UWL : Multiple providers, restrict user to few.

Similar Messages

• How to restrict user marking same events in multiple times.

  Hi,
  In my online exam system, I am displaying the questions and related answer in jsp page. Once user fill all this questions, the result of these stored in final table containing column questonNo, userid, answer, testname.
  Now in my application if any user goes back to the question displaying page after submitting same questions, he can change the answer selected in first attempt and submitting again the test, the result are stored in final table. I.e. for same question no. user is now able to answer in two times. I want to restrict user for answering test in second times.
  How can I achieve this?
  Any suggestion is highly appreciated?
  Thanks and Regards
  Harshal

  Hi Hari,
  with you suggested logic can i restrict user marking one question in multiple times,
  My target is once user submit any questions teh control will be transferred to the next page.Now he/she could not able to submit the same questions with another answer or the same answer also which is possible in my application by going back to these page using back button .so that i can get only one record for particular questions in table final.
  Thanks and Regards
  Harshal
  Edited by: HARSHAL_GURAV on Aug 20, 2008 12:15 AM

• Best Practice in maintaining multiple apps and user logins

  Hi,
  My company is just starting to use APEX, and none of us (the developers) have worked on this before either. It is greatly appreciated if we can get some help here.
  We have developed quite a few applications in the same workspace. Now, we are going to setup UAT and PRD environments and also trying to understand what the best practice is to maintain multiple apps and user logins.
  Many of you have already worked on APEX environment for sometime, can you please provide some input?
  Should we create multiple apps(projects) for one department or should we create one app for one department?
  Currently we have created multiple apps for one department, but, we are not sure if a user can login once and be able to access to all the authenticated apps.
  Thank you,
  LC

  LC,
  I am not sure how much of this applies to your situation - but I will share what I have done.
  I built a single 700+ page application for my department - other areas create separate smaller applications.
  The approach I chose is flexible enough to accomdate both.
  I built a separate access control application(Control) in its own schema.
  We use database authenication fo this app - an oracle account is required.
  We prefer to use LDAP for authentication for the user applications.
  For users that LDAP is not option - an encrypted password is stored - reset via email.
  We use position based security - priviliges are based on job functions.
  We have applications, appilcations have roles , roles have access to components(tabs,buttons,unmasked card numbers,etc.)
  We have positions that are granted application roles - they inherit access to the role components.
  Users have a name, a login, a position, and a site.
  We have users on both the East Coast and the West Coast, we use the site in a sys_context
  and views to emulate VPD. We also use the role components,sys_contexts and views to mask/unmask
  card numbers without rewriting the dependent objects(querys,reports,views,etc.)
  The position based security has worked well, when someone moves,
  we change the position they are assigned to and they immediately have the privileges they need.
  If you are interested I can rpovide more detail.
  Bill

• Restricting user to exclude values in selection screen

  Hi Everybody,
  I am facing a problem with f.m SELECT_OPTIONS_RESTRICT.
  I want to restrict user, so that he will only be able to exclude values (single, multiple or range) from a selection-option.
  The code snippet is as follows:
  item messages -> restrict selection
    opt_list-name = 'EXCLUDE'.
    opt_list-options-ne = 'X'.
    opt_list-options-nb = 'X'.
    APPEND opt_list TO restrict-opt_list_tab.
    ***-kind = 'B'.
    ***-name = 'A2'.
    ***-sg_main = 'I'.
    ***-sg_addy = ' '.
  ***-op_main = 'EXCLUDE'.
    ***-op_addy = 'EXCLUDE'.
    APPEND *** TO restrict-***_tab.
    CALL FUNCTION 'SELECT_OPTIONS_RESTRICT'
      EXPORTING
      PROGRAM                      =
        restriction                  = restrict
      DB                           = ' '
      EXCEPTIONS
       TOO_LATE                     = 1
       REPEATED                     = 2
       SELOPT_WITHOUT_OPTIONS       = 3
       SELOPT_WITHOUT_SIGNS         = 4
       INVALID_SIGN                 = 5
       EMPTY_OPTION_LIST            = 6
       INVALID_KIND                 = 7
       REPEATED_KIND_A              = 8
       OTHERS                       = 9
  But this is only including the single multiple and range value. Can anyone throw some light on it?
  Thanks
  Samit

