Access level enforcement

Similar Messages

• How to change lookup code  with Access Level as 'System'

  Hi,
  I need to append new lookup codes in a lookup type having access level as 'SYSTEM'. Is there any standard way to do the same or just updating the customization level column will do ? Please let me know if you have any solution for this.
  Regards
  Girish

  You can also change the meaning on that value to something like "*** DO NOT USE***". This will make it obvious to the user that he/she should not choose it.
  You can try to add a when-validate-record personalization to show error if someone selected a disabled value.
  You can also try to modify the list of values associated with the field using personalizations.
  If nothing else works, you can use a SQL to uncheck the enabled flag. The risks involved in this are well known.
  Hope this answers your question
  Sandeep Gandhi
  Independent Consultant
  513-325-9026

• What is the use of access level

  Hi Experts,
  What is the access level and what is use of each option in access level
  1  Application
  2  Superior component
  3. Top Component
  4. Sap
  5. Global
  and in Details section what is the use Properties tab
  1. Application Component
  2. Software Component
  3. Development Package
  4. Settings Class
  Please explain Each option use.
  Thank you in advance,
  Srini M.

  Hi Srini,
  just read the documentation (although the current status on SAP Help Portal isn't really up-to-date):
  1. [Entry point|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/cc/85414842c8470bb19b53038c4b5259/frameset.htm]
  2. [Setting an Access Level|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/32/6aba9c49fd41a5a14f710e121220f1/content.htm]
  W/r to "Application Component" etc., docu on Help Portal is definitely not sufficient. Here, the following applies:
  An application offers attributes for the application component and the software component. The application component and software component have to be the same as defined for the development package. Application and software component are automatically derived from the development package if they are not set explicitly.
  For the definition of the development package, application component, and software component, we recommend that you choose the same values that are in effect for the software solution that you want to enhance by a new BRFplus application. This simplifies all activities related to the software infrastructure, especially transports.
  CU
  Claus

• How to include group access level in a ws call

  I want to include a Group Access Label in a Permission for a Course using an iTunes web service call.
  I don't see how to do this in the docs.
  (The example in iTunesUAdministratorsGuide.pdf at page 111 doesn't include the Group Access Label.
  And it's not in the schema for the ws xml document at http://deimos.apple.com/iTunesURequest-1.0.xsd)
  Is this an obvious omission or am I missing something? Anyone know how to do this?
  Background:
  We're creating most Courses programmatically.
  Obviously, we'd strongly prefer not to require an administrator to go into every Course and manually add a common Group Access Label to the Permission. (This manual piece is essentially what's now missing from the ws call or at least from my understanding of it.)
  Either way -- manually by an administrator or programmatically -- our instructors would then be able to set Permissions themselves on any Group they create -- doing this themselves and without the help of an administrator.

  To resume with a little progress made:
  I have a Section
  * with Access Level == Edit for Credential == Instructor@...${IDENTIFIER} with no Group Access Label, and also
  * with Access Level == Download for Credential == Student@...${IDENTIFIER} with Group Access Label == Student.
  I'm doing ws calls to add a Course including an identifier. This is successful, and I can then go into the iTunes client as Instructor@...${IDENTIFIER} (substitution made) and manually add Groups and change Access to each individually. (I'm adding Groups "Download", "Shared Uploads", and "Drop Box", changing the Access Level accordingly for Group Access Label "Student".
  But naturally I want to do the manual part programmatically, to save n instructors from having to learn how to do this same thing and then to do it.
  So I'm trying to change my ws call to add the Groups, including Permissions. Schema http://deimos.apple.com/rsrc/xsd/iTunesURequest-1.1.xsd doesn't include Group Access Label for Permission. What does this mean?
  I've tried the actual Credential == Student@...${IDENTIFIER} (with IDENTIFIER substitution made before the call) and also Credential == Student (to see if I'm supposed to match the Group Access Label, instead).
  For either of these trials, the ws call successfully adds the Groups and a ShowTree includes the Permissions for the Groups. But in the iTunes client user interface, it's as if I gave no Permissions in adding the Groups.
  Am I approaching this wrong or is there a bug here?
  (I haven't tried yet a separate call to add the Group Permissions, not wanting to suffer the processing wait of getting handles for the three Groups.)
  Anyone else doing this? (successfully or not ) Thanks.

• The best way to implement user's access level via Servlet & JSP (or more)?

