ACS user access setting

Similar Messages

• How to set up reverse proxy to allow user access portal site from internet

  Hi all,
  I have installed 10g(10.1.2.0.2) AS on same machine(single IP for both mid and infra with different users respectively). there is a DMZ on which windows IIS is working through which we need to redirect the request to application server such that users access portal page from internet (within intranet all URLs are working fine). I have went through technet documentation where i found 3 ways : through this link
  http://download.oracle.com/docs/cd/B14099_19/core.1012/b13998/variants.htm
  Section 9.2.1.1, "Configuring OracleAS Web Cache as a Reverse Proxy"
  Section 9.2.1.2, "Configuring the Oracle HTTP Server as a Reverse Proxy"
  Section 9.2.1.3, "Configuring Internet Information Services as a Reverse Proxy"
  I am confused to which option to use. Also i went through the metalink document 270160.1
  Please help me which option to choose to do this.
  Thanks.

  Hi Hozy,
  May be it's too late, I am thinking to go in the same route for our sap portal access to external customers. Please can you share your experience , like what are the challenges have you faced? what is the complexity? what are all the resources we need to configure this?
  I appreciate your feedback.
  Thanks
  Krish

• Way to allow the user access to the saved lists of this Z report

  We have a Z report that we want to run at midnight each Sunday and then view the output/layout first thing Monday morning. We can schedule the report to run but it appears that the only way we can save the output as a 'file' for later viewing is by using the "Save with ID" option, which puts the output into a SAP 'saved list'.
  The problem with this is that it doesn't appear to be possible to access that list from the Z-report - it would appear that you have to go into SQ01 and use the 'saved list' button. This means giving the Z- report user access to SQ01 as well as Z-report, which, for security (SOD) reasons we don't want to do.
  We can run the report in foreground with the output option "File store" and save the output as a file to a specified location,. But this option doesn't appear to be available when the report is scheduled as a background job. If this is done, the background job runs but there's no output anywhere, as far as we can tell.
  So what want is to run the report in background but with the output option 'File store' or equivalent (i.e. an output stored somewhere that the report user can view). Is this not possible, or have we missed something in setting up the report run?
  Or is there a way to allow the user access to the saved lists of this Z report without giving them T-code SQ01?
  Thanks

  Hi !
  I just wonder if the answer from Varishtb below did solve your propblem.
  I have exactly the same problem as you. I also want to be able to look at the saved list without using the sq01.
  If you solved it I will be grateful to get the solution.
  regards Lars
  answer:
  You can call the infoset query directly from a transaction code. There's
  no need to copy it as a 'Z-report' (or as a custom report). In fact,
  everytime you're copying an infoset query to a report, you're calling
  for problems the next time you face an upgrade. (That is because SAP
  changes the internal logic used to handle the infosets queries from
  version to version)
  We're using some infoset queries and they work fine this way.

• User access at IO level

  I have 2 OUs-- OU1 and OU2.
  OU1 has 1 inv org-- IO11
  OU2 has 2 inv orgs-- IO21 and IO22.
  I will define responsibilities at IO level, i.e., 3 responsibilities for an application --R11(for IO11), R21 (for IO21) and R22 (for IO22).
  I want to restrict user access at the IO level.So, R21 should access only IO21 and not IO22. Same for R22.
  What will be the value of the following profile options in order to achieve this? My BG name is Set up business Group.
  MO:Operating unit
  MO:security profile
  HR:security profile
  HR:business group

  Hi,
  Try with organization access.
  Guess the above 4 profiles wil help you to restrict at OU level only.
  Hope this helps.
  tks
  M J

• User Access Code

  I have a new LaserJet 600 M602 networked to Windows 7 64 bit PC.  I have no recollection of setting a user access code on the printer.   How can I get past the User Access Code to check print cartridge status, etc.?  Or is there a factory default code on new printers?  Thanks, Earl-41

  I am sorry, but to get your issue more exposure I would suggest posting it in the commercial forums since this is a commercial printer. You can do this at Printers - LaserJet.
  Click on New Post.
  I hope this helps.
  Thank You.
  Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
  Gemini02
  I work on behalf of HP

