2821 ACL for IP Range
We use an old Cisco 2821 at the internet edge for initial inbound traffic filtering. In an attempt to block certain provider networks that are a source of SPAM, we attempted to apply an ACL that included a range of addresses as follows:
access-list 110 deny ip host 198.20.160.0 0.0.31.255 255.255.255.255
This command was shorted to the following in the running config:
access-list 110 deny ip host 198.20.160.0 any
The ACL does not seem to work, as we are still seeing SPAM slip through on this range.
Any help is greatly appreciated.
Thank you for your time.
ACL's are in the form of :
access-list [###] [permit or deny] [protocol] [Source IP Network] [Source wilcard mask] [Destination IP Network] [Destination wildcard mask] [port (optional)]
When you use the keyword "host" that equals a wildcard mask 0.0.0.0 and then you do not need to put in the wilcard mask, just the host IP.
In your example, access-list 110 deny ip host 198.20.160.0 0.0.31.255 255.255.255.255, you was telling the router that you wanted to deny packets from a source single IP of 198.20.160.0 with a wildcard mask of 0.0.0.0 and a destination of 0.0.31.255 255.255.255.255 which is an invalid IP and mask.
Hope this helps.
You can read this article to help more - Here
Similar Messages
-
Inbound ACL for public VPN router
Hi all,
I have configured our VPN router for access for all our mobile clients. Our private VPN range is going to be 172.16.10.x/24. Do I need to add ACL permit rules for this range on our inbound ACL to all the inside LANs to facilitate access for the VPN users?
eg int S0/0/0
ip address 85.x.x.x
ip access-group 100 in
access-list 100 permit ip 172.16.10.0 0.0.0.255 192.168.1.0 0.0.0.255
If I understand things correctly, once the user connects, the VPN is tunnelled as far as the inside of the interface, so traffic passing through the VPN is encapsulated and hence wouldnt appear as a private IP?
All comments are greatly appreciated.
PaulSorry I mean to say you should not edit outside acl for vpn traffic for rest of the things you can do it.
Thanks
Ajay -
Cost Analysis Report - For a range of process orders
Dear all,
Is there a standard report available to get the cost analysis for a range of process order? COR3 --> Go to --> Cost --> Analysis. Here I can see the cost analysis for one report. But I wanted to get the cost analysis report for a range of process orders. Please help.
Thanks
NagarajanDear
You can use cost analysis report like
1.S_ALR_87099932 - Variances Between Costing Runs
2.S_ALR_87099931 - Price vs Cost Estimate
3.S_ALR_87099932 - Variances Between Costing Runs
5.KOC4
Regards
JH -
Interval 01 was not created for number range object HRTEM_REFN
Dear expert!
Now, I'm getting some issues in Training and event management module.
- The first, I created business event
- Second, I process to book for business event by tcode: PSV1 --> book --> book/payment info --> activity allocation.
But when I was booking, the system displayed error: "Interval 01 was not created for number range object HRTEM_REFN"
Help me, please!
Best regards, Huy!Go to the customization as below
Training and event mgt>Basic settings>Number range maintanence>Define number ranges for External operation
and maintain number ranges as 01 Internal
Hope ur problem will solve
with regards
partha -
Alternative to isblank for a range of cells
Hi,
I am trying to get a formula using countifs that will return the number of cells containing a checkbox with a "true" value if a related cell on a different row is not blank.
In my mind this would look somewhat like =countifs(checkbox range, true, isblank(range b), false)
Is there a function that does what isblank does for a range of cell? Or should I use another function?
Thanks for the help!Hello,
The above answers seemed alright but they do not get to the heart of the issue that I am having in trying to get summary data on a range of particular cells +determined by a condition+. For this purpose the SUMIFS and COUNTIFS functions are brilliant because you can isolate a range based on conditions; for example, getting rows with a particular string and number.
I have a long list of newspapers, each with a city, year and rank by population. There are about 10 decades and many different cities (which change as the rankings change), totaling over a thousand rows. The year, rank and city often repeat but the newspapers are all unique.
