Access control's method with MVVM

Similar Messages

• Reporting on Access Control 5.3 with SAP BO 4.0

  Hello All,
  I have to develop WebI reports on Access Control 5.3 data. Are there any direct connectivity options available in IDT for Access Control 5.3 or Do I have to go through Oracle database connectivity as Access control 5.3 backend database is Oracle? And also for authorization data I have to connect to ERP system.
  Any help that you can provide will be greatly appreciated.
  Thanks and Regards,
  Aashutosh

  Hi,
  Generally speaking,  i believe GRC 10  is more closely aligned to BI4.0 in terms of product releases.
  However, to the best of my knowledge, there's no direct connector from BI semantic layer (IDT/UDT) specifically for GRC.
  I believe there is a web-based UI (dynpro) for dashboard-like analysis of the compliance topology, but that's it:
  http://help.sap.com/saphelp_grcac10/helpdata/en/16/7a5f2e29744e078f9305017fee2fc2/frameset.htm
  You may want to contact the GRC forum to confirm.
  Regards
  H

• Nameidentifier claims is no longer in the token issued by Access Control Service(ACS) with newly created ACS

  Hi,
  In our existing ACS, when we add a new relying party with that associate with rule as bellow:
  input claim type as
  htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
  and output claim type as
  htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
  When I used the ACS created previously, for token I received, I have
  Received claims with existing ACS:
  htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier:           testoem2,
  htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name:             TESTOEM2-MS,
  htp://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider:                htps://wp8partnerservicesv1-tst.accesscontrol.windows.net/
  but for the new ACS namespace, when I configure it exactly the same way, I receive
  htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name:             TestOem2-MS,
  htp://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider:                htps://zackpartnerservice1-tst.accesscontrol.windows.net/'
  The nameidentifier claim is no longer in the token.
  Does anyone from Azure ACS team know what change in ACS might have cause this issue and how do I config the ACS so that I can get nameidentifier claim in the token too?
  since my account is not verified, I use h_ttp instead of http in my question.
  thank you,
  Zach

  Greetings, Zach!
  Please refer to this:
  https://msdn.microsoft.com/en-us/library/hh446535.aspx
  The article elaborates how federated identity works with ACS.
  Thank you,
  Arvind

• SAP GRC Access Control 5.3 intergration with orcale

  Good Day GRC Gurus,
  We want to integrate SAP GRC Access Control 5.3 with ORACLE.
  It would be great if someone could share some documents, presentation and experience on the same.
  Thanks in advance!!!!!!!!!!!!!
  Thanks and Regards,
  Jagat

  Hello Hersh,
  RTA for Oracle is basically a set of PL/SQL stored procedures to create grc schema, grant access and object creation. The package was created using oracle 11.5.10.2 version. I am not sure about the compatibility of the package with the new versions of oracle but still batch mode risk analysis is achievable even if the RTA is not compatible.
  I do not really like batch mode but it does serve the purpose. If I get a chance to test oracle RTA on new version I will surely share it with you.
  Best Regards,
  Amol Bharti
  http://amudee.com

• Cross-enterprise integration of SAP GRC Access Control with PeopleSoft

  Friends,
  Does anybody has/have/had the owner to implement Cross-enterprise integration of SAP GRC Access Controls 5.2 with PeopleSoft ?
  If yes, what are the key points and approach one should keep in mind while going for this kind of cross-enterprise implementation.
  Is there any reference material, blog, wiki or such informative resource regarding cross enterprise GRC implementation available on the web?
  I tried to search, but could not get good results.
  Any help would be highly appreciated.
  Best Regards,
  Amol Bharti

  Amol-
  From my experience:
  CC 5.2 with Peoplesoft: as long as you have the RTA's installed in the Peoplesoft system and create the connectors in CC, you are good to go.
  AE 5.2 with Peoplesoft: cannot provision to Peoplesoft, however you can connect with Peoplesoft HR for Password Self-Service.  You have the capability to provision to SAP HR.
  FF 5.2 with Peoplesoft: N/A
  RE 5.2 with Peoplesoft: N/A
  I am not sure if there are any standalone docs out there for AC integration with Peoplesoft.  And the 5.2 manuals have sparse information on integration.  However, the AC 5.3 manuals have more detailed info on the integration piece with various other non-SAP systems.
  Sorry, I couldn't share more info, as that is all I know for now...
  Ankur
  GRC Consultant

• The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed. Origin 'null' is therefore not allowed access.

