How do you restrict access to a business process structure in Solution Mngr

Similar Messages

• ASA WebVPN. How do you restrict access to users in an AD group using LDAP?

  Hi All,
  I am trying to configure separate WebVPN connection profiles to give different portal bookmark contents to users based on their AD group membership.  This has been very difficult, even though I beleive it should be easy.
  The login page of teh ASA by default has a dropdown to allow default users to access the default portal and the SSL VPN client connection.
  There are two other portals that I would like to restrict access to based on AD group membership.  I have set these up to be selected by URL.
  The biggest problem is, I have no way of knowing how to go about this.  The AAA LDAP options show a group membership search, which I have configured, but I cannot say "Profile X is restricted to AD group CarpetBaggers", so that if soneone that is NOT a carpetbagger tries to log in, it fails.
  I can only do an all or nothing scenario.
  It would be nice to use Dynamic Access Policies to do this, and I have created a few, but they do NOT seem to work when the drop down aliases or URLs are in use.  So how do I go about using them in this scenario?  Turning off the aliases or URLs is not really an option right now.
  Scenario 1 would work the best for me.  Restrict access to profiles/groups based on AD group membership using LDAP.
  Scenario 2 would be an ideal longer term solution.
  Any thoughts, ideas or assitance would be greatly appreciated.
  Cheers

  This is exactly what i was looking for, and Nelson is correct.  When you enter the DAP configuration for a profile click on "Advanced" and there is the option to create a logical expression.  The guide (ther is a button to access this) is really helpful, with a couple of examples.  This is what i used:
  assert(function()
     if ( (type(aaa.ldap.distinguishedName) == "string") and
          (string.find(aaa.ldap.distinguishedName, "OU=Users") ~= nil) )
  then
         return true
     end
     return false
  end)()
  from the debug dap you can see what Users relates to;
  DAP_TRACE: Username: MyUsername, aaa.ldap.distinguishedName = CN=Mr B,OU=Users,OU=Site ******,DC=CH,DC=Mycompany,DC=com
  My admin account fails to get me in to the same profile:
  DAP_TRACE: dap_add_to_lua_tree:aaa["ldap"]["distinguishedName"]="CN=Admin Mr B,OU=Admin Users,OU=Site *****,DC=CH,DC=Mycompany,DC=com"
  Thanks
  Andrew

• How do you restrict access to custom applications?

  When I create portlets, there is usually an associated "admin" functionality that needs to be created for each custom application. An example is a shopping cart that we just created, we needed admins to be able to go in and upload photos.
  The way that I do this is I create a new portlet "Shopping Cart Admin" and restrict access to it that way. However, because I usually add everything in the /remoteserver/shoppingcart/. folder to the gateway space (its too painful to add one by one), this means that I can't put admin.aspx in that folder. So I usually end up creating a NEW folder /remoteserver/shoppingcartadmin/ for the admin portlet.
  Long story short, its a lot of work. I know that I could try to use activity rights, but those seem very global. How do you control edit access to your custom portlets?

  Well, there are a few different ways to go about it. You could add a preferences page with the admin functionality, and then an admin would just have to click the little pencil in the portlet titlebar. No admin/edit access, no little pencil.
  I have often set the visibility of an ASPX control directly from activity rights, in OnPageLoad, if it isn't postback time. The activity rights should be inherited by the user, through the user's group. Best practise is to create empty groups called Roles, add activity rights to the Roles, and then have the actual groups (that contain users) inherit from one or more Roles.
  You already knew that part, I added it for the others. My personal definition of a portlet is 'polymorphous instance of a web service'.
  So:
  Role: Store Manager (has Edit Shopping Cart activity right)
  ^
  Group: Store Managers (has Store Manager parent group)
  User: Vladimir (inherits Edit Shopping Cart activity right)

• How do you restrict access to certain apps via the use of Time Restrictions?

  Is there anyway to limit the use of certain apps to a time period of the day? I know the time restrictions on this site ONLY pertain to texting and calls, but not email or any other app, such as Twitter or Facebook, etc.

  Well, there are a few different ways to go about it. You could add a preferences page with the admin functionality, and then an admin would just have to click the little pencil in the portlet titlebar. No admin/edit access, no little pencil.
  I have often set the visibility of an ASPX control directly from activity rights, in OnPageLoad, if it isn't postback time. The activity rights should be inherited by the user, through the user's group. Best practise is to create empty groups called Roles, add activity rights to the Roles, and then have the actual groups (that contain users) inherit from one or more Roles.
  You already knew that part, I added it for the others. My personal definition of a portlet is 'polymorphous instance of a web service'.
  So:
  Role: Store Manager (has Edit Shopping Cart activity right)
  ^
  Group: Store Managers (has Store Manager parent group)
  User: Vladimir (inherits Edit Shopping Cart activity right)

• How do you restrict access of a pdf to one user at a time?

  I need to put pdf's on a shared work server so that users can make their own individual comments on them, and so collate all corrections for me to then pick up in one pdf.
  Question is, can I restrict the pdf in some way that prevents it from opening if another user has it open and is in the process of making their comments on it?
  Thanks

  That's not a good way to do that. You should look into Acrobat's Shared
  Review features.

• How to re-name any folder under "Business Processes " in SOLAR01  in SAP

  Hi,
  How to re-name any folder under "Business Processes " structure in SOLAR01 in SAP Solution Manager. ?
  Can any one tell me the procedure for this ...
  Thanks.

