Access level administration

Similar Messages

• How to include group access level in a ws call

  I want to include a Group Access Label in a Permission for a Course using an iTunes web service call.
  I don't see how to do this in the docs.
  (The example in iTunesUAdministratorsGuide.pdf at page 111 doesn't include the Group Access Label.
  And it's not in the schema for the ws xml document at http://deimos.apple.com/iTunesURequest-1.0.xsd)
  Is this an obvious omission or am I missing something? Anyone know how to do this?
  Background:
  We're creating most Courses programmatically.
  Obviously, we'd strongly prefer not to require an administrator to go into every Course and manually add a common Group Access Label to the Permission. (This manual piece is essentially what's now missing from the ws call or at least from my understanding of it.)
  Either way -- manually by an administrator or programmatically -- our instructors would then be able to set Permissions themselves on any Group they create -- doing this themselves and without the help of an administrator.

  To resume with a little progress made:
  I have a Section
  * with Access Level == Edit for Credential == Instructor@...${IDENTIFIER} with no Group Access Label, and also
  * with Access Level == Download for Credential == Student@...${IDENTIFIER} with Group Access Label == Student.
  I'm doing ws calls to add a Course including an identifier. This is successful, and I can then go into the iTunes client as Instructor@...${IDENTIFIER} (substitution made) and manually add Groups and change Access to each individually. (I'm adding Groups "Download", "Shared Uploads", and "Drop Box", changing the Access Level accordingly for Group Access Label "Student".
  But naturally I want to do the manual part programmatically, to save n instructors from having to learn how to do this same thing and then to do it.
  So I'm trying to change my ws call to add the Groups, including Permissions. Schema http://deimos.apple.com/rsrc/xsd/iTunesURequest-1.1.xsd doesn't include Group Access Label for Permission. What does this mean?
  I've tried the actual Credential == Student@...${IDENTIFIER} (with IDENTIFIER substitution made before the call) and also Credential == Student (to see if I'm supposed to match the Group Access Label, instead).
  For either of these trials, the ws call successfully adds the Groups and a ShowTree includes the Permissions for the Groups. But in the iTunes client user interface, it's as if I gave no Permissions in adding the Groups.
  Am I approaching this wrong or is there a bug here?
  (I haven't tried yet a separate call to add the Group Permissions, not wanting to suffer the processing wait of getting handles for the three Groups.)
  Anyone else doing this? (successfully or not ) Thanks.

• The best way to implement user's access level via Servlet & JSP (or more)?

  Hi all,
  I am trying to implement user's access level in an application to allow certain access to certain page or components within a page (buttons, etc.). From my experience with JSP, Java, servlet, I am think of having the jsp/servlet to check for user's access level to decide what jsp components or forward page to go to next but that doesn't seem clean or elegant way to handle it.
  Any suggestions of how to do this? Are there other technologies (Struts) out there that can handle this?
  Thanks so much in advance for your feedback or suggestion,
  Thong Bui

  I haven't experienced a lot in defining security roles before, and there is probably a lot to learn about this area. However I might be able to assist you in some way. Whenever I have 2 or more objects that need to be stored in the session, I create a class called UserContainer. Say you have three properties:
  empSsn (String) , isAdmin (Boolean), isAgent (Boolean), then:
  public class UserContainer implements Serializable  {
  private String empSsn = null;
  private Boolean isAdmin = null;
  private Boolean isAgent = null;
  public UserContainer() {
  super();
  public void setIsAdmin(Boolean isAdmin) {
  this.isAdmin = isAdmin;
  public Boolean getIsAdmin() {
  return this.isAdmin;
  // getters and setters for the other properties
  Of course after you decide (in your sevlet) whether the app user is an administrator or an agent, you can set the corresponding property in the user container, and then save it in the session. Afterwords, in any jsp, you can decide to display a certain element (e.g a button) after you check the user's role. Example:
  // Welcome.jsp
  <% UserContainer userContainer = (UserContainer) session.getAttribute("userContainer");
  boolean isAdmin = userContainer.getIsAdmin().booleanValue();
  boolean isAgent = userContainer.getIsAgent.booleanValue();
  if(isAdmin) { %>
  <!-- HTML/Code corresponding to an administrator -->
  <% } if(isAgent) { %>
  <!-- HTML /Code corresponding to an agent -->
  <% } >Of course, this is a very simple way of doing such a task, you will find more secure ways if you look at LDAP or something of that matter.
  Cheers

• Security and access levels

  I have created 4 users access levels, however, when I try to implement, when I keep inheritence, default security keeps coming up,   e.g. try changing everyone to my new access level and I get the new access level, but I also get view (inherited) - how can I "clean out" the old security settings??

