ACL Best Practice - On the Internet interface

Similar Messages

• Pool : best practice ODI : PLSQL or Interface object ?

  Hello,
  My ODI consultant has developped an interface to load a flat file into Hyperion Planning :
  * first step : load flat file into staging : done with "Interface" object
  * second step : transform staging table (1,2,3 ==> JAN, FEB, MAR // transform "-" into ND_Customer ... very easy transformation !) : done trough a PLSQL Procedure. Result is load into FACT_TABLE
  * third step : load FACT_TABLE into ESSBASE : done with "interface" object
  During design, we didn't discuss the technology, but after the build, I'm very suprised by the second step. There is no justification to do it with PLSQL. My consultant explains me : "I'd rather to use PLSQL". But from my point of view, ODI best practice is to use "Interface" (more flexible, you can change the topology without impact in interface etc ...)
  What is your point of view? Should I raise an issue and expect from my consultant a rewriting with "interface" object?
  Rgds

  Thx SH, the complexity (use of two intermediate tables : STAGING and FACT) is due to our requirment to archive the original data during one year (in STAGING) and to give an audit trail from Essbase to original data (before transformation). From Essbase we could go back to FACT Table (same member name) then goes back to STAGING by using and unique ID that produces a link between tables.
  From my point of view ODI Interface is the simplier way to maintain the "mapping", instead of PLSQL, but I would have more feedbacks from other developper to be sure of my feeling (I've done only 2 Hyperion Planning + ODI Project before the current one).
  The complexity of interface are low or medium : simple filter on one or two dimensions / DECODE mapping on Month / group by on similar records / for few interfaces, more complexe rules with IF statement.
  Thx in adavance

• Best Practice for the Service Distribution on multiple servers

  Hi,
  Could you please suggest as per the best practice for the above.
  Requirements : we will use all features in share point ( Powerpivot, Search, Reporting Service, BCS, Excel, Workflow Manager, App Management etc)
  Capacity : We have  12 Servers excluding SQL server.
  Please do not just refer any URL, Suggest as per the requirements.
  Thanks 
  srabon

  How about a link to the MS guidance!
  http://go.microsoft.com/fwlink/p/?LinkId=286957

• Best practice for the test environment  &  DBA plan Activities    Documents

  Dears,,
  In our company, we made sizing for hardware.
  we have Three environments ( Test/Development , Training , Production ).
  But, the test environment servers less than Production environment servers.
  My question is:
  How to make the best practice for the test environment?
  ( Is there any recommendations from Oracle related to this , any PDF files help me ............ )
  Also please , Can I have a detail document regarding the DBA plan activities?
  I appreciate your help and advise
  Thanks
  Edited by: user4520487 on Mar 3, 2009 11:08 PM

  Follow your build document for the same steps you used to build production.
  You should know where all your code is. You can use the deployment manager to export your configurations. Export customized files from MDS. Just follow the process again, and you will have a clean instance not containing production data.
  It only takes a lot of time if your client is lacking documentation or if you re not familiar with all the parts of the environment. What's 2-3 hours compared to all the issues you will run into if you copy databases or import/export schemas?
  -Kevin

• Best Practice for the Vendor Consignment Process

  Hiii ,,,
  Can anybody have the best practices for the Vendor consignment process???
  Please Send me the document.
  Please explain me the Consignment process in SAP??
  Thanx & Regards,
  Kumar Rayudu

  Hi Kumar,
  In order to have Consigment in SAP u need to have master data such as material master, vendor master and purchase inforecord of consignment type. U have to enter the item category k when u enter PO. The goods receipt post in vendor consignment stock will be non valuated.
  1. The intial steps starts with raising purchase order for the consignment item
  2. The vendor recieves the purchase order.
  3. GR happens for the consignment material.
  4. Stocks are recieved and placed under consignment stock.
  5. When ever we issue to prodn or if we transfer post(using mov 411) from consignment to own stock then liability occurs.
  6. Finally comes the settlement using mrko. You settle the amount for the goods which was consumed during a specific period.
  regards
  Anand.C

• Req:SAP Best practice for the Funds Management

  Dear all,
  Let me know where I can get the SAP Best practice for the Funds Management . Waiting for your valuable reply.
  Regards
  Manohar

  Hello Manohar,
  You can find documentation in links below:
  Industry Solution Master Guide - SAP for Public Sector:
  https://websmp105.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000065911
  SAP Best Practices for Public Sector:
  http://help.sap.com/  SAP Best Practices -> Industry Packages -> Public
  Sector
  Online Library for Funds Management:
  http://help.sap.com/saphelp_erp2005vp/helpdata/en/41/c62c6d6d84104ab938a
  a7eae51db06/frameset.htm
  I hope it helps
  Best Regards,
  Vanessa Barth.

