ACS - users in more than 1 group

Similar Messages

• Physical size of ACS db is more than 50% of its Actual Size. (ACS Version : 5.5.0.46)

  Since the Migration to ACS 5.5.0.46 we keep seeing the following message in the alarm inbox
  Cisco Secure ACS Alarm (CRITICAL): Physical size of ACS db is more than 50% of its Actual Size.
  Cisco Secure ACS - Alarm Notification
  Severity: Critical
  Alarm Name
  System Alarm [Database Purging]
  Cause/Trigger
  Physical size of ACS db is more than 50% of its Actual Size.
  Alarm Details
  Physical size of ACS db is more than 50% of its Actual Size.The size will be reduced after purge ACS transaction log and compress ACS db.
  Generated On
  Mon Mar 17 05:00:06 CET 2014
  ACS View Database Compression and Backup is configured and runs without error:
  The Backup Job stores a maximum of 4 Months to a FTP Server. 
  Fullbackup: Monthly
  Incremental: Weekly
  DB: Compression activated
  Purge and Incremental Backup History
  Name
  Start Time
  End Time
  Status
  DatabasePurge-Job
  Mon Mar 17 04:00:00 CET 2014
  Mon Mar 17 04:00:00 CET 2014
  Completed
  as far as I can see from the CLI there should not be an oversized DB:
  ACS21/acsadmin(config-acs)# acsview show-dbsize 
       Actual DB Size (bytes) : 1585192960
       Actual DB Size (GBs) :1.48
       Physical DB Size (bytes):1605386240
       Physical DB Size (GBs) :1.5
       Physical ACSviewlog file Size (GBs) :0
  ACS21/acsadmin(config-acs)# exit
  ACS21/admin# show application status acs
  ACS role: PRIMARY
  Process 'database'                  running
  Process 'management'                running
  Process 'runtime'                   running
  Process 'adclient'                  running
  Process 'ntpd'                      running
  Process 'view-database'             running
  Process 'view-jobmanager'           running
  Process 'view-alertmanager'         running
  Process 'view-collector'            running
  Process 'view-logprocessor'         running
  Looking at the User guide:
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/user/guide/acsuserguide/viewer_sys_ops.html#wp1065174
  "The ACS Database needs to be compressed as a part of maintenance operation. You can run the acsview-db-compress command from acs-config mode to reduce the physical size of the view database when there is a difference between the physical size and actual size of the view database. ACS 5.5 stops only the log collector services during compress operation and will be up and running after the compress operation is completed. You need to enable the log recovery feature to recover the log messages that are received during the database compress operation.
  In ACS 5.5, database compress operation is automated. You can check the Enable ACS View Database Compress check box to compress the ACS View database automatically every day at 5 A.M. The database compress operation is run everyday automatically at 5 A.M whenever there is a need."
  I already tried to manually compress the DB via "acsview-db-compress" without any effect. 

  Hello,
  You're running into bug CSCum51180. The alarm should be a warning, not critical, and should be raised only when the physical size exceeds the actual size by more than a gigabyte (in your case, the difference is very small, 1.5 vs. 1.48).
  The fix should be present on a future patch.
  Javier Henderson
  Cisco Systems

• How to create new user with more than one default folder

  hi
  A new user created in OCS has only one default folder(Inbox).
  I want to create new user with customized default folder.
  for example:
  a new user has more than one default folder(Inbox,Outbox,Draft,Dustbin...)
  And also I want to automaticly enable the functions:
  When sending messages, place a copy in Outbox
  Keep message drafts in Draft
  Move deleted messages to Dustbin
  who know that?
  thanks

  The same reason that Apple and 3rd Party vendors put multi-size templates in one file I expect. I am trying to construct an in-house standard template for use in our company, and it is easier to manage if there is only one file to send to people rather than many - both initially and for subsequent edits / updates to the template.
  Of course it would be possible to create several templates (one for each size). But since it is clear that templates can be combined, it appears sensible to do this - unless the doing of it is horridly complicated

• Prevent same user login  more than twice in Online examination Application

  Hello Every Body,
  I want to prevent my user login more than twice in my application so what should i do?
  If user login twice then third time he must not be able to login and must not be able to attend online exam..
  Please somebody help me ....

  BalusC wrote:
  Implement HttpSessionListener or HttpSessionAttributeListener and get hold of all logged in Users and its Sessions in a Map. During login just check in the Map if the User isn't already in there. If it isn't, then add it to the map. If it is, then disallow login (or better, invalidate the previous Session and replace it in the Map it with current login). During logout, remove the User from the Map. During destroy of the session, remove the User from the Map.+"I want to prevent my user login more than twice in my application so what should i do?+
  +If user login twice then third time he must not be able to login and must not be able to attend online exam.."+
  Well i'm afraid that would not solve cause the end user's requirement.To me end user actually wants to stop any user to login his application(for taking an exam) more that twice. He has not added a clause stating end user at the sametime. Therefore, it is up to end user clearly define what is actual requirement is.

