Access control for Custom Objects

Similar Messages

• Access control for different user groups in APEX 4.0

  Hi guys,
  in Apex 4.0, is there any way to use the access control page to configure access control for different user groups?
  The access control page currently only has an access control list by users with 3 privileges namely, Administrator, Edit & View where Administrator has the highest access level & View the lowest. Therefore 1 user cannot have more than 1 different privilege, however if the user belongs to 2 or more different groups then we can control what access he can have in a more fine grained manner. We also want to have more than the 3 privileges given.
  Can we assign different groups to different users and let them have different privileges to be configured by page, region, process or item level?
  Now Apex will create 2 tables, Apex_Access_Control & Apex_Access_Setup to store the application access control mode & access control list. It will also create 3 authorization schemes "access control - administrator", "access control - edit" & "access control - view" based on the 2 tables.
  Does this mean we have to change the table structures & edit the authorization schemes to suit our usage? We are reluctant to do this because if we upgrade to a newer version of Apex then we would have to merge our pl/sql coding with Apex's updated code.
  How can we auto-configure more than the 3 authorization schemes in the access control page? Is there any way to achieve a finer grain of access control based on the current access control administration page given by Apex without writing it ourselves?
  We are afraid that we may have missed something on Apex access control & do not want to reinvent the wheel.

  Hi Errol,
  to build your own application authorization scheme around the security model supplied by Apex for administration of the Apex environment would be a bad idea.
  This was never intended for authorization scheme management in custom built Apex applications, it was solely intended to control access in the Apex environment overall. The API for it is not published, and making changes to it, such as adding more roles, would run the risk of breaking the overall Apex security model. It would not be supported by Oracle and Oracle would not guarantee the upwards compatibility of any changes you make in future versions of Apex.
  In short, you should follow Tyson's advice and build your own structure. As he indicated, there are plenty of examples around and provided your requirements are not too complicated, it will be relatively simple.
  Regards
  Andre

• How do I set up timed access control for a time past midnight

  I would like to set up timed access control for a number of my devices that would stretch past midnight...   An open network from 6AM to 2AM - effectively only blocking access from 2AM tp 6AM in the morning....
  Any notion on how to do this?  the timed factily does not like the setting to enable 6A to 2A, says the times are invalid. 
  Setting up timed access from 6AM to 11:59P, then doing another from 12A to 2A causes a service "hiccup" of 1 Minute.

  Set up each device as follows:
  Everyday........Between.......6:00 AM and 11:59 PM
  Add a second rule for each device that will state....
  Everyday.....Between.......12:00 AM and 2:00 AM
  You might think that there would be a one minute break between 11:59 PM and 12:00 AM, but that will not be the case, at least on every AirPort that I have ever programmed..  Reason.....11:59 is really 11:59:59:59 turning off at 12:00 AM.  But, you have a second rule to allow access at 12:00 AM, so the AirPort will be "on" at the same time the first rule ends, so there will be no break.
  If you really want the second rule to turn the AirPort "off" at 2:00 AM.......then set that time for 1:59 AM. If you set the rule for 2:00 AM, then AirPort will really turn off at 2:01 AM.

