Access Control View All Role

Similar Messages

• I set an access control on all my computers by mistake, how do I reset it?

  I thought I was restricting my child from accessing the internet, but I locked myself and my whole family out of the time capsule router. I set the access to weekends between 9 am and Noon. Do I have to wait until next weekend to reset everything? The time capsule is on, shows green, but does not show up in any device. I am trying to get into settings, but it does not recognize my password! It keeps locking me out!!! I tried a soft reset of the time capsule, but it won't let me in to change settings! HELP!
  I am running two macbook pros, one being the primary system, two iPads, a pc desktop, a chromebook, and an iPod if any of that helps. I am writing this at a neighbors.
  Any ideas would be greatly appreciated.
  Thanks in advance......

  It is possible, but you will have to identify the MAC Address or AirPort ID of these devices that you want to assign specific allowed connection times, and I know of no way to do this other than by process of elimination
  So, you have to turn off all wireless devices except your MacBook, open AirPort Utility, and see what the ID is for your MacBook and write that down for reference.
  Then start up the Chromebook and find that ID, then the second MacBook, IPod, and Kindle one at at time. You are looking for a 12 character ID in the form of xx : xx : xx : xx : xx : xx.
  What operating system is your MacBook using so we can provide more tips on how to do this?
  Once you have a list of all the correct IDs or MAC Addresses for devices that you want to control, you can set up connection rules for each of these separate devices.
  The devices that do not have rules will be able to connect to the network at all times...or they will be governed by the first default rule if you change that from Unlimited to something else.

• GRC Access Control 5.3 - Role Reaffirm Notification Email

  Hi Experts,
  We have GRC 5.3 system and we want to change the content of Role Reaffirm notification email.
  Is there any way to change the default email text?
  We want to add few additional lines and CUP link in the email notification.
  Thanks,
  Rajendra

  Hi Alpesh,
  I found the entry in table VIRSA_AE_MESSAGE which is the same message as in the email notification.
  I changed the value for field MSGDESC in our test system but the new text is not reflecting in email.
  The email subject is coming as- Here are the roles that need to be reaffirmed
  The body of the email is as below-
  Here are the roles that need to be reaffirmed
  Z_FI_MANAGER
  Z_ALL_HR_DISPLAY_ALL
  I updated the table at database level.
  Is there anything else needs to be done?
  Also we are using UAR as well as Role Reaffirm (don't know why), is there any oss note which says that UAR can be used instead of Role Reaffirm?
  Thanks,
  Rajendra

• Access control for different user groups in APEX 4.0

  Hi guys,
  in Apex 4.0, is there any way to use the access control page to configure access control for different user groups?
  The access control page currently only has an access control list by users with 3 privileges namely, Administrator, Edit & View where Administrator has the highest access level & View the lowest. Therefore 1 user cannot have more than 1 different privilege, however if the user belongs to 2 or more different groups then we can control what access he can have in a more fine grained manner. We also want to have more than the 3 privileges given.
  Can we assign different groups to different users and let them have different privileges to be configured by page, region, process or item level?
  Now Apex will create 2 tables, Apex_Access_Control & Apex_Access_Setup to store the application access control mode & access control list. It will also create 3 authorization schemes "access control - administrator", "access control - edit" & "access control - view" based on the 2 tables.
  Does this mean we have to change the table structures & edit the authorization schemes to suit our usage? We are reluctant to do this because if we upgrade to a newer version of Apex then we would have to merge our pl/sql coding with Apex's updated code.
  How can we auto-configure more than the 3 authorization schemes in the access control page? Is there any way to achieve a finer grain of access control based on the current access control administration page given by Apex without writing it ourselves?
  We are afraid that we may have missed something on Apex access control & do not want to reinvent the wheel.

