ACS v5 best practice w/ access policies.

Similar Messages

• Need best practice when accessing an ucm content after being transferred.

  Hi All,
  I have a business requirement where I need to auto-transfer the content to another UCM when this content expires in the source UCM.
  This content needs to be deleted after it spends a certain duration in the target UCM.
  Can anybody advise me the best practice to do this in the Oracle UCM?
  I have set up an expiration date and trying to auto Replicate the content to the target UCM once the content reaches the expiration date.
  I am not aware of the best practice to access the content when it is in the target UCM?
  Any help in this case would be greatly appreciated.
  Regards,
  Ashwin

  SR,
  Unfortunately temp tables are the way to go. In Apex we call them collections (not the same as PL/SQL collections) and there's an API for working with them. In other words, the majority of the leg work has already been done for you. You don't have to create the tables or worry about tying data to different sessions. Start you learning here:
  http://download.oracle.com/docs/cd/E14373_01/appdev.32/e11838/advnc.htm#BABFFJJJ
  Regards,
  Dan
  http://danielmcghan.us
  http://sourceforge.net/projects/tapigen
  http://sourceforge.net/projects/plrecur
  You can reward this reply by marking it as either Helpful or Correct ;-)

• SAP HANA Security - Best Practice for Access to Schemas??

  Hi,
  Currently we don'y have a defined Security model in HANA Studio.Neither there is no defined duties of a BASIS / Security / Developers.
  I want to understand what best practices are followed at other customers for defining security for Schema.
  1. Who should be creating the schema for Developers / Modelers?
  2. Should we use our own ID's to create/maintain these Schema or a Generic ID?
  Right now, when developers log in to Studio, by default they are assigned to their own schema (User ID) and they create objects under that.
  We(Security team), face issues when other developers need access to schema of another user as they want to develop objects under schema of different user
  Also, who should be owning the "SYSTEM" user ID and what steps needs to be done whenever a new schema is created.
  Thanks for the help in advance.

  Hi,
  I created a project (JDeveloper) with local xsd-files and tried to delete and recreate them in the structure pane with references to a version on the application server. After reopening the project I deployed it successfully to the bpel server. The process is working fine, but in the structure pane there is no information about any of the xsds anymore and the payload in the variables there is an exception (problem building schema).
  How does bpel know where to look for the xsd-files and how does the mapping still work?
  This cannot be the way to do it correctly. Do I have a chance to rework an existing project or do I have to rebuild it from scratch in order to have all the references right?
  Thanks for any clue.
  Bette

• Best Practices for Accessing the Configuration data Modelled as XML File in

  Hi,
  I refer the couple of blof posts/Forum threads on How to model and access the Configuration data as XML inside OSB.
  One of the easiest and way is to
  Re: OSB: What is best practice for reading configuration information
  Another could be
  Uploading XML data as .xq file (Creating .xq file copy paste all the Configuration as XML )
  I need expert answers for following.
  1] I have .xsd file which is representing the Configuration data. Structure of XSD is
  <FrameworkConfig>
  <Config type="common" key="someKey">proprtyvalue</Config>
  <FrameworkConfig>
  2] As my project will move from one env to another the property-value will change according to the Environment...
  For Dev:
  <FrameworkConfig>
  <Config type="common" key="someKey">proprtyvalue_Dev</Config>
  <FrameworkConfig>
  For Stage :
  <FrameworkConfig>
  <Config type="common" key="someKey">proprtyvalue_Stage</Config>
  <FrameworkConfig>
  3] Let say I create the following Folder structure to store the Configuration file specific for dev/stage/prod instance
  OSB Project Folder
  |
  |---Dev
  |
  |--Dev_Config_file.xml
  |
  |---Stage
  |
  |--Stahe_Config_file.xml
  |
  |---Prod
  |
  |-Prod_Config_file.xml
  4] I need a way to load these property file as xml element/variable inside OSb message flow.?? I can't use XPath function fn:doc("URL") coz I don't know exact path of XMl on deployed server.
  5] Also I need to lookup/model the value which will specify the current server type(Dev/Stage/prod) on which OSB MF is running. Let say any construct which will act as a Global configuration and can be acccessible inside the OSb message flow. If I get the vaalue for the Global variable as Dev means I will load the xml config file under the Dev Directory @runtime containing key value pair for Dev environment.
  6] This Re: OSB: What is best practice for reading configuration information
  suggest the designing of the web application which will serve the xml file over the http protocol and getting the contents into variable (which in turn can be used in OSB message flow). Can we address this problem without creating the extra Project and adding the Dependencies? I read configuration file approach too..but the sample configuration file doesn't show entry of .xml file as resources
  Hope I am clear...I really appreciate your comments and suggestion..
  Sushil
  Edited by: Sushil Deshpande on Jan 24, 2011 10:56 AM

  If you can enforce some sort of naming convention for the transport endpoint for this proxy service across the environments, where the environment name is part of the endpoint you may able to retrieve it from $inbound in the message pipeline.
  eg. http://osb_host/service/prod/service1 ==> Prod and http://osb_host/service/prod/service2 ==> stage , then i think $inbound/ctx:transport/ctx:uri can give you /service/prod/service1 or /service/stage/service1 and applying appropriate xpath functions you will be able to extract the environment name.
  Chk this link for details on $inbound/ctx:transport : http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/userguide/context.html#wp1080822

• The best practice to access entities in JClient?