  Hello. I added custom http response headers to my SP site web config file as follows: 
  <httpProtocol>
        <customHeaders>
               <add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS" />
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Headers" value="Content-Type,Authorization" />
        </customHeaders>
      </httpProtocol>
  When I try to call any web service, i get these headers two times each: 
  HTTP/1.1 200 OK
  Cache-Control: private, max-age=0
  Transfer-Encoding: chunked
  Content-Type: application/atom+xml;type=entry;charset=utf-8
  Expires: Sat, 01 Mar 2014 19:11:37 GMT
  Last-Modified: Sun, 16 Mar 2014 19:11:37 GMT
  ETag: "3"
  X-SharePointHealthScore: 0
  SPClientServiceRequestDuration: 20
  SPRequestGuid: b4e77d9c-bfc3-a050-493a-ca5d251d1a72
  request-id: b4e77d9c-bfc3-a050-493a-ca5d251d1a72
  X-FRAME-OPTIONS: SAMEORIGIN
  Persistent-Auth: true
  Access-Control-Allow-Methods: POST,GET,OPTIONS
  Access-Control-Allow-Origin: *
  Access-Control-Allow-Headers: Content-Type,Authorization
  X-AspNet-Version: 4.0.30319
  X-Powered-By: ASP.NET
  Access-Control-Allow-Methods: POST,GET,OPTIONS
  Access-Control-Allow-Origin: *
  Access-Control-Allow-Headers: Content-Type,Authorization
  MicrosoftSharePointTeamServices: 15.0.0.4569
  Date: Sun, 16 Mar 2014 19:11:37 GMT
  and that gives me error from ajax: The 'Access-Control-Allow-Origin'
  header contains multiple values '*, *', but only one is allowed. Origin 'null' is therefore not allowed access.
  The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.
   Origin 'null' is therefore not allowed access.
  Any idea???

  Hi Ann,
  Please check whether there are duplicate custom headers in your code.
  Similar issue for your reference:
  http://social.msdn.microsoft.com/Forums/office/en-US/b79b75f4-b46b-46ae-ae29-17a352b6b90b/custom-http-response-headers-for-sp-2013-shown-2-times?forum=sharepointdevelopment 
  Regards,
  Rebecca Tu
  TechNet Community Support

• How can I access CAPI 2.0 methods with LabView ?

  I must use CAPI 2.0 (common ISDN interface) method with LabView (graphical interface), the work is to command a ISDN S/T card on PXI Bus, and this card support CAPI 2.0.

  This depends upon what type of interface you have to the ISDN. I assume you have either Basic Rate Interface (BRI) or Primary Rate Interface (PRI). Do you have a DLL to control it? If so, you can use the "Call Library Function Node" VI to access this DLL and just make calls to it. If you have an ActiveX Server, you can use the LabVIEW ActiveX Automation VIs to access it.
  J.R. Allen

• SAP Business Objects Access control with BI4.1 and enterprise authetication

  Hi Team,
  We are on BI 4.1 with enterprise authentication. We are using IDM (oracle waveset 8) for access management. Currently we receive request from IDM and we manually configure user in BI4.1. We are now planning to automate this process, like as soon as user request place request through IDM , his access wil lget configure in BI 4.1
  can we achieve this using SAP Business Objects Access controle or with any other method ? Need your guidance
  Thanks,
  Nivedita

