s)?
  What do some of you consultants/admins out there do about this? It was brought up as a concern to me that they are still being seen in some list permissions/people picker, etc.
  Thank you!

  Personally I would keep them to maintain metadata consistency (Created By etc as you say). I've not had it raised as a concern anywhere I've worked.
  However, there are heaps of resources online to delete such users (even in bulk via Powershell). As such, I am unaware of cases of deleting them causing major problems.
  w: http://www.the-north.com/sharepoint | t: @JMcAllisterCH | YouTube: http://www.youtube.com/user/JamieMcAllisterMVP

• Best practice for Active Directory User Templates regarding Distribution Lists

  Hello All
  I am looking to implement Active Directory User templates for each department in the company to make the process of creating user accounts for new employees easier. Currently when a user is created a current user's Active directory account is copied, but
  this has led to problems with new employees being added to groups which they should not be a part of.
  I have attempted to implement this in the past but ran into an issue regarding Distribution Lists. I would like to set up template users with all group memberships that are needed for the department, including distribution lists. Previously I set this up
  but received complaints from users who would send e-mail to distribution lists the template accounts were members of.
  When sending an e-mail to the distribution list with a member template user, users received an error because the template account does not have an e-mail address.
  What is the best practice regarding template user accounts as it pertains to distribution lists? It seems like I will have to create a mailbox for each template user but I can't help but feel there is a better way to avoid this problem. If a mailbox is created
  for each template user, it will prevent the error messages users were receiving, but messages will simply build up in these mailboxes. I could set a rule for each one that deletes messages, but again I feel like there is a better way which I haven't thought
  of.
  Has anyone come up with a better method of doing this?
  Thank you

  You can just add arbitrary email (not a mailbox) to all your templates and it should solve the problem with errors when sending emails to distribution lists.
  If you want to further simplify your user creation process you can have a look at Adaxes (consider it's a third-party app). If you want to use templates, it gives you a slightly better way to do that (http://www.adaxes.com/tutorials_WebInterfaceCustomization_AllowUsingTemplatesForUserCreation.htm)
  and it also can automatically perform tasks such as mailbox creation for newly created users (http://www.adaxes.com/tutorials_AutomatingDailyTasks_AutomateExchangeMailboxesCreationForNewUsers.htm).
  Alternatively you can abandon templates at all and use customizable condition-based rules to automatically perform all the needed tasks on user creation such as OU allocation, group membership assignment, mailbox creation, home folder creation, etc. based on
  the factors you predefine for them.

• Best practice for moving from a G5 to a new Mac with SL

  I am receiving my new iMac today (27") and am very excited
  However I want to move over using the best practices to assure that I remain excited and not frustrated
  My initial thoughts are to boot it up and doe the initial set up - to move my iPhoto library over and to use migration assistance to move the rest of my data files
  Then to install all of the extra software that I can find the packages for from the original installation disks
  And then finally to use migration assistant again to move over any software that I can not find original disks for (I've moved from Mac to Mac to Mac over and over and some of the software goes back to OS 9 (and won't run anymore I guess)
  Is this a good way
  OR
  will I mess up doing it this way
  OR
  am I spending far too much time worrying about moving old problems over and would be better off to just turn MA loose and let it do its thing form the beginning?
  BTW - mail crashes a lot on my existing system - pretty much everything else seems ok - except iPhoto is slow - hoping that the new Intel dual core will help that
  LN