  Hi
  For example if I have data bound combobox I use:
  String val = getPanelBinding().findIterBinding("StatesViewIterator").getCurrentRow().getAttribute("Name").toString();
  Is there any other way? Can I get directly from the combobox?
  andrius

  Using the panelBinding is best practices.
  Frank

• "Best practice" for accessing a class from a custom component?

  My app utilizes a simple class to hold global properties such as username, session data, and similar data. The class is initialized at app startup via code similar to: appGlobals:myGlobals=new myGlobals.
  Many of the custom MXML components and AS classes need to access that data. I have been able to work with it using Application.application.appGlobals.propertyname.
  Is this method the best way to communicate from components and classes to a class initiated at the application level, or should I learn something new before I build a lot of code on this method?
  Thanks.
  Paul

  The WizardModel class is interesting, it is a "singleton" where it is designed to only have one instance, and the class actually has a static variable of its own class. Because that variable is static, an instance is created the first time the class is accessed.
  As to where the WizardModel is "first accessed" and thus its own variable of type WizardModel instantiated, is hard to say, as you really need to understand the application and component startup lifecycle indepth. I have a certain depth of knowledge of that but not enough depth to say definitively when WizardModel  is first accessed, but here are some possibilities:
  WizardModel.wizardTitle = WizardModel.wizardTitleBase;      In the WizardController "wizardTitleChangeHandler" event handler
  creationComplete="WizardModel.app = this;"      In the Wizard.mxml main app creationComplete handler
  <mx:Panel title="{WizardModel.wizardTitle}" width="100%" height="100%">    Opening tag of Panel in Wizard.mxml
  I know its confusing, but just try to absorb what you can for now, and over time it will become gradually more clear.

• Best practices for accessing data in subviews

  I've got two iPhone projects which share most of their code base. I'm trying to figure out the best way to load data from some plist files and store them in a common container UIView and provide access to the data for subviews and subviews of the subviews, etc. Right now I've got the data being passed from the container view to the subviews it creates and then the subview themselves pass it further, basically a bucket brigade to get the data to where it needs to go which could be 3 or 4 views down in the hierarchy.
  Is there a better approach? I've looked at delegates & protocols but I'm having a hard time understanding how they work and whether they are appropriate in this situation. Originally I had the app delegate holding the data and any class anywhere could invoke the app delegate and get the data. However this approach fails with 2 projects because the app delegates have different names and the classes that need to access it are common to both projects. Can the app delegate be renamed without significant impact? Or is there a way a UIView can be set up as a delegate in much the same way?
  Thanks for any advice!
  Greg

  Hi Greg - You can rename the app delegate class to whatever you want, just remember to change it in IB, and make sure you catch any place it already appears in your code. I guess there's no need to change the app delegate class file names unless you want to.
  However there are lots of other solutions to your problem. A case could be made for declaring a global pointer to this data, for example. Or, you could encapsulate the data wherever you want and make an extern (globally visible) C function to access it.
  Another solution would be to put the data in a shared object which would be accessed just like the shared app object, e.g.
  #include "MyObject.h"
  NSDictionary *myPlistData = [MyObject sharedObject].plistData;
  I just got done looking at "how to make a shared object" in the Cocoa docs and can't seem to find it atm. Anyway it's in there somewhere, either in an Obj-C doc or one of the top level guides. The job just wants a class method that returns the pointer stored in a static C var; if the var is nil, the object is first created and its addy is stored in the var.
  Hope that helps!
  - Ray

• Best Practice User-Access Deployment

  Hi All.
  We have SAP ECC, Solution Manager+CUA, Portal, BW and BusinessObject. And we want to manage user and access from single system.
  My though is:
  BusinessObject Connected to BW and BW connected to CUA.
  Portal connected to SAP ECC and SAP ECC connected to CUA.
  And we deploy user and access from CUA.
  I am wondering whether this is the best approach or there are another better solution
  Thanks

  Hi Sandy,
  If it is operationally effective and you have adequate controls in place then your solution is perfectly adequate for your current usage.
  If you want to provision to non-SAP systems (e.g. single source of uses for email, network, SAP, non-SAP apps) then the next logical step would be to incorporate your user management into an identity management solution.  There are a number of credible vendors out there and would always recommend a comparative analysis of products before switching to an IdM product as doing it properly has enterprise wide implications (and benefits).