  Hi Andrea,
  1. you configure the BOE Server with the SAP authentication for your SAP server
  1b you configure trust between the portal server and the SAP system
  2. you import the portal iView template as part of the SAP Kit into the portal server
  3. you create a new system (or use an existing one) in the portal system landscape and configure the properties of the Crystal Enterprise properties
  4. you create a new iView based on the portal iView template
  ingo
  I have some difficulties to create a new system, I don't know witch option i should choose.
       System (from template)     
       +BI JDBC System
       BI ODBO-Compliant OLAP System
       BI SAP Query System
       BI XMLA-Compliant OLAP System
       EP 5.0 System
       HTTP System
       JDBC System
       KM Lotus System
       KM WebDAV System
       KM Windows System
       SAP system using connection string
       SAP system using dedicated application server
       SAP system with load balancing
       Web Service System using WSDL URL+
       System (from PAR)
       com.sap.km.cm.repository.manager
       com.sap.km.common.domino
       com.sap.netweaver.coll.appl.gw
       com.sap.netweaver.coll.appl.sync
       com.sap.portal.httpconnectivity.urlsystem
       com.sap.portal.ivs.sl.connector.helper
       com.sap.portal.runtime.application.soap
       com.sap.portal.systems.bi
       com.sap.portal.systems.datasource
       com.sap.portal.systems.EP5
       com.sap.portal.systems.jdbc
       com.sap.portal.systems.sap
       com.sap.portal.systems.webservices
       com.sap.portal.unification50.template
  Thanks a lot
  Selvam

• Importing a pkg with rely on server storage and roles for access control

  Hi we run std 2008 r2.  I'm reading documentation on prot levels during pkg import to catalog at
  https://msdn.microsoft.com/en-us/library/ms141747(v=sql.105).aspx but unfortunately the definition of prot level "rely on server storage and roles for access control"
  isn't clear.  They used the prot level name to define it which didn't help me.
  This option looks appealing but it isn't clear why I need to enter a pswd when choosing this option.  Will my peers need to know that pswd when they export?  Will the sql agent job need to present that pswd when running?  If I just keep current
  prot level "encrypt with user" will the agent job be able to run it?  I'm sure it (agent) isn't running with my creds now.  Also, how can I tell what prot level it was deployed with last?  I rt clicked on the pkg in the catalog
  and don't see anything obvious about that.  I already understand that on export prot level is changed to encrypt with user. 
  I'm going to look at the sql agen job right now to see what creds it runs with.

  First thing to understand is that protection level is used for determining how package (dtsx) file have to be protected. Once package is deployed in server and executed from agent, the conventional way is to use method of configurations or parameters if
  2012 to get required connection etc values and execute using it. It never uses the values that were set during the design time. So it doesnt matter what protection level was so far as its based on config
  However if you're planning to export existing package to your system and do modification thats where protection level comes to play. If its set to any of ENcryptSensitive... type value then you'll to provide the value (either a passowrd or your userkey which
  it takes automatically from login info) to see the sensitive info (connection info,passwords etc) The package will still open and so far as you manually type in missing values you will be able to execute the package. If protection level is set to one of ENcrptAll
  then you will have no way to open package itself unless you provide password/ have correct userkey.
  The rely on server storage option uses sql server security context itself ie it doesnt do any encryption within package by itself but will assume values based on sqlserver security. This is used when you store package itself in SQLServer itself (MSDB)
  Please Mark This As Answer if it solved your issue
  Please Vote This As Helpful if it helps to solve your issue
  Visakh
  My Wiki User Page
  My MSDN Page
  My Personal Blog
  My Facebook Page