  I took a look at the documentation of this FM to confirm what I was thinking:
  "You can also disable the function allowing users to enter values to be excluded from the selection (SIGN = 'E')."
  So I think this is trying to tell us that we can turn off the ability for the user to enter "exclude" but we cannot turn off the option for the user to enter "include" options.
  When you set ***-sg_main = 'I', it means that only "include" options are allowed.
  I think you will need to do your own validation.
  In the event AT SELECTION SCREEN you can do a LOOP on your selection option name and validate the users selections:
  LOOP AT SO_MINE.
    IF SO_MINE-SIGN NE 'E'.
      SET CURSOR FIELD 'SO_MINE-LOW'.
      MESSAGE E123.
    ENDIF.
  ENDLOOP.
  It has been awhile since I used this FM so please let us know how it goes.

• How to restrict user to not enter same value in tabular form

  Greetings !
  i m asking second time the questiion because i was not answered preivously, so please dont mind if it is a duplicate one,
  question was: i created tabular form as shown in example.
  i want to validate username as you see in my example to restrict user to enter the same value in username field before submit page.
  e.g when user is entering data as u see test in username in first row, when he/she goes to second row and type the same username like test " message will appear or restrict user that already typed or in use"..
  http://apex.oracle.com/pls/apex/f?p=45296:1:22797340776918:::::
  this all be done on typing before submit record.
  please gudie

  Hi,
  i m asking second time the questiion because i was not answered preivously, so please dont mind if it is a duplicate one,question was: i created tabular form as shown in example.
  i want to validate username as you see in my example to restrict user to enter the same value in username field before submit page.
  e.g when user is entering data as u see test in username in first row, when he/she goes to second row and type the same username like test " message will appear or restrict user that already typed or in use"..
  http://apex.oracle.com/pls/apex/f?p=45296:1:22797340776918:::::
  this all be done on typing before submit record.>
  Stick the below code in the Page Header > Javascript > Execute when Page Loads field.
  $('[input[name="f03"]').blur(function(){
    if ($('input[name="f03"][id!="'+$(this).attr('id')+'"]').val() == $(this).val()) {
       alert('Duplicate Entry.');
       var x = $(this).attr('id');
       setTimeout("(function(p){$('#'+p).focus();})('"+x+"')",100);
  })Note :
  a.f03 is the "name" of your username column in the Tabular form.
  b. This validates only the displayed values . If your Tabular Form has multiple pages then all the rows not currently displayed will be ignored.
  Cheers,

• Allowing Multiple Login of users in Production system

  Hello,
  In my office there are total 4 employes which all use SAP but they all use one username and password so it isn't possible for them to work at same time. Only one employe can work, then after he completes his task he must log-off, and then other employe logs-in and so on... So Multiple Logon option is disabled. I would like to enable Multiple Logon option but as I read it somewhere Mult.logons in productions system of users musbe set to off?
  I am not sure what do do because I need to have option for employes to lgoin at the same time with one username/password.
  If this is not possible is there any other way to achieve this? Also is there any way that one employe can enter/view data and other three employes can login at same time only to view data?
  Any help is appreciated and <removed_by_moderator> !
  Greetings,
  Adi
  Edited by: Julius Bussche on May 30, 2011 4:28 PM

  P1071191 wrote:
  Hi,
  >
  > In the default parameter, set the paramater login/multi_login_users,
  >
  > Set the value of this paramater login/multi_login_users UID1, UID2, UID3, UID4.
  >
  > May this solve your problem.
  >
  > Regards,
  > Vinod.
  >
  > Edited by: gvk1305 on May 31, 2011 8:36 AM
  gvk1305 wrote:
  Hi,
  >
  > In the default parameter, set the paramater login/multi_login_users,
  >
  > Set the value of this paramater login/multi_login_users UID1, UID2, UID3, UID4.
  >
  > May this solve your problem.
  >
  > Regards,
  > Vinod.
  >
  > Edited by: gvk1305 on May 31, 2011 8:36 AM
  @Jurjen Heeck
  Hello Jurjen,
  I have no intention to voilate any of license agreement, I had to do it once in emergency.
  @David Berry
  Hi David,
  There are four users in my office but I am not sure of exact total number of SAP users in my company.
  @R. Voerman
  Thank you very much for this information. I will try this definetly. Could you tell when I enter this parameter, then
  multi_login_users option is ON, right?
  @Julius Bussche
  You can also assign it selectively to more users than the length of the system parameter field allows...
  Hello Julious,
  how do I this in transaction SU01, what do I need to change?
  It's no problem form me to change this parameter but I am not sure if this is good because of security issues?
  http://sap-basis-security.blogspot.com/2009/01/how-to-restrict-multiple-logons-of.html
  Note:
  "Multiple logons of users must be set to 1 in sap production systems. This can be allowed in DEV systems. But in production it must be restricted."
  Edited by: samnovice on May 31, 2011 10:27 AM