  Hi Errol,
  to build your own application authorization scheme around the security model supplied by Apex for administration of the Apex environment would be a bad idea.
  This was never intended for authorization scheme management in custom built Apex applications, it was solely intended to control access in the Apex environment overall. The API for it is not published, and making changes to it, such as adding more roles, would run the risk of breaking the overall Apex security model. It would not be supported by Oracle and Oracle would not guarantee the upwards compatibility of any changes you make in future versions of Apex.
  In short, you should follow Tyson's advice and build your own structure. As he indicated, there are plenty of examples around and provided your requirements are not too complicated, it will be relatively simple.
  Regards
  Andre

• Impliment GRC Access control in difffrent landscape

  Hi Friends,
  In our company we have different landscapes in SAP and now we are planning to implement Access control in all landscape.
  R/3 landscapes with out  any Java stack( both ECC6 and 4.7 EE)
  Solution manager landscape
  XI landscape.
  BW
  and EP.
  Our first target is R/3 Landscape. Can you please guide me. what will be the best approach to implement  AC in R/3 systems as they don't have any Java stack.
  I  will appreciate if you can guide me with other landscape also.
  Thanks,
  Satyabrat

  Satyabrat
  The GRC landscape is technically separate from the different SAP Application components you mention so technically, you can connect the GRC system to any of the other components but creating the appropriate JCOs and SLD entries.
  You will need to instal the RTAs in each of the required source systems (ERP, ECC, BW, XI, SM, CRM, SRM etc!) but they can all link to the sepearate GRC systems.
  The exact landscape setup is dependant on what you wish to use GRC for. For example, you may wish to only link production GRC to production backend systems for Risk analysis and SoD. However, if you wish to use ERM or use Role bases analysis, you may find it useful to connect your production GRC system to your development backend systems where the roles are actually defined!
  The architecture is deliverately flexible to allow you to do this.
  For the initial use cases, it may make sense to keep Production segregated away from Pre-production systems but in the future, you may find that you wish to re-assess this as your useage grows.
  Regards, Simon

• Difference between SAP Access Control and IDM

  Hi Expert,
  I have one question What is the difference between SAP Access Control and SAP Identity Management ?

  Ali,
  That's a good question, but a tough one.
  While both applications can do most of what the other can do, it's a matter of specialization in my opinion.
  Access Control is all about managing and controlling access to SAP system roles and has the ability to report on role conflicts for compliance and reporting purposes. (I'm sure I'm leaving a lot out, but maybe a GRC / AC expert can fill in more details)
  SAP IDM is about managing the user life cycle with regards to landscape and enterprise systems. It will handle the creation, update and ultimately the removal (or de-provisioning) of users in SAP ABAP, SAP JAVA, LDAP, JDBC, and API based applications.  It will also do Role Management through a web based UI (User management is web based as well). and as of the latest Service pack for SAP IDM 7.2, it will do attestation (limited certification) as well. It is a definite upgrade to CUA as it will work with a greater variety of systems, include workflows and approvals.
  GRC will do some provisioning, but it's somewhat limited, as is IDM's compliance abilities.
  The applications are designed to work together, however it does not have a great track record and the integration is typically heavily modified to work as desired.
  If you have specific questions, feel free to post / DM.  Obviously I am more knowledgeable about IDM, but I'll be happy to help you in any way possible.
  Regards,
  Matt

• Process to activate access control dynamiclly

  Hello,
  I would like to make a process that activate the access control to a specific button, page..etc dynamically according to a condition, something like:
  " Assign access control (view,edit,admin) of (page#, button..) to user (x) when (condition)"
  How can I do that?
  Thanks in advance,
  Edited by: Najla on Jan 17, 2013 12:19 AM

  Hi Najla,
  you can use authorization schemes:
  http://docs.oracle.com/cd/E37097_01/doc/doc.42/e35125/sec_authorization.htm#BABEDFGB
  Br,
  Marko Goricki
  http://apexbyg.blogspot.com/

• Role Based Access Control in Java

  Hi,
  we are designing a software solution that makes use of the Role Based Access Control pattern to control access of functions, EJBs, Servlets to certain users based on their "role".
  I have not been able to understand clearly how that pattern can be implemented in Java. In addition, I stumbled on the java.security.acl and I wondering how will the package work together with RBAC pattern (Or is the pattern already implemented in some package)?
  Does any1 have any comments on this? Thnx
  Dave