• Access of undefined method/property through reference with a static type Class

  I get the following error: (it's not word for word but you get the idea)
  Error: Access of undefined method getStatus through reference with a static type Class.
  Here's what's happening in the code. I'm trying to create a User class that is instantiated at the start of my app. I want the User class to have properties like mainStatus, with helper methods like setStatus etc. Pretty simple.
  so on my HardDisk I have my flash_working folder with all my flash projects. I created my class file/package under the directory com.mypackage
  package com.mypackage
      import flash.display.*;
      public class User extends Sprite
          public var mainStatus:int;
          public function User()
              trace("User Created!");
              mainStatus = 0;
          public function setStatus(status:int):void
           mainStatus = status;
      public function getStatus():int
          return mainStatus;
  Ok, so far so good.
  now I created a new .fla file under the root of /flash_working/. The class file is in /com/mypackage/User.as
  in my .fla file I have:
  import com.mypackage.User;
  var myUser:User = new User();
  var i = User.getStatus();
  trace(i);
  That's all the code I have. Could someone please explain why it's giving me that error?
  If I try to access the public var mainStatus through user.mainStatus that gives a similar error saying:
  Error: Access of undefined property mainStatus through reference with a static type Class.
  Thanks for any help!
  jef3189

  the public getStatus() function that you created needs to be referred to through an instance of the class.
  So:
  import com.mypackage.User;
  var myUser:User = new User();
  var i = myUser.getStatus();
  trace(i);
  Also, an aside. You can create a getter/setter for status, to avoid having to do the function as such.
  package com.mypackage
      import flash.display.*;
      public class User extends Sprite
          public var mainStatus:int;
          public function get status():int
              return mainStatus;
          public function set status(value:int):void
               mainStatus = value as int;
            public function User()
              trace("User Created!");
              mainStatus = 0;
  And then, you can call it as:
  import com.mypackage.User;
  var myUser:User = new User();
  trace(myUser.status);
  EDIT
  I just noticed that you made the variable public as well, which means you can access it without getter/setter or function.
  import com.mypackage.User;
  var myUser:User = new User();
  trace(myUser.mainStatus);

• Creating SOD matrix with the help of Access control default ruleset

  I am creating the SOD matrix for the existing roles of CRM and HR modules.  As I am the security consultant therefore does not have the functional knowledge about the conflicts for CRM and HR transactions. My question is can I use the function/actions/risks conflicts provided with the Access control 5.3 default ruleset.  We are not using Access control for these systems, so I want to know whether I can take the help of AC 5.3 default risks to create the SOD matrix based on it.
  For e.g, like H001 default HR risk, I would make sure not to assign PA30(maintain HR data) with the PA03/PA04(maintain personal control record) as this will result in the providing conflict "Modify payroll master data and then process payroll". 
  Once I have the SOD list based upon AC 5.3, I can consult the Business approver/auditor to verify and modify as per the business requirement.
  Maybe I am thinking the wrong way, please provide your inputs so I can work on it.  Any help appreciated.
  Thanks,
  Sanjay Desai

  The most important thing to keep in mind is that you need to build a rule set that reflects the customers real business risk!
  What you build there will influence the way the customer will be able to continue work, assign access and perform control activities. The input HAS to come from the business!
  You can use the SAP standard risk definitions as a starting point for discussions, and the HR functions are an excellent building block to identify the transactions and necessary authorization objects that allow users to perform the actions.
  But the real challenge is to identify the risks as perceived/accepted by the business!
  Frank.

• NWBC no option "Access Control" - can't start working with GRC 10.0

  I have installed GRC AC 10.0 and have followed the post-installation documentation. All seems to be fine so far.
  But when I run NWBC, I do not get the Icon/Option "Access Control".
  What can go wrong? My user has sap_all and sap_grac_all, so it shouldn't be the access rights...what else can I check?

  I have installed GRC AC 10.0 and have followed the post-installation documentation. All seems to be fine so far.
  But when I run transaction NWBC, the web-browser (Iexplorer) opens the HTML-NWBC, but I do not get the Icon/Option "Access Management". I see this option however on the screenshots of the documentation. And it seems to be the only way to work with the application - or can I work directly within SAP-GUI ?
  I see however the Icons "Office", "Cross-Application Components", "Accounting", "Information Systems", "Tools" and I can well drill down into the submenus and use the fonctionality.
  What can go wrong? My user has sap_all and sap_grac_all assigned, so it shouldn't be the access rights...what else can I check? any ideas are welcome... - thanks in advance...