• GW8 HP1 Windows client - problems with restricted users

  I've reproduced these on a few clean WinXP and Windows 2003 systems in both a GW 7.0.3 upgrade scenario and fresh install of GW 8 HP1 scenario. I am curious if anyone else has been able to reproduce these:
  - Client ignores DefaultIPAddress and DefaultIPPort values for non-administrative users. If these are defined under HKEY_CURRENT_MACHINE\Software\Novell\GroupWise by the installer's setup.cfg, they are ignored when the user who is logged in is a non-administrative user. Administrative user profiles correctly pull these values but non-administrative users always try ngwnameserver. If the user profile is upgraded to an admin profile, then they start reading DefaultIPAddress and DefaultIPPort. This does not seem to be a permissions problem on the reg. keys themselves, as the values can be read by regedit when logged in as the user.
  - Client does not setup MAPI profiles for the Address Book for a non-administrative user. Windows Messaging configuration dialog opens if you try to use the Address Book. If the user account is upgraded to an admin, then the next GW startup will configure the profile correctly. Downgrading the user to a non-admin at that point allows the Address Book to continue to function.
  This also does not seem to be a permission problem writing to the MAPI profiles registry keys under HKCU\Software\Microsoft\Windows NT\Current Version\Windows Messaging Subsystem. I can manually import the correct keys when logged in as the restricted user and then the Address Book works without issue.
  It does not look like in both cases the GW client even attempts to access the registry keys in question as per RegMon.
  GW 7.0.3 client on the same equipment does not have a problem.
  Any thoughts? Any other issues people have seen running GW 8 as a non-administrative user?

  Originally Posted by elarsson
  I've reproduced these on a few clean WinXP and Windows 2003 systems in both a GW 7.0.3 upgrade scenario and fresh install of GW 8 HP1 scenario. I am curious if anyone else has been able to reproduce these:
  - Client ignores DefaultIPAddress and DefaultIPPort values for non-administrative users. If these are defined under HKEY_CURRENT_MACHINE\Software\Novell\GroupWise by the installer's setup.cfg, they are ignored when the user who is logged in is a non-administrative user. Administrative user profiles correctly pull these values but non-administrative users always try ngwnameserver. If the user profile is upgraded to an admin profile, then they start reading DefaultIPAddress and DefaultIPPort. This does not seem to be a permissions problem on the reg. keys themselves, as the values can be read by regedit when logged in as the user.
  - Client does not setup MAPI profiles for the Address Book for a non-administrative user. Windows Messaging configuration dialog opens if you try to use the Address Book. If the user account is upgraded to an admin, then the next GW startup will configure the profile correctly. Downgrading the user to a non-admin at that point allows the Address Book to continue to function.
  This also does not seem to be a permission problem writing to the MAPI profiles registry keys under HKCU\Software\Microsoft\Windows NT\Current Version\Windows Messaging Subsystem. I can manually import the correct keys when logged in as the restricted user and then the Address Book works without issue.
  It does not look like in both cases the GW client even attempts to access the registry keys in question as per RegMon.
  GW 7.0.3 client on the same equipment does not have a problem.
  Any thoughts? Any other issues people have seen running GW 8 as a non-administrative user?
  I've reproduced this now with the FCS GW 8 client as well.
  Also a point of clarification on the MAPI profiles -- in an upgrade scenario from GW 7 client, if the user profile previosuly existed on the machine and had the MAPI settings configured by the GW 7 client, then they will work fine with GW 8. The issue seems to only occur with new user profiles, logging into a machine as a non-administrative user. The GW 8 client does not create the proper registry keys for the MAPI profile under HKEY_CURRENT_USER and the Address Book does not function.

