Reseeding cache for users with role based security
I have role based security and trying to set up cache by purging all cache and later seeding cache by query. The query would be different for different users. What is the best way to purge all cache and reseed cache for administrator as well as all users. The EPT would purge cache based on updated tables. But how do I next go about reseeding cache for better performance to all the users. Thanks.
I have created an ibot with the following:
General - Normal Priority, Personalized (recipient's data visibility)
Conditional Request - example_report
Schedule - some schedule
Recipients - Me(administrator) and User1
Destinations - Oracle BI Server cache
when the ibot runs 2 cache entries are created (for the 2 recipients).
I have the report (example_report) on the dashboard (1 dashboard, 1 page, 1 report).
After the ibot runs:
When the administrator logs in first, there is a cache hit on the report. Followed by when the User1 logs in there is NO cache hit.
On the other hand when the User1 logs in first, there is a cache hit on the report. Followed by when the administrator logs in there is no cache hit. The query log creates a Query issued to the database instead of cache hit on query.
The User1 has a data level security.
Please let me know where was I making an error in setting the ibot and how to get the cache seeding work for the different users with different role based security.
Thanks for your inputs.
Similar Messages
-
What is the mean of using Portal with Role Based security as entry point
Hi Experts we have requirement of integration of Portal and MDM
I am completely new to the MDM. So please give me some idea , what is the meanin for following points.
1) Using the Portal with Role Based security as entry point for capacity and Routing Maintaince(These two are some modules).
2) Additionally , Portal should have capability to enter in to the MDM for future master data maintence. Feeds of data will need to be come from SAP 4.6c
Please give me the clarity of what is the meanin of second point
Regards
VijayHi
It requires the entire land scape like EP server and MDM server both should be configured in SLD.
Your requirement is maintaing and updating the MDM data with Enterprise portal.We have some Business Packages to install in Portal inorder to access the functionality of MDM.
Portal gives you a secure role based functionality of MDM through Single sign on (login into the portal access any application) to their end users.
Please go through this link
http://help.sap.com/saphelp_mdmgds55/helpdata/EN/45/c8cd92dc7f4ebbe10000000a11466f/frameset.htm
You need to develope some custom applications which should be integrated into the portal to access MDM Server master data
The estimation involves as per your requirement clearly
Its depends upon the Landscape settings, Requirement complexity,Identify how many number of custom applications need to be developed
Regards
Kalyan -
Dear all
Please let me know how to get a report for the users created with the roles. I want the users created , roles assigned and the time stamp
I tried a lot but could'nt get the solution for this.
thanks and regards
RajaFound the solution finally. Custom report with "*attribute changed contains role"*
And action =create, bulkcreate, provision
Thanks and regards -
How add Authorization check for user with assigened role for t.code-MIR4
Hi All,
Regarding authorization how to check authorizations check for user whith assigned roles for the t.code MIR4 using ABAP.
In Detail:2) All users are allowed to go to MIR4(invoice number), But ONLY for users with role: MM_RELEASE_INVOICE can proceed to do the posting.
suggest me...
Thanks,
srii..Hi Sri ,
first u need to find out in which user rules u are using this object , after that if u want to restrict users then remove create/change values from that object values .
make use of Tcode SUIM to find out all roles which are using this Object.
or
ask ur basis guy to remove authorizations to create/change....
regards
Prabhu -
R12: Role based security : Hiding a button in OAF page for roles
Hi All,
We have a requirement where in which, we have to hide a "Create" button in AR customer search form for some roles ... we have implemented UMX - Roles based security in our project and we cant hide it based on user or resp ...
Any ideas ... Is it feasible with this new featue of RBAC?
Thanks and Regards,
SenthilHi Ajay,
metalink note 2778881.1 is discussing "Page access tracking report".
but here i want to implement access restrictions to a particular page.
Regards,
Naren. -
Error in Role Based security using weblogic 9
Hi All,
Currently I am working with Weblogic Server 9. I am trying to use role based security. Below is the entries for web.xml.
<security-constraint>
<web-resource-collection>
<web-resource-name>Success</web-resource-name>
<url-pattern>/form.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>INTEGRAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
When I am calling form.jsp from the browser it is asking for the username and password, but after giving the username and password it is showing the followig error:
Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
So can any one provide me the solution for the above problem.
Thanks in advance.
By,
Sandip PradhanHere is a blog post for the backend (WebLogic Admin GUI) http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-role.html and a blog post for the web.xml in your project http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-ear.html.
