Apex User Level Security

Similar Messages

• Converting a pre-Access 2000 database w/ user-level security to Access 2010

  Hi -
  An old database was passed down to me and I'm tasked with converting it so that we can use it with Access 2010. Sounds simple. However, I'm blocked in every attempt that I make to convert, export, and, in some cases, modify the database, due to not
  having the "appropriate permissions". We (my manager and I) do not know the original owner, and we do not have the original workgroup file. I've had our IT guy check to make sure I am the system admin on my machine in hopes of that making a
  difference - I was even able to create new workgroups and add and remove users to and from those groups but when I tried to convert (or save) the database, write some vba code behind the database, create and save new forms, or even update certain tables,
  I'm told to contact my system administrator or original owner of the object about giving me the "appropriate permissions" to do either of those things. I'm out of ideas here. I've even had a team of people contribute ideas as to how I can get around
  this. I cannot even convert this old database (which is in .mdb format, fyi) to an MDE. Is there any way that the user-level protection can be removed from this database? I'm hoping for an alternative other than to start over from scratch.

  Hi,
  As you said that the .accdb format does not support replication or user-level security, we need to use the MDB format in Access 2010. Please try to follow the steps to remove the user-level protection:
  1.Start Microsoft Access, and log on as a member of the Admins group.
  This can be the administrator account that you created when you secured the database, or it can be any member of the Admins group. Be sure that you’re using your own security-enhanced workgroup information file when starting Access.
  2.Open the database.
  3.On the Tools menu, point to Security, and then click User And Group Permissions.
  4.In the User And Group Permissions dialog box, assign full permissions to the Users group for the database and all the objects in the database.
  Because all users are automatically part of the Users group, this step has the effect of concealing security again.
  5.Click the Users tab, click Admin in the Name box, and then click Clear Password.
  Clearing the password for the Admin user disables the Logon dialog box that is displayed when you start Access. All users are automatically logged on as the Admin user the next time they start Access. This step disables the Logon dialog box for all databases
  that are using the same workgroup information file.
  6.Restart Access.
  7.Create a new database, and then import all objects from the security-enhanced database.
  You can accomplish this easily by using the Import command (File menu, Get External Data submenu).
  Quote From:
  http://office.microsoft.com/en-ca/office-2000-resource-kit/removing-user-level-security-HA001138118.aspx
  Regards,
  George Zhao
  TechNet Community Support

• How to set users level security profiles and auditing?

  hi,
  We are using EBS 12( 12.0.6 ) with database 10g (10.2.0.3) on Linux redhat 4.
  I want to set the all user level and site level security profiles like user login attempts, password attempts, case sensitivity, and all these
  infos and attempts should be audit.
  Please also explain the empact of audit on running system?
  Thx

  I want to set the all user level and site level security profiles like user login attempts, password attempts, case sensitivity, and all these
  infos and attempts should be audit. https://forums.oracle.com/forums/search.jspa?threadID=&q=Profile+AND+Option+AND+API&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  https://forums.oracle.com/forums/search.jspa?threadID=&q=Profile+AND+Option+AND+Audit&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  Please also explain the empact of audit on running system?https://forums.oracle.com/forums/search.jspa?threadID=&q=Auditing+AND+FND+AND+Profile+AND+Option&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  Try this in a TEST instance before you promote it to Production.
  You will need to bounce the application services and enforce the users to sign off/on after setting those profile options.
  Thanks,
  Hussein

• Instance Level Security (user level security) ?

  Hi, I would like to have instance level security in my ejbs. That is I want to verify that the person calling my CMP ejbs is the one who logged-in. I don't want the logged-in user accessing someone else's information. I would like to know what is the best way to implement this?
  I was thinking along the line of having code in my cmp's ejbload method. The code would find the user owner of the record it belongs to by navigating to the owner using the cmr relationships. Let us say that there are three cmp beans: user, order and orderlineitem with the following relationships:
  user has 1-to-n relationship with order. Order has 1-to-n relationship with orderlineitem. So, in my orderlineitem->ejbLoadmethod, I would try to find the user to it belongs to by navigating to user bean and finding the userlike this:
  String userName = getOrder.getUser().getUserName();
  if (userName.equals(ec.getCallerPrincipal().getName)) {
  System.out.println("user is right");
  } else {
  System.out.println("user is NOT not the right user");
  Is this a good idea? Is there a better way to do this?

