I am trying to setup a role based database.

Is there any documentation am new to LDAP on how to orginize my directory tree.

Your question is a bit vague, however you can find all the docs ionline at this site.

Similar Messages

  • How to setup the security based on roles in Organization.

    Hi,
    How to setup the security based on roles in Organization.
    For example:Few users are Manager and a few user are Non Manager .Manager should have access to all work data including Non Manager and Non Manager should access based role.How to setup this? How OBI server identify the user role?
    kindly let me know.
    Regards.,
    CHR

    Hi,
    You need to have Back End support to achieve this. In Back End you need to create two groups . You need to know what joins has to be made for which group (which is more important) and also make session variable for the userrole (with SQL supporting it). In the BMM layer, we need to put the security join conditions in the 'where clause'.
    And make a common report. User loggin in with the respective userid will have userrole and joins assigned in the Back end. And they will be viewing the report according to their access.
    Hope this will solve your problem.
    Regards
    MuRam

  • Role based session service setup on AM 7.1 with separate conf/user ldap

    AM 7.1 is installed with two separate LDAP instances used for AM config store and user repository.
    I want to setup different active session quota based on role assignment.
    The session service cos only existed on the AM config LDAP store.
    If I create the role and assigned and customize the session service to the role on the AM config LDAP store, the role cannot be assigned to user profile only existed on the user repository.
    If the role is created on the user repository, then the session service cannot assigned to the role on the user repository.
    I try created roles on both repository, assign session service to the role on AM config ldap and assign role of same name on the user repository to the user. The role based session is not effective.
    Would appreciate if any one can shed some light on how to setup role based session service on an AM installation with the AM config ldap and user repository being on 2 separate ldap instances.
    Thanks
    Mo

    AM 7.1 is installed with two separate LDAP instances used for AM config store and user repository.
    I want to setup different active session quota based on role assignment.
    The session service cos only existed on the AM config LDAP store.
    If I create the role and assigned and customize the session service to the role on the AM config LDAP store, the role cannot be assigned to user profile only existed on the user repository.
    If the role is created on the user repository, then the session service cannot assigned to the role on the user repository.
    I try created roles on both repository, assign session service to the role on AM config ldap and assign role of same name on the user repository to the user. The role based session is not effective.
    Would appreciate if any one can shed some light on how to setup role based session service on an AM installation with the AM config ldap and user repository being on 2 separate ldap instances.
    Thanks
    Mo

  • Role Based Access problem in forms

    This would be a long reading.
    I'm having a problem with forms Role Based Access.
    We have two databases, one in London and one in Zurich. We have installed
    application server and oracle forms on London database. We have implemented
    Role Based Access to forms. For this we have created a database role (say ZUR_USER)
    in both databases. The view FRM50_ENABLED_ROLES which is used by forms role based access control
    is also created in both databases with a 'grant select to public'.
    Our form system has a menu and forms under that menu. Both menu and the underlying forms have been
    assigned Menu Security/Item Roles to the above mentioned ZUR_USER role and the role is assigned
    to various users.
    Now a Zurich user is trying to login to Zurich database using the URL for forms installation
    in London server. He can login successfully and can see the menu heading in the main screen but
    when he clicks the menu he doesn't see the underlying forms list.
    When we try the same user id and database from London (using the same URL) we see all the forms.
    Any idea what are we missing. The Menu Security is setup at menu level as well as the form level under
    that menu. User can see the menu but not the form under that menu from Zurich. No such problem while
    login from London.

    I'm using the Forms 10g
    and yes the only difference is between login from Zurich and London.
    Problem definitely is due to Role Based Access setup.
    The user in Zurich can see the Menu but not the items under that menu.
    I have set the security set up at both menu and menu item(i.e. form name) level.

  • HT1338 I am trying to setup my external drive, but when I do, I get a box that pops up that says You can't open the application "LaCie Setup Assistant" because PowerPC applications are no longer supported".

    When trying to setup my external hard drive, I get this box that pops up and says this:
    You can’t open the application “LaCie Setup Assistant” because PowerPC applications are no longer supported.

    PowerPC was a type of processor used in Mac systems before Apple switched to Intel-based processors. These older chips required applications to be coded differently, to the extent that they will not run on the Intel processors in newer Macs. Apple used to include a translator that allowed these programs to at least run, but this translator is no longer available so if you run into an older PowerPC-based program then OS X will give you this error.