• Issue while enabling Access Control for a Coherence server node

  Hi
  Im trying to enable access control for a Coherence server node, using the default Keystore login method shipped with Coherence. When i start the server i get the error "java.security.AccessControlException: Unsufficient rights to perform the operation". Please see below for the sequence of steps I've followed to enable access control. I just need to be enable Authentication (not authorization) at this stage
  1. I have added the following entry in the Coherence Operational override file
  <security-config>
            <enabled system-property="tangosol.coherence.security">true</enabled>
            <login-module-name>Coherence</login-module-name>
            <access-controller>
                 <class-name>com.tangosol.net.security.DefaultController</class-name>
                 <init-params>
                      <init-param id="1">
                           <param-type>java.io.File</param-type>
                           <param-value>keystore.jks</param-value>
                      </init-param>
                      <init-param id="2">
                           <param-type>java.io.File</param-type>
                           <param-value>permissions.xml</param-value>
                      </init-param>
                 </init-params>
            </access-controller>
            <callback-handler>
                 <class-name>com.sun.security.auth.callback.TextCallbackHandler</class-name>
            </callback-handler>
       </security-config>
  2. The following is the entry in the Permissions.xml
  <?xml version='1.0'?>
  <permissions>
  <grant>
  <principal>
  <class>javax.security.auth.x500.X500Principal</class>
  <name>CN=admin,OU=Coherence,O=Oracle,C=US</name>
  </principal>
  <permission>
  <target>*</target>
  <action>all</action>
  </permission>
  </grant>
  </permissions>
  3. The following is the content of the Login configuration file "Coherence_Login.conf"
  Coherence {
  com.tangosol.security.KeystoreLogin required
  keyStorePath="keystore.jks";
  4. The following is the command line tag for starting the server
  java -server -showversion -Djava.security.auth.login.config=Coherence_Login.conf -Xms%memory% -Xmx%memory% -Dtangosol.coherence.cacheconfig=PROXY-cache-config.xml -Dtangosol.coherence.override=FOL-coherence-override.xml -Dcom.sun.management.jmxremote.port=6789 -Dcom.sun.management.jmxremote.authenticate=false -Dtangosol.coherence.security=true -cp "%coherence_home%\lib\coherence.jar" com.tangosol.net.DefaultCacheServer %1
  Following is the output on the Console when running the command. It asks for a username and password for the JKS store (If i provide the wrong password, it gives a different error, which shows that it is able to authenticate aganst the Keystore). After i put in the password, it throws the error as shown below "java.security.AccessControlException: Unsufficient rights to perform the operation"
  D:\Coherence\FOL_CacheServer>fol-cache-server
  java version "1.6.0_20"
  Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
  Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)
  Username:admin
  Password:
  Exception in thread "main" java.security.AccessControlException: Unsufficient ri
  ghts to perform the operation
  at com.tangosol.net.security.DefaultController.checkPermission(DefaultCo
  ntroller.java:153)
  at com.tangosol.coherence.component.net.security.Standard.checkPermissio
  n(Standard.CDB:32)
  at com.tangosol.coherence.component.net.Security.checkPermission(Securit
  y.CDB:11)
  at com.tangosol.coherence.component.util.SafeCluster.ensureService(SafeC
  luster.CDB:6)
  at com.tangosol.coherence.component.net.management.Connector.startServic
  e(Connector.CDB:20)
  at com.tangosol.coherence.component.net.management.gateway.Remote.regist
  erLocalModel(Remote.CDB:10)
  at com.tangosol.coherence.component.net.management.gateway.Local.registe
  rLocalModel(Local.CDB:10)
  at com.tangosol.coherence.component.net.management.Gateway.register(Gate
  way.CDB:6)
  at com.tangosol.coherence.component.util.SafeCluster.ensureRunningCluste
  r(SafeCluster.CDB:46)
  at com.tangosol.coherence.component.util.SafeCluster.start(SafeCluster.C
  DB:2)
  at com.tangosol.net.CacheFactory.ensureCluster(CacheFactory.java:998)
  at com.tangosol.net.DefaultConfigurableCacheFactory.ensureServiceInterna
  l(DefaultConfigurableCacheFactory.java:923)
  at com.tangosol.net.DefaultConfigurableCacheFactory.ensureService(Defaul
  tConfigurableCacheFactory.java:892)
  at com.tangosol.net.DefaultCacheServer.startServices(DefaultCacheServer.
  java:81)
  at com.tangosol.net.DefaultCacheServer.intialStartServices(DefaultCacheS
  erver.java:250)
  at com.tangosol.net.DefaultCacheServer.startAndMonitor(DefaultCacheServe
  r.java:55)
  at com.tangosol.net.DefaultCacheServer.main(DefaultCacheServer.java:197)

  Did you create the weblogic domain with the Oracle Webcenter Spaces option selected? This should install the relevant libraries into the domain that you will need to deploy your application. My experience is based off WC 11.1.1.0. If you haven't, you can extend your domain by re-running the Domain Config Wizard again (WLS_HOME/common/bin/config.sh)
  Cappa

• Change Message Control for Customer Master data

  Hi Friends,
  I have to choose/populate a message when the user is about to create an already existing customer.
  In SPRO --> Financial Accounting --> Accounts Receivable and Accounts Payable --> Customer Accounts --> Master Data --> Preparations for creating customer master data --> "change message control for customer master data" ...
  OK...
  When u click this it goes into Change View "message control by User" Overview screen wherein u can insert new messages and texts and the type of message ....
  Now .....
  I want to display the 145th message (F4 help of the Message column) ..... it picks up the text "Customer found with same address;check"..... with Online mesasage type 'I' and batch type 'I' and with standard type '-' ..
  I want to have the same message with message types 'E','E', and 'I' respectively.......
  How is this possible (or) what should i do to meet my requirement :-|
  Expecting ur answers
  Thanks in advance ........
  Cheers,
  R.Kripa.