It was easy to count the number of newspapers by rank (or city) and year using COUNTIFS but there seems to be no corollary for the MAX (or LARGE) function. I need this because I have circulation numbers and I'd like to know what the MAX circulation is for each city (or rank) in each year.
This means I need to be able to pluck out a max value for a range of cells based on a calculation. It seems ridiculous to have to put in row numbers in: there should be a simple way to perform a test on a defined range using conditions.
Hopefully I am simply missing how that is done. Thanks ahead of time,
Jamil -
IPv6 ACLs for ZBFW with changing IPv6 prefix?
Hi all
Is there a trick to keep IPv6 ACLs for ZBFW working when the IPv6 prefix will change ?
Background:
6RD based residential internet access.
Provider has a /28 6RD-Prefix, and will append the whole 32bits of the DHCP assigned public IPv4 address, leaving a /60 to use at home. Inside should be subnet 0, DMZ should be subnet 1 from that /60.
A few of my DMZ IPv6 hosts should be reachable from the outside world on specific udp/tcp ports, without having to open the whole DMZ subnet towards the IPv6 internet.
No big deal, one would think...
zone security Z-INTERNET
description * the outside world *
zone security Z-DMZ
zone security Z-OUTSIDE
zone-pair security ZP-OUTSIDE-TO-DMZ source Z-OUTSIDE destination Z-DMZ
service-policy type inspect PMAP-INBOUND-TRAFFIC
policy-map type inspect PMAP-INBOUND-TRAFFIC
class type inspect CMAP-IN-TRACE-TRAFFIC
pass
class type inspect CMAP-IN-INSPECT-TRAFFIC
inspect
class class-default
drop log
class-map type inspect match-any CMAP-IN-TRACE-TRAFFIC
match access-group name ACLv6-ICMP-UNREACH <-- some ICMP listed in this ACL, irrelevant here
class-map type inspect match-any CMAP-IN-INSPECT-TRAFFIC
match access-group name ACLv6-INBOUND-TRAFFIC
Now.. what would I put into ACLv6-INBOUND-TRAFFIC? Manually setting...
ipv6 access-list ACLv6-INBOUND-TRAFFIC
sequence 10 permit tcp any host <MYcurrent6RDPREFIX>1::<$MYHOSTID> eq http
... works well, until MY6currentRDPREFIX becomes MYnew6RDPREFIX. It does so seldomly, but it does, especially after outages.
For adressing (and re-adressing) the DMZ interface, "ipv6 general prefix MY6RDPREFIX 6rd tunnel6" helps a lot and it works pretty well.
However, one cannot seem to make use of "ipv6 general prefix" in an ipv6 ACL, neither as source nor destination (and neither when defining a stateful DHCPv6 server, for that matter).
router6rd(config-ipv6-acl)#permit ip any ?
X:X:X:X::X/<0-128> IPv6 destination prefix x:x::y/<z>
any Any destination prefix
host A single destination host
router6rd(config-ipv6-acl)#
D'oh. What now?
I do know that scanning the whole /64 would take aeons to complete, but I would like to use predetermined addresses with SLAAC and stateless DHCPv6 (with the help of http://man7.org/linux/man-pages/man8/ip-token.8.html).
Opening the entire subnet makes me cringe, even more since these hosts are bound to be in some public DNS as well. For that matter, it becomes largely irrelevant if the Host-ID comes from ip-token, EUI-64, RFC7217 or privacy extensions (allright, the latter wouldn't quite apply here, I know.)
Am I caught in the "IPv6 is like IPv4 but with longer addresses" trap? Should I just do away with my wish to have only the given DMZ servers reachable, and open up the entire subnet?
Or: Is there a completely different way of doing ZBFW things in IPv6 that I didn't think of?
thanks for your thoughts and ideas.
MarcHi all
Is there a trick to keep IPv6 ACLs for ZBFW working when the IPv6 prefix will change ?
Background:
6RD based residential internet access.
Provider has a /28 6RD-Prefix, and will append the whole 32bits of the DHCP assigned public IPv4 address, leaving a /60 to use at home. Inside should be subnet 0, DMZ should be subnet 1 from that /60.
A few of my DMZ IPv6 hosts should be reachable from the outside world on specific udp/tcp ports, without having to open the whole DMZ subnet towards the IPv6 internet.