  Hi David,
  Permissions based on GUI components is a simple & neat idea. But is it rugged? Really secure? It might fall short of Grady Booch's idea of Responsibilities of objects. Also that your Roles and Access components are coupled well with Views!!!!!!!
  My suggestion regarding the Management Beans is only to do with the dynamic modification which our discussion was giong forward.
  If we go back to our fundamental objective of implementing a Role based access control,let me put some basic questions.
  We have taken the roles data from a static XML file during the start up of the container. The Roles or Access are wanted to be changed dynamically during the running of the container. You would scrutinize the changes of Roles and access before permission during the case of dynamic modification.
  Do you want this change to happen only for that particular session? Don't you want these changes to persist??? When the container is restarted, don't you want the changes to stay back?
  If the answer to the above is YES(yes I want to persist changes), how about doing a write operation(update role/access) of the XML file and continue your operation? After all, you can get the request to a web or session bean and keep going.
  If the answer to the above is NO(no, i don't want to persist), you can still get the change role request to a web or session bean and keep going.
  Either way, there is going to be an intense scrutiny of the operator before giving her permissions!!!
  One hurdle could be that how to get all neighbouring servers know about the changes in roles and access??? An MBean or App Server API could help you in this.
  May I request all who see this direction to pour in more comments/ideas ? I would like to hear from David, duffymo, komone and jschell.
  Rajesh

• ADF UIX Role Based Access Control Implementation

  Hi,
  Can anybody suggest a detailed example or tutorials of how to implement a role based access control for my ADF UIX application.
  The application users can be dymanically added to specific roles (admin, Secretary, Guest). Based on the roles, they should be allowed to access only certain links or ADF entity/view operations. Can this be implemented in a centralized way.
  Can this be done using JAZN or JAAS. If so, Please provide me references to simple tutorial on how to do this.
  Thanks a lot.
  Sathya

  Brenden,
  I think you are following a valid approach. The default security in J2EE and JAAS (JAZN) is to configure roles and users in either static files (jazn-data.xml) or the Oracle Internet Directory and then use either jazn admin APIs or the OID APIs to programmatically access users, groups and Permissions (your role_functions are Permissions in a JAAS context).
  If you modelled your security infrastructure in OID than the database, an administrator would be able to use the Delegated Administration Service (DAS), as web based console in Oracle Application Server. To configure security this way, you would have two options:
  1. Use J2EE declarative security and configure all you .do access points in web.xml and constrain it by a role name (which is a user group name in OID). The benefit of this approach is that you can get Struts actions working dirctly with it because Struts actions have a roles attribute.
  The disadvantage is that you can't dynamically create new roles because they have to be mapped in web.xml
  2. Use JAAS and check Permissions on individual URLs. This allows you to perform finer grained and flexible access control, but also requires changes to Struts. Unlike the approach of subclassing the DataActionForward class, I would subclass the Struts RequestProcessor and change the processRoles method to evaluate JAAS permissions.
  The disadvantage of this approach is that it requires coding that should be done carefully not to lock you in to your own implementation of Struts so that you couldn't easily upgrade to newer versions.
  1 - 2 have the benefit of that the policies can be used by all applications in an enterprise that use Oracle Application Server and e.g. SSO.
  Your approach - as said - is valid and I think many customers will look for the database first when looking at implementing security (so would I).
  Two links that you might be interested in to read are:
  http://sourceforge.net/projects/jguard/ --> an open source JAAS based security framework that stores the user, roles and permissions in database tables similar to your approach
  http://www.oracle.com/technology/products/jdev/collateral/papers/10g/adfstrutsj2eesec.pdf --> a whitepaper I've written about J2EE security for Web applications written with Struts and JavaServer pages. You may not be able to use all of it, but its a good source of information.
  Frank

• Using Roles with Access Control Pages

  Hi,
  I was curious if someone might be able to shed some light for me on an issue. I have a matrix of users
  who can read or write on different pages. So there are various roles created
  Admin can write all pages
  Reader can read all pages
  Medium Users can read some pages and write some pages
  Power User can Write most pages and read some pages
  I am thinking of using access control pages but I dont want to have to enter every single user for each page.
  I am wondering if I can create some sort of Roles that I can apply to access control lists. And set the role
  at login time and based on that decide what data they can edit or just view?
  Thanks in advance!