• Missing a User access in the log-on picture

  Lacks a user access to log on picture after start-up in Yosemite. In user administration there has been created two user entries - an administrator and a normal access. The normal access is not visible from the log on picture, and it is only possible to access through the visible user (Adm.) and then switch the user by switching in the upper right corner!!!
  Wish, possible for all users to log on from the boot up image.     (Adm - Normal - Guest access)

  same issue:
  retina MacBookPro mid2012. Clean install of OS X Yosemite 10.10
  I'm randomly missing an account at login screen after reboot.
  Sometimes I can fix it with booting into my initial account 'Kevin' (userid 501) and then changing to different login 'Christina' (userid 502).
  But if I log out from my account, the second account is missing. Same if I do a reboot.. This have me in stitches as I ofcause has the need for privacy from each account.
  Both accounts are set up as admins, guest is deactivated.
  rMBP 16gb sep2012.
  userid 501:
  home directory: /Users/Kevin
  userid 502:
  home directory: /Users/Christina
  apart from that... I have loads of problems with Bluetooth, and hand-off only working 1 way (5s with 8.1) where only iOS -> OS X works, not vice-versa.

• Problems Managing User Access Rights for Web Gallery

  Has anyone else had issues changing the user access rights for a web gallery? It seems like the access is everyone or no one. Are the user rights handled per event in the gallery? I had issues adding events to the user's view/download rights in the publish settings.
  Also, can these settings only be set when an event is first published? Attempting to change the user access rights after the event is published seems to require a re-upload of the images.
  Any thoughts?

  Problem solved.
  I had to put the following lines in the specified "0000_any_80.my.website.conf" file:
          <Directory "/Library/WebServer/subdomain.domain">
                  Options All +MultiViews -ExecCGI -Indexes -Includes
                  AllowOverride None
                  # For Password protection
                  AuthType Digest
                  AuthName "Password Protection"
                  require valid-user
                  <IfModule mod_dav.c>
                          DAV Off
                  </IfModule>
          </Directory>

• Anonymous User Access to Web Dynpro ABAP Application

  Dear All,
  I'm not able to set anonymous user access to a WDA application. The requirement is : I have to Call the application if the user clicks a link on the portal (even before logging).
  Please note that I have gone thru note No. 1020795 and 1031159 and have complied and followed all the given steps there.
  Also, I have given anonymous acces to iveiw that i had created.
  Request the gurus around to help, if they have cracked a similiar situation.
  PS : Points are up for grab for any positive helps provided.
  Thankx a Ton in advance.
  Regds,
  Srini

  Hi, Srini,
  A WDA application runs on the WAS. It needs to login to the ABAP core in order o execute. In your case, what you can do is supply a user/passord directly on the service (tcode SICF).
  Hope this helps!
  Regards,
  Andre

• Configuration of  User Access Review process

  Hi,
  I'm new to the forum.
  I´m looking at the User Access Review process in CUP.
  I would like implement the User Access Review request. So, my question is:
  1.  Where take GRC the data to make the analysis? I need to know the exactly place where data are collected (which table, transaction code or  statistical data)
  In case that GRC use the backend tables, I should be aware of time that tables are operational in the system, correct?
  2. Otherwise, how affects this analysis the performance in backend system?
  3. I have read that it is possible obtain reports with use of Action Usage. The report that I mention is: RAR --> Informer --> Security Reports --> Miscellaneous --> Action Usage by User
  Where does it gets information from? Could be data in the same place that use User Access Review process?
  4. Is it possible to introduce another actors in the Reviewers (In Configuration Tab, User Review > Options > User Review pane)? Now, the reviewers configured are Manager or Role Owner.
  5. To set User Access Reviews, I need some additional technical or is an automatic procedure?
  If there is any requirements that I should be taken into account please, let me know.
  Thanks in advance
  Marta

  Hi,
  I have found this document that answers all my questions:   www.sdn.sap.com/irj/bpx/go/portal/prtroot/docs/library/uuid/b05010a3-ed45-2c10-79b2-96df60a6bf2b
  So, now I have another question:
  The GRC Access Control that I have, ERM is not configured and there is no communication with it; (only RAR and CUP are configured).  So, I would like to know if it´s possible configured User Access Review apart from ERM.
  To realize the Role Usage Synchronization job in ERM, the transaction usage information from RAR alert data is needed. The job also obtains role to user assignments and role content information from the back-end systems. Access Control then translates the transaction usage information into role usage.
  If this information could be extracted from the backend tables, I am looking for an alternative to way to load data in the system, regardless ERM. Is it possible?
  Thanks in advance
  Marta

• User Access Management(UAM) in SAP

  What are the various options to perform UAM for SAP solutions from an external application? For example can we create Users, groups, assign roles etc within SAP?
  1) Is webservice an option? If so, is it RESTful or SOAP based?
  2) Is an RFC call available?
  3) Can we use any other mechanism such as a BAPI wrapped with our own custom module exposed as an RFC?​