• What are the best practices for the RCU's schemas

  Hi,
  I was wondering if there is some best practices about the RCU's schemas created with BIEE.
  I already have discoverer (and application server), so I have a metadata repository for the Application Server. I will upgrade Discoverer 10g to 11, so I will create new schema with RCU in my metada repository (MR) of the Application Server. I'm wondering if I can put the BIEE's RCU schemas in the same database.
  Basically,
  1. is there a standard for the PREFIX ?
  2. If I have multiple components of Fusion in the same Database, I will have multiples PREFIX_MDS schema ? Can they have the same PREFIX ? Or They all need to have a different prefix ?
  For exemple: DISCO_MDS and BIEE_MDS or I can have DEV_MDS and this schema is valid for both Discoverer and BIEE.
  Thank you !

  What are the best practices for exception handling in n-tier applications?
  The application is a fat client based on MVVM pattern with
  .NET framework.
  That would be to catch all exceptions at a single point in the n-tier solution, log it and create user friendly messages displayed to the user. 

• Best practice to develop internet app integrating with backend R/3 modules

  While we wait to upgrade from R/3 4.6c, going forward we want to stop investing in ITS Flow Logic applications.
  What is the best practice around using backend RFCs/BAPIs to expose SAP functionality as a web application that is accessible on the internet? One thought looks like using WAS 6.4 - utilizing JRA to call RFCs and using JSP/Servlet; another is to use Webdynpro based development. Will appreciate some architecture advice along side - especially if we also wanted internet surfers to set up user accounts. Thanks!

  Hi Vito,
  I do have the same situation as you and also some of the guys mentioned above as well. I have Portal only users and also users who uses the SAP GUI.
  Thus, what I would advise, taking into consideration of audit as well, is to have the below scenerios:
  1) Users who login to backend with SAP GUI on Citrix only
  We have changed the system parameter: login/password_change_for_SSO=2
  The password change dialog box appears and the password must be changed (input: old and new password). Also we have setup SNC (CyberSafe) so that in our SAP GUI, users can click on the system with SNC setup and login to backend without having to enter userID and password
  2) Users who login to backend with SAP GUI on client (local)
  Users will login with userID and password
  3) Portal user with SSO and no login to backend vwith SAP GUI 
  Portal users will have their password deactivated.
  Explaination to Audit for Portal users:
  We have 90days password reset on Windows (AD). So our Portal users are respecting the audit request of having 90days password reset, but instead of having it in SAP, its in our Windows. Furthermore, SSO is setup as such that the coinnection for these Portal users to the backend is secure.
  We are not able to set login/password_change_for_SSO=3 as we have sites which does not use Citrix. Thus, these sites will have local SAP GUI install.
  Hope that can share some experience of mine to those who are also in my past situation.
  Ray

• BEST PRACTICE FOR THE REPLACEMENT OF REPORTS CLUSTER

  Hi,
  i've read the noter reports_gueide_to_changed_functionality on OTN.
  On Page 5 ist stated that reports cluster is deprecated.
  Snippet:
  Oracle Application Server High Availability provides the industry’s most
  reliable, resilient, and fault-tolerant application server platform. Oracle
  Reports’ integration with OracleAS High Availability makes sure that your
  enterprise-reporting environment is extremely reliable and fault-tolerant.
  Since using OracleAS High Availability provides a centralized clustering
  mechanism and several cutting-edge features, Oracle Reports clustering is now
  deprecated.
  Please can anyone tell me, what is the best practice to replace reports cluster.
  It's really annoying that the clustering technology is changing in every version of reports!!!
  martin

  hello,
  in reality, reports server "clusters" was more a load balancing solution that a clustering (no shared queue or cache). since it is desirable to have one load-balancing/HA approach for the application server, reports server clustering is deprecated in 10gR2.
  we understand that this frequent change can cause some level of frustration, but it is our strong believe that unifying the HA "attack plan" for all of the app server components will utimatly benefit custoemrs in simpifying their topologies.
  the current best practice is to deploy LBRs (load-balancing routers) with sticky-routing capabilites to distribute requests across middletier nodes in an app-server cluster.
  several custoemrs in high-end environments have already used this kind of configuration to ensure optimal HA for their system.
  thanks,
  philipp

• Best Practice for the database owner of an SAP database.

