Authorization only to a certain set of users

Similar Messages

• I have loaded Lion on my MacBook and the new trackpad functions work only on one ordinary account or user and not on the admin account. The trackpad preferences are well set. What can I do?

  I have loaded Lion on my MacBook and the new trackpad functions work only on one ordinary account or user and not on the admin account. The trackpad preferences are well set. What can I do?

  iCloud should still help you reduce some hard drive space. Just select "optimize" in the icloud tab in Mac Photo App preferences.
  Granted, not the same as completely offloading your library to a back-up drive at your location.
  Good Luck!

• Setting SPRO authorization only in disply mode

  Hi,
  I am working on authorization objects in anew role.. What is the name of the authorization object where I can set the activity for SPRO (Customzing) only in display mode ?
  Thanks.
  Regards,
  Rajesh.

  You dont need to do all this. Just create a role and add SPRO to it. Then maintain all the objects in that role to Display (Activity 03) ONLY.
  However, this will not allow you access to all the zillion Tcodes that SPRO allows access to. In order to allow this, you will have to manually add ANOTHER S_TCODE object to that role and assign a * in it. So then you have access to all the Tcodes, but Display only.
  This will do it for you. It did for me.
  Edited by: Kunal Belnekar on Apr 1, 2008 2:53 PM
  Edited by: Kunal Belnekar on Apr 1, 2008 2:54 PM

• Set a User Status for Quality Notifications only if they are "Activated".

  Hello experts:
  I need to be able to set a User Status for Quality Notifications only if they are "Activated".
  When defects are recorded for an inspection lot, a "Defect Notification" is created which can be activated to become a "Quality Notification".  Initially, the only difference between the inactive "Defect Notification" and the active  "Quality Notification" is that  the system status DEFR is active for the "Defect Notification", but is cleared when the notification is activated.
  So, I'm looking for the business process associated with the Activation to use as a trigger for my own user status.
  I checked the business rules for status DEFR and found that the following processes clear this status
    PMM1 -  Postpone Notification
    PMM2 -  Put Notification In Process
    PMM3 -  Assign Order
    PMM6 -  Put Notification In Process Again
  Any Ideas ?

  Perhaps some additional information would help you understand what I need to do.
  For notification type F3, we are recording all defects found in production.
  Most of these are expected defects that result in a minor reduction in yield.
  For this type of defect, we do not activate the notification, and the inspection lot is closed automatically at the end of production.
  However, sometimes defects are observed of an unexpected type or a higher than expected quantity.
  When this happens we manually activate the notification and assign tasks to find and correct the cause.
  It is only for these activated notifications that I want to automatically set a user status, which among other things, will prevent the notification from being closed until some other actions are complete and a different user status is selected.
  The function of the user status currently works exactly as I want, but if it is set as the initial status for all F3 notifications, it is also preventing the un-activated defect notifications from automatically closing.  I therefore want to use the Activation event as the trigger to set my user status.

• Data Slice dynamic activation and deactivation for a set of users

  Hi Experts,
                   We have requirement to manually enter the data into RTC using IP.
  There are 2 sets of users --> Power Users and Normal Users.
  We need to allow the normal users to enter the data only from 1st to 5 th working day of every  month.
  Power Users should have authorization to edit and enter the data at any time.
  Can any one suggest how to set the dataslice using code.
  Regards,
  Shashi

  Hi.
  Please note that update of RSPLS_DS table do not affects at RUNTIME.
  If you want to create dataslice that activated and deactivated within sequence run you should do the next:
  1. Create exit variable that return you all working days EXCEPT 1 to 5 of each month.
  2. Create dataslice in modeler on this characteristic with restriction by this exit variable.
  3. This dataslice should be based on ABAP class as described [here|https://www.box.net/shared/zhirrvk859].
  4. In mydataslice method enter following code (I assume you have any DSO with definition whether user is power user or not. Lets say DSO has next structure:
  USER   | Z_IS_POWER   |
  aaaa    | NO
  bbbb    | YES
  Enter the next code in mydataslice method:
  SELECT Z_IS_POWER FROM YOURDSO INTO lv_POWER WHERE USER=sy-uname.
  IF sy-subrc = 0. *This is SUPER USER. Allow locked data edition
  e_noinput = rs_c_false.
  ELSE. *This is regular user. Do not allo locked data edition
  e_noinput = rs_c_true.
  5. Create in modeler 2 planning sequences for activating and deactivation dataslice as described in document.
  6. Each time you want to do something with locked data run first sequence for deactivation of dataslice. If super user will run it so dataslice will be deactivated, but if regular user - dataslice will lock the data.
  Regards.