No big deal, one would think...
zone security Z-INTERNET
description * the outside world *
zone security Z-DMZ
zone security Z-OUTSIDE
zone-pair security ZP-OUTSIDE-TO-DMZ source Z-OUTSIDE destination Z-DMZ
service-policy type inspect PMAP-INBOUND-TRAFFIC
policy-map type inspect PMAP-INBOUND-TRAFFIC
class type inspect CMAP-IN-TRACE-TRAFFIC
pass
class type inspect CMAP-IN-INSPECT-TRAFFIC
inspect
class class-default
drop log
class-map type inspect match-any CMAP-IN-TRACE-TRAFFIC
match access-group name ACLv6-ICMP-UNREACH <-- some ICMP listed in this ACL, irrelevant here
class-map type inspect match-any CMAP-IN-INSPECT-TRAFFIC
match access-group name ACLv6-INBOUND-TRAFFIC
Now.. what would I put into ACLv6-INBOUND-TRAFFIC? Manually setting...
ipv6 access-list ACLv6-INBOUND-TRAFFIC
sequence 10 permit tcp any host <MYcurrent6RDPREFIX>1::<$MYHOSTID> eq http
... works well, until MY6currentRDPREFIX becomes MYnew6RDPREFIX. It does so seldomly, but it does, especially after outages.
For adressing (and re-adressing) the DMZ interface, "ipv6 general prefix MY6RDPREFIX 6rd tunnel6" helps a lot and it works pretty well.
However, one cannot seem to make use of "ipv6 general prefix" in an ipv6 ACL, neither as source nor destination (and neither when defining a stateful DHCPv6 server, for that matter).
router6rd(config-ipv6-acl)#permit ip any ?
X:X:X:X::X/<0-128> IPv6 destination prefix x:x::y/<z>
any Any destination prefix
host A single destination host
router6rd(config-ipv6-acl)#
D'oh. What now?
I do know that scanning the whole /64 would take aeons to complete, but I would like to use predetermined addresses with SLAAC and stateless DHCPv6 (with the help of http://man7.org/linux/man-pages/man8/ip-token.8.html).
Opening the entire subnet makes me cringe, even more since these hosts are bound to be in some public DNS as well. For that matter, it becomes largely irrelevant if the Host-ID comes from ip-token, EUI-64, RFC7217 or privacy extensions (allright, the latter wouldn't quite apply here, I know.)
Am I caught in the "IPv6 is like IPv4 but with longer addresses" trap? Should I just do away with my wish to have only the given DMZ servers reachable, and open up the entire subnet?
Or: Is there a completely different way of doing ZBFW things in IPv6 that I didn't think of?
thanks for your thoughts and ideas.
Marc -
Problem creating Network ACL for a ROLE in Oracle 11gR2
According to Oracle Documentation when you create a new Network ACL you can add privileges to a user or role. I need to create a new ACL for the UTL_SMTP package for a specific role, but when I granted it the users who have that role are still getting the "ORA-24247: network access denied by access control list (ACL)" error when they try to send an email. If I grant the ACL privilege to the same users directly it works fine. Is there any step I'm missing? This is the test I have made on my Solaris 10 - Oracle 11gR2 (11.2.0.3) Standard Edition server:
SQL*Plus: Release 11.2.0.1.0 Production on Wed Aug 21 09:31:52 2013
Copyright (c) 1982, 2010, Oracle. All rights reserved.
SQL> CONNECT system/******@testdb
Connected.
SQL> SET LINES 1000
SQL> SELECT * FROM v$version;
BANNER
Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
PL/SQL Release 11.2.0.3.0 - Production
CORE 11.2.0.3.0 Production
TNS for Solaris: Version 11.2.0.3.0 - Production
NLSRTL Version 11.2.0.3.0 - Production
SQL> COLUMN host FORMAT A20
SQL> COLUMN lower_port FORMAT 99999
SQL> COLUMN upper_port FORMAT 99999
SQL> COLUMN acl FORMAT A40
SQL> COLUMN acl FORMAT A40
SQL> COLUMN principal FORMAT A15
SQL> COLUMN privilege FORMAT A10
SQL> COLUMN is_grant FORMAT A8
SQL> COLUMN status FORMAT A10
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
no rows selected
SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
no rows selected
SQL> CREATE USER testacl IDENTIFIED BY testacl;
User created.