  When I go to application server controlHow you are accessing the ASC? Please also check your IE settings.
  Additionally you can review
  http://download.oracle.com/docs/cd/B25221_04/core.1013/b25209/tools.htm#i1055655
  I do think that the error is related to role. You can also check the above link under heading (Creating Administrative Users and Assigning Administrative Roles).
  Hope it is helpful.
  Adith

• Domain and User Level Security

  Dear Friends
  Tuxedo Version : 8.0
  Weblogic Server: 7.0
  Operating System : Win 2000
  I have successfully run the simpapp example with WTC as the connector between
  the remote domain (tuxedo) and local domain (WLS).
  Now, i want to perform authentication, the documents are not being of much help
  so can anybody give me any suggestion to create domain level security and ACL.
  Please note, i'm just using the services (import).
  As per the documents and newsgroup,
  i made changes to the TUXEDO ENVIRNMENT, ubbdomain, adding SECURITY , AUTHSERV
  parameters in it.
  Also made respective changes in WTC, but when i run the example,
  it throws an exception as TPENOENT.
  Thank you in anticipation.
  Please help me !

  Hi Shamu,
  I answered similar questions in a posting with title "Service
  Authentication How to". The questions were posted after your post.
  Check out the questions and my reply see whether they are useful to you.
  Regards,
  Honghsi
  shamu wrote:
  >
  Dear Friends
  Tuxedo Version : 8.0
  Weblogic Server: 7.0
  Operating System : Win 2000
  I have successfully run the simpapp example with WTC as the connector between
  the remote domain (tuxedo) and local domain (WLS).
  Now, i want to perform authentication, the documents are not being of much help
  so can anybody give me any suggestion to create domain level security and ACL.
  Please note, i'm just using the services (import).
  As per the documents and newsgroup,
  i made changes to the TUXEDO ENVIRNMENT, ubbdomain, adding SECURITY , AUTHSERV
  parameters in it.
  Also made respective changes in WTC, but when i run the example,
  it throws an exception as TPENOENT.
  Thank you in anticipation.
  Please help me !

• Apex users levels. 2 applications or only 1 divided in two?

  Hi.
  I got 10gXE and apex 2.1 (gotta upgrade it!)
  Let me explain what i need to do but don't know how to.
  I'm developing a unique app right now all apex users can acces, but later, i gotta divide that applicatioin in two. One group of pages are for managers (access to all pages) and another group of pages for common employees (access to only few pages)
  If i develop two applications with different numbers (ex app 401 for managers and 402 for common employees) i should have 2 login pages right? one for each app.
  Is there any possibility that, once i log in from a unique login page, that login page takes me to app 401 or app 402 depending if the username belongs to managers or common employees??
  Or definetively, i should have two login pages, one for each app?.
  I prefer not to do that, i prefer to give the users a unique login page from where they can access the app they are allowed to.
  Thanks in advance...
  Fernando.

  Dear Chrissy...
  I'll take a deep look into UsersGuide, but for know, I'll try to make myself clear so you can understand what i want.
  The application users are divided in 2 groups, management (M) and common employees (CE). Depending whether an app user belongs to a certain group, he/she should be able to see ONLY the pages allowed for that type of user M or CE.
  In the application, pages 1 to 10 are allowed to see and use for CE users, pages 20 to 24 are allowed to see and use for M users. CE are not allowed to see neither use pages of M users, and viceversa. For that purpose, i have 2 groups of Tabs, TAB1 owns pages 1 to 10 and TAB2 20 to 24. so, if you access page 3 for ex, you will only see on tabs, pages 1 to 10. If you access 22, you'll only see pages 20 to 24.
  Just like you, i was also thinking on how to branch to different pages depending on authorization, so I modified the Login process at login page to
  (remember: tipousmw is the type of user, mw_usuarios is the table where user data is stored -doce, name, email,. type of user - and tipousmw=1 if CE and 2 if M)
  declare
  q number;
  begin
  select tipousmw into q
  from mw_usuarios
  where usernamemw = lower(:P101_USERNAME);
  IF q=2
  THEN
  wwv_flow_custom_auth_std.login(
  P_UNAME => :P101_USERNAME,
  P_PASSWORD => :P101_PASSWORD,
  P_SESSION_ID => v('APP_SESSION'),
  P_FLOW_PAGE => :APP_ID||':1'
  ELSIF q=1
  THEN
  wwv_flow_custom_auth_std.login(
  P_UNAME => :P101_USERNAME,
  P_PASSWORD => :P101_PASSWORD,
  P_SESSION_ID => v('APP_SESSION'),
  P_FLOW_PAGE => :APP_ID||':20'
  END IF;
  end;
  So it's supposed that if a username belong to CE, he/she will be redirected to page 1, otherwise, if it belongs to M, he/she will be redirected to page 20. And it worked at the beginning, but not later, i dont know if it got something to do with the cookie...
  The previous procedure makes sense to me but.. don't know if you can try and tell me what happened.. hope somebody else have tried this so i can have a suggestion or an opinon on howcome it doesn't work properly....
  Thanks in advance for your help-.....
  Fernando...