• Exempt small set of users from ACE rules (PCUI)

  Hello: we have a requirement to restrict access to data within the Lead
  and Opportunity transactions for internal employees.
  Our business rule is that only those employees that are a partner on
  the lead, or on the sales team on the opporutnity, can have access to
  the transaction.
  This question is about a small set of users that need to be exempt from
  this ACE rule: headquarters administrative personnel.
  All users will use the PCUI user interface to access these transactions.
  Can you advise: what is the best practice for exempting the
  headquarters personnel from these ACE restrictions?
  We have considered creating a separate, non-ACE-relevant security role
  for the headquarters/exempt personnel, but are concerned that this
  approach will be a security maintenance headache over the long term.
  Thank you for your help. -Matt

  Hi Matthew,
  A parallel layer to ACE is unnecessary. ACE can handle different set of users through the classified user groups. These groups can accomodate the Read/write/no authorizations very well. All you require to do is some configuration for usergroups and then some coding in OBF, AFO and AFU classes.
  Hope this helps.

• What is factory default "Sharing & Permissions" setting for User folders?

  System:
  Mac OS X Lion 10.7.2
  MacBook Air (Mid 2011)
  Single User – Administrative Account
  Question:
  What is factory default “Sharing & Permissions” setting for User folders (Desktop, Downloads, Library, Movies, Music, Pictures, Public), subfolders, and documents and other contents?
  I’m thinking the factory default “Sharing & Permissions” for all of the above (except Drop Box in the Public folder) is as follows, but not certain.
  Name                          Privilege
  myusername (Me)    Read & Write
  staff                            Read only
  everyone                   Read only

  Are these also the settings on your Documents folder and the various files in the Documents folder?  Same question for your Library folder?
  Name                          Privilege
  myusername (Me)    Read & Write
  everyone                   No Access

• How to set up User id and Password for Web services or authentication

  Hi ,
  I am new to web services . I have created a new Web service in SAP , and while creating Service defination , set the Authentication as LOW for server proxy .Then created End-point in SOAMANAGER with USREID/PWS requried .This WSDL i am planning to share with Third party to call from Java application.
  But my web service checks for authorization which needs to be set up to allow the user id and pws .
  So question is how do i pass my user id and pws as i do not see this WSDL with User id and pws option displayed for me when i test this using SOAP UI .I saw some of WSDL with tag "AuthHeader" with user id and pws tags in them .So how could i get them ?
  Or requirement is that my Third party should be able to access my Web service in PRD and also be able to have authorization to auth object embedded in FM inside service defination .So how is this acheived ?
  Thanks,
  Sitaraman

  Hi,
  After creation of WSDL , you will get URL lkie http://idessapdev.ad.infosys.com:8000/index.html.
  For this URL your third party system need sto add id and pwd for accessing like http://idessapdev.ad.infosys.com:8000/index.html&userid = 111&pwd= wwgw.
  this is not the exact syntax. you can check with your third party system for this URL.
  Regards,
  Lokeswari.

• How to set Multi User Environment in the weblogic 5.1 and 6.1 server..(Urgently)

  Hi all,
  I need to know how to set Multi User Environment in the weblogic 5.1
  properties file..
  Here my question is..:)
  1) I have a database with multiple users and having different privileges
  for the users.. and i need to use all the privileges when user aceess
  the database through weblogic server connectionPool.
  2)According to the user privileges i need access the database tables
  content and gives the frontEnd(jsp).
  3)How to modify dynamically weblogic.properties file in the weblogic
  5.1.
  If anybody having idea reg. this issues pl...help me..
  Thanks in advance
  Chandu([email protected],[email protected])