• Having a user in more than one group makes them choose a group at login..

  hello
  osx server 10.5.6
  xserve quad core xeon
  when a user is in more than one group in OD they are made to choose which group they want to log in to when logging in.
  all groups have home folders that are automounted on login under groups->preferences->login->items->add group share point
  and then also under groups->preferences->dock->dock items->documents and folders->add group folders is checked and the group folder is added as well under here.
  when they are in a single group and they log in, their group folder is automatically added to the dock. it's great.
  my question is, how do i have someone in multiple groups have all the group folders show up on the dock? why do they have to choose a group when they log in? it's very constricting.
  any ideas?

  Hi Jakelh, I'd be looking at Tips and Tricks
  especially pages around page 80 seem to come close to what you want.
  Cheers

• ACL and user with more than one group

  I have a (simple) question, but I coudn't find answer in docs :(
  My problem is:
  I want to have in Tuxedo users, which belong to more than one ACL group. Each
  of this group have some special rights, i.e. group A could execute services K,L,M
  and group B could execute services M,N,O. If my user belongs to A and B group,
  which rights it have? Your rights are sum of rights of group or common part of
  them ? I will be very greatful for link to docs talking about it ....
  Best regards
  Dominik Michniewski

  user3715462 wrote:
  Hi All,
  it's just a question
  we're using R12 12.1.3 db: 11Gr2 on OUL5x64
  is it possible for an oracle user that can have more than one email address?
  i add 2 email addresses in E-MAIL box
  and it did not seem to work.
  Thanks in advance.
  Regards,What email addresses are you referring to? Is this at the OS level or the database/application level? Please elaborate more.
  Thanks,
  Hussein

• IT 0105 subtype 0001. Assign one System user to more than one person?

  Hello, Gurus!
  We are maitaining Hr master data (infotype 0105 - Communication, subtype 0001 - System User name). We have two person: person A and person B. Person A have communication with system user C. When we communicate person B with same system user C, we gettin error:
  "ID/number already used for person A".
  The time constraint is set to 3 (Record may include gaps, can exist more than once"
  Is it possible to assign one system user more than one person?
  This condition is checked by FM CHECK_USRID. We assume, what the result of this checking can be changed from "Error" to "Alert", if we will change one record in table T77S0:
  Current value:
  GRPID=MAIL
  SEMID=SAPSY
  GSVAL=0001
  Table record after modification:
  GRPID=MAIL
  SEMID=SAPSY
  GSVAL=0002 (or any digital value, which is iffer from "0001"
  Should we expect negative consequences of similar modification?
  Please, advice.

  Thanks for explanation.
  But there is a little moment, that I can not understand ((
  We check PAI module of CHECK_USRID (include MP010530, screen 2000) and find folowing fragment of ABAP code:
    CALL FUNCTION 'RH_GET_HR_USER_SUBTY'                       "YRAK040203
         EXPORTING                                                     "YRAK040203
               mandt                 = sy-mandt                     "YRAK040203
          IMPORTING                                                     "YRAK040203
               hr_subty              = hr_subty                         "YRAK040203
          EXCEPTIONS                                                    "YRAK040203
             SUBTYPE_NOT_AVAILABLE = 1                                "YRAK040203
               OTHERS                = 0.                               "YRAK040203
      IF p0105-usrty = hr_subty.                                        "YRAK040203
      MESSAGE E900 WITH  PA0105-PERNR.                           "YRAk028906
        MESSAGE e900 WITH object_found double.                     "YRABEWERBER
      ELSE.                                                                  "YRAK040203
      message W900 with pa0105-pernr.                                 "YRAK040203
        MESSAGE w900 WITH object_found double.                     "YRABEWERBER
      ENDIF.                                                                 "YRAK040203
  where p0105-usrty=0001 and hr_subty is equivalent field GSVAL=0001 in table T77S0. In other terms, when we are
  maitain subtype 0001, the first condition (marked bold) is always executed.
  For what the "else" condition is used, if it never be executed? If we will change value GSVAL from 0001 to 0002, theoretically, we will get "warning" instead "error", because p0105-usrty = hr_subty=false and code MESSAGE w900 WITH object_found double will be executed.
  Any ideas?
  Regards.