  • Error in Role Based security using weblogic 9

    Hi All,
    Currently I am working with Weblogic Server 9. I am trying to use role based security. Below is the entries for web.xml.
    <security-constraint>
         <web-resource-collection>
              <web-resource-name>Success</web-resource-name>
              <url-pattern>/form.jsp</url-pattern>
              <http-method>GET</http-method>
              <http-method>POST</http-method>
         </web-resource-collection>
         <auth-constraint>
              <role-name>admin</role-name>
         </auth-constraint>
         <user-data-constraint>
    <transport-guarantee>INTEGRAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <login-config>
         <auth-method>BASIC</auth-method>
         <realm-name>myrealm</realm-name>
    </login-config>
    <security-role>
         <role-name>admin</role-name>
    </security-role>
    When I am calling form.jsp from the browser it is asking for the username and password, but after giving the username and password it is showing the followig error:
    Error 403--Forbidden
    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
    10.4.4 403 Forbidden
    The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
    So can any one provide me the solution for the above problem.
    Thanks in advance.
    By,
    Sandip Pradhan

    Here is a blog post for the backend (WebLogic Admin GUI) http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-role.html and a blog post for the web.xml in your project http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-ear.html.

  • Role based data visibility is not working in Round manager

    I am looking for role based data visibility in Syclo round manager application where technician will see the data which is assigned to his name only (not all the data)  I have created one custom role in SAP system and it's working fine .It's showing the below message :
    Now I want to implement the same in syclo round manager .So I went to the SAP configuration panel and set the same user role on the security setting in class handler .Z_SYCLO_RM_ROLE is the custom role which I mentioned earlier .I tried with different option in this tab but it's not working .
    Please let me know if I missed something to mention or is there any other process I need to follow .
    Tags edited by: Michael Appleby

    is not working Insufficient information. In what way is it "not working"? The page doesn't render as required? There's an error message? The browser crashes? The server room has been trampled into dust by a herd of buffalo?
    >
    I am unable to make it as page form / report.
    v1 := v1 || ' ' ||'<input inline type =submit style="color:BLUE;background-color:RED" value='||c2.plot_id||'>';
    ...It is not possible to generate form elements in an APEX page in this way. The [APEX_ITEM API|http://download.oracle.com/docs/cd/E14373_01/apirefs.32/e13369/apex_item.htm#CACEEEJE] is the only way to create APEX items in PL/SQL. However it contains no procedures to generate button items, so an alternative design is required in this case, e.g. a report with links.
    (Also what is the intention of "inline" in the above code? [There is no *inline* attribute|http://www.w3.org/TR/1999/REC-html401-19991224/interact/forms.html#h-17.4].)

  • EAM ID based or Role based? Why settle for just one?

    G'Day All,
    I've raised a question in the following blog, however I would like to open it up to other people as well so they might get something out of it and in the process might share their own thoughts on the matter at hand.
    ID-Based Firefighting vs. Role-Based Firefighting
    So this is where I am at this point:
    From what I can gather so far, my understanding of EAM ID/ROLE based is as follows:
    - Id Based: Logs in using own U.ID and through GRAC_SPM accesess FFID from the GRC Server and logs into the system assigned to them (ECC, SRM, CRM etc)
    Only one user at a time can use a FFID.
    Firefighter need not exist in every system assigned to them due to central logon however they need to exist in the GRC system
    Knows exactly when FFID is being used as he/she has to login so has a psychological effect (good thing)
    Better tracking of FF tasks - Specific log reports with Reason Codes. Bonus point from Auditors!
    Two Log ins so potential to commit fraud. (1 action using own UserID and 1 action using FFID)
    Could be hard to track and find out when a fraud has been committed so can be a problem with auditors.
          ID Based -> GRAC_SPM : TCode for Centralised FFighting -> You will see FFIDs assigned to you
          ID Based -> /n/GRCPI/GRIA_EAM : TCode for DCentralised FFighting -> You can see  the FFIDs assigned to you
    - Role Based: Logs into the remote system only using U.ID, so everything gets logged against that one ID. 
    Multiple users can use the FFROLE at once.
    Firefighter has to exist in every system assigned to them - so multiple logons.
    Hard to differentiate between FF tasks and normal tasks as no login required  So easy to slip up
    Time consuming to track FF tasks - No Specific log reports. No Reason Codes
         R.Based -> GRAC_SPM : TCode for Centralised FFighting -> You will see FFROLEs
         R.Based -> /n/GRCPI/GRIA_EAM : TCode for DCentralised FFighting -> Not applicable so wont work
    So based on this there are pros and cons in both however according to SAP only one can be used. To me personally,  it makes more sense to get the best of both the worlds right? So here is my question why can’t we just use both?
        . Really critical tasks -> FFID
        . Normal EAM tasks -> FFRole
    Alessandaro from the original post pointed this out:
    "Per design it isn't possible to achieve both types of firefighting at the same time. It's a system limitation and hence to configurable."
    Well this is what I can't seem to get my head around. For a FFID, there is a logon session so it has to be enabled and as far as I can tell there is no way around it.
    However for FFRole, there isn't such limitations/restrictions like starting a separate session. FFRole is just assigned to an end user for him/her to perform those tasks using their own user ID.
    So in what way is it different from any of their other tasks/roles, other than the fact that they've got an Owner/Controller assigned to the FFRole? and
    What is stopping us from using it when ID based is the default?
    If I were to do the following does it mean I can use both ?
        . Config Parameter: 4000 = 1 (GRC System) -> ID Based
        . Config Parameter: 4000 = 2 (Plug-In)  - > Role Based
    Please excuse me if my logic is a bit silly, Role Based firefighting is only done on Plug-in systems so the following should work just fine:
       . Config Parameter: 4000 = 2 (Plug-In)  - > Role Based
    However for ID based, it is a Central Logon, so the following is a must:
        . Config Parameter: 4000 = 1 (GRC System) -> ID Based
    Which means both ID/Role based can be used at the same time, which seems to be working just fine on my system. Either way I leave it you experts and I hope you will shed some light on it.
    Cheers
    Leo..