  Sorry for the delay!
  OK, here's our situation - it's pretty straight forward;
  1500 users
  1500 (all) users in Everyone
  Of the 1500 users in Everyone;
  1200 in subgroup A
  200 in subgroup B
  90 in subgroup C
  10 users in Administrators
  4 universes
  1 connection
  Goal:
  Everyone and subgroups, same as admin, exception: can't delete or save to "corp" doc's.  My thought is to use same access level, then use the advanced configuration on the folders to prevent everyone from deleting any "corp docs"
  I have applied this access level to everyone and admin at;
  application > infoview, webi. cmc, deski, discussions, search
  universes > all 4
  connections > the 1
  folders > root folder,  level 1, denied access to everyone accordingly on level 2
  I have also added this access level to the top level security for users and groups
  Issues; 
  1. When I check the access level for everyone on folders, level 1 and below, I get the custom access level as inherited, but also view aslo as inherited.
  2. The users added to the admin group do not have same rights as the "administrator - for example, administrator can delete objects in the folders, but other users (within admin group) can not?  if I manually add the users to the folders, I can get this to work,  but doesn;t make sense, why would a user within a group have different rights, than any other user within the same group, with the same rights???
  Hope this helps!
  Edited by: Michael Bujarski on Jun 5, 2009 3:56 PM

• Multiple Access Levels per User

  In a site I'm building, I need the ability to allow an administrator to intuitively assign different access levels to different users. There may ultimately be roughly 25 different pages to which a user may be granted access. One user may have access to section/page levels 1, 4, 5, 7 and 21. Another user may get access to 2, 3, 4, 17, 19 and 24, etc. While this is possible under the existing ADDT user login system by creating a separate access value that includes only the permissible pages (access level 1 could get to page 1, 4, 5, 7 and 21; access level 2 could only get to pages 2, 3, 4, 17, 19 and 24) it becomes impractical for the administrator since the developer (me) would have to come up with an access value and corresponding permissible pages for every possible combination. Every time a new combination was needed, my client would have to contact me to add that access integer and modify all the corresponding sections/pages that the user could access.
  The ideal solution IMHO in this scenario would be for the administrator to simply be able to select or deselect a checkbox at will for each page to which the user is granted access (this is actually the scenario to which another of my feature request post refers:
  http://www.adobeforums.com/webx/.59b75119
  In searching the old InterAKT forums, I came across a post in which this exact scenario was requested. The user and Ionut came up with a solution which I was able to modify to enable the system I describe above. Rather than repeating the solution, here is a link to that post:
  http://www.interaktonline.com/Products/Dreamweaver-Extensions/MXUserLogin/Product-Forum/De tails/110205/Access+level+based+on+pages.html
  While it appears this solution will work for me, it took me quite a while to find it, and even longer to understand it.
  So, that's my feature request: The ability for an administrator to easily assign any combination of pages to which a user is granted access, preferably with a set of checkboxes.
  Thanks!

  This is functioning now.  With 9.0 you simply use a forward slash between device IDs.
  [device ID #1]/[device ID #2]
  Put this information in the "Mobile Device ID" field on the user form.
  It also has been verified with 8.82 PL15-16, but I don't know how far back it goes.

• Custom Access Level/User groups in BOBJ XI

  Experts,
  We are currently implementing BOBJ XI 3.1. Up on go-live, it will be handled by the Operations team from BOBJ CMC. We do not want to give administrator group for the operations users in CMC. Instead, we want to create custom groups with custom access levels.
  Ex. one for basis who will set up authentication, licenses etc
        one for the functional folks to maintain universes, export universes and set up security.
  Is there a way to set up user groups like this. We were able to successfully restrrict access just to folders, universes by creating a custom access level. But we were not able to do it on other items listed in CMC. Has anyone done this level of access before for the operations or even with in the development team instead of using administrator group>
  Appreciate your response
  Thanks
  Kee

  Hi,
  We can assign different rights to a group by creating custom access levels.
  Create a new group ,and also create custom access level and assign it to the new group.
  you can provide access to different objects to the group by adding rights to the access level.
  Under the access level > click  Included Rights > Add and Remove Rights > Under the Rights Collection > click on System.
  You  could find all the CMC object access rights can be assigned.
  Regards,
  Rameez

• Access Level - WebI XI3.0/3.1

  Hi all,
  Is there any access levels like can able to edit WebI Reports but not Save?
  thnx in Advance.
  reddeppa k

  Hi Reddeppa,
  Hoffpauir's observation is correct and in order to attract more feedback that will serve your best interest, this thread will be moved to the appropriate section.
  This is a quick mail to notify you that your question has been moved over to the Business Objects Administration section.
  It is possible to set rights in Designer, however your question seems to be specific to the (CMC) central management console.
  I hope this transfer will enrich your experince.
  Kind Regards,
  Ken

• DBA Proviledge and Access Level

  Dear all,
  Issue: DBA should have the required access level to maintain the database without having access to the business data in certain schema (user)
  Details: I am looking for a solution to enable the DBA to do all his administration work and maintain the database and at the same time he should not have any access to the data objects (specially the data in the tables) in certain schema in the database. The question is: How can I create a DBA then I revoke from him the access to the DB objects in certain schema?
  Best Regards,
  Abdo.