  Hi
  just choose the Business Process on the left and click the structure tab
  here it will list all the business scenario names you have added just directly edit or write it whatever you want
  if you want to do at lower level
  choose the business process node of that Business scenario under this you get all the business process in structure tab
  here also edit it or directly write it
  Hope it solves
  Regards
  Prakhar

• SSH login- how do I restrict access to a shared folder?

  I have created Shares in WGM for SMB and AFP access on my OS X 10.4.8 Server. However when I connect via SSH it's not restricting access to the folder based on the User Name I login with- I see the entire volume! How do I restrict access to a specific folder based on a user name setup in WGM? ACL's?

  Hey George,
  It sounds like you are trying to limit ssh/sftp users to a specific area, aka jails. The FTP server lets you 'chroot' users to a certain area making it appear as the root thus preventing them from navigating up the hierarchy, which is what I think you, and me and many others are trying to accomplish.
  The ssh compiled into OS X is missing this very needed feature. There have been a few documented workarounds, but they've either been too insecure or too clunky for me.
  I've dealt with the fact that my users can get to the root of the hard drive, and have just been very careful about my privileges (by using ACLs), thus preventing them from getting inside areas they shouldn't.
  There's a good write up here: http://www.schwie.com/brad/macosxsftpchroot/ and if you include the term 'chroot' in your searches, you should find a bit about it here too.
  And Roger, I think George meant the file sharing protocol used by ssh. man sftp.

• How can I restrict access to add. internal hard drive by account?

  Hello! Okay, so I am my computer's administrator, and I have a secondary 'guest' account that anyone else can use. So, I know that all my data on my main, OS hard drive is secure from the guest account accessing it, but what about the additional hard drive that I have installed?
  I have a good deal of sensitive data and files stored (and aliased) on my second internal drive that I do not care for 'guest' users to stumble upon. How can I restrict access to the secondary storage hard drive from my Guest login account, and/or just plain hide it from it? Surely, there is a need for this that has brought about a solution. Any tips/advice/solutions?
  Thanks!!!
  =)

  Click here and follow the instructions followed by placing the folders and files on the image; if the password is in the keychain, it will be supplied whenever you're logged in.
  (41018)

• How do you get access to window?

  When you do a typical System.out.print-whatever it prints a stream of text onto that default java window which popped up when you executed your program. My question is, how do you get access to this particular window, so you can resize it, clear it, or put text in specific locations instead of at the end of a buffer... any tips will be appreciated. thanks

  hmm so there is no way to do anything special to that dos-like window except append text to it? Is there a way at least to remove text from it? (sorta like printing dots and then removing them?)

• How do i restrict access to gambling sites

  how do i restrict access to gambling sites on ipad mini

  You can put a filter on your wifi or use something like the K9 browser.

• How do you authorize access to itunes while blocking the access of the rest of the computer?

  How do you authorize access to itunes while blocking the access of the rest of the computer? I want to do a party and let people have access to the music but  I don't want them to look in my files. I have windows 7.
  I cannot log off and let the music play. Ideally I would want to have a password for access to the rest of the computer.
  Thank you!

  The following may help with the file sharing issues: OS X Mavericks: Share your files

• How do you gain access to all files on different users?

  How do you gain access to all files and folders for each user?

  http://forums.whirlpool.net.au/archive/718273

• How to downloadin Business Process Repository in Solution Manager?

  Hello,
  Does anybody know how to download whole Business Process Repository from solution manager?
  I know how to download BPR, that are related to project, to excel file, but I want to download all the scenarios,processes are inbuilt to the Solution Manager business blueprint.
  Can anybody help me?
  Thanks,
  Mahantesh

  Hello Mahantesh,
  I suppose that your idea behind this question is that you would like to browse the contents of the BPR. For this specific pupose, SAP will deliver a new web dynpro application with SAP Solution Manager 4.0 SP 12 and the respective stack coming out mid June 2007 which allows you to browse all BPR contents in your SAP Solution Manager system. So you no longer have to create a seperate project and select the contents via F4 value help in SOLAR01 in order to access the contents.
  For further updates, please check the news mid June:
  <a href="http://service.sap.com/solutionmanager">http://service.sap.com/solutionmanager</a>
  Media Library -> Technical Papers. It will probably be called: "4.0 Support Package Stack <latest stack> [probably stack 12]"
  However, please note that an individual download of the entire or partial BPR structures into MS Excel will not be possible.
  Best regards,
  Doreen Baseler

• How to save business processes structure and monitoring parameters?

  Hi dears!
  I've got a little question -is it possible to save business processes structure and monitoring parameters as a local file?
  Thanks in advance!

  One way to resolve this problem is use the method commit_and_refresh as shown below.
     data: lv_dest           type rfcdest.
      cl_hrrcf_m_rfc_services=>commit_and_refresh( lv_dest ).

• Multiple logical components for a single step in Business Process Structure

  Question 2 of 3:
  I'd like to hear about how other people have handled Portals transactions and similar items. I.e. when building the Business Blueprint or Business Process Structure, what if a single transaction runs on more than one product or logical component? Solution Manager only allows you to assign one logical component to a process step and transaction in the Business Blueprint Structure. This isn't the ideal solution, since you lose the linear affect of the what transactions take place for the step.
  Your insights and opinions are appreciated.
  Regards,
  Marcel

  Hi Marcel,
  an ABAP transaction can only run or at least be started on one single system. A portal transaction can be assigned using a URL. This doesn't need any logical component.
  Regards
  Andreas