  Migration Assistant is not a general file moving tool. MA will migrate your Applications and Home folders transferring only your third-party applications. MA will transfer any application support folders required by your applications, your preferences, and network setup. You do not have a choice of what will be migrated other than the above. MA cannot determine whether anything transferred is compatible with Snow Leopard. I recommend you look at the following:
  A Basic Guide for Migrating to Intel-Macs
  If you are migrating a PowerPC system (G3, G4, or G5) to an Intel-Mac be careful what you migrate. Keep in mind that some items that may get transferred will not work on Intel machines and may end up causing your computer's operating system to malfunction.
  Rosetta supports "software that runs on the PowerPC G3, G4, or G5 processor that are built for Mac OS X". This excludes the items that are not universal binaries or simply will not work in Rosetta:
  Classic Environment, and subsequently any Mac OS 9 or earlier applications
  Screensavers written for the PowerPC
  System Preference add-ons
  All Unsanity Haxies
  Browser and other plug-ins
  Contextual Menu Items
  Applications which specifically require the PowerPC G5
  Kernel extensions
  Java applications with JNI (PowerPC) libraries
  See also What Can Be Translated by Rosetta.
  In addition to the above you could also have problems with migrated cache files and/or cache files containing code that is incompatible.
  If you migrate a user folder that contains any of these items, you may find that your Intel-Mac is malfunctioning. It would be wise to take care when migrating your systems from a PowerPC platform to an Intel-Mac platform to assure that you do not migrate these incompatible items.
  If you have problems with applications not working, then completely uninstall said application and reinstall it from scratch. Take great care with Java applications and Java-based Peer-to-Peer applications. Many Java apps will not work on Intel-Macs as they are currently compiled. As of this time Limewire, Cabos, and Acquisition are available as universal binaries. Do not install browser plug-ins such as Flash or Shockwave from downloaded installers unless they are universal binaries. The version of OS X installed on your Intel-Mac comes with special compatible versions of Flash and Shockwave plug-ins for use with your browser.
  The same problem will exist for any hardware drivers such as mouse software unless the drivers have been compiled as universal binaries. For third-party mice the current choices are USB Overdrive or SteerMouse. Contact the developer or manufacturer of your third-party mouse software to find out when a universal binary version will be available.
  Also be careful with some backup utilities and third-party disk repair utilities. Disk Warrior 4.1, TechTool Pro 4.6.1, SuperDuper 2.5, and Drive Genius 2.0.2 work properly on Intel-Macs with Leopard. The same caution may apply to the many "maintenance" utilities that have not yet been converted to universal binaries. Leopard Cache Cleaner, Onyx, TinkerTool System, and Cocktail are now compatible with Leopard.
  Before migrating or installing software on your Intel-Mac check MacFixit's Rosetta Compatibility Index.
  Additional links that will be helpful to new Intel-Mac users:
  Intel In Macs
  Apple Guide to Universal Applications
  MacInTouch List of Compatible Universal Binaries
  MacInTouch List of Rosetta Compatible Applications
  MacUpdate List of Intel-Compatible Software
  Transferring data with Setup Assistant - Migration Assistant FAQ
  Because Migration Assistant isn't the ideal way to migrate from PowerPC to Intel Macs, using Target Disk Mode, copying the critical contents to CD and DVD, an external hard drive, or networking
  will work better when moving from PowerPC to Intel Macs. The initial section below discusses Target Disk Mode. It is then followed by a section which discusses networking with Macs that lack Firewire.
  If both computers support the use of Firewire then you can use the following instructions:
  1. Repair the hard drive and permissions using Disk Utility.
  2. Backup your data. This is vitally important in case you make a mistake or there's some other problem.
  3. Connect a Firewire cable between your old Mac and your new Intel Mac.
  4. Startup your old Mac in Target Disk Mode.
  5. Startup your new Mac for the first time, go through the setup and registration screens, but do NOT migrate data over. Get to your desktop on the new Mac without migrating any new data over.
  If you are not able to use a Firewire connection (for example you have a Late 2008 MacBook that only supports USB:)
  1. Set up a local home network: Creating a small Ethernet Network.
  2. If you have a MacBook Air or Late 2008 MacBook see the following:
  MacBook (13-inch, Aluminum, Late 2008) and MacBook Pro (15-inch, Late 2008)- Migration Tips and Tricks;
  MacBook (13-inch, Aluminum, Late 2008) and MacBook Pro (15-inch, Late 2008)- What to do if migration is unsuccessful;
  MacBook Air- Migration Tips and Tricks;
  MacBook Air- Remote Disc, Migration, or Remote Install Mac OS X and wireless 802.11n networks.
  Copy the following items from your old Mac to the new Mac:
  In your /Home/ folder: Documents, Movies, Music, Pictures, and Sites folders.
  In your /Home/Library/ folder:
  /Home/Library/Application Support/AddressBook (copy the whole folder)
  /Home/Library/Application Support/iCal (copy the whole folder)
  Also in /Home/Library/Application Support (copy whatever else you need including folders for any third-party applications)
  /Home/Library/Keychains (copy the whole folder)
  /Home/Library/Mail (copy the whole folder)
  /Home/Library/Preferences/ (copy the whole folder)
  /Home /Library/Calendars (copy the whole folder)
  /Home /Library/iTunes (copy the whole folder)
  /Home /Library/Safari (copy the whole folder)
  If you want cookies:
  /Home/Library/Cookies/Cookies.plist
  /Home/Library/Application Support/WebFoundation/HTTPCookies.plist
  For Entourage users:
  Entourage is in /Home/Documents/Microsoft User Data
  Also in /Home/Library/Preferences/Microsoft
  Credit goes to Macjack for this information.
  If you need to transfer data for other applications please ask the vendor or ask in the Discussions where specific applications store their data.
  5. Once you have transferred what you need restart the new Mac and test to make sure the contents are there for each of the applications.
  Written by Kappy with additional contributions from a brody.
  Revised 1/6/2009
  In general you are better off reinstalling any third-party software that is PPC-only. Otherwise update your software so it's compatible with Snow Leopard.
  Do not transfer any OS 9 software because it's unsupported. You can transfer documents you want to keep.
  Buy an external hard drive to use for backup.