SQL> GRANT CONNECT TO testacl;
Grant succeeded.
SQL>
SQL> BEGIN
2 dbms_network_acl_admin.create_acl('test_smtp.xml','TEST SMTP ACL','TESTACL',true,'connect');
3 dbms_network_acl_admin.assign_acl('test_smtp.xml','localhost',25);
4 commit;
5 END;
6 /
PL/SQL procedure successfully completed.
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
HOST LOWER_PORT UPPER_PORT ACL
localhost 25 25 /sys/acls/test_smtp.xml
SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
ACL PRINCIPAL PRIVILEGE IS_GRANT
/sys/acls/test_smtp.xml TESTACL connect true
After creating this ACL I test it like this:
SQL> CONNECT testacl/testacl@testdb
Connected.
SQL> SELECT host, lower_port, upper_port, privilege, status FROM user_network_acl_privileges;
HOST LOWER_PORT UPPER_PORT PRIVILEGE STATUS
localhost 25 25 connect GRANTED
SQL> DECLARE
2 c utl_smtp.connection;
3 BEGIN
4 c := utl_smtp.open_connection('localhost', 25); -- SMTP on port 25
5 utl_smtp.helo(c, 'localhost');
6 utl_smtp.mail(c, 'Oracle11.2');
7 utl_smtp.rcpt(c, '[email protected]');
8 utl_smtp.data(c,'From: Oracle'||utl_tcp.crlf||'To: [email protected]'||utl_tcp.crlf||'Subject: UTL_SMTP TEST'||utl_tcp.crlf||'');
9 utl_smtp.quit(c);
10 END;
11 /
PL/SQL procedure successfully completed.
SQL>
This works fine and I receive the email correctly. Now if I try to do the same thing for a role:
SQL> CONNECT system/******@testdb
Connected.
SQL> BEGIN
2 dbms_network_acl_admin.drop_acl('test_smtp.xml');
3 commit;
4 END;
5 /
PL/SQL procedure successfully completed.
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
no rows selected
SQL> CREATE ROLE testacl_role;
Role created.
SQL> GRANT testacl_role TO testacl;
Grant succeeded.
SQL> ALTER USER testacl DEFAULT ROLE ALL;
User altered.
SQL>
SQL> BEGIN
2 dbms_network_acl_admin.create_acl('test_smtp.xml','TEST SMTP ACL','TESTACL_ROLE',true,'connect');
3 dbms_network_acl_admin.assign_acl('test_smtp.xml','localhost',25);
4 commit;
5 END;
6 /
PL/SQL procedure successfully completed.
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
HOST LOWER_PORT UPPER_PORT ACL
localhost 25 25 /sys/acls/test_smtp.xml
SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
ACL PRINCIPAL PRIVILEGE IS_GRANT
/sys/acls/test_smtp.xml TESTACL_ROLE connect true
SQL>
And now I test it again with the same user:
SQL> CONNECT testacl/testacl@testdb
Connected.
SQL>
SQL> SELECT host, lower_port, upper_port, privilege, status FROM user_network_acl_privileges;
no rows selected
SQL> DECLARE
2 c utl_smtp.connection;
3 BEGIN
4 c := utl_smtp.open_connection('localhost', 25); -- SMTP on port 25
5 utl_smtp.helo(c, 'localhost');
6 utl_smtp.mail(c, 'Oracle11.2');
7 utl_smtp.rcpt(c, '[email protected]');
8 utl_smtp.data(c,'From: Oracle'||utl_tcp.crlf||'To: [email protected]'||utl_tcp.crlf||'Subject: UTL_SMTP TEST'||utl_tcp.crlf||'');
9 utl_smtp.quit(c);
10 END;
11 /
DECLARE
ERROR at line 1:
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 267
ORA-06512: at "SYS.UTL_SMTP", line 161
ORA-06512: at "SYS.UTL_SMTP", line 197
ORA-06512: at line 4
SQL>
I'm aware that role privileges doesn't apply inside procedures, functions or packages by default, but this is an anonymous block so it should use the active roles for the user. I also tried adding a "dbms_session.set_role('TESTACL_ROLE');" at the beggining of the anonymous PL/SQL block but I got the same access error.