• User Level Security

  Hi All,
  I want to restrict my data depending upon the user's profile stored in the database table.
  I want user's to vie reports using Discoverer Viewer and want to restrict them to see the data of their importance.
  Some one told me that we can make connection in the server and at the run time it returns the &username parameter of the user and we can put the filters accordingly.
  Please help me how to archive this task.
  I would certainly look to the detail solution.What I need to do as a Disc Admin and what changes are required in the reports.
  Thanks
  Himanshu Tiwari

  Hi Rod,
  I got it, and had captured the LOGIN_USER.
  Now the problem is:
  I am using a table SECURITY_ACCESS_MV_D to apply security to a user.
  I am using the below query in customer folder as:
  select a.emp_id,a.empname,a.salary,a.mgr_id
  from emp
  where salary is not null
  and (emp_id,mgr_id) in ( select distinct emp_id,mgr_id from SECURITY_ACCESS_MV_D where login_user ='HIM'
  I am using IN because I have many other column in SECURITY_ACCESS_MV_D, not used in above query which will create Cartesian join if I exclude them in the main query, if I use the simple join in the query.
  Now problem is how can I use the LOGIN_USER item (it will come when the certain user will login) in place of 'HIM' ( hard coded value). I want this filter (as mandatory) in the Discoverer Administrator EUL so that it is independent to the user reports.
  I can’t find using type of parameters there as in reports we do.
  Hope you got it.
  Once again this article will greatly help everybody in security while implementing the OD solution.
  Thanks,
  Himanshu Tiwari

• Information Regarding Essbase Security Except Filter Level and User Level

  I have an requirement to implement data level security in Essbase. For ex: A user can only see those data which are from Asia region or an user will be able to see those data which are from America.
  Asia and America are defined in my location dimension.
  can any one explain about it without using user Level Security and Filter level security.
  Please tell me how to do it?
  Thanks in advance.

  Sandeep's reference the DBAG and the section on filters is the right direction. The filter is created in EAS.
  Let's use an example.
  You create a METAREAD filter (that is, it filters both data and dimensionality) that gives a user limited access to the Location dimension (I think I have that right), e.g., the British Isles, the UK and Ireland. You can also create a READ filter but it only limits data and, in my opinion at least, causes confusion because users can see metadata (the whole world) but only see data for the British Isles.
  NB -- filters can be assigned to individual usernames or to groups that users are members of. For a POC, I'd keep it simple and just assign it to a username, but it's your choice.
  Assign the filter to the user in Shared Services.
  Try connecting to the database in Excel through the Classic Add-In or SmartView to test what the user sees -- it should be: Total Location, British Isles, the UK, and Ireland. You will see Total Location (top of the dimension) because that's how Essbase navigates down -- it has to have the dimension name to find the limited children. You won't see any data there. But you will see data at the Location members that the METAREAD filter allows.
  That's it -- it's been around since the year dot, and is the way access is restricted. You shouldn't need to reinvent the wheel to get this to work in OBIEE. Essbase should do the work.
  Regards,
  Cameron Lackpour

• How to do data level security on users based on region

  Hello guys
  I currently have created a report with dashboard prompt on column "state" with a default value "CA"
  Now, the requirement is to perform data level security on this report, so different users based out of different state will log in to the dashboard and this prompt will change its default value accordingly so the user will have the report on only users home state prompted, and users can't see other state data..
  I have thought of creating session variables to achieve the same, but how should i set up the initialization string?
  Do I need to create a new table called "user table" that stores username/password and state columns and make that user table join to the fact table in the db?
  If so, how should I configure the session value so that users get filtered date based on its state location?
  PLease provide guidance
  Thanks

  Here’s an idea off the top of my head (untested):
  First, set up your security constraints normally using Manage…Security in the Administration Tool, so that each user can only see his/her state. Refer to the previous responses to this post for guidelines.
  Then, in your dashboard prompt, for the “Default Value”, write a tiny bit of logical SQL to query the “state” column from the presentation layer. If your security constraints are properly in place, the SQL should only return one value.
  To get an idea of what the logical SQL should look like, select “All Values” as the default value, then switch it to ‘SQL Results’. That will show you the basic format of the logical SQL. It’s really just normal SQL (select <this> from <that> where <the other>), but referring to presentation layer objects rather than to physical tables and columns.
  Untested. Please reply back and let us know how it goes.

• Data-level security in user level

  Hi All,
  In our OBIEE we have created several application roles and assign them to the users. We set data-level security for each application role, and the filter does apply to all related users. But we want to do more specific data-level security for each user, which we did by clicking on user name in Manage Identity, and set permission with additional data filter. But this does not work.
  Let's say we have Application Role1 with access to region='Asia', but then we want to set User1 to access only subregion='North Asia' and User2 to access only subregion='South East Asia', where User1 and User2 belongs to Application Role1.
  Is this possible to work in OBIEE 11g?
  Thanks.