  Hi. A JDBC connection pool is a set of identical, interchangeable, pre-made
  connections, and the controls to make sure only one user uses a particular
  connection at any one time. If you want to have different DBMS users, you can
  have a separate pool for each DBMS user, which may contain as many or few
  connections as you want. Some applications has a pool for the accounting
  applications, and another for the sales applications etc. Some do have a
  separate pool for john, jane, joe etc, each with one connection. Pools
  can be created and destroyed dynamically using the dynamic pool API.
  Joe
  softstar wrote:
  >
  Hi all,
  I need to know how to set Multi User Environment in the weblogic 5.1
  properties file..
  Here my question is..:)
  1) I have a database with multiple users and having different privileges
  for the users.. and i need to use all the privileges when user aceess
  the database through weblogic server connectionPool.
  2)According to the user privileges i need access the database tables
  content and gives the frontEnd(jsp).
  3)How to modify dynamically weblogic.properties file in the weblogic
  5.1.
  If anybody having idea reg. this issues pl...help me..
  Thanks in advance
  Chandu([email protected],[email protected])

• Need help to check multiple conditions and set AD user properties

  hello All,
  I have a data csv sheet where information as follows, using below information I need to update AD account attributes based on below conditions . I have full right and I can set any user properties. So this is not access right issue.   
  samaccountname,Othertelephone,language,employeeId
  abcd                      XXXXXXXXX     EN         SMS
  Now I need to check following conditions:
  Othertelephone =  if this should not be blank ,if so display message " filed is blank " and no changes should allowed in further attributes and  it should abort
  language= this field should only contain  EN or FR value if No display msg " error in language field " and no further changes to  the user attributes and it should abort
  employeeID= this field should only contain OTP or SMS value if Not filled display msg " error in Employee ID field " No further changes to the user attributes and it should abort
  changes to user will permit  when all attributes is filled. I do the testing taking samaccountname , othertelephone and employeeId into consideration but it did not helped. Getting error
  THIS is complete Code Of my Task where you need my focus on conditions
  group=Get-QAdGroup -SearchRoot  "domain/vpn group"
  Import-Csv D:\VPN.csv |
  ForEach-Object{
  if ($_.samaccountname -eq "")
     Write-Host "SAMACCOUNTNAME is blank"   -fore red
  else
   $user=Get-QAduser $_.samaccountname
  if ($user.memberof -contains  $group.DN)
   Write-Host "$($_.Samaccountname) user is allready a member" -fore red
  else
   Add-QADGroupMember $group $_.Samaccountname
  If ($_.othertelephone -eq "")
  Write-Output "$($_.samaccountname) telephone Number is blank"
  else
  if ($_.EmployeeID -notmatch 'OTP' -and 'SMS')
  Write-Output "$($_.samaccountname) EmployeeID field is not correctly field")
  Else
  Set-QADUser $_.SamAccountName -ObjectAttributes @{telephonenumber=$_.othertelephone;EmployeeID=$_.EmployeeID}
  error
  Set-QADUser : Access is denied.
  At C:\Users\g512263\AppData\Local\Temp\5f8facb6-f942-4c3d-b924-8953d9a706da.ps1:37 char:8
  +                    Set-QADUser $_.SamAccountName -ObjectAttributes @{telephonenumber=$_.othe ...
  +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : NotSpecified: (:) [Set-QADUser], UnauthorizedAccessException
      + FullyQualifiedErrorId : System.UnauthorizedAccessException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.SetUserCm
     dlet

  <title>Untitled - PowerGUI Script Editor</title>
  Hello JRV,Thank you for your time, There is no comma in my csv file , I double check. below I wrote a simple code.I removed all the conditions and just try to set the EmployeeID and it is working fine with same file.But as soon as I add conditions it gives access denied. as well as if I remove employee Id from your previous code and only try to set telephone No. still it gives access denied.I am just trying to figure out what is causing this.
  $group=Get-QAdGroup -SearchRoot "com/Group"
  Import-Csv D:\VPN.csv |
  ForEach-Object{
  if ($_.samaccountname -eq ""){
  Write-Host "SAMACCOUNTNAME is blank" -fore red
  }else{
  $user=Get-QAduser $_.samaccountname
  if ($user.memberof -contains $group.DN){
  Write-Host "$($_.Samaccountname) user is allready a member" -fore red
  }else
  Add-QADGroupMember $group $_.Samaccountname
  If ($_.othertelephone -ne "")
  Set-QADUser $user.SamAccountName -ObjectAtt Aributes @{telephonenumber=$_.othertelephone}
  } else
  Write-Output "$($_.samaccountname) phonenumber is blank"
  If ($_.EmployeeID -ne "")
  Set-QADUser $_.SamAccountName -ObjectAttributes @{EmployeeID=$_.EmployeeID}
  }else
  Write-Output "$($_.samaccountname) EmployeeID field is blank"
  If ($_.