Thanks in advance for any help you can give to me on this question, it would be very hard to grant the ACL to all the individual users as they are more than 1000, and we create more regularly.Thanks for your quick reply... I don't have a problem creating the basic ACL with the privileges granted for a user. The problem appears when I try to create an ACL with privileges for a ROLE. You can see here http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_networkacl_adm.htm#BABIGEGG than the official Oracle documentation states that you can assign the ACL principal to be a user or role:
Parameter
Description
acl
Name of the ACL. Relative path will be relative to "/sys/acls".
description
Description attribute in the ACL
principal
Principal (database user or role) to whom the privilege is granted or denied. Case sensitive.
My issue is that when I try to create the ACL for a role it doesn't work.
Have you ever created an ACL for a role? if so please send me an example or let me know which step I might be missing. Cheers. -
Hi ,
I want to delete records only for a given range. Below is the script it deletes the records based on the given MP range.
And in this Switch table screen shot i have a switchID and ControlPointID column as main reference . For the given range only those records will be deleted. Now i want to delete a different table called SSDB_WIUDATA only for the controlpointIDs deleted on
this switch table. The scenario is ControlpointID will be same even out of the given range also.but switchID will be different So it was easy to delete the records in switch. But while deleting in WIU data i have WIUDataID and ControlPointID as main
column reference . How do i delete the values from WIUData only for the values deleted in switch table? Here ControlPoint ID will be same even out of the range also. So i should delete only within the range that is deleted in Switch table. I dont have Milepost
refernce also in WIU table.i have only ControlPointID as reference. Pls help me
IF (CURSOR_STATUS('global','Switch_cur')) >= -1
BEGIN
DEALLOCATE Switch_cur
END
DECLARE Switch_cur CURSOR FOR
Select SwitchID,ControlPointID FROM SSDB_Switch
WHERE Milepost BETWEEN @BeginMP AND @EndMP
AND SubdivisionID = @subdivisionID
OPEN Switch_cur
FETCH NEXT FROM Switch_cur INTO @SwitchID,@ControlPointID
WHILE (@@FETCH_STATUS=0)
BEGIN
set @Swi = (select Talon_LocEqup_ID from Mapping
where SSDB_ControlpointId_Asset_Id = @SwitchID and AssetType='PTC-Switch')
Delete from tbl_equipmentObjectPropertyValues
where equipmentObjectPropertyValue_object_guid_fk = ''+@Swi+''
Delete from tbl_objects
where object_guid_pk = ''+@Swi+''
DELETE from Mapping
where SSDB_ControlpointId_Asset_Id = @SwitchID
DELETE FROM SSDB_Clearancepoint
WHERE SwitchID = @SwitchID
DELETE FROM SSDB_TurnoutSpeed
WHERE SwitchID = @SwitchID
DELETE FROM SSDB_SwitchRelationship
WHERE SwitchID = @SwitchID
DELETE FROM SSDB_Switch
WHERE SwitchID = @SwitchID
FETCH FROM Switch_cur INTO @SwitchID,@ControlPointID
END ----Cur End
CLOSE Switch_cur
DEALLOCATE Switch_cur
DeepaBelow is the table structure of Switch and WIUData
CREATE TABLE SSDB_Switch (
SwitchID int IDENTITY PRIMARY KEY,
ControlPointID int,
WIUDataID int,
MilepostPrefix varchar(5),
MilepostSuffix varchar(5),
Milepost decimal(10,3) NOT NULL,
TrackName varchar(20) NOT NULL,
Latitude decimal(15,8) NOT NULL,
FOREIGN KEY(WIUDataID) REFERENCES SSDB_WIUData(WIUDataID),
FOREIGN KEY(ControlPointID) REFERENCES SSDB_ControlPoint(ControlPointID)
CREATE TABLE SSDB_WIUData (
WIUDataID int IDENTITY PRIMARY KEY,
ControlPointID int,
DeviceStatusTableID int NOT NULL,
BeaconFlag varchar(1) NOT NULL,
ConfigCRC varchar(8) NOT NULL,
EncryptedHmacKey varchar(64) NOT NULL,
WIUAddress varchar(64) NOT NULL,
WIUID decimal(12,0),