    Gretchen,
    Thank you for thoughts on this.
    Looks like I'm failing to articulate my thoughts properly as the conversation seems to be going in a different direction from what I am after. I'll try once more!
    My query/issue is not in regards to if/what SAP needs to do about this or why there isn't more support from Companies/Organizations and not even, which one is a better option.
    My query is what is stopping us(as in the end users ) from using both ID/Role based at the same time?
    Now before people start referencing SAP documentation and about parameter 4000, humour me with the following scenario please. Again I would like to reiterate that I am still in the learning phase so my logic might be all wrong/misguided, so please do point out to me where I am going wrong in my thought process as I sincerely would like to know why I am the odd one out in regards to this.
    Scenario
    I've created the following:
    FFID
    FFROLE
    Assigned them to, two end users
    John Doe
    Jane Doe
    I set the Configuration Parameters as follows: 
    IMG-> GRC-> AC-> Maintain Configuration Settings -> 4000:1 - ID Based
    IMG-> GRC (Plug-in)-> AC-> Maintain Plug-In Configuration Settings-> 4000:2 - Role Based
    User1
    John Doe logs into his regular backend system (ECCPROD001)-> executes GRAC_SPM-> Enters the GRC system (GRCPROD001)-> Because the parameter is set to ID based in the GRC Box, so he will be able to see the FFID assigned to him-> and will be presented with the logon screen-> Logs in -> Enters the assigned system (lets say CRMPROD001) At this point the firefighting session is under progress
    User2
    Jane Doe logs into her regular backend system (ECCPROD001) -> (can execute GRAC_SPM to check which FF Role has been assigned to her but she can see that in her regular menu, so there is no point) -> Executes the transactions assigned in FFROLEThis is done at the same time while FFID session is in progress
    So all I want to know is if this scenario is possible? if the answer is No, then why not?
    I physically carried out this scenario in my system and I had no problems(unless I am really missing the plot here), which brings me back to my original question: Why settle for just one?
    Again to reiterate I am not getting into the efficacy or merits of this or even if one should use this. Just want to know if it is possible/feasible or not.
    So there you have it. That's the whole enchilada(as they say there in Texas). I tried to word my thoughts as concisely as I can, if there are still any clarifications, more information you or anyone else reading this would like, please do let me know.
    Regards,
    Leo..

  • OBIEE SSO enabling and role based reporting

    Hi,
    I had installed SOA10.1.3.1.0 and OBIEE10.1.3.4.0 already on my WINDOWS. I understand that I need to install 10.1.4 infrastructure to enable SSO in OBIEE, can you please tell me what is 10.1.4 infrastructure? is it equivelent to Oracle Identity Management Infrastructure and Oracle Identity Federation 10.1.4? I tried to download this from OTN since last night, but the page is always unaccessible. Where can I download 10.1.4 infrastructure except otn?
    I have another question regarding to the role based reporting with SSO. We want users to see different reports based on their roles once they login. What options do we have to implement this? From my understanding, we need to maintain a user role mapping table in our database, create groups in OBIEE and map the user role with the group in OBIEE? Is it true? Are there other options? Is there a existing product we can use to implement this?
    Thanks,
    Meng

    have a look on page 137 and further http://download.oracle.com/docs/cd/E10415_01/doc/bi.1013/b31770.pdf