  Hi all,
  I am trying to implement user's access level in an application to allow certain access to certain page or components within a page (buttons, etc.). From my experience with JSP, Java, servlet, I am think of having the jsp/servlet to check for user's access level to decide what jsp components or forward page to go to next but that doesn't seem clean or elegant way to handle it.
  Any suggestions of how to do this? Are there other technologies (Struts) out there that can handle this?
  Thanks so much in advance for your feedback or suggestion,
  Thong Bui

  I haven't experienced a lot in defining security roles before, and there is probably a lot to learn about this area. However I might be able to assist you in some way. Whenever I have 2 or more objects that need to be stored in the session, I create a class called UserContainer. Say you have three properties:
  empSsn (String) , isAdmin (Boolean), isAgent (Boolean), then:
  public class UserContainer implements Serializable  {
  private String empSsn = null;
  private Boolean isAdmin = null;
  private Boolean isAgent = null;
  public UserContainer() {
  super();
  public void setIsAdmin(Boolean isAdmin) {
  this.isAdmin = isAdmin;
  public Boolean getIsAdmin() {
  return this.isAdmin;
  // getters and setters for the other properties
  Of course after you decide (in your sevlet) whether the app user is an administrator or an agent, you can set the corresponding property in the user container, and then save it in the session. Afterwords, in any jsp, you can decide to display a certain element (e.g a button) after you check the user's role. Example:
  // Welcome.jsp
  <% UserContainer userContainer = (UserContainer) session.getAttribute("userContainer");
  boolean isAdmin = userContainer.getIsAdmin().booleanValue();
  boolean isAgent = userContainer.getIsAgent.booleanValue();
  if(isAdmin) { %>
  <!-- HTML/Code corresponding to an administrator -->
  <% } if(isAgent) { %>
  <!-- HTML /Code corresponding to an agent -->
  <% } >Of course, this is a very simple way of doing such a task, you will find more secure ways if you look at LDAP or something of that matter.
  Cheers

• Is there an "Access Level" field on the "Send for Shared Review" screen (Pro X)?

  I'm using Pro X, but haven't come across the "Access Level" field expalined in this on-line video http://tv.adobe.com/watch/learn-acrobat-x/getting-started-the-basics-of-reviewing/
  Is this something you can enable?

  It's only available if you select Acrobat.com as the review server.

• Restrict certain function based on access level

  I'm working through an approval process with Office 365 SharePoint Lists and Infopath, and I want certain people to be able to submit items in a Sharepoint list on behalf of someone else. So, the boss might have her assistant post news for her,
  but her name will be on it. I only want certain people with a higher access level to be able to do this. Most people will just be able to submit news on their own behalf. I'm not sure how to do this other than to actually have a separate list that only certain
  people can access to support this one function.
  Currently I have lists for...
  Draft Items
  Submitted Items
  Published Items
  and I might create a fourth one for "Drafts Items on behalf of." Can you think of a better way than to actually create a fourth list?

  Hi  ,
  According to your description, my understanding is that you want to three permission level for a list: unable submit and unable approval, able submit and unable approval, able submit and able approval.
  If you just want to restrict  for a list, you can try to stop inheriting permissions for the list.
  For the above permission level, it can be reflected to the SharePoint default permission level: read, edit, approve. So for achieving your demand, you can add the users  into  suitable permission
  group (Site Visitors, Site Members, Approvers).
  Then you can go to the list ->List Settings ->Versioning Settings, select “Yes” for Require content approval for submitted items.
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• Access levels in dreamweaver cs4

  Hi,
  I have been playing around with dreamweaver cs4 using the tutorials and videos i have thanks to you guys.
  I created a simple login mysql database and used the login features within dreamweaver cs4 which was great and so simple.
  I have came across login to a secured site so many times over the past few years pulling down sample asp with access scripts and never getting it right.worked first time no problem.
  however what i do also get asked is access level security for a secured area. i noticed in the login objects properties there was an option "secure page and get access level from database table" however what i want to be able to do is have it so an admin would see all contacts in the database but the individual agents only have access to their own assigned contacts.
  i would be greatful anyone could point me in right direction from within dreamweaver to do this, also not sure how i would setup the table in mysql to reflect this?
  any pointers or help would be greatly appreciated.
  many thanks
  andy