WIUName varchar(40),
WSRSType varchar(17),
InsertDate Datetime NOT NULL DEFAULT getdate(),
UpdateDate Datetime,
InsertUser varchar(50),
UpdateUser varchar(50),
FOREIGN KEY(ControlPointID) REFERENCES SSDB_ControlPoint(ControlPointID),
FOREIGN KEY(DeviceStatusTableID) REFERENCES SSDB_DeviceStatusConfiguration(DeviceStatusTableID),
FOREIGN KEY(BeaconFlag) REFERENCES SSDB_BeaconFlag(BeaconFlag),
FOREIGN KEY(WSRSType) REFERENCES SSDB_WSRSType(WSRSType)
Below is the screen shot for Switch for a range of 170 to 172 Milepost.For this range i have control point ID as 48. And even ControlPoint ID is same for 173 Milepost also. In switch i have deleted only for the range.
Below is the screenshot for WIU table . Here i have only ControlPointID as reference. Even in this table i should delete only the records deleted in switch table.
Deepa -
Hi,
we are trying to set define ACL for weblogic security for JSP
and could't manage to do it. In the online documentation there
are examples for servlets but not for html or jsp files.
How have to be defined the ACLs for jsp and html files ?
Thanks in advance.
GRIDSYSTEMS Bartolome Real Planells
See http://www.weblogic.com/docs51/admindocs/properties.html#urlacl for
details on setting ACLs on URLs...
Bartolome Real Planells wrote:
> Hi,
>
> we are trying to set define ACL for weblogic security for JSP
> and could't manage to do it. In the online documentation there
> are examples for servlets but not for html or jsp files.
>
> How have to be defined the ACLs for jsp and html files ?
>
> Thanks in advance.
>
> -------------------------------------------------------------------
> GRIDSYSTEMS Bartolome Real Planells
-
Enable/disable ACLs for a volume
where is the option enable/disable ACLs for a volume in leopard server 10.5x?
I searched in Server Admin and there Volumes … but I cant find this option which is described in this forum ?!Hi
By default Access Control Lists (ACLs) are enabled on Leopard Server (10.5). The situation was different on Tiger Server (10.4) as you had to enable ACLs for each mounted volume.
To disable ACLs on Leopard Server you have to use the command line:
sudo fsaclctl -p path -d disable
to disable and to enable:
sudo fsaclctl -p path -d enable
As with 10.4 you its a good idea to restart the server after disabling or enabling ACLs, otherwise ACLs won't take. Strictly speaking this should only be true of the Boot volume although in my view its worth doing it for any other mounted volume you are going to be using for sharing.
To display ACL status for all mounted volumes issue this command:
fsaclctl -a
for a specific volume its:
fsaclctl -p path
where path is the name of the volume - you can drag drop the desired volume into the terminal window to show its full path. For example you could have:
fsaclctl -p /
/ is terminal shorthand for the boot volume. Regardless of how you do it you should see something like this:
Access control lists are supported on /Volumes/Data HD
Tony -
InfoPackage ABAP Routine for Date Range - Only Start Date Extracted
I am using an ABAP Routine in an InfoPackage to select data for a 2 year period. The routine converts SY-DATUM into the Current Fiscal Year and Period, and then calculates the Starting and Ending Fiscal Year / Period of a 24 month period. The Start and End values are passed to the InfoPackage as l_t_range-low and l_t_range-high.
The Source and Target are both Basic Infocubes.
The InfoPackage executes successfully, and the Selection values on the Header tab of the monitor reflect a 24 month period. Unfortunately, on closer review of the data in the cube, only data for the first month appears to have been loaded. Im guessing that the extract was only performed with the From value, even though a To value was also provided.