-
RBAC / Role Based Security Set Up in R12
We are working with a 3rd party consulting organization to implement Role Based Access Control in E-Business Suite R12. We have approximately 50 users and with 35 responsibilities today and are currently in the process of designing our role based security set up. In advance of this the consulting company has provided us with effort estimates to cutover from the current responsibility structure to RBAC. We are told this must be done while all users are off the system. The dowtime impact to the business is very high, expecially considering our small user base.
With RBAC cutover downtime estimates such as these I can't understand how any company larger than ours could go live with it?
Does anyone have previous Role Based Access Control implementation experience in EBS R11i or R12 and could provide some insight on their experience and recommendations, best practice for cutover to mitigate impacts to the business as we cannot accept the 90 hours of downtime outlined by the consulting company below?
Disable users old assignments:
*12.00 hours*
Disable Responsibilities targeted for the elimination:
*12.00 hours*
Disable Responsibilities targeted for the elimination:
*16.00 hours*
Setup OUM options and profiles:
*6.00 hours*
Setup Roles and Hierarchies:
*14.00 hours*
Grant Permissions:
*12.00 hours*
Setup Functional Security and disable the obsolete responsibilities:
*12.00 hours*
Setup Data Security and disable the obsolete data accesses:
*6.00 hours*
Total *90 hours*
Note - all activities must be performed sequentially*
Any advice or experiences you could share would be extremely valuable for us. Thank you for taking the time advance to review & respond.On Srini`s comments "Creating Roles.. will have to be done manually "... I would like to know will the same approach be followed for PRODUCTION instance also. Say if we need to create 35 responsibilities and 50 roles so should this be done manually in PRODUCTION.
I have not worked on this but I know that in my previous company this was done using scripts. Need to find more on this. -
JHeadStart Security problem-error page cannot be found- role based security
JHeadStart Security problem-error page cannot be found- role based security
Good morning! How are you? I would need some help in a jheadstart 10.1.3.2 security case and I was wondering if you could give me a hand to go on. I create the Model project with tables of oe schema. Then in JHeadStart to perform security I follow the following steps: In ViewController/WEB-INF/web.xml – properties I do the following: login configuration: http basic authentication rfc 7617: realm:jazn.com
Security roles : I define two roles: customer and administrator , Security Constraints: web_resources: All_pages, Url Patterns: faces/*. Then in Tools/Embedded OC4J Preferences/Global/Authentication JAZN/Realms/jazn.com/users: I define two users c1, password c1 and a1,password a1, roles/member users/ I attribute the roles to the relevant users c1—customer and a1—administrator. Then in application definition editor on service level I define security/use role based authorization=true , authorization type: JAAS and when access denied go to next group=true. On group level e.g.: ProductInformation: Authorization/Authorized Roles Permissions: administrator.On item level : Orders/Items/OrderTotal/Operations/Update Allowed: #{jhsUserRoles['administrator']},Then I generate the pages (run the jag) . The generation is completed successfully but when I run the View Controller project a “the website declined to show this webpage…(page cannot be found)’ is displayed. What should I do? I would appreciate it if you would help me on this issue! Thank you very much.Thand you very much for your reply! Unfortunately there is a specific restriction-convention in the project I work in. I am supposed to perform role based security with my own tables and no by the jheadstart’s ones. Could you find out what is my fault with the steps I follow trying to perform the process?
To remind you my steps I paste the following again:
JHeadStart Security problem-error page cannot be found- role based security
Good morning! How are you? I would need some help in a jheadstart 10.1.3.2 security case and I was wondering if you could give me a hand to go on. I create the Model project with tables of oe schema. Then in JHeadStart to perform security I follow the following steps: In ViewController/WEB-INF/web.xml – properties I do the following: login configuration: http basic authentication rfc 7617: realm:jazn.com
Security roles : I define two roles: customer and administrator , Security Constraints: web_resources: All_pages, Url Patterns: faces/*. Then in Tools/Embedded OC4J Preferences/Global/Authentication JAZN/Realms/jazn.com/users: I define two users c1, password c1 and a1,password a1, roles/member users/ I attribute the roles to the relevant users c1—customer and a1—administrator. Then in application definition editor on service level I define security/use role based authorization=true , authorization type: JAAS and when access denied go to next group=true. On group level e.g.: ProductInformation: Authorization/Authorized Roles Permissions: administrator.On item level : Orders/Items/OrderTotal/Operations/Update Allowed: #{jhsUserRoles['administrator']},Then I generate the pages (run the jag) . The generation is completed successfully but when I run the View Controller project a “the website declined to show this webpage…(page cannot be found)’ is displayed. What should I do? I would appreciate it if you would help me on this issue! Thank you very much. -
Role-Based Security In SQL Server Reporting Services
Hi
I have created Reports,
Now I need to assign Role-Based Security, ie like some particular clients can access only some particular report.
http://localhost/reports/Pages/Folder.aspx
Here in the above link i can see the property tool bar where i need to set the user assignement roles.
could any one please help me out how to set different login assigned to a set of report.