  Not sure if this is what you want, at least it will give you an example
  <!DOCTYPE HTML>
  <html>
  <head>
  <meta charset="utf-8">
  <title>Untitled Document</title>
  <style>
  body {width: 980px; margin: auto; background: #FEE49A;}
  #header {height: 120px; background: #060;}
  #article {height: 400px; width: 749px; float: right; background: #FFF; border-right: 1px solid #060;}
  #aside {height: 400px; width: 228px;    float: left; border-right: 1px solid #060; border-left: 1px solid #060; background: #CCC;}
  #footer {height: 50px; background: #060; clear: both;}
  </style>
  </head>
  <body>
  <div id="header"></div>
  <div id="aside"></div>
  <div id="article"></div>
  <div id="footer"></div>
  </body>
  </html>
  Gramps

• Managing "Access Levels" on a domain level from Lync 2010 client

  Hello,
  Our company moved from Office Communicator 2007 R2 clients to Lync 2010 clients.
  Previously in Office Communicator 2007 R2 client, it was possible to set default Access Levels for complete domains (instead of individual users only), using the Access Level Management view.
  In the Lync 2010 this options seems to be missing. The management options per user are still there (by right-clicking a user), but the access to manage it for a domain is no longer visible.
  Is there any way to manage Access Levels for domains, in a similar way we had in Communicator 2007? It appears that Lync 2010 stilluses the Access Levels set previously for domains, but users do no longer have any possibility to make further updates,
  and are stuck (from their perspective at least) with the settings made in 2007 before.
  Thanks.

  Lync 2010 doesn’t have the feature natively.
  With Lync Server 2010, by default, the contacts from federated domains are added as External Contacts.
  Lisa Zheng
  TechNet Community Support

• Help creating apple script to create folder and set access levels

  I'm trying to create folders in FileMaker Pro using apple script and need some help in setting the access level for the folders.  I want to set both Staff and everyone to Read and Write access.   Secondly I would like to have a function key set on the desktop to create new folders and set that same access level.  The default access is Read and I can not find a way to change that.
  Thanks

  I'm trying to create folders in FileMaker Pro using apple script and need some help in setting the access level for the folders.  I want to set both Staff and everyone to Read and Write access.   Secondly I would like to have a function key set on the desktop to create new folders and set that same access level.  The default access is Read and I can not find a way to change that.
  Thanks