• Best practice: read information from server

  Hi All,
  currently I am wondering about the best-practice approach to read/write data from an iPhone app to a webserver.
  What is the easiest way to achieve such a scenario? Is it just to build an easy SQL server online an connect via xcode? Using which frameworks/protocols would be best-practice in xcode? What would be the best setup for communication between an iPhone app and any server-instance in the web?
  My goal is more or less to read data from a server when the application is started and write some data to this server when the user has input some text details.
  Regards,
  Patrick

  Please post your questions in the appropriate forums.
  This forum is for the specific product Virtual Server 2005.
  For Hyper-V related questions, use the Hyper-V forum:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverhyperv
  For server questions please use the server forums:
  http://social.technet.microsoft.com/Forums/windowsserver/en-us/home?category=windowsserver
  Microsoft has a lot of documentation, have you read it yet? Googled?
  Clustering:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/7173caf4-a5aa-4426-a16b-592a6e6714ec/windows-server-2012-hyperv-cluster-step-by-step?forum=winserverhyperv
  http://www.bing.com/search?q=hyper-v+cluster+2012+r2+step+by+step&src=IE-SearchBox&FORM=IE11SR
  Domain upgrades:
  http://technet.microsoft.com/en-us/library/hh994618.aspx

• Best practice in migrating from e.g. x4100 to another x4100 (replacement)?

  Hi everyone,
  what is your experience of 'best practice' esp in terms of migrating data from a unit of x4100 to another x4100?
  Asking so because the particular one we are replacing is giving halt issues and thus need replacement.
  thanks,
  James

  948115 wrote:
  Dear All,
  This is Priya.
  We are using ODI 11.1.1.6 version.
  In my ODI project, we have separate installations for Dev, Test and Prod. i.e. Master repositories are not common between all the three. Now my code is ready in dev. Test environment is just installed with ODI and Master and Work repositories are created. Thats it
  Now, I need to know and understand what is the simple & best way to import the code from Dev and migrate it to test environment. Can some one brief the same as a step by step procedure in 5-6 lines? If this is the 1st time you are moving to QA, better export/import complete work repositories. If it is not the 1st time then create scenario of specific packages and export/import them to QA. In case of scenario you need not to bother about model/datastores. keep in mind that the logical schema name should be same in QA as used in your DEV.
  Some questions on current state.
  1. Do the id's of master and work repositories in Dev and Test need to be the same?It should be different.
  2. I usually see in export file a repository id with 999 and fail to understand what it is exactly. None of my master or work repositories are named with that id.It is required to ensure object uniqueness across several work repositories. For more understanding you can refer
  http://docs.oracle.com/cd/E14571_01/integrate.1111/e12643/export_import.htm
  http://odiexperts.com/odi-internal-id/
  3. Logical Architecture objects and context do not have an export option. What is the suitable alternative for this?If you are exporting topology then you will get the logical connection and context details. If you are not exporting topology then you need to manually create context and other physical connection/logical connection.
  >
  Thanks,
  Priya
  Edited by: 948115 on Jul 23, 2012 6:19 AM

• What is the best practice to create IDM user and target accts via recon

  usecase:
  LDAP<--->idm---->AD.
  User exists in LDAP. IDM and AD are empty. Need to create IDM user and AD acct from LDAP data.
  I can recon against LDAP and create the IDM user. But I cannot create AD acct in the same recon process. What is the best practice to do the above.

  i think you have to have a "Per-account Workflow" set which creates the user in AD.