• War file and access control with WebLogic

  I am trying to put some access control on different files in my war-file, but just can't get it to work... It seems like all roles defined in weblogic.properties gives the user access to all files in the war. I just don't understand the connections between the security realm, the weblogicURL.policy file and the web.xml file... If I do not specify a weblogic.security.URLAclFile, no access control is done at all.
  This is how my weblogic.properties file looks like:
  weblogic.security.URLAclFile=e:\\weblogic\\weblogicURL.policy
  weblogic.password.koko=kokokoko
  weblogic.password.arnebelinda=arne1234
  weblogic.security.group.ppuseradmins=arnebelinda
  and my weblogicURL.policy:
  deny Principal weblogic.security.acl.GroupImpl "everyone" {
  Permission weblogic.security.acl.URLAcl "weblogic.url", "/admin/-";
  and finally, my web.xml-file:
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
  "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
  <web-app>
       <session-config>
            <session-timeout>30</session-timeout>
       </session-config>
       <welcome-file-list>
            <welcome-file>index.jsp</welcome-file>
       </welcome-file-list>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>admin</web-resource-name>
                 <url-pattern>index.jsp</url-pattern>          </web-resource-collection>
            <auth-constraint>
                 <role-name>ppuseradmins</role-name>
            </auth-constraint>
       </security-constraint>
       <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>WebLogic Server</realm-name>
       </login-config>
       <security-role>
            <role-name>ppuseradmins</role-name>
       </security-role>
  </web-app>
  it does not matter which user is part of the ppuseradmins group. The user koko is not a member, but is given access to my whole .war anyway (after submitting correct username/password). Omitting the <realm-name> does not seem to work either; the default realm is not used, instead null is used.
  Does anybody have a clue? I would really appreciate it!
  I am using WebLogic 5.1 sp 9
  best regards,
  PJ

  In you pocily file entry, you have specified "/admin/-"
  However, in the <security-constraint> element in web.xml, your <url-pattern> is not set to /admin
  Could that be the problem ?

• Integrating with external access control system

  Hi,
  I am new at the network but have read a lot recently about the above subject as much as I could. However, I am a bit mixed up at something. I understand in order to update SAP HR module with employees time and attendance logs I need to interface with a certified PDC interface => (SAP ECC - PLANT DATA COLLECTION - TIME & ATTENDANCE AND EMPLOYEE EXPENDITURES (HR-PDC)
  I wish to develop a system that updates the the SAP HR with employee attendance logs. In addition I also wish enroll new employees into my access control system database by polling the SAP HR database.
  Now my question is if I use .NET connector:
  1. Does the connector it include functions that can help with the above requirements?
  2. Is the use of PDC interface here still a must?
  Thanks

  For time management with the help of transaction pt80 you can download the information about employees with the help of idoc. And there are some programs a.k.a connectors that link access control systems and SAP so that you do not hire the same employee in the access control problem. You hire the employee in SAP and SAP sends the information (HR Minimaster DATA) to the related program.
  It is also do the same thing for the employees who resign. I mean if an employee is fired or resigned from the company than it is sent to the related system.
  These can be found under PDC integrated systems. You can find information about the systems from Ecohub. http://ecohub.sap.com/
  I hope this answer will help.

• Business Rules Framework (BRF) with Access Controll V10 (ERM and CUP)

  Hi Experts,
  where can I find some information about the usage of BRF with respect to Access Controll (especially ERM and CUP)?
  Thanks in advance and best regards,
  Marlen

  Hi Marlen,
  For ramp-up customers we have ramp-up knowledge transfer to be found here:
  http://service.sap.com/rkt
  If you are not participating in the AC 10.0 ramp-up you would need to wait until the product is general available.
  For general information on BRF have look here:
  http://help.sap.com/saphelp_nw70ehp2/helpdata/en/43/8b85c9db2f614fe10000000a1553f7/frameset.htm
  Best,
  Frank