• Problem with user access level

  David,
  I have so far succesfully implementend your tutorial on users registering and having to validate their emailaddress (both part I and II).
  Part I: http://cookbooks.adobe.com/post_Registration_system_that_requires_the_user_to_vali-16646.h tml
  Part II: http://cookbooks.adobe.com/post_Registration_system_that_requires_the_user_to_vali-16649.h tml
  When creating a login form however, I don't get it to work based on the access level verified = y. The database is set up exactly as you described in the above tutorials.
  This is the HTML for the log in form (index.php):
  <form ACTION="<?php echo $loginFormAction; ?>" method="POST" id="logon">
  <label for="user">Username</label>
  <input type="text" id="user" name="username" />
  <br />
  <label for="pass">Password</label>
  <input type="password" id="pass" name="password" />
  <br />
  <label for="done"> </label>
  <input type="submit" value="Log On" />
  </form>
  Below the code that is found above the <html> tag in the index.php file:
  <?php require_once('../Connections/conn.php'); ?>
  <?php
  if (!function_exists("GetSQLValueString")) {
  function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
    if (PHP_VERSION < 6) {
      $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
    $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
    switch ($theType) {
      case "text":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;   
      case "long":
      case "int":
        $theValue = ($theValue != "") ? intval($theValue) : "NULL";
        break;
      case "double":
        $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
        break;
      case "date":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;
      case "defined":
        $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
        break;
    return $theValue;
  ?>
  <?php
  // *** Validate request to login to this site.
  if (!isset($_SESSION)) {
    session_start();
  $loginFormAction = $_SERVER['PHP_SELF'];
  if (isset($_GET['accesscheck'])) {
    $_SESSION['PrevUrl'] = $_GET['accesscheck'];
  if (isset($_POST['username'])) {
    $loginUsername=$_POST['username'];
    $password=$_POST['password'];
    $MM_fldUserAuthorization = "verified";
    $MM_redirectLoginSuccess = "overview.php";
    $MM_redirectLoginFailed = "index.php";
    $MM_redirecttoReferrer = false;
    mysql_select_db($database_conn, $conn);
    $LoginRS__query=sprintf("SELECT username, password, verified FROM users WHERE username=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
    $LoginRS = mysql_query($LoginRS__query, $conn) or die(mysql_error());
    $loginFoundUser = mysql_num_rows($LoginRS);
    if ($loginFoundUser) {
      $loginStrGroup  = mysql_result($LoginRS,0,'verified');
      //declare two session variables and assign them
      $_SESSION['MM_Username'] = $loginUsername;
      $_SESSION['MM_UserGroup'] = $loginStrGroup;          
      if (isset($_SESSION['PrevUrl']) && false) {
        $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];    
      header("Location: " . $MM_redirectLoginSuccess );
    else {
      header("Location: ". $MM_redirectLoginFailed );
  ?>
  On the overview.php page, I applied the restrict access to page behaviour, which results in the following code:
  <?php require_once('../Connections/conn.php'); ?>
  <?php
  if (!isset($_SESSION)) {
    session_start();
  $MM_authorizedUsers = "y";
  $MM_donotCheckaccess = "false";
  // *** Restrict Access To Page: Grant or deny access to this page
  function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
    // For security, start by assuming the visitor is NOT authorized.
    $isValid = False;
    // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
    // Therefore, we know that a user is NOT logged in if that Session variable is blank.
    if (!empty($UserName)) {
      // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
      // Parse the strings into arrays.
      $arrUsers = Explode(",", $strUsers);
      $arrGroups = Explode(",", $strGroups);
      if (in_array($UserName, $arrUsers)) {
        $isValid = true;
      // Or, you may restrict access to only certain users based on their username.
      if (in_array($UserGroup, $arrGroups)) {
        $isValid = true;
      if (($strUsers == "") && false) {
        $isValid = true;
    return $isValid;
  $MM_restrictGoTo = "index.php";
  if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {  
    $MM_qsChar = "?";
    $MM_referrer = $_SERVER['PHP_SELF'];
    if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
    if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
    $MM_referrer .= "?" . $QUERY_STRING;
    $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
    header("Location: ". $MM_restrictGoTo);
    exit;
  ?>
  Any idea/thoughts on what I'm not adding to the page in order to work?

  David,
  Thank you for that insight, I figured it would be something like that and when I woke up this morning, it all made sense. I changed somthing from the tutorial (part I) you wrote and now it works fine.
  I had trouble with the validation link in the email that is sent automatically. In your tutorial, section "generating and sending the validation email", you write:
  $message .= urlencode($_POST['username']);
  $message .= '&amp;t=';
  $message .= urlencode($token);
  When using the code like this, it wouldn't set the verified column to y. However, when I changed the middle $message to
  $message .= '&t=';
  it updated the verified column to y. The URL that displayed from the original code displayed the & sign as &amp; in the URL itself.
  Next to that, whenever I try to add something to the e-mail, the validation link becomes not clickable anymore.
  As the login problem concerns, encrypting indeed did the trick.
  if (isset($_POST['username'])) {
    $loginUsername=$_POST['username'];
    $password=sha1($_POST['password']);
  Putting the $_POST['password'] between brackets, adding sha1 in front of it. It works just fine now.
  Hopefully no further problems on this anymore! Thanks a lot for your insights!
  EDIT: I can't mark this thread as answered anymore?

• Access level in lookup table

  I'm using Dreamweaver CS4. It seems that access levels can
  only be applied (at least through Server Behaviors) to a field
  within the same table that host the users and their associated
  passwords. I have adopted a database which contains a table which
  contains the users and their passwords but the access levels are
  stored in a lookup table. Aside from hand coding this or changing
  the table structure to include access levels, users and passwords
  in the same table, can anyone provide some insight as to how to
  handle this?

  OK i have successfully achieved the JOIN...I think. I clicked
  "Test" on the Recordset dialog and I can see records from the table
  but not the JOIN table.
  Here is the SQL statement I used:
  SELECT authuser_id, firstname, lastname, uname, passwd
  FROM authuser INNER JOIN user_access ON
  authuser.authuser_id=user_access.userID
  So once this is done, I'm not sure how to proceed. I added
  the "Log In User" server behavior but the JOIN field is not
  displayed under the "Restrict access based on:".
  I obviously have a lot to learn about how Dreamweaver helps
  streamline this process. Any help (detailed as possible) would be
  much appreciated.