• User access more than one application

  how can i give user access on more than on apex application

  >
  Welcome to the forum: please read the FAQ and forum sticky threads (if you haven't done so already), and update your forum profile with a real handle instead of "984229".
  When you have a problem you'll get a faster, more effective response by including as much relevant information as possible upfront. This should include:
  <li>Full APEX version
  <li>Full DB/version/edition/host OS
  <li>Web server architecture (EPG, OHS or APEX listener/host OS)
  <li>Browser(s) and version(s) used
  <li>Theme
  <li>Template(s)
  <li>Region/item type(s) (making particular distinction as to whether a "report" is a standard report, an interactive report, or in fact an "updateable report" (i.e. a tabular form)
  With APEX we're also fortunate to have a great resource in apex.oracle.com where we can reproduce and share problems. Reproducing things there is the best way to troubleshoot most issues, especially those relating to layout and visual formatting. If you expect a detailed answer then it's appropriate for you to take on a significant part of the effort by getting as far as possible with an example of the problem on apex.oracle.com before asking for assistance with specific issues, which we can then see at first hand.
  how can i give user access on more than on apex applicationSee +{thread:id=515240}+ for the basic technique, and these Oracle Magazine articles for extended examples:
  <li>Creating Custom Authentication
  <li>Build a Menu Framework
  Note that APEX has a built-in publish-and-subscribe model. You create a "master" application to contain publishable components like authentication schemes, LOVs and templates. Theme templates are created, maintained and published through this application, and other applications reference the standard templates by subscription from the master application. Changes can be pushed out from the master application to all subscribing applications.

• Users have more than one profile for the same role

  Hello,
  As I said in my earlier post I'm rather new to SAP.
  I'm doing now the security audit of my SAP system. In particular, I'm checking whether business users have access to DEBUG functionality.
  I have run report 'Users by complex selection criteria' and found certain number of such users. Then I looked further and discover that all these users have role X assigned to them. The profile P2 of the role X displayed in PFCG has DEBUG functionality deactivated. After second look I discovered that all these users have earlier profile P1 for the same role X assigned to these users. This profile P1 contains the functionality in question.
  I solved the issue by revoking the role X from the users and assigning it again. Both P1 and P2 profiles were removed from the users and only P2 was reassigned again.
  I used to think that role may have only the profile that is displayed in PFCG? Also, I used to think that if the role profie is regenerated the newly generated profile automatically replace the old one assigned to users. Am I wrong?

  Hi Pavel
  In simple and short ..
  Role contains authorization objects..
  Maximum limit of authorization objects for a role is 150 .
  So a role can accommodate 150 authorization objects.
  New Profile ABC is created , when ever you create a new role. 1-1 relation.
  But if a role has more than 150 authorization objects .. then automatically a new profile ABC01 will be created and it will also be aligned to that role .
  if role has 400 auth objects, then profiles will be ABC ,ABC01 ,and ABC02
  i hope this helps you
  Cheers
  Pavan M

• LDAP Connection - users in more than one group

  Hallo.
  I set up an appl. with ldap connection (Novell eDirectory 8 / Novell 6.5).
  Working fine for users in an specified container.
  Using (Based on a pre-configured scheme from the gallery
  ; Show Login Page and Use LDAP Directory Credentials)
  LDAP DN STRING=
  cn=%LDAP_USER%,o=los
  only users in container los can connect,
  Using
  LDAPDN=
  cn=%LDAP_USER%,ou=amt10,o=los
  now menbers of amt10 can connect but no one else
  Is there an hint to get it work recursive ? (like mod_auth_ldap in apache does ?) So all users in any conainer under o=los will able to connect
  I have nearly 1000 Users in ~50 Containers, what sould I do best? What is misconfigured?
  Ralf

  I'm using a nifty little application call iCalPublish. Check it out at http://www.buddy.com/ical/
  sb

• Can a user have more than one RBS value?

  In our current environment, we have our RBS structure setup similar to our University organizational chart. Many of these groups collaborate with each other on projects and this structure does not allow for one user to see projects from multiple departments.
  For instance, our Admissions office collaborates on projects with our IT group. If Admissions enters a project in PWA, the IT group will not see the project proposal until an IT resource is assigned. But, since we are just at the proposal stage, we would prefer
  to not assign resources until the project is approved. As it stands with our current RBS structure, if a user in Admissions is the project owner, the IT group cannot see the project.
  Would like to avoid setting individual project permissions when collaborating with multiple departments.
  So, Admissions needs to have the project show on their project list (for planning and portfolio purposes) and IT needs for it to show on their project list, for the same reasons. How can we accomplish this setup?
  Thank you for any help you can provide.