  I have looked at your screeenshots, and not too concerned with the MSMP settings yet as we are trying to first fix your Generation job
  I would enable the admin review in your setting to just see if all the necessary data is being generated, i.e. in case there are blank role owners for some roles, this could be causing an issue.
  As for your criteria selection, ensure no blank fields were left in the selection made.
  I would have a read of the following WIKI and see if any of the points mentioned are applicable. The first mistake made by many is to not perform the sync jobs in the correct order.
  Troubleshooting UAR Request Generation - Governance, Risk and Compliance - SCN Wiki
  From my memory, I know for SOD reviews "offline risk analysis" had to be enabled, but unsure if this is also necessary for UAR.
  Also refer to the following general wiki User Access Review(UAR) Workflow Configuration and Description - Governance, Risk and Compliance - SCN Wiki

• Oracle App Server limit user access

  Hi guys!
  Is there such function in OAS where I can limit a users access to a certain page?
  I have registered my users in OID and I want to set limits to specific pages (limiting which user can access which page or not)...
  Appreciate any help..

  They are different. Oracle Application Server is Oracle's application server prior to the BEA acquisition. WebLogic Server is a completely separate product and will be the strategic application server going forward at Oracle, although Oracle Application Server will still be maintained and supported.

• ACS user unknown though username in Server

              All, Im facing very strange issue with my TACACS authentication. Normaly i connect my DC via SSL Anyconnect VPN then access all the Network devices, but since last week when i try to connect ASA i couldnt log in. I have user name in ACS server and the password authentication would redirect to RSA server. I can access other devices using my TACACS username and RSA passcode, but not only the ASA box. As rest of my team member can still access the ASA with their userid and passcode i dont think any issue in ASA box.
  The error log message in ACS server is ACS user unknown.       

  To me it seems the shared secret being used on ASA to communicate with tacacs is mis-matched and that's a reason you  are getting "ACS user unknown". This should be a problem all users who are trying to do ssh on ASA and authenticating against tacacs server. Why share-secret could be an issue because the shared secret being used to encrypt the packet is not same while decryption and that's why we are seeing unknown username.
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• Documentation on user parameters set in SU3 or SU01?

  Hello all. I am trying to find documentation on the available user parameters set in SU3 for self-service or in SU01 by an admin.
  I frequently have users with issues with various reports, exports, etc. When all else fails, I remove all of their user parameters, the issue is resolved, and I add them back one by one until I find the offending incorrect parameter.
  Some of the parameters are self explanatory -- like Company Code, Currency, etc.
  But other, like GWRE for Report Writer, is just a series of X's. Like -- X XXX XEX....
  I can't figure out how to tell what most of them mean.
  Thanks so much.

  Amit Barnawal wrote:
  Hello Michael,
  > Parameters are exactly not needed, it is present there just for user's benefit, as suppose user needs to access particular company code always,and he dont need to put that everytime,so he can put that in parameters and it will automatically get filled.
  > Also look at below mentioned link
  > http://www.sap-img.com/basis/parameters-definition-and-details.htm
  Hi Amit,
  That is not strictly true (and the link contains incorrect information).
  Some parameters have historically been used to provide authorisation.  One of the most commonly used ones is EFB which is used to allow creation of a PO without reference to a PR.  That is only one example, there are lots in HR.

• Controll user access with internal attribute date

  I all.
  i've created an internal attribute called Date-of-validity  of type Date.
  the objective is to controll user access based on the date configured in this attribute and permit acces only when the date as not been reached.
  who do i control-it, putt the acs looking to the date in an autommated way.
  thanks in adv
  Antero Vasconcelos

  It is possible to define an internal user whose password is taken from an external store.
  In internal user definition select "Password Type" to be the LDAP database and then define the rest of the user definition, including identity groups, as desired

• ACS User database Backup

  Is it possible to have the ACS user database in an excel sheet

  Hi,
  You can open .dmp file in notepad but that will not provide any info as its not user readable.
  You need to export the lsit of users in .txt extension
  here is the command that you need to run from the command prompt where ACS is installed
  start > run> cmd > go to this dir
  C:\Program Files\CiscoSecure ACS v4.2\bin>net stop csauth
  CSUtil.exe -u user.txt
  C:\Program Files\CiscoSecure ACS v4.2\bin>net start csauth
  Then you can easily access user.txt file in notepad.
  HTH
  JK