• Best practices for accessing remote management

  So, I've been looking into consolidating and moving our servers and such to a colocation datacenter. A problem for me that arises from moving is, what do we do about our remote access?In a private office enviornment, I haven't ever opened up VMWare vCenter to the open internet, nor have I ever opened up DRAC/iLO past our firewall to the net. I've always just had all that management stuff hanging out on its own subnet/VLAN and I haven't ever bothered with giving remote access to anyone, really. (Well, I did once set up a windows box to allow me to RDP in and opened up the firewall for that RDP so I could then access that management VLAN from that PC)Moving to a colocation facility makes me wonder, what does everyone else do for this? Would one have a VPN configured on a router in their colo space and remote in that way, and if the...
  This topic first appeared in the Spiceworks Community

  Harvard University recently announced that on June 19, 2015, it discovered an intrusion into the IT networks of the Faculty of Arts and Sciences and Central Administration."Since discovering this intrusion, Harvard has been working with external information security experts and federal law enforcement to investigate the incident, protect the information stored on our systems, and strengthen IT environments across the University," university provost Alan Garber and executive vice president Katie Lapp said in a statement."At this time, we have no indication that personal data, research data, or PIN System credentials have been exposed," Garber and Lapp added. "It is possible that Harvard login credentials (username and password) used to access individual computers and University email accounts have been exposed."...Read More
  Read More

• What is best practice for remotely managing bank of switches over POTS

  I need to be able to have a back door into several catalyst switches and ASA.
  What is the best practice for accessing them remotely. ?

  Just place a modem into any console port. Ideally you use a terminal server, but is not always really needed.

• Best practice to work with Sybase 12.5.3 database version

  Hi all,
  Is there any document or information about best practices to access a Sybase 12.3 version from universe on BOXIR2?
  Thanks.

  Hi Marlon,
  Have a look to Product Guide of BOXIR2 for [Data access|http://help.sap.com/businessobject/product_guides/boexir2/en/xir2_data_access_guide_en.pdf] see if it helps.:
  Regards,
  Shweta

• Best Practice for ACS 5.2 Policy

  Hi All,
  I am wondering if there is some sort of best practice guideline to implement ACS? I mean like how we are going to group device, or how the "if then" policy should be structured. Please help..
  Regards,

  Prima,
  The ACS is entirely flexible in the way you to choose to implement it and it is based on your network specificiations. Some networks have site specific Administrators in which they will choose to implement their tacacs policies to permit access to devices in their regions, so they choose to assign a location to a network device.
  Some customers have restrictions in which Adminstrators have access to which devices...so when you choose to group devices based on routers, switches, firewalls, or SAN devices you can choose to implement your policies as such.
  Moving to the user side, some customers have a tiered structure in access levels, contractors, network-operators, admins and superadmins, so you can create policies and shell profiles to grant access to devices based on the user along with which group they are trying to access and finally what commands they are allowed to run.
  Based on your scenario above i assumed TACACS, you can choose to implement radius in the same fashion but more customers base this off of what users are allowed to have certain access...guests (internet only), management (vpn access with higher privs)....etc.
  Thanks,
  Tarik Admani

• ACS best practices for device config

  Can anybody tell me what the best practice is in regards to device setup in ACS?
  Specifically, is it better to specify each device individually or is it ok to allow whole subnets access to access, therefore allowing all devices in those subnets access to ACS for AAA.

  Find My iPad is not a fully reliable way to secure data on a corporate iPad. The service is too easy to defeat and block you from wiping the data. You can, however, make settings that will make it much more difficult for someone to get data from your company iPads and iPhones even if they can defeat the Find My iPad connection. I'd suggest you read these Apple documents:
  http://www.apple.com/ipad/business/docs/iOS_Security.pdf
  http://www.apple.com/ipad/business/docs/iOS_MDM.pdf
  They'll give you an overview of how to secure your devices.
  Regards.

• VPN3020 - ACS - Windows AD - best practices links

  Do you have good link with general procedures and best practices for setting up VPN user authorization to a standard Windows domain/AD.
  VPN3020 -> radius -> ACS (with default policy to Windows NT) does work, but wanted more granular control which user have VPN access.
  With this model everyone who has Windows account would automatically get VPN access.
  Also if there are any good reading on setting up "single logon" Cisco VPN client and windows domain.

  Try this link
  http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_0/404acn3k.htm

• Looking for some best practice regarding Content Administrator access

  Hi. I am looking for some best practice or rule of thumb from SAP or from different companies how they address Portal Content Administrator access in Production environment. Basically, our company is implementing portal to work with SAP BW.  We are on SP 9. Basically, I am trying to determine if we should have 1-2 Portal Content Administrator in Production with 24/7 access or we should limit them from NOT having this.  Can you share with me some ideas of what is right? and what is not?
  Should we have access in Production? Or Should we have this access but limited? By the way, our users are allow to Publish BI reports/queries into Production.

  Hello Michael,
  Refer to this guide about managing initial content in portal.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/00bfbf7c-7aa1-2910-6b9e-94f4b1d320e1
  Regards
  Deb
  [Reward Points for helpful answers]