  • GRC10 Firefighter - Role-based & ID-based

    GRC Gurus,
    I am looking for a solution or at least theoretical discussion about a scenario in which GRC 10 system is connected to more than 1 target system and in one system I want to use FFID-based option where as in other system it is FF-Role based. For example, in a system where all the users are logging in through SAP GUI, it will be better to have FFID-based firefighter where as in system where most of the users are logging in through portal it will be better to have role-based firefighter. under GRC5.3 it was pretty simple as RTAs were independent in each separate system but in GRC10 since type of firefighter is controlled by single parameter, what will be a way to implement such hybrid approach.
    Regards,
    Shivraj

    Thanks Anji,
    Thanks for the response, I am aware of the 4000 situation, I was just wondering if someone has figured out any workaround for this. Because otherwise, it is a step backward for new version as under 5.3, systems could have been on different setups whereas under GRC10 that is not possible.
    Regards,
    Shivraj Singh

  • WRT310N No Way To Setup and Configure Router. CD Setup No, Web Based Setup No

    Purchased New WTR310N yesterday. LESA does not run from CD. Web based Setup Page Will Not Load. Did two 2 hr Remote Setup sessions so far with Linksys Techs in Phillipines and India. After 1st Tech was done, nothing would connect to router. Tech tried to setup our 4 PCs by setting up one as a server and using ICS to setup the rest. Tech disabled TTP, DHCP, ete everything that works as a home network. I think Tech also setup a password and user name on Router without telling me. I had to spend 2 hrs using Vista and XP Wizards to setup a router network, both wired and wireless. Since Router is not configured yet can only access unsecured wireless networks. But 2 wireless printers do not work yet. Tech today was excellent in India. She reinstalled my Linksys USB Wireless Adapter that I use to print with. Still not printing, and green light not coming on, on USB Adapter. Tech managed to upgrade Router Firmware, but could never get web based router setup to load. Got the password and user name box to show up once, but admin and blank username does not work. My XBox 360 installed in 15 seconds and is fast so Router working fine. So need help with getting Linksys USB Wireless Adapters to access wireless printers and somehow get router admin pages to load so I can turn on WEP and type in our WEP Code. Last router was Linksys 54G, all worked fine for years, then quit working so got new router. Any ideas before I try calling Tech Support again, thanks.

    As you want to make the network secured but the admin password is not working....You have to reset the router and re-configutre it again...
    Press and hold the reset button for 60 seconds...Release the reset button...Unplug the power cable from your router, wait for 30 seconds and re-connect the power cable...Now re-configure your router...
    If your Internet Service Providor is Cable follow this link
    If your Internet Service Providor is DSL follow this link

  • Pre-populate adapters behaviour during role based provisioning

    Hi all,
    I have a question about pre-populate adapters behaviour during role based provisioning.
    I'll sortly describe our architecture: we have OIM 11.1.1.3, Active Direcotry connector and obviously Active Directory as target system.
    Our scenario is: assigning a role to a user , OIM should provision two account for this user to the same target system but in two different organizational unit (Active Directory).
    Here some sample information to better understand our request:
    - OIM User userID: userid1
    - Active Directory IT Resource: ADServer1
    - Active Directory Organizational Units: OU1 and OU2
    - Role: Example Role
    - UserID of the account provisioned in OU1: admin.userid1 (in this organizational unit the UserID is composted by a prefix "admin." and the OIM User UserID "user1")
    - UserID of the account provisioned in OU2: user.userid1 (in this organizational unit the UserID is composted by a prefix "user." and the OIM User UserID "user1")
    To achieve this goal, we have created two access policies AP1 and AP2. The first access policy provision the user account in OU1; while the second one in OU2.
    Here some access policies form details:
    ### AP1 ###
    - AD Server: ADServer1
    - Organization Name: OU1
    (other fields are empty)
    ### AP2 ###
    - AD Server: ADServer1
    - Organization Name: OU2
    (other fields are empty)
    Our idea was to develope two pre-populate adapter: one to compose the userID with "admin." prefix and the other one to compose userID with "user." prefix. However this solution cannot work because obviously you can link only one pre-populate adapter to a resource form field.
    Any suggestion to avoid to create a second resource form?
    Thank in advise,
    Daniele

    Hi,
    probably your confusion is caused by my english....anyway....
    I'm trying to generate two userids and in our scenario it's simple map the organizational units. For example userids in organizational units OU1 have "admin." prefix; while organizational units OU2 have "user." prefix.
    Do you suggest to create a pre-populate adapter that use a lookup to set the correct prefix based on organizational unit name?
    Thank you
    Daniele

  • How to create context sensitive help and call the role based help from my Java Project?