• Restrict users based on Customers

  Hi ,
  In ECC system, we have general requirements to restrict users based on customer account group where customer account group is represented as Site/Store.
  Possible values for Customer Account group -
  - Reference Store
  - Head Store
  - Wholly Owner Store etc.
  Till this point everything is fine. However, Client has few additional External Stores which are represented as one Dummy Site and Customers belonging to that store are actual external Stores.
  Example, we have additional Value for Customer Account Group -
  - Dummy Site
  And now all the Customers part of dummy site is actual stores and we are needed to drill down our restriction to this Customer (So called Stores).
  To restrict used based on customer account group/Stores, we can utilize F_KNA1_GRP with filed KTOKD (Customer Account Group). However, is it possible to create roles based on individual customers of these Stores?
  If yes, how can we do that? 
  P.S. I had a look at authorization object F_KNA1_BED with filed BRGRU. Can this object help us in fulfilling our requirement? Or there is any other SAP provided authorization object which can help us to restrict on Customer values?
  Thanks,
  Sheenam

  You could use F_KNA1_BED, I guess - but that would mean excessive maintenance of both: BEGRU and customers, if I understood your scenario correctly and you really, really want to break that down to single customers.
  It would be even more excessive to utilize F_KNA1_GRP. Can be done, though.
  Both solutions are completely un-elegant and I am not happy proposing them. But I am curious as a cat: what exactly is the business process expecting you to restrict access to customer data down to a single customer?
  Edited by: Mylène Dorias on Mar 24, 2010 8:39 AM

• Multiple Status Restrictions in BSVW

  Hi Experts,
     I want to trigger a workflow whenever a Maintenance order user status has been changed to some other staus.
  For this I have created a subtype Z_BUS2007 of BUS2007 and added that an event STAUSCHANGED to that subtype.
  I have also delegated the same. After that, in BSVW transaction I have added a row using StatusOT as ORI, Schema as WMSTATUS, BusinessOT as BUS2007 and event as STATUSCHANGED.
     I have used this event to trigger my workflow. When I gave one staus restriction the workflow is being triggred but it is not working when i am giving multiple status restrictions.
  Please help.
  Regards,
  Hariom

  Hello Hari !
           I developed a workflow for the same scenario.For this scenario, I didn't configure any thing in BSVW.  
           Instead I created an event "CHANGED" in ZBUS2007 and delegated to BUS2007.You can define the status restrictions with respect to triggering the workflow either using a check function module or creating s database attribute(Table : JEST, field : STAT).
           Still, if you want to use BSVW, the configuration required is :
           Status OT : ORI,Business OT : BUS2007, Event : CHANGED, Name :     Changed
  Regards,
  S.Suresh.

• Retrieving ALL values from a single restricted user property

  How can I retrieve ALL values of a single restricted user property from within
  a .jpf file?
  I want to display a dropdown list within a form in a JSP which should contain
  all the locations listed in the property 'locations'. I ever get just the default
  value when I access the property via
  ProfileWrapper pw = userprofile.getProfileForUser(user);
  Object prop = pw.getProperty("ClockSetup", "Locations");

