Application security /access by only designated users

Similar Messages

• Is there a way have a file only accessable by only one user at a time

  Here's the question...
  I want to set up a file so that it can only be accessed by only one person at a time - is there any way to do this?

  Turn off fast user switching and autologin, making all users log off before other users can use the machine.

• Customised Oracle application and access to roles and users...please advise

  Hi Gurus!
  We are developing a customised Oracle application where we have users and roles...user - role mapping is done in the system administration module of the application.
  Now, we are also developing Oracle discoverer reports based on this. Using 10g (10.1.2.0.2) for that.
  When I am creating an EUL, I select 'New EUL for Oracle Applications users only' option, but, I do not have any 'FND schema' to specify. That's where I'm stuck up!
  I want to give access to the 'roles' in tha same manner as I would give to the 'responsibilities' in Oracle Apps. But, I don't know how to do it here.
  Can someone guide me on this?
  Thanks and regards,
  Aparna

  Hi Aparna
  It would appear that you posted the same question on the Discoverer forum. Here is the answer that I posted there:
  If your application is not E-Business Suite you cannot install Discoverer into Apps mode. This mode is reserved for applications which are E-Business Suite, which basically tells Discoverer to use authenticate users using the FND tables owned by the APPLSYS user.
  In your case, even though you appear to be using Oracle applications, because you want to take advantage of your roles you will have to install Discoverer into standard mode. As you are creating your EUL you need to uncheck the box which says grant access to PUBLIC and make this a private EUL. Then you will not have the headache of worrying about setting up new users. You simply manage what a role can do (Tools | Privileges) and what a role has access to (Tools | Security).
  Now, when any any user connects to Discoverer their role will be evaluated and access will be restricted.
  You can do the same thing using a PUBLIC EUL, except you need to reduce what that user can do (Tools | Privileges) to an absolute minimum, and then take control of this using roles. For example, you could have a set of functional roles, one each for say AP, AR, GL and so on, but you could further break this down by privilege, thus you could have roles called AP Viewer, AP User, AR Viewer, AR User and so on. The User roles would have full access while the Viewer roles would have a much reduced set of privileges.
  You are basically setting up the Library approach that I discuss in my Discoverer 10g Handbook and in my white paper which you will find on my downloads page here: http://learndiscoverer.com/downloads/downloads.htm.
  I hope this helps
  Best wishes
  Michael Armstrong-Smith
  URL: http://learndiscoverer.com
  Blog: http://learndiscoverer.blogspot.com

• Application security/access management

  Hi folks,
  I'm building a simple app and I want to be able to control access/passwords etc within the app (ie not have to go out to the full Workspace to reset passwords etc). I assume this is possible and I'm just failing to understand the many options APEX provices for access/authorisation.
  Any advice/insight/info would be greatly appreciated.
  Regards,
  IanM

  You need to create a custom authentication scheme. Check out Apex 4.1 or Apex 4.0 (the XE DB contains Apex 4.0), the sample application there contains a custom authentication scheme so you can learn there how they did it.
  Also check out the folowing blog on a step by step guide on how to set it up.
  http://djmein.blogspot.be/2007/07/custom-authentication-authorisation.html
  There is little difference in Apex versions, exept I noticed you need to create an additional application item in Apex 4.2 called AI_LOGIN_MESSAGE.

• Help please: "Access denied by Application security check"

  I am very new for using Application express 2.2.
  I create a demon application, and want to creat a end user right now.
  The end user has no-dev and no-admin privileges. However when I tried to logon I got error message "Access denied by Application security check", and only option is to log-out.
  What I have done wrong?
  Thanks,

  See http://download-east.oracle.com/docs/cd/B31036_01/doc/appdev.22/b28550/sec.htm#BABBCIEE
  When you create users in the Apex repository (using an Admin account in the workspace), and give them neither Dev nor Admin privilege, they are not meant to login to the Application Builder. You would use the link above to create an authentication scheme in applications you develop.
  [Read that Chapter 11 Managing Application Security from start to finish]

• Security  Access

  Hello All-
  I have a Essbase application and i have MSAD configured with shared services. Now i want to have users be able to use their MSAD username & passowrd and at the same time i want to assign users the filter access for the indvidual
  application. I have always done it in the planning application but i now want implement the same on just Essbase application. Now my question is where should i create my group in EAS or directly in shared service? My guess is that i
  should create group in shared service assign as Essbase server access and then refresh the security via AAS and i should see the groups in AAS. Once i see the groups there how can i assign the filter security for the application . IS this
  something that i need to do directly in AAS? Please advise!
  Thanks!