I created a simple Infopackage and manually input the selection parameter values just to be sure I wasnt overlooking something. The InfoPackage performed as expected, loading more data which spanned the selection time period.
I can provide the code if it helps, but the fact that the monitor reflects a Start and End value suggests that the problem is with the InfoPackage, not the ABAP routine.
Has anybody ever experienced this before ? Any ideas would be greatly appreciated ?
Thanks,
LyleWe can write ABAP routine in Infopackage with a range of values (From & To). Make sure you fill all the following information while building the final range information as below,
l_s_range-sign = 'I'.
l_s_range-option = 'BT'.
l_s_range-low = lowvalue.
l_s_range-high = highvalue.
MODIFY l_t_range FROM l_s_range INDEX l_idx.
As you can see the key is passing the "BT" information for capturing range.
Hope it helps..
thanks
Kumar -
Need to update out put tax classifcation code for a range of items in Orac
Hi,
I need to update out put tax code for a range of items in Oracle EBS. At the moment we update tax code for individual items manually ubder invoice tab. Is there a better way to do this.
RegardsWhere can I find the mtl_system_items_interface table?Under INV schema.
R12 -- INV.MTL_SYSTEM_ITEMS_INTERFACE
http://etrm.oracle.com/pls/et1211d9/etrm_pnav.show_object?c_name=MTL_SYSTEM_ITEMS_INTERFACE&c_owner=INV&c_type=TABLE
11i -- INV.MTL_SYSTEM_ITEMS_INTERFACE
http://etrm.oracle.com/pls/trm11510/etrm_pnav.show_object?c_name=MTL_SYSTEM_ITEMS_INTERFACE&c_owner=INV&c_type=TABLE
Thanks,
Hussein -
RE: Acls for a particular users
Hi,
I want to get a list of Acls for a particular users. Can anyone tell me how
to achieve this. I am using the RDBMS Realm Implementation.
After user logs in, I want to present the user with a list of applications
that the user is authorized. To do this, I need to get a list of Acls for
this user. I tried to implement a method in the DefaultRealmExtender which
gets all the Acls and then checks for permission "execute". This works fine
when the jsp is displayed, but if I leave the browser for a while and then
refresh the page, the entire weblogic shuts down. After debugging, I found
out that it blows up when it tries to check the permission. Any help will be
appreciated.
Thanks,
Gajendra SanilHi VB,
Thanks for your response. But the applicant is still active for some of the Vacancies. I can't delete that person.
We can do this from the applicant from. NAv: Vacancies--> Applicants--> select the rejected applicants--> In the application tab there is one field called " Reconsider Applicant" If you select the reason you will be able to consider that applicant for that same vacancy but in the applicant tab i am not finding the reason field only for this applicant. I think this applicant perform some different step while he is with drewn the applicantion.
Joshna. -
Report for a range, need to sent individually for a distribution list
Hi,
I have requirement to run a concurrent request for range of values like for e g. conc program to print for a range POs and send Emails to a distribution lists. Right now we are able to generate .pdf output and enable Emailing thru XMLP. We are achieving this by calling a java wrapper program by defining a virtual printer. But thats not the solution, we need to take individual output for each PO and send EMails to respective distribution list. To my knowledge passing distribution list as parameter is not possible as only $profile$ parameters can only be passed.
Can anyone please give a solution on how to do this?
Thanks and regards,
- Rakesh Mudaliar
Message was edited by:
user533585Hi,
I have requirement to run a concurrent request for range of values like for e g. conc program to print for a range POs and send Emails to a distribution lists. Right now we are able to generate .pdf output and enable Emailing thru XMLP. We are achieving this by calling a java wrapper program by defining a virtual printer. But thats not the solution, we need to take individual output for each PO and send EMails to respective distribution list. To my knowledge passing distribution list as parameter is not possible as only $profile$ parameters can only be passed.
Can anyone please give a solution on how to do this?