  Hi,
  Have you check or try use Authorization Schemes ?
  http://download.oracle.com/docs/cd/E14373_01/appdev.32/e11838/sec.htm#sthref1943
  Br, Jari

• Any best practice to apply role based access control?

  Hi,
  I am starting to apply the access permissions for new users as being set by admin. I am choosing Role Based Access Control for this task.
  Can you please share the best practices or any built-in feature in JSF to achieve my goal?
  Regards,
  Faysi

  Hi,
  The macro pattern is my work. I've received a lot of help from forums as this one and from the Java developers community in general and I am very happy to help others and share my work.
  Regarding the architect responsibility of defining the pages according to the roles that have access to them : there is the enterprise.software infrastructure.facade
  java package.
  Here I implemented the Facade GoF software design pattern in the GroupsAndRolesAccessFacade java class. Thus, this is the only class the developer uses in order to define groups and roles of users and to define their access as per page.
  This is according to Java EE 6 tutorial, section VII Security, page 471.
  A group, role or user is created with an Identity Management application or by a custom application.
  Pages of the application and their sections are defined or modified together with the group, role or user who has access to them.
  For this u can use the createActiveGroup and createActiveRole methods of the GroupsAndRolesAccessFacade class.
  I've been in situations where end users very strict about the functionality of the application.
  If you try to abstract web development, u can think of writing to database, reading from database and modifying the database as actions.
  Each of these actions should have suggester, approver and implementor.
  Thus u can't call the createActiveGroup method for example, without calling first the requestActiveGroupCreationHelper and then the approveOrDeclineActiveGroupCreationHelper method.
  After the pages a group has access to have been defined with the createActiveGroup method, a developer can find out the pages and their sections a group has access to by calling the getMinimumInformationAboutGroup method.
  Further more, if the application is very strict, that is if every action which envolves writing to the database must be recorded, this concept of suggester, approver and implementor is available throught the recordActiveGroupAction method.
  For example, there is a web shop, its managers can change the prices of the products, but the boss will want to know who had the dared to lower prices.
  This action of lowering prices, is an action of modifying the information in the database and u can save in the database who suggested it, who approved it and who implemented it.
  Now that I write about the functionality of the macro pattern, I realise that some methods should have more proper names and I haven't had time to write documentation in the API, but this will be a complete when I add the web pages for the architect to use for defining access control and for the end users to view who and what is doing with their application.

• SCSM View access control not working

  I have 15 odd each SCSM Incident and SR roles, one for each support group.  Each role contains an AD group, populated with users.  No OTB roles contain any users other than the admin role.
  Each role is granted access to only the views for SR and IM that they need. 
  All the views are stored in one MP, that is one top level folder with all the views inside it.  So when they expand the folder, they should only see the views assigned to the roles of which they are a member.
  However, more and more often, Users are opening their console to find that they see all the views, for all roles.
  Sometime if they shut down the console, and restart it, the views will return to normal.
  But that is starting not to work anymore as well.  And its very odd that it will happen to one user in the role, but not the other users.
  Any ideas?
  SCSM2012 R2
  Joshua Fuente

  Never mind, I did find that they added a group to an OTB role... Removed, Fixed.  Created a new role, and removed the view access....
  Joshua Fuente

• Which are the required roles/privs for viewing all scheduler jobs in OEM?