  Hi,
  Create the group in shared services, give the group the essbase role of "server access" and access to each essbase application.
  Go into EAS, refresh security from shared services for all users.
  Create filters in EAS for the essbase applications.
  In shared services, expand application groups, essbase, right click the essbase application "assign access control", pick the user/group, assign the filter.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Find out how many times the application was touched by a particular user

  Hello,
  can anyone please help me out with this issue.
  I want to find out how many times the application was accessed by a particular user,their session IDs for each of the applications in a particular workspace. I am using a role based authorization scheme for my application. I am using Oracle APEX 3.2 version. Are their any underlying APEX tables/Views to find out the above details.
  thanks,
  Orton

  Hi,
  Have you check views APEX_WORKSPACE_ACCESS_LOG and APEX_WORKSPACE_ACTIVITY_LOG
  Regards,
  Jari
  Edited by: jarola on Oct 20, 2010 7:37 AM
  This might help also
  http://download.oracle.com/docs/cd/E14373_01/appdev.32/e11838/advnc.htm#CHDDHGJI

• [SOLVED] Access denied by Application security check (3.0.1 on Oracle XE)

  Cannot log in as admin. http://localhost:8080/apex/apex_admin
  After entering user admin and password I receive a page that says:
  Access denied by Application security check
  Application access restricted to internal workspace users.
  Return to application.
  I can run Apex interface just fine, this only happens for the apex_admin login screen.
  Help??!!??
  ===========
  Resolution
  ===========
  Logged on to INTERNAL workspace with admin username.
  Message was edited by:
  edkocol

  Hello Spadafore,
  Thank you, for your quick answer. I found another way, and it is solved.
  =========
  SOLUTION:
  =========
  Login as sys with sqlpus (sqlplus sys as sysdba )on the database and run this script:
  update flows_030000.wwv_flow_fnd_user
  set change_password_on_first_use ='N'
  where lower(user_name) = 'admin'
  commit
  However it's worked, but the whole story strange a little bit...
  I tried to logon (internal, admin, xxx), then I got this: Access denied by Application security check
  When I tried logon with wrong password I got this: Invalid Login Credentials
  Afterwards I run the script above, and try relogon, I got the password change page, but at this time it worked, and it is working now....
  Tiboir

• How to allow user defined in list item to see item using only Designer. Approver set in list item can't see items they are to approve.

  SharePoint 2010 and Designer 2010.
  We have a list of items that users enter information into. Only the user who enters the data can see the item. It's confidential stuff. 
  One field is the name of the person who will approve this record.
  Workflow sends approver an email and sets a task to approve the item. 
  Problem is that the user set as approver cannot see the item. 
  We can't have a list of approvers - as all staff can potentially be approvers.
  We can't allow anyone other than the person who created the item and the person that is set as approver in a field to have access. 
  I am not a programmer, but a user of SharePoint Designer 2010. 
  (I did think we had this sorted by sending an email containing all the list item fields, but this task still requires permissions). 

  Hi ,
  I understand that after you grant user permission on current item ,the user still cannot approve the workflow task .This is because the user doesn't have approve permission in the Tasks list .You only grant the user permission on current item in current
  list ,so he can approve the item by clicking the Approve/Reject in the edit control block .
  Your workflow is correct ,now you need to grant the users Approve (a permission level) permission in the Tasks list settings .In this way ,the users can finish the tasks .
  Thanks
  Entan Ming
  TechNet Community Support

• Locking a JSP Page i.e allowing only one user to access it at a time

  Hi,
  I have web application where multiple users can log in at the same time.
  I have a JSP where a user is presented with a list of executable items.It is quite possible that at the same time more that one user tries to execute the same item.I want to disable this. i.e at a time only one user should be able to execute the item.
  Currently what i can think of is putting an extra column in the database...saying that this item is locked and you cannot access it until unlocked.But then this would involve a round trip to database.I want to avoid it, and do some coding in java code itself.
  But i dont know how to proceed.
  Any Help......

  sorry for the misdirection :(
  yes..try using the synchronizing for the run process for of the item in the action class.
  I shall try to provide you with the code changes, if can you please provide the back end code doing the job u said

• Access denied by Application security check

  I see that others have gotten this error when logging in but I'm getting this during an application install.
  I have an application in workspace A that I exported. I created workspace B, using the same parsing schema and the same workspace the schema assignments. In workspace A, I exported as user ADMIN who has Administrator and Developer rights. The same user with the same rights was used to import and install the application into workspace B. The import into workspace B is successful. For the import, I use the same parsing schema assignment and I let the install utility assign a new application ID. It apparently chose app ID 115 because after a few minutes into the install I get the "Access denied by Application security check" and at the top of the page it says "Application 115 installed".
  To make matters worse, when I log back into workspace A, I see that application 115 has just been installed into THAT workspace.