  Well, the code you've got will retrieve the single value of the property
  for the current user. You're getting the default value because the
  current user doesn't have Locations property set, so the ProfileWrapper
  returns the default value from the property set.
  I assume you want to get the list of available values that you entered
  into the .usr file in Workshop. If so, I've attached a
  SetColorController.jpf, index.jsp, and GeneralInfo.usr (put in
  META-INF/data/userprofiles) I wrote for an example that does just this.
  It uses the PropertySetManagerControl to retrieve the restricted values
  for a property, and the jsp uses data-binding to create a list from that
  pageflow method.
  For a just-jsps solution, you can also use the
  <ps:getRestrictedPropertyValues/> tag. I've attached a setcolor-tags.jsp
  that does the same thing.
  Greg
  Dirk wrote:
  How can I retrieve ALL values of a single restricted user property from within
  a .jpf file?
  I want to display a dropdown list within a form in a JSP which should contain
  all the locations listed in the property 'locations'. I ever get just the default
  value when I access the property via
  ProfileWrapper pw = userprofile.getProfileForUser(user);
  Object prop = pw.getProperty("ClockSetup", "Locations");
  [att1.html]
  package users.setcolor;
  import com.bea.p13n.controls.exceptions.P13nControlException;
  import com.bea.p13n.property.PropertyDefinition;
  import com.bea.p13n.property.PropertySet;
  import com.bea.p13n.usermgmt.profile.ProfileWrapper;
  import com.bea.wlw.netui.pageflow.FormData;
  import com.bea.wlw.netui.pageflow.Forward;
  import com.bea.wlw.netui.pageflow.PageFlowController;
  import java.util.Collection;
  import java.util.Iterator;
  * @jpf:controller
  * @jpf:view-properties view-properties::
  * <!-- This data is auto-generated. Hand-editing this section is not recommended. -->
  * <view-properties>
  * <pageflow-object id="pageflow:/users/setcolor/SetColorController.jpf"/>
  * <pageflow-object id="action:begin.do">
  * <property value="80" name="x"/>
  * <property value="100" name="y"/>
  * </pageflow-object>
  * <pageflow-object id="action:setColor.do#users.setcolor.SetColorController.ColorFormBean">
  * <property value="240" name="x"/>
  * <property value="220" name="y"/>
  * </pageflow-object>
  * <pageflow-object id="action-call:@page:index.jsp@#@action:setColor.do#users.setcolor.SetColorController.ColorFormBean@">
  * <property value="240,240,240,240" name="elbowsX"/>
  * <property value="144,160,160,176" name="elbowsY"/>
  * <property value="South_1" name="fromPort"/>
  * <property value="North_1" name="toPort"/>
  * </pageflow-object>
  * <pageflow-object id="page:index.jsp">
  * <property value="240" name="x"/>
  * <property value="100" name="y"/>
  * </pageflow-object>
  * <pageflow-object id="forward:path#success#index.jsp#@action:begin.do@">
  * <property value="116,160,160,204" name="elbowsX"/>
  * <property value="92,92,92,92" name="elbowsY"/>
  * <property value="East_1" name="fromPort"/>
  * <property value="West_1" name="toPort"/>
  * <property value="success" name="label"/>
  * </pageflow-object>
  * <pageflow-object id="forward:path#success#begin.do#@action:setColor.do#users.setcolor.SetColorController.ColorFormBean@">
  * <property value="204,160,160,116" name="elbowsX"/>
  * <property value="201,201,103,103" name="elbowsY"/>
  * <property value="West_0" name="fromPort"/>
  * <property value="East_2" name="toPort"/>
  * <property value="success" name="label"/>
  * </pageflow-object>
  * <pageflow-object id="control:com.bea.p13n.controls.ejb.property.PropertySetManager#propSetMgr">
  * <property value="31" name="x"/>
  * <property value="34" name="y"/>
  * </pageflow-object>
  * <pageflow-object id="control:com.bea.p13n.controls.profile.UserProfileControl#profileControl">
  * <property value="37" name="x"/>
  * <property value="34" name="y"/>
  * </pageflow-object>
  * <pageflow-object id="formbeanprop:users.setcolor.SetColorController.ColorFormBean#color#java.lang.String"/>
  * <pageflow-object id="formbean:users.setcolor.SetColorController.ColorFormBean"/>
  * </view-properties>
  public class SetColorController extends PageFlowController
  * @common:control
  private com.bea.p13n.controls.ejb.property.PropertySetManager propSetMgr;
  * @common:control
  private com.bea.p13n.controls.profile.UserProfileControl profileControl;
  /** Cached possible colors from the User Profile Property Set definition.
  private String[] possibleColors = null;
  /** Get the possible colors, based upon the User Profile Property Set.
  public String[] getPossibleColors()
  if (possibleColors != null)
  return possibleColors;
  try
  PropertySet ps = propSetMgr.getPropertySet("USER", "GeneralInfo");
  PropertyDefinition pd = ps.getPropertyDefinition("FavoriteColor");
  Collection l = pd.getRestrictedValues();
  String[] s = new String[l.size()];
  Iterator it = l.iterator();
  for (int i = 0; it.hasNext(); i++)
  s[i] = it.next().toString();
  possibleColors = s;
  catch (P13nControlException ex)
  ex.printStackTrace();
  possibleColors = new String[0];
  return possibleColors;
  /** Get the user's favorite color from their profile.
  public String getUsersColor()
  try
  ProfileWrapper profile = profileControl.getProfileFromRequest(getRequest());
  return profileControl.getProperty(profile, "GeneralInfo", "FavoriteColor").toString();
  catch (P13nControlException ex)
  ex.printStackTrace();
  return null;
  // Uncomment this declaration to access Global.app.
  // protected global.Global globalApp;
  // For an example of page flow exception handling see the example "catch" and "exception-handler"
  // annotations in {project}/WEB-INF/src/global/Global.app
  * This method represents the point of entry into the pageflow
  * @jpf:action
  * @jpf:forward name="success" path="index.jsp"
  protected Forward begin()
  return new Forward("success");
  * @jpf:action
  * @jpf:forward name="success" path="begin.do"
  protected Forward setColor(ColorFormBean form)
  // set the color in the user's profile
  try
  ProfileWrapper profile = profileControl.getProfileFromRequest(getRequest());
  profileControl.setProperty(profile, "GeneralInfo", "FavoriteColor", form.getColor());
  catch (P13nControlException ex)
  ex.printStackTrace();
  return new Forward("success");
  * FormData get and set methods may be overwritten by the Form Bean editor.
  public static class ColorFormBean extends FormData
  private String color;
  public void setColor(String color)
  this.color = color;
  public String getColor()
  return this.color;
  [GeneralInfo.usr]
  [att1.html]