  Platform: Oracle 11.1.0.6 Enterprise Edition (64) Windows 2008 R2 Server
  - I've created a new Admin user in "OEM>Setup>Adminstrators>Create"
  - I checked the user in "OEM>Server>Users":
  CREATE USER "SA_ADMIN"
  PROFILE "DEFAULT"
  INDENTIFIED BY "saadminsa"
  DEFAULT TABLESPACE "SYSAUX"
  TEMPORARY TABLESPACE "TEMP"
  ACCOUNT UNLOCK;
  GRANT SELECT ANY DICTIONARY TO "SA_ADMIN";
  GRANT "MGMT_USER" TO "SA_ADMIN"
  - "SA_ADMIN" was granted only the permissions above.
  - I can log in OEM as "SA_ADMIN"
  - I can see OEM backup jobs and the history
  - But I cannot see any "scheduler" jobs in "OEM>Server>Jobs"
  - I get a lists of the jobs in "OEM>Scheduler Central" but I cannot display any more information of "scheduler jobs"
  - I logged off from OEM
  - I granted SCHEDULER_ADMIN role to "SA_ADMIN"
  GRANT SCHEDULER_ADMIN TO "SA_ADMIN";
  - I logged back in OEM as "SA_ADMIN
  - I can now see some scheduler jobs, but not all of the jobs, I still cannot see any of the new jobs I created logged in OEM as SYS.
  Which are the required roles/privs for viewing all scheduler jobs in OEM?

  if you grant "SYSDBA" to the new Admin user then you can see the "scheduler" jobs.
  GRANT SYSDBA TO "SA_ADMIN";
  I wanted to grant "read" access in OEM for the new user.
  This behaviour is strange.
  Without the "SYSDBA" role the new user can see the OEM backup jobs that were create in as SYS, but it cannot see the "scheduler" jobs.

• Query: to view all users that have been created for access to a database

  Hi,
  Is there a command syntax that we could give to see all the users who have been created for access to a particular database. I want to view all the users that have been created using sql* plus.
  can anyone help or is it impossible?
  Thanks

  This is for begging:
  [email protected]> select grantee, privilege from dba_sys_privs where privilege like '%CREATE%SESSION%
  2 /
  GRANTEE PRIVILEGE
  A CREATE SESSION
  AA CREATE SESSION
  U1 CREATE SESSION
  U2 CREATE SESSION
  BD1 CREATE SESSION
  DBA CREATE SESSION
  EMI CREATE SESSION
  MOB CREATE SESSION
  ODM CREATE SESSION
  OHP CREATE SESSION
  SEC CREATE SESSION
  SYS CREATE SESSION
  TU1 CREATE SESSION
  TU2 CREATE SESSION
  U01 CREATE SESSION
  XDB CREATE SESSION
  MOBI CREATE SESSION
  OHP4 CREATE SESSION
  PFAY CREATE SESSION
  UD01 CREATE SESSION
  UR01 CREATE SESSION
  ADHOC CREATE SESSION
  BATCH CREATE SESSION
  DEBUG CREATE SESSION
  DEV01 CREATE SESSION
  HRAPP CREATE SESSION
  MDSYS CREATE SESSION
  MOBI2 CREATE SESSION
  SKING CREATE SESSION
  SPACE CREATE SESSION
  UPASS CREATE SESSION
  WKSYS CREATE SESSION
  CTXSYS CREATE SESSION
  ORDSYS CREATE SESSION
  PRAC01 CREATE SESSION
  RTABLE CREATE SESSION
  CONNECT CREATE SESSION
  Than you have to select also all the users that have granted roles with this privilege
  this will give you the full set of users who can connect
  Best Regards
  Krystian Zieja / mob

• WAD Item to get access on all role items

  normally you use the portal to get access in to all the reports of your role(s).
  but I don't wanna use the portal (customer requirement).
  can I build a template with WAD or other tools which show all the reports, saved by a specific user role?
  of course I can design a template and put every query in it I need. but I don't wanna change this report every time I make a new report.
  thanxs, danga

  Hello ,
              Yes you can create a query and assign it to a web template, and you can save the web template under a role .
  In that role you can add teh users who can view the items saved under that role.
  You can also view the created web templates each one under different role  through web browser.
  One thing is that when you transport the web template , along with that you have transport the updated role, so that when you view the reports through web browser you can see all updated reports.
  hope it is clear
  assign points if useful