  Lloyd,
  That's weird. What version of Application Express? I would suggest using a different user (not ADMIN) for export and import, as I'm sure what you experienced is due to a bug related to the privileges of the ADMIN user.
  Scott

• Grant access to help desk users to add members to distribution and security groups

  Hello,
  I am trying to create a set of help desk users that has full access to add or remove members from distribution and security groups as well as update users.  We want it to bypass owner approval and essentially allow this group to add or remove members
  in the FIM Portal and flow it down to ADS.
  This obviously works fine if one is a member of the Administrators set, but we want a second tier of power users with limitied rights compared to FIM Admins.  We have added the help desk team to the  Security Group Users and Group Users set as
  well as MPR "Security group management: Users can read selected attributes of group resources".
  The help desk users can update users in the Portal with no issue.  The can search groups with no issue but when they try to add members to a group they get the error "Access Denied".
  Any help is greatly appreciated.
  Thanks!

  I'm having very similar problem - I have users with delegated right to modify group membership only. User can add someone to group and it works fine, but when the same user is trying to remove and user from a group (even if this is the same user
  which was added a minute ago) he gets Access Denied:
  The
  request included members which the requestor is not authorized
  to add and/or remove from this group."
  It is caused by default MPR:
  Group management workflow: Validate requestor on remove member
  Question is how this activity validates this request - any insight?

• Why does the Error: 500 SC_INTERNAL_SERVER_ERROR appear when multiple users access my JSPs but does not occur when only one user accesses my JSPs?

  When multiple users run my JSP application, why do some users get an Error: 500 SC_INTERNAL_SERVER_ERROR for certain JSP pages with the error message No such file or directory. The JSP listed on the Error 500 page varies and is not always the same. When only one user runs my JSP application, the problem does not occur?
  The database connection is held when the user logs in or accesses certain parts of the JSP and then is immediately released. No connections to the database are held.
  We are using Solaris 8 with MU_6 plus recommended patches.
  Enterprise Ultra 250
  iAS 6 SP 3

  Is anything showing up in the KXS or KJS logs?
  It sounds like you might having some kind of thread safety issue with your code. Either that or your guess about running out of database connections.

• Security group provisining only to show Business rules to the users.

  Hi,
  Could anybody tell what setting in the Group Provisioning required so that users in that group only see business rules in planning application and not calculation script on the servers. We work on 9.2 env. ?
  Thanks,

  Yes group is provisioned as planner and have essbase server access... and user in this groups are able to see both business rules and calc script in planning application... but we want to show them only business rules and not calc scripts...

• Does business service have an application service for secure access?

  Hi
  Recently we had faced a strange situation when we are attempting to execute a script
  these are the steps i followed
  *1.Created a business service*
  This is my business service with service name CILCSVAP
  <schema pageAction="read">
  <said mapField="SA_ID"/>
  <indt mapField="START_DT"/>
  </schema>
  *2.Added the above business service in service script and used the edit data step to invoke the bs*
  No application service given for the script.
  invokeBS 'Cm_serviceagreement' using "cm_serviceagreement"
  Now when i execute the above script
  i am getting the following error
  You are not allowed access (directly/indirectly) to this account.
  *     Description: Please contact your security administrator to check your security for this account.*
  I know that this error occurs if a user doesnt has accesss to a account but i had checked that too by verifying account's accessgroup which i am using,then its access roles then i had checked that user with which i had logged in is present or not.yes it is present
  Now i am wondering whether business service has an application service
  I cant find any field for entering application service on business service page.
  Although i have access to execute the script and the business service why i am getting this error,plz help.

  Hi shanker,
  I'm working with MDM 2.0 and I've a field to enter an application service.
  During my customizations I've used the 'default execution application service'.
  I've tried to attach an image to this post, but it seems to be not possible.
  When I add a new business service, I got these settings:
  * Business Service (in your case CILCSVAP)
  * Description
  * Detailed Description
  * Service Name (Name of the System Service)
  * Application Service (I've used F1-DFLTAPS)
  and on an additional tab the Schema of the BS.
  Please check if the application service is assigned to your User Group and if the execution right is set.
  /Markus