  Hey yes it is not possible (as of now
  I ve met the requirement by just using message statement in the program itself ............
  My requirement is met but still if anyone knows about this do answer / reply
  Thanks
  Cheers,
  R.Kripa.

• Implementing Data Search for Custom Objects

  Can any one have some information on implementing search criteria for custom objects.
  I am looking to modify the drop down values and search criteria based on custom data model.

  Hello Rajesh,
  The following configuration activity might resolve your query.
  Transaction: mdgimg.
  General Settings> UI Modelling> Define Field Properties for UI. Select your custom data model and go to "Hide Field Names."
  For the fields of the entity type, you don't want to come up in the search UI, check on "No selection".
  "No Selection" : These wouldn't come up as search Criteria. "No Results List": These won't come up in final result list.
  Best regards,
  Shephalika.

• Is there a way to find version for customizing objects?

  hi
  Since we dont have version management for customizing objects like we have for programs or r/3 repository is there a way or some uitlity to find the version of customizing objects?
  ~Suresh

  Hi
     SAP default will provide Version Management na.
  go to se 38 -> ur program -> Utilities -> version management.
  Otherwise VSS(Visual Source Save ) is a tool used for version management.
  Check for VSS whether it is there in your company.
  Regards,
  kumar

• Delta Replication for Customizing object from ECC- CRM

  I need help on delta replication activate for customizing objects from ECC to CRM.  I finished with initial load with product replication and everything worked weel. The problem is that product hierarchy continuely changing in ECC everyday, so the delta for the products error out due to incorrect product heirarchy in CRM becuase the delta is not working for DNL_CUST_PROD0, and DNL_CUST_PROD1. Please show me how to activate the delta for those DNL.  What business transaction do I need for those so the delta will work for them too?  Rewards points if helpful

  I think you need to do Request downlaod for the Product Hirearchy when ever there is new one created in ECC.You can do request downlaod by creating the object using R3AR2. Exeute the object though R3AR4 and monitor the status using R3AR3.

• Version Control for BUSINESS OBJECTS repository

  Hi,
  Do we have any version control for business objects repository?
  Thanks

  Hi
  I am hoping someone can answer my Version Control queries. The LCM document is limited in its detail on VM.
  I am currently testing the BO LCM 3.1 and while it appears very easy to use especially for promotion, the Version Control Manager seems to be lacking in controls and a clear promotion path from dev to test to uat to prod.
  We have set up 2 identical environments for UAT and PROD.
  And using the Version Control part of LCM creating version control for a universe.
  Logged into VM in UAT
  We have selected a universe
  Added it to VM
  Made a change to the universe in Designer
  Exported it
  Then Checked it in
  Can now see 2 versions in the history and the VMS Version. All good
  I then click on swap system and log into PROD
  The VM history is also there in PROD
  I have a number of concerns and questions and can't seem to find the solution to them anywhere.
  1. VM seems to be lacking a controlled process from all the environments. Basically we want to deploy following this path;
  Dev - Test - UAT - PROD
  There does not seem to be any controls or security which would stop you from GET VERSION from the DEV environment and putting that straight into PROD. Obviously we would not want that to happen.
  We would only want to GET VERSION from UAT
  Similarly for UAT We would only want to GET VERSION from TEST
  And for TEST We would only want to GET VERSION from DEV.
  Granted, we currently only have 2 identical environments.
  But Is there controls that would stop you when in PROD from getting versions from any other system other than UAT?
  Also is there any reason why no promotion is required when using VM.
  This seems to negate the Promotion Function of the LCM
  Any advise would be greatly appreciated with this.
  Many thanks
  Eilish

• SPAU-like functionality for custom objects - Z* or Y* Objects?

  Hello Experts,
  My scenario is like below:
  Assume that my SAP System is DEV1 and it is of SAP 4.6X version. I have imported Program ZPGMA from foreign system DEV2. And are moved to the Production system PROD1. Now there are some corrections did in program ZPGMA in DEV1 system either by using modification assistant or by turning Modifications Assistant Off. And then moved to PROD1.
  Now we are going for Upgradation from 4.6X system to ECC 6.0.
  Now, i need to get the list of programs that have original system as DEV2 but are modified in DEV1.
  In brief, i am looking for some functionality similar to SPAU which would work for Custom objects (Z* or Y* Objects).
  Thanks and Best Regards,
  Suresh

  Hi Suresh,
  There is not any functionality like SPAU to find these kind of program.But if you want to find your DEV2 programs moved and modified in DEV1, just go in table TADIR and find source system field ( SRCSYSTEM ) as DEV2 .
  You will get list of program moved in DEV1.
  Regards
  NImesh S. Patel

• MDG File Import for Custom Object

  Hello Experts,
  We are in MDG 6.1 and trying to implement the File import for custom object. Basically the idea is used to DTIMPORT transaction.Apart from the configurations in MDGIMG, What are the classes that has to be implemented? Can anyone share some info on this.
  Thanks

  Hi,
  After seeing this thread, i rechecked my POD. Email Id is not there.  Did you find any solution or explanation why it is not there?