• Security and access levels

  I have created 4 users access levels, however, when I try to implement, when I keep inheritence, default security keeps coming up,   e.g. try changing everyone to my new access level and I get the new access level, but I also get view (inherited) - how can I "clean out" the old security settings??

  Sorry for the delay!
  OK, here's our situation - it's pretty straight forward;
  1500 users
  1500 (all) users in Everyone
  Of the 1500 users in Everyone;
  1200 in subgroup A
  200 in subgroup B
  90 in subgroup C
  10 users in Administrators
  4 universes
  1 connection
  Goal:
  Everyone and subgroups, same as admin, exception: can't delete or save to "corp" doc's.  My thought is to use same access level, then use the advanced configuration on the folders to prevent everyone from deleting any "corp docs"
  I have applied this access level to everyone and admin at;
  application > infoview, webi. cmc, deski, discussions, search
  universes > all 4
  connections > the 1
  folders > root folder,  level 1, denied access to everyone accordingly on level 2
  I have also added this access level to the top level security for users and groups
  Issues; 
  1. When I check the access level for everyone on folders, level 1 and below, I get the custom access level as inherited, but also view aslo as inherited.
  2. The users added to the admin group do not have same rights as the "administrator - for example, administrator can delete objects in the folders, but other users (within admin group) can not?  if I manually add the users to the folders, I can get this to work,  but doesn;t make sense, why would a user within a group have different rights, than any other user within the same group, with the same rights???
  Hope this helps!
  Edited by: Michael Bujarski on Jun 5, 2009 3:56 PM

• Need access levels to access database

  hi ,
  i am doing project with jsp in ms-access database. this webapplication should be accessible to 10 people. all should be view the data but levels should be there.how can i get the access levels to the database like reading access to some 2 people. writing and modifying access to some 5 people.inserting can be done by other 2 people . please give the solution for this. i have netbeans4.1 ide , and tomcat bundled server.
  so, kindly give the jsp code and msaccess solution.
  thanks .

  I am not informed if the ms-access DB supports SQL-92. In that case you should be able to define the users and set the rules using GRANT sql command. So it is more or less an off topic entry here for a java forum.
  Else if you try to implement the authoization business logic out of your DB domain in java (or C or whatever), it is no more coupled with the DB and most likely that is not what you are supposed to deliver.

• Problem with Restrict Access to Page with access level using ASP

  I'm using Dreamweaver CS3 with ASP-VBScript and an Access
  database. The pages were created from scratch for this project,
  using those tools all the way through.
  I've created a login page, an admin homepage, and add, edit,
  and list records pages for three tables. The login page uses the
  Server Behavior "Log in User", all other pages use the Server
  Behavior "Restrict Access to Page". All of these are based on an
  Access Level.
  Login seems to work correctly, and redirects to the admin
  homepage. From the admin homepage, I can open any other page as
  expected, and they initially display correctly. On the add and edit
  pages, however,
  submitting the form often results in getting logged out, but
  not always.
  Once this happens, I can log back in, but other problems will
  sometimes occur during that second login session. Sometimes,
  logouts will occur on pages that worked fine during the first login
  session. Sometimes, another session variable that I've setup
  manually will change when it shouldn't...as if there were two
  values stored for my session variable, and reloading the page
  changes to the other value.
  This
  post seems closest to my experience, but it doesn't look like
  there was really an answer beyond "I had to fight with it for a bit
  to get it to work":
  I suspected that there is some problem with session settings
  on the server. We have an almost identical tool on the same server
  that was developed with an older version of DW that works more
  reliably; it sometimes has problems with the initial login, but
  never has a problem after that.
  Has anyone experienced problems like this? Any suggestions
  for what to check? I'm really pulling my hair out since it's so
  unreliable...the kind of problem that goes away when you try to
  show someone and comes back when they leave.

  Hello,
  I was thinking that all I would need would be the username, although username and paswsword would be more secure.  There are about 50 users and no groups or levels.  They are all equal ... same level.
  The website is private and there is a general content area for all users and then there will be private areas for each user where proprietary documents will be held.  I need to be able to ensure that user 'A' can only see the user 'A' pages, user 'B' can only see user 'B', etc.
  I don't really understand what the Dreamweaver script is doing, but the overview sounded like it was the right tool to accomplish what I'm trying to do.
  Any assistance greatly appreciated.
  thanks.