Thanks and regards,
- Rakesh Mudaliar
Message was edited by:
user533585 -
Query: Setting ACL for Roles and Programmatic Approach
Hi All
I'm trying to setup ACL for Roles on WCC(11.1.1.8) server by following the blog https://blogs.oracle.com/kyle/entry/access_control_lists_for_roles using Framework folder and have few queries
Query 1:
Created new folder and associate enterprise roles under Role access list
1. Created a new folder 'MyFolder' with Security group 'Secure', owner 'weblogic'.
2. Assigned Role 'Deployers' under Role Access List with RW permissions.
3. In Admin console, associated user 'jcooper' with 'Deployers' group and 'jausten' with no group.
4. Logged in using 'jcooper' and able to assess 'Myfolder'.
5. Logged in using 'jausten' and also able to assess 'MyFolder'
Observation
Since user 'jausten' is not associated with 'Deployers' group, how can 'jausten' assess the folder? Am I missing some configurations here. Please let me know setup steps to achieve this functionality in desired manner.
Query 2:
Created a prototype using RIDC to create a folder programmatically and assigning RAL to the created folder
DataBinder requestData = client.createBinder();
requestData.putLocal("IdcService", "FLD_CREATE_FOLDER");
requestData.putLocal("fParentGUID", getFolderGUID("/"));
requestData.putLocal("fFolderName", "TestFolder");
requestData.putLocal("xClbraRoleList", ":Deployers(RW)");
ServiceResponse updateResponse = client.sendRequest(connectionContext, requestData);
Observation
Folder got created successfully, but 'Deployers' Role not assigned under Role access list.
Query 3:
Created a prototype using RIDC to assign enterprise roles to the existing folder
DataBinder requestData = client.createBinder();
requestData.putLocal("IdcService", "FLD_EDIT_FOLDER");
requestData.putLocal("fFolderGUID", getFolderGUID("/TestFolder"));
requestData.putLocal("path", "/TestFolder");
requestData.putLocal("xClbraRoleList", ":Deployers(RW)");
ServiceResponse updateResponse = client.sendRequest(connectionContext, requestData);
Observation
Role got associated with folder under Metadata section, whereas folder information section does not contain the reference of updated role e.g. Edit Folder Information section on WCC UI not showing the added role, whereas Edit Metadata values section of UI showing this role.
Please suggest what I'm missing in configuration/code and appropriate way to achieve the functionality.
Thanks.Thanks Jonathan!!
Query 2 and 3 answered by this setting and it worked fine.
Could you please also assist on Q.1
Query 1:
Created new folder and associate enterprise roles under Role access list
1. Created a new folder 'MyFolder' with Security group 'Secure', owner 'weblogic'.
2. Assigned Role 'Deployers' under Role Access List with RW permissions.
3. In Admin console, associated user 'jcooper' with 'Deployers' group and 'jausten' with no group.
4. Logged in using 'jcooper' and able to assess 'Myfolder'.
5. Logged in using 'jausten' and also able to assess 'MyFolder'
Observation
Since user 'jausten' is not associated with 'Deployers' group, how can 'jausten' access the folder?
Am I missing some config?
Maybe you are looking for
-
File Content Conversion(SenderFileadapter) fields parameters
Hi all I am doing aFile to File scenario, Using content Conversion at SENDER FILE adapter my source message type is as : <?xml version="1.0" encoding="UTF-8"?> <ns0:MT_Cnet_Source xmlns:ns0="http://abc.com/Cnet"> <<b>HeaderPayment</b>
-
IPad touchscreen issues, please help?
When typing with the onscreen keyboard or wireless keyboard it appears that certain keys are overly sensitive and will type same character 2-3 times even though I only lightly touch it. Annny (there is a perfect example) any suggestions appreciated.
-
Device error 49.38.07 - Laserjet M4555 MFP
Laserjet M4555 MFP windows 7 64 bit os Error message - Device Error 49.38.07 To continue turn off and then on. When I do this the error message reappears
-
We are having trouble with portlets not displaying. If the portal has not been accessed by anyone for several minutes, it seems as though the portlet server is swapping out iis or the portlet application. The first time the portlet is requested after
-
Reinstalling Photoshop Elements 11 from the beginning
I am using Photoshop Elements 11 Organiser and the system has become so corrupted that I want to start again from the very beginning. I have all of my photographs on memory sticks so I am not concerned about deleting photographs by mistake. I want t