• How to restrict users from creation of varients in report transaction

  Hi All,
  I have a requirement where buisness wants to restrict users in creating varients in report transactions.because of create options users will be creating more screen varients which will be disturbing for the other users to select a particular standard varient.Kindly give ur input regarding this
  With regards
  Girish A

  Hi,
  First edit the role assigned to users using PFCG.
  Then go to Authorization tab and click on "Change Authorization Data".
  It will opened up the profile of the role. now find the authorization object "S_PROGRAM".
  In that edit "User action ABAP/4 program" object.
  Remove "VARIANT" check box if it was checked and save. Now press
  Generate button or "Shift+F5".
  That's it.
  You can ask for this to your basis team. They can perform this task  easily.

• Windows 2008 : How to Restrict Users to Copy file from Shared Folder

  Hello All,
  I need to Restrict Users to Copy file from Shared Folder. Please let me know is there any method to achieve this requirement.

  If user have Read permission, they can copy it. So actually you cannot restrict user from copy your files if they could read/edit.
  Some programs could help restrict users from edit/modify/copy the content of their files such as Office files, PDF files etc as Oscar said above.
  TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected]

• I forgot the passcode for restrictions, i read few suggestions here and tried the ibackupbot, but now i cannot find an o my previous backups in itunes

  i forgot the passcode for restrictions, i read few suggestions here and tried the ibackupbot, but now i cannot find an o my previous backups in itunes.it keeps saying cannot load sync services. i have reinstalled the latest itunes
  please help

  but its nothing there, no music, no apps nothing. i had upgraded to iitunes 11 and went back to 10.7 that is when i lost them. apparenty i havent lost contacts, photos.
  but i have backed them up previously. i was using ibackupbot and i can see them all there, but i cant install them back to my phone nor to itunes.

• How can we restrict users from changing the data in HFM.

  Hi All,
  We have requirement from users where, They don't want the base data being loaded from SAP to HFM via FDM through ERPi to get changed in HFM at <Entity Currency>. They want data to be read only and no body should be able to change neither Grid nor Forms and neither Smart View. If we restrict by Shared services access then again they can't change ownership management value.
  Regards,
  Sushil

  Hi Thanos, Thanks for your reply.
  Yes i am aware of the security class, so your suggestion is to use security classes to restrict users? And how can i use the phased submission for the same?  I am new to HFM so please bear with me.
  I have one more question that my Application is HFM EPMA application. So is it necessary to have Application Administrator to change hierarchy and Deploy the Application from EPMA?
  Thanks,
  Sushil

• How can i restrict user to access database object (procedure) or JSP

  Hi
  I have 9ias infrastructure 902, on win2k box with 9i DB.
  and I have one PL/SQL web application and another J2EE application both are hosted by 9ias 902.
  Now we are looking forward to couple both with SSO.
  I have deloyed samples of both and works fine.
  Each application have different set of users, i mean there is no common user.
  How can i restrict user not to view the web page which is not authorised to them.
  as far as i understand from the Grocery demo is pick the role (which is a string only) from OID and programaticall apply security via if else endif construct.
  can any one through light upto my concern.
  regards
  [email protected]

  Hey Mary
  No i haven't try to do that via pl/sql....
  as the our application is j2ee app... deployed in oc4j.. with sso and ldap....
  still finding to do so....
  what i have realized that LDAP is just to store user information in inverted tree... and one have to build separated access security mechnisum that will be applicable to j2ee system....
  thanx...
  samir....