  We recently had a user account removed from our SAP system when this person left the agency.  The account was associated with the SAP database (he created the database a couple of years ago). 
  I'd like to change the owner of the database to <domain>\<sid>adm  (ex: XYZ\dv1adm)  as this is the system admin account used on the host server and is a login for the sql server.  I don't want to associate the database with another admin user as that will change over time.
  What is the best practice for database owner for and SAP database?
  Thanks
  Laurie McGinley

  Hi Laura
  I'm not sure if this is best practise or not, but I've always had the SA user as the owner of the database. It just makes it easier for restores to other systems etc.
  Ken

• Best practice for the use of reserved words

  Hi,
  What is the best practice to observe for using reserved words as column names.
  For example if I insisted on using the word comment for a column name by doing the following:
  CREATE TABLE ...
  "COMMENT" VARCHAR2(4000),
  What impact down the track could I expect and what problems should I be aware of when doing something like this?
  Thank You
  Ben

  Hi, Ben,
  Benton wrote:
  Hi,
  What is the best practice to observe for using reserved words as column names.Sybrand is right (as usual): the best practice is not to use them
  For example if I insisted on using the word comment for a column name by doing the following:
  CREATE TABLE ...
  "COMMENT" VARCHAR2(4000),
  What impact down the track could I expect and what problems should I be aware of when doing something like this?Using reserved words as identifiers is asking for trouble. You can expect to get what you ask for.
  Whatever benefits you may get from naming the column COMMENT rather than, say, CMNT or EMP_COMMENT (if the table is called EMP) will be insignificant compared to the extra debugging you will certainly need.

• Best practice for the Update of SAP GRC CC Rule Set

  Hi GRC experts,
  We have in a CC production system a SoD matrix that we would like to modified extensively. Basically by activating many permissions.
  Which is a best practice for accomplish our goal?
  Many thanks in advance. Best regards,
    Imanol

  Hi Simon and Amir
  My name is Connie and I work at Accenture GRC practice (and a colleague of Imanolu2019s). I have been reading this thread and I would like to ask you a question that is related to this topic. We have a case where a Global Rule Set u201CLogic Systemu201D and we may also require to create a Specific Rule Set. Is there a document (from SAP or from best practices) that indicate the potential impact (regarding risk analysis, system performance, process execution time, etc) caused by implementing both type of rule sets in a production environment? Are there any special considerations to be aware? Have you ever implemented this type of scenario?
  I would really appreciate your help and if you could point me to specific documentation could be of great assistance. Thanks in advance and best regards,
  Connie

• Import data from excel file - best practice in the CQ?

  Hi,
  I have question related to importing data from excel file and creates from those data a table in the CQ page. Is inside CQ some OOTB component which provides this kind of functionalities? Maybe somebody implement this kind of functionality or there is best practice to do this kind of functionalities?
  Thanks in advance for any answer,
  Regards
  kasq

  You can check a working example package [1] (use your Adobe ID to log in)
  After installing it, go to [2] for immediate example.
  Unfortunately it only supports the old OLE-2 Excel format (.xls and not .xlsx)
  [1] - http://dev.day.com/content/packageshare/packages/public/day/cq540/demo/xlstable.html
  [2] - http://localhost:4502/cf#/content/geometrixx/en/company/news/pressreleases/my_personal_bes ts.html

• Best practices for firewall external interface addressing

  Hi all,
  Can anyone explain what is more secure when addressing the outside interface of a firewall in a network diagram?
  1st option:  
                            ISP router:
                                 interface 1 (connected to the internet).
                                 interface 2 to the firewall with public ip address.
                             Firewall:
                                 interface 1 (connected to the router): public ip address
                                 interface 2 (connected to internal network): private ip address (RFC1918)
  2nd option:
                           ISP router:
                                interface 2 (connected to the internet (ISP)).
                                interface 1 to the firewall with private ip address (RFC1918).
                           Firewall:
                               outside interface 2  (connected to the router): private ip address (RFC1918)
                               inside interface 1 (connected to internal network): private ip address (RFC1918)
  Any response is welcome.

  It's not so much what is more secure as where you want to do the NAT and how may public IPs you have.
  So if you only has a small block of public IPs and you wanted to use them for NAT on the firewall then you could use a private link between the ISP router and the firewall.
  Usually though an ISP gives you two blocks, a /30 for the point to point link and then a larger subnet for actual use on the firewall.
  For a single ISP setup doing the NAT on the firewall is usually the way it is done especially if you are using VPNs as if you NAT on the router it can interfere with the VPN.
  If you end up with multiple ISPs then you may need to move some or all of the NAT configuration to the routers although it is not always necessary and you may still do it on the firewall. It depends on a lot of other things such as IP addressing, ISP advertisement of public IPs etc.
  Jon

• ¿Can Extended and Ethertype (input) ACLs be applied to the same interface?

  Hello team:
  ¿ Is it possible to apply one Extended ACL and one Ethertype ACL, in input mode, to the same interface?
  Thank you very much in advance.
  Mariela Musitani

  Thank you very much Borys. I assumed that it was possible, but the documentation was not clear in this context.
  regards, Mariela