Or is there any tutor links for this.
Thanks a lot.
ShanCreate folders under the Home page (the link you have there). For each folder set group athentication (AD) or harder managed, user account roles for the folders and the reports under the folder.
If you set security at that home level you will not be able to control what reports they see or can't see. You'll need to go all the way to the folder/report level.
It's also not best practice to deploy reports directly to the home level. Not best practice in it creating a very hard to manage security level. Think of the levels in security as such to SQL Server. Set the connect to sql level, database level and then down to the objects in them. Same priciples apply to SSRS.
Here is a cast going through some security settings as well http://technet.microsoft.com/en-us/sqlserver/dd391734.aspx fro creating your roles and utilizing them
Ted Krueger Blog on lessthandot.com @onpnt on twitter -
How to Control authorization for users with certain status for level 2 WBS Element
Dear All,
Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
Pre-requisite:
There is only 2 level of project i.e.
Lev_ WBSE_______Description
1___ 7-14.E_______summay outage controller
2___ 7-14.E.2310__ Plant/unit # 2310
2___ 7-14.E.2310__ Plant/unit # 2220
Project Controller (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
User ID_ Plant #
123345_ 2310
122455_ 2220
Issue:
After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
Solution required:
Can any one tell how to control this scenario either by standard or enhancement available to control authorization
BR
Saqib UsmanHi,
Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
Thank you and regards,
Varshal Kachole
The SCN Rules of Engagement -
Error in Associating the Oracle Cache Administration user with the Cache Database
hi good eve,
i have done Configuration on the Oracle Database such as
1.create tablespace ttusers
2.running initCacheGlobalSchema.sql
3.creating cache administration user with username cacheadm
4.running grantCacheAdminPrivileges.sql
5.granting object privileges on tables to cacheadm
on Setting Up a Cache Database
i already created cache database my_ttdb
here i created and granted the cacheadm user as admin
then
{code}
Command> connect "dsn=my_ttdb;uid=cacheadm;oraclepwd=cacheadm";
Enter password for 'cacheadm':
Connection successful: DSN=my_ttdb;UID=cacheadm;DataStore=C:\TimesTen\DataStoreP
ath\my_ttdb;DatabaseCharacterSet=AL32UTF8;ConnectionCharacterSet=US7ASCII;DRIVER
=C:\TimesTen\TT1122~1\bin\ttdv1122.dll;LogDir=C:\TimesTen\logs;PermSize=40;TempS
ize=32;TypeMode=0;OracleNetServiceName=XE;
(Default setting AutoCommit=1)
con1: Command> call TTCACHEUIDPWDSET('cacheadm','cacheadm');
5220: Permanent Oracle connection failure error in OCIServerAttach(): ORA-12154
: TNS:could not resolve the connect identifier specified rc = -1
5935: Could not validate Oracle login: uid = CACHEADM, pwd = HIDDEN, OracleNetS
erviceName = XE, TNS_ADMIN = "C:\TimesTen\TNS_AD~1", ORACLE_HOME= ""
The command failed.
{code}
can you please help in solving this problem sir....
thanking you,
prakashTHe main issue is this:
TNS:could not resolve the connect identifier specified rc = -1
TimesTen is not able to resolved the TNS name 'XE'. You need to be sure that (a) your TimesTen instance is correctly configured with the correct value for TNS_ADMIN. This should have been specified at install time but if not you can change it by running ttModInstall as the instance administrator. You will need to shutdown the main daemon and re-start it after making this change. Also, all users who will access Timesten need to have the environment variable TNS_ADMIN, set to the right value, present in their environment.
Chris -
Sun Convergence for user with disabled calendar service
I have Communication Suite 7 installed with the "Sun Convergence" web interface.
I create a test user with a disabled calendar service (service package platinum).
The user test logged in in Sun Convergence web interface and I'm surprised,
that the calendar for him is available.
How can I disable the calendar view in Sun Convergence for user with disabled calendar service?
Thank you.petrahu wrote:
I'm getting the expected result with a service package for mail and calendar,
e.g. mercury, and setting the status of calendar service to inactive or disabled.The behaviour you are seeing is both "expected" (i.e. as per the current Convergence design) and "unexpected" (i.e. doesn't make sense from a DA service provisioning perspective). It is a real "can-o-worms".