• How to manage the Credit Control for Customer Consignment Process?

  Hi All,
  Could anyone tell me how to manage the Credit Control for Customer Consignment Process?
  Thanks

  Hi, there is not standard solution, we did customized process for consignment credit block , check below
  1. defined status profile - with lock/auto/approved/rejected and new t.code for approval or rejected.
  2. maintained consignment credit limit in Z table
  3. logic for detemining status written in sales order save userexit.
  4. while calcualting the values, system need to check open sonsignment order of customer/ open deliveries/ stocks at customer place MSKU table. and calculate value with MBEW/KONV ect.
  5. if value is less than Z table then status AUTO, which do not need release, if value is greater than Z table put status LOCK means credit block need to release from new T.code.
  Hope you get some idea

• How to create number range for custom object

  Hi all,
  I want to create number range for custom object or custom tables
  Thanks
  Hemalatha

  Hi,
     Thanks, I am able to create a number range for custom object through SNRO tcode.
  Thanks
  Hemalatha

• How can I have different access control for the guest network (different than the main network)?

  I am trying to control my main wireless network with access control via mac id with no password. I wanted a separate guest network with password access and no access control. However, the only way that the guest network works is if I specify unlimited access as the default. Is what I am trying to do possible.

  I am trying to control my main wireless network with access control via mac id with no password.
  Definitely not a recommended method for security. MAC addresses are easily cloned by anyone who wants to do so with free tools available on the Internet. An unwanted guest will be on your network in less than a minute if they want to be.
  Strongly recommend that you use WPA2 Personal security with a non-dictionary password to protect your network.
  I wanted a separate guest network with password access and no access control. However, the only way that the guest network works is if I specify unlimited access as the default. Is what I am trying to do possible.
  Unfortunately, Apple does not allow separate Access Control for the "main" and "guest" networks. It's all or nothing, I am afraid.
  Likely, the  "best" way to set up Access Control is change the default rule to No Access, Then you will need to enter in the details for every device that you want to allow to connect for both the "main" and "guest" networks with the time limits for each device.

• Access Control for 1 Type of USB Manufacture/model

  Hi,
  I'm testing with the "Storage Device" and "Usb Connectivity" Policy.
  I get a lot working, but i don't understand something.
  Both policies has a list for custom devices. What is exactly the different? beside that one has also "read only" and the other has a lot of more rows to fill in.
  When do you use the list of both, or do you need to combine it?
  For examply it want to:
  - Disable all Mass storage (USB) by default
  - Allow every usb stick from manufacture "Sandisk" and model "Cruzer". with Read only
  What's the best way todo that. I'm stuck on the custom lists.

  Originally Posted by cgacesa
  Hi,
  Storage Devices utilises our file system driver to determine what is a storage device i.e. CD/DVD, SD Card, USB Storage / iOS device / Android device, Floppy drives etc. USB Connectivity can control anything you can plug into the USB port i.e. keyboard / mouse, scanners, USB drives etc.
  Have you tried the device scanner tool ? Have a look through this for some tips: Novell Doc: ZENworks 11 SP1 Endpoint Security Utilities Reference - Device Scanner
  I would suggest using the USB Connectivity policy, Disable the Mass Storage Class group and import your "approved" USB device. You can edit the data that you import and just leave the e.g. Manufacturer and Vendor ID details.
  Hope that help.
  Cheers,
  Chris
  Chris Gacesa
  Senior Product Manager
  Novell - ZENworks
  [email protected] (Email)
  Hi Chris,
  Thanks for helping,
  I know the Zesm Device scanner, Have used it to collect all the usb data.
  But i've still the problem. In my example i try to do:
  - Disable all Mass storage (USB) by default
  - Allow every usb stick from manufacture "Sandisk" and model "Cruzer". with Read only
  You suggest me to use the "USB Conn.Policy". But on that policy there is no "read only" setting for the "USB Device Access Settings List"
  If you go to the "Storage device policy" you are able to set "Read only". But there i have not enough fields to create a custom scenario to only allow the Sandisk "Cruzer".
  Don't know if it's normal to combine that policies, but i think that makes it's more complex than it should be.
  So as a result i'm back to my first question.