  SycamoresPM,
  A single user cannot have two RBS values at the same time.
  Your best bet in this scenario would be to rather depend on the "project Team". So, whoever is part of the team could see the project, rather than the RBS itself.
  In this case, regardless of the department, the resource could be added to the schedule and once published, will be seen the team member. That should solve your issue, in my opinion.
  Cheers,
  Prasanna Adavi, Project MVP
  Blog:
    Podcast:
     Twitter:   
  LinkedIn:
    

• How can Unique Users show more than Sessions in Application Insights

  According to MSDN (See below), unique users is the number of sessions from a particular client machine. So how come I'm seeing 4k unique users and 1.5k sessions on my WordPress site?
  Sessions - A session begins when a user interacts with an application and terminates after a period of inactivity longer than 30 minutes. The event reports show the number of sessions in which that event occurs.
  Unique Users - The number of users who engage in one or more sessions from a particular client machine. This count uses a cookie to store a user ID. If the same user works on a different machine or cleans up cookies, they will be counted
  twice.
  Rehan Saeed

  Hello Rehan,
  At first, it sounds like a bug and should be evaluated by a product team. Can you please post a bug on
  MS CONNECT (as close to AppInsights as possible, probably VSO..)?
  An alternative explanation (and, by the way, very weird one) would be that user cookie gets cleaned while session stays active. In old browsers it could've been something like cookie limit, so that extra cookies are ignored/discarded/replaced... with the
  modern browsers, I would think of some middle-tier, like a proxy/firewall that removes certain cookies it considers unsafe/malicious...These are all theories, of course, the opened bug should help to investigate the problem sooner.
  Dmitry Matveev

• Can Enterprise users have more than 1 Shared Schema ?

  Hi Everyone,
  I just want to know whether is it possible for
  Enterprise Users ( Schema-Independant users) able to access different shared schemas using the same user credentials.
  A typical example is :
  User1, User2 & User3 were Enterprise users who works for same project has been assigned to a shared schema (project1) which works fine with the enterprise user security by assigning them Project1 schema as default schema.
  But User2 also works for another project ( Project2) and should be logged into schema project2 using his user credentials . Is this possible ???
  Thanks
  Venu

  Oracle object privileges are generally best managed via the use of ROLES.
  One way to have multiple end users access one schema might be to use the PROXY connection feature.
  Both subjects are convered in the official documentation.
  HTH -- Mark D Powell --

• Can Enterprise Users have more than One Shared Schemas ???

  Hi Everyone,
  I just want to know whether is it possible for Enterprise Users ( Schema-Independant users) able to access different shared schemas using the same user credentials.
  A typical example is :
  User1, User2 & User3 were Enterprise users who works for same project has been assigned to a shared schema (project1)
  which works fine with the enterprise user security by assigning them Project1 schema as default schema.
  But User2 also works for another project ( Project2) and should be logged into schema project2 using his user credentials . Is this possible ???
  Thanks
  Venu

  Oracle object privileges are generally best managed via the use of ROLES.
  One way to have multiple end users access one schema might be to use the PROXY connection feature.
  Both subjects are convered in the official documentation.
  HTH -- Mark D Powell --

• How can a user save more than one online form without losing their previous form?

  We use Adobe FormsCentral for parent, student and faculty response at my school. The number one task we use them for is Progress Reports. Faculty members fill these out for EVERY student that they teach at our school. Many faculty members like to start the forms and return at a later time to finish them. So this year we were excited to offer the option of saving, however many faculty members have reached out with concern that they save one, receive the link, start a second form, click save receive the link and the first form is gone. I was under the impression that every SAVED form is a case-specific link.
  Is there a way to make saving multiple forms possible? I know that it would be best to just tell faculty to do their form and submit it however that is not the answer they are willing to accept.
  Additionally, because of the PDF not working the same on all machines due to people not necessarily updating their adobe software, that is not an ideal option.
  Thank you in advance.

  What you've described should work fine, assuming the user uses the original forms URL each time they start a new process.
  You send the form URL to the users:
  1) Faculty gets the form URL and starts filling it out
  2) Faculty clicks "Save", enters email and is sent a unique link to that saved form data
  3) Faculty starts the form over, using the original URL (not the link in the Saved data email)
  4) Faculty saves this second version of the form, entering the same email address in the save dialog
  They now have 2 unique emails that contain unique saved data URLs, either one can be opened and the data for that form will be retrieved, they have the option to continue and if still not complete save again, or to submit the form.  The other email/link will retreive the other data set and they have the same options there.  Once they have submitted the data from both of those saved forms there would be two submissions in FormsCentral.
  What error are they getting that says the first form is gone?  And are they definitally starting from the original URL both times and not from a saved URL?
  Thanks,
  Josh