  Do not give the dba the DBA role; instead ceate your separate role, named, say SECURED_DBA, grant SELECT CATALOG ROLE, ALTER SYSTEM, ALTER DATABASE, etc., but not sweeping privs SELECT ANY TABLE, etc. This will help the DBA manage the database but not have access to the table data.

• SRKIM: R12: Concurrent Report Access Level

  PURPOSE
  r12 에서는 다른 user 에 의해 수행된 report output 을 볼 수 있는 user 권한을 어떻게 부여 하는지에 대해 알아 보도록 한다.
  EXPLANATION
  R11i 에서는 profile option: "Concurrent: Report Access Level" 을 지정 하여 concurrent request 의 output 에 대한 access level 을 지정 할 수 있었다.
  R12 에서는 이 profile 대신 UMX 의 Role Based Access Control (RBAC) 이 누가 request 의 output 을 볼 수 있는지를 지정 할 수 있도록 한다.
  administrator 는 한 request group 의 개별 프로그램이나 프래그램 set 혹은 모든 프로그램이나 셋에 대해 사용자나 role 에 대해 권한을 부여 할 수 있다.
  해당 기능을 구현 하기 위해 아래와 같은 permission 이 seeded 되어 있다.
  • Permission "Submit Request"
  • Permission "View Request"
  • Permission Set "Request Operations" containing the permissions "Submit Request"
  and "View Request"
  • Object "Concurrent Programs"
  • Object Instance Set "Programs that can be accessed"
  • Object Instance Set "Request sets that can be accessed"
  Request security group 에 대한 access 를 특정 role 에 부여 하기 위해서는 아래 steps 대로 수행 한다.
  1. UMX Responsibility 에서 user role 을 define 한다.
  2. System Administrator responsibility 에서 request security group 을 정의 한다.
  3. Functional Administrator responsibility에서 grant 를 정의 한다.
  1) grant 에 대한 이름과 description 을 입력한다.
  2) 해당 grant 에 대한 Security Context 를 입력한다.
  3) Data Security 항목에서 "Concurrent Programs" 혹은 "Request Sets" 를 object 으로 지정하고 next 를 click 한다.
  4) Object Data Context 에서 "Instance Set" 을 선택 후 "Programs that can be accessed" 이나 Request Sets that can be accessed 를 선택 한다.
  5) Instance Set Information 을 review 후 Instance Set Details 에서 request group 과 해당 application을 입력한다.
  6)"Request Operations" 에서 permission set 을 지정한다.
  Viewing Requests
  위에서 언급한 대로 RBAC 를 통해 viewing requests 권한을 control 할 수 있는데 아래와 같은 instance sets 이 그 역할을 한다.
  • All requests submitted by a user
  • All requests submitted by a user for a given application
  • All requests belonging to a program submitted by a user
  • All requests belonging to a request set submitted by a user (irrespective of the constituent programs' owning application) to another user (or a group of users - via a role).
  REFERENCE
  NOTE. 736547.1 - Concurrent Report Access Level

  Hello Kai,
  would you mind giving me a hand and post here the answer to your question? The mentioned metalink note is just referencing a whole section within 120sasg (B31451-05.pdf). If you would provide a short summary what needs to be done would be very welcome.
  Thanks a lot
  Volker

• Can not assign custom access level with a user login

  Hi,
  I am using Business objects XiR3. When I am loging in with a user having full control access and then I select a folder added a principal from user sercurity and when I am trying to add custom access level it gave me error
  An error occurred at the server during security batch commit: Request 0 of type 38 failed with server error : You do not have sufficient rights to make the requested security changes.
  it allow me to give access to standard access levels. also when I tried to assign custom access level with administrator user, it assigns custom access level to a principal without error.
  Can any body tell me what I am doing wrong?
  Thanks in advance,
  Rajendra

  Hi Rajendra,
  You have to make sure that the user group has the right 'Use access level for security assignment' assigned as granted on the access level you created. You can find this right under System / Access Level. That should do the trick!
  Hope this helps...
  Martijn van Foeken
  Focuzz BI Services
  http://www.focuzz.nl
  http://nl.linkedin.com/in/martijnvanfoeken
  http://twitter.com/mfoeken