    Hello All,
    I am new to Robo Help. I have created a Robo help for my Java Web Applicaion. My application is role base i.e some user's will not see some of the pages of the application. So I want to hide those pages in Robo help as well. I tried creating multiple TOC for different Roles.
    My Question is
    How to call robo Help from my application?(I will be calling using java script. If it is with RoboHelp_CSH.js where can I get that and How to implement it in my project)
    How to implement role based help?
    Thanks,
    Siva.

    I answered that. My point in asking whether it matters was that if it does, then you cannot use content categories and point different users to different categories and not allow them to see the others.
    The alternative, as I said, would be to produce different outputs for each role.
    As it does matter, then using webhelp you will have to use your RoboHelp project to produce a number of outputs, one for each category. Your app would install each webhelp into different folders and when your app determines the user role, you will link to the appropriate help.
    There is another thread running where it has been explained by Willam van Weelden that you can achieve what you want using browser based AIR help. If that form of help can be considered, then the thread is at http://forums.adobe.com/message/4914753?tstart=0#4914753
    Browser based AIR help must be run from a web server. It cannot be installed locally.
    See www.grainge.org for RoboHelp and Authoring tips
    @petergrainge

  • RBAC / Role Based Security Set Up in R12

    We are working with a 3rd party consulting organization to implement Role Based Access Control in E-Business Suite R12. We have approximately 50 users and with 35 responsibilities today and are currently in the process of designing our role based security set up. In advance of this the consulting company has provided us with effort estimates to cutover from the current responsibility structure to RBAC. We are told this must be done while all users are off the system. The dowtime impact to the business is very high, expecially considering our small user base.
    With RBAC cutover downtime estimates such as these I can't understand how any company larger than ours could go live with it?
    Does anyone have previous Role Based Access Control implementation experience in EBS R11i or R12 and could provide some insight on their experience and recommendations, best practice for cutover to mitigate impacts to the business as we cannot accept the 90 hours of downtime outlined by the consulting company below?
    Disable users old assignments:
    *12.00 hours*
    Disable Responsibilities targeted for the elimination:
    *12.00 hours*
    Disable Responsibilities targeted for the elimination:
    *16.00 hours*
    Setup OUM options and profiles:
    *6.00 hours*
    Setup Roles and Hierarchies:
    *14.00 hours*
    Grant Permissions:
    *12.00 hours*
    Setup Functional Security and disable the obsolete responsibilities:
    *12.00 hours*
    Setup Data Security and disable the obsolete data accesses:
    *6.00 hours*
    Total *90 hours*
    Note - all activities must be performed sequentially*
    Any advice or experiences you could share would be extremely valuable for us. Thank you for taking the time advance to review & respond.

    On Srini`s comments "Creating Roles.. will have to be done manually "... I would like to know will the same approach be followed for PRODUCTION instance also. Say if we need to create 35 responsibilities and 50 roles so should this be done manually in PRODUCTION.
    I have not worked on this but I know that in my previous company this was done using scripts. Need to find more on this.

  • How to make the KM Navigation iview role based

    Hi all,
    Can someone tell me how to make the KM navigation iview role based?
    First of all, is this possible? What I am trying to achive is display certain links for a user group and certain other links for another user group.
    Please guide me.
    Ashwini.

    Hi Ashwini,
    Can someone tell me how to make the KM navigation iview role based?
    >>>>>>>>>>>>>><i>You can have a Navig. iView in your own folder..Attach this iView to a page --> page to workset --> workset to a role. SIMPLE!</i>
    <b><u>Try this:</u></b>
    Have 2 iViews, 2 pages, 2 worksets, 2 usergroups (ug1 & ug2 (<i>say</i>))..
    Also, you have to separate your news links in 2 folders (folder1 & folder2):
         <b>iView1</b> --> links from <i>folder1</i> (for user of <b>ug1</b>)
         <b>iView2</b> --> links from <i>folder2</i> (for user of <b>ug2</b>)
    Hope it helps!
    Regards,
    SK.

Maybe you are looking for