The problem stems back to the "local.autoprovision" functionality provided at the Calendar Server end (enabled by default):
http://docs.sun.com/app/docs/doc/819-4654/acajh?l=En&a=view
"The first time a user logs in, the user's LDAP entry in updated to add calendar service, and a default calendar is created. The user entry must already exist in the LDAP directory. If it does not, an error is returned."
So even if the calendar service has not been granted at the Delegated Administrator end, the calendar server will "helpfully" add the required objectclasses/attributes when a client (such as Convergence) attempts to login as that user.
This means Convergence cannot automatically assume a user is not able to access the Calendar service based on the users current objectclass/attribute settings.
This leads to an existing bug for Convergence:
Bug#6871400 - "Mail only user is able to access the calendar service"
I've also created a new Change Request for Calendar Server:
RFE#6898717 - "local.autoprovision should be disabled by default"
Please raise this issue with Sun support (log a support request) if you believe the current behaviour is confusing/needs changing (i.e. fix the bug/RFE above).
Regards,
Shane. -
How to make form field read only for users with certain permissions
We need to make two form fields read only for users with certain permissions. Kindly guide me on how to do this in Infopath. I searched and there is an option to disable to the column, but no option to select user permissions.
Please give your suggestion on this.
thanks.Hi,
See the link below:
http://info.akgroup.com/blog-0/bid/69277/InfoPath-Restrict-visibility-to-users-in-a-SharePoint-Group
Here you can add the fomatting action on the field to disable the field if those users belong to certain Sharepoint group (does not matter the permission levels though). Hope it helps.
Regards, Kapil ***Please mark answer as Helpful or Answered after consideration*** -
Why Segment shrink is not supported for tables with function-based indexes
As we all know , Segment shrink is not supported for tables with function-based indexes.
But i'm very confused .
Why Segment shrink is not supported for tables with function-based indexes ?? what's its essential?Creating a function based index creates a hidden virtual column (you'll see it if you query user_tab_cols) and once you index a virtual column you can no longer shrink the table:orcl> create table t1(c1 number,c2 as (c1 * 2)) segment creation immediate;
Table created.
orcl> alter table t1 enable row movement;
Table altered.
orcl>
orcl> alter table t1 shrink space;
Table altered.
orcl> create index i2 on t1(c2);
Index created.
orcl> alter table t1 shrink space;
alter table t1 shrink space
ERROR at line 1:
ORA-10631: SHRINK clause should not be specified for this object
orcl>so the issue is not with function based indexes per se, it is a level beneath that. Perhaps because the virtual column has no physical existance, when the row is moved there is no reason for Oracle to realize that an index needs updating? I haven't attempted to reverse engineer this, I would be interested to know if anyone else has. -
Performance tab not working in Enterprise Manager for user with dba role
Database: 11g2
New to Oracle. Don't want share SYS user account among dbas. Tried to create user with dba role to perform all tasks.
1. Removed DBMS_JOB, DBMS_LOB, UTL_FILE, UTL_HTTP, UTL_SMTP, and UTL_TCP from PUBLIC
2. Created user dbauser1 with dba role
3. Log in as dbauser1 in Enterprise Manager
After click Performance tab, it just went straight to "Database Login" page. No error message.
Any suggestions or advice will be appreciated.
piaomaHi Gourav,
This is the wsdl url:
http://hostname:8000/sap/bc/srt/wsdl/bndg_E04711310A0E55F1A0E3005056B03D6F/wsdl11/allinone/ws_policy/document?sap-client=450
Kind Regards,
Richard
Maybe you are looking for
-
At my wits end with Bt usage monitor
I keep getting emails stating I have gone over my broadband usage stating I'm using 100+gb in a month. I know this is not the case as I have been logging into my homehub which tells a different story. It has been connected solid for 15 days and I hav
-
With FF v.3 I could place links to oft-used websites in the right-click expanded Firefox icon on the task bar. It appears that Firefox v. 4 no longer provides for that feature. Can it be done some other way? Otherwise I have to open my FF homepage an
-
hello I want to copy a file in server to my local pc through my forms menu. I am using developer 6.0 In the menu I give this statement host ('copy \\ibm-netfinity5k\developers\pro\help\*.* C:\MTB-ERP\*.*') ; I am unable to copy the files. There is no
-
Rollup in cube is taking very long time (BW 3.5)
Hi, Rollup in one of our cube is taking a long time from what it is expected. Previously this rollup was taking 2-3 hrs but now it is taking more than 8 hrs. To solve this I even tried compressing the cube till last month but of no use. (this worked
-
Change Report Title for an RDL
I have deployed an SSRS report to Sharepoint 2013 that has a name I do not want to display to the users. I tried entering the desired name of the report in the Title field of the properties page for the RDL but it did not make any change to what the