  Hi,
  Yes it is possible,
  Please refer the below link.
  http://satyaobieesolutions.blogspot.in/2012/06/obiee-11g-security-week-row-level.html -- stey by step is there.
  Hope this help's
  Thanks
  Satya

• HR: Security Profile at User Level

  Hi
  As HR: Security Profile is not enabled for user level, but sometime we need it for some users. Workaround is set up a different responsibility for the same.
  Also We can go to Application Developer Responsibility and set enable user level for HR: Security Profile option. Is it Ok to do it or this may break the system at some point.
  Suggestions Please.

  Gaurav,
  I am not an expert in this area, but I do not think enabling the profile at the user level will cause any issues. In our site, what we have done is to create a security profile specific to that user and assigned it in the HR module (not sure of the specifics, but I can find out if you are interested) - we did not enable the profile option at the user level as you are wanting to do. SR can provide you with another opinion :-)
  HTH
  Srini

• Row-level security tied to a user account.

  Bear with me, I'm not quite sure I know what I'm talking about.
  Recently we migrated from BO 5.1.7 to BO XII r2 on Solaris. Under Bo 5.1.7 our Finance users tell me there was a way to attach row level security to the account itself. For example, Finance users could only access RU's which belonged to Finance. This there a way to recreate this global security level so that we don't have to do it on a case-by-case basis?
  Thank you in advance.

  You can specify row-level security for a User or UserGroup on a Universe via the Universe Designer in Tools -> Manage Security
  But that would be per Universe, and not global to Enterprise.
  Sincerely,
  Ted Ueda

• How To Setup User Row Level Security In Answers From Values In Table

  I am trying to setup row level security when a user logs into BI Answers. Basically I want the user to create any report that they would like but only see the data that they are associated to being retrieved in the Answer Report results. I have users stored in an Oracle authentication table where they have multiple values for schools that they can view. I have data in my RPD file that contain tables with multiple rows for schools. What I would like is to capture the associated school values for the user logged into BI Answers and place a filter on the data being retrieved in the RPD file to only show rows for the user's associated schools. Can I add a WHERE clause on the Business Model and Mapping layer of the RPD that would retrieve the multiple associated schools in my authentication table and filter/match them (IN clause maybe) to the school values in the RPD data being retrieved?
  Thank you in advance for any information you my have to help me along,
  Kyle

  Turribeach,
  I appologize, I did not use those exact words to search on in the forum. I should have and what I did use didn't turn anything up for my situation.
  Thank you for the link. It helped me find the below link which describes the setup in detail and resolved my issue:
  http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
  What I needed was a row-wise variable/initialization block that stored the multiple school values for my logged in user. I then edited the "Content" tab of the Logical Table Source with a WHERE/IN clause that filtered down the result set based on my variable/initialization block SQL query.
  This solution works great!
  Thanks again!

• Data Level security for specific Users

  Hi,
  Can you please suggest some ideas on by-passing the Data Level security for specific users or specific group?
  Currently, we have data level security defined on a group permissions for one group and for people belonging to another group, the security should not apply and they should see entire data.
  But, key thing here is that, the user belongs to both the groups.
  Any ideas helps.
  Thanks,
  Chandu.

  So you are saying you want a user to belong to a group with data-level security filters, but you don't want the filters to apply to that user?
  Why are they in the group then?
  Are the data filter defined with variables or are the hard-coded?
  If variables, you may be able to put logic in initialization block to set the variable appropriately for specific users.
  I'd rethink the security model - when I define data level security filters, I tend to force users to only belong to a single group/role.

• Need Best Practice - Apex, multiple schemas, security model

  We have an oracle database which contains
  a) named database users with no objects
  b) several schemas with data tables:
  sales
  marketing
  accounting
  We need to build GUI for tables in these schemas,
  every database users should belong to a group, each user group should have access to several (not all) GUI pages.
  1) Is it possible and is it recommended (if not - why?) to create ONE workspace and ONE application inside it to have access to ALL tables in ALL schemas listed with user groups level security?
  How to do it properly?
  Some link to documentation?
  2) Which security model (apex users, database users,..) to choose and why? please recommend some links to comparison...

  Hi Marcus,
  Our developers like to see all the tables for a single custom application in its own diagram no matter where they come from and the DBA's don't want to wade through several thousand tables to find the handful we need nor have to duplicate table definitions in multiple models. In >Designer we have been doing that with Application Folders.There are no application folders in data Modeler. You can use subviews to define your subject areas. Subview is crated for each application (folder) during import form Designer repository.
  Philip