• QaaWS Access Level

  All,
  I am setting up access level for users in the production environment for QaaWS tool. All users can view QaaWS in production, but they CAN'T create/modify/delete QaaWS in production. What access level do I need to enable this?
  I tried to use the "View" access level out-of-the box, but I got this "You are not authorized to design or edit a query. Please contact your administrator (QWS 02718)."  If I use "Full Control" access level, the user can login fine, but the issue is that user can create/modify/delete QaaWS in production. I am puzzled as to what access level can give me the view ability...
  Please advise...
  thanks...

  qaaws is a query tool designed for editing wsdl's. If you grant view that is most likley for infoview not for opening with the client. So I believe this is by design. If you do not get anyone to verify this then I'd suggest opening a case with support admin team so they can test it and verify that for you.
  Regards,
  Tim

• How to change lookup code  with Access Level as 'System'

  Hi,
  I need to append new lookup codes in a lookup type having access level as 'SYSTEM'. Is there any standard way to do the same or just updating the customization level column will do ? Please let me know if you have any solution for this.
  Regards
  Girish

  You can also change the meaning on that value to something like "*** DO NOT USE***". This will make it obvious to the user that he/she should not choose it.
  You can try to add a when-validate-record personalization to show error if someone selected a disabled value.
  You can also try to modify the list of values associated with the field using personalizations.
  If nothing else works, you can use a SQL to uncheck the enabled flag. The risks involved in this are well known.
  Hope this answers your question
  Sandeep Gandhi
  Independent Consultant
  513-325-9026

• What is the use of access level

  Hi Experts,
  What is the access level and what is use of each option in access level
  1  Application
  2  Superior component
  3. Top Component
  4. Sap
  5. Global
  and in Details section what is the use Properties tab
  1. Application Component
  2. Software Component
  3. Development Package
  4. Settings Class
  Please explain Each option use.
  Thank you in advance,
  Srini M.

  Hi Srini,
  just read the documentation (although the current status on SAP Help Portal isn't really up-to-date):
  1. [Entry point|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/cc/85414842c8470bb19b53038c4b5259/frameset.htm]
  2. [Setting an Access Level|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/32/6aba9c49fd41a5a14f710e121220f1/content.htm]
  W/r to "Application Component" etc., docu on Help Portal is definitely not sufficient. Here, the following applies:
  An application offers attributes for the application component and the software component. The application component and software component have to be the same as defined for the development package. Application and software component are automatically derived from the development package if they are not set explicitly.
  For the definition of the development package, application component, and software component, we recommend that you choose the same values that are in effect for the software solution that you want to enhance by a new BRFplus application. This simplifies all activities related to the software infrastructure, especially transports.
  CU
  Claus

• Not able to access the Administrator Console 7001

  Dear all,
  We have installed weblogic server 11.1.2 in Aix 6.1.
  Installation faced lot of FIXER problems finally we fixed all the required fixers and installation and configuration compleated without any error.
  In the last page of Configuration summary we got the Admin consloe and Em console address.
  When i try to connect those from my system using IE it says "internet explorer cannot Display the webpage" error comes.
  While on Installation we used Humming bird for graphical installation[this is the first time am using this utlity]. And more over i do not have idea how to check about the admin server start and stop from the back end[AIX].
  Kindly help me how to access the Administrator Console after Installation
  "Administrator Console: http://emar:7001/console"
  Exepecting all expects advice and guidance.
  Regards,
  Paja

  Hi Paja,
  Please check any weblogic process are running by using.
  ps -ef | grep java
  use " *kill -9 < pid >* "
  Now under %Domain_Home%/ bin folder.
  you will find startWebLogic.sh file.
  start this one using following way.
  ./startWebLogic.sh
  Once you provide your username and password
  Check your last logging like this.
  *<Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.17.62.212:7001 for protocols iiop, t3, ldap, s*
  in this case 10.17.62.212 is my IP address or listen address and 7001 is my http port.
  if you enable SSL list port it will also show you that one.
  now try to access console using http://<IP address>:port/console
  provide username and password
  Here we go to start your weblogic server.
  Now in %Domain_Home%/ bin folder you will find one more .sh file says stopWebLogic.sh.
  this will help you to stop the server.
  Hope this is easy way to start and stop your server.
  Regards,
  kal

• Is there an "Access Level" field on the "Send for Shared Review" screen (Pro X)?

  I'm using Pro X, but haven't come across the "Access Level" field expalined in this on-line video http://tv.adobe.com/watch/learn-acrobat-x/getting-started-the-basics-of-reviewing/
  Is this something you can enable?

  It's only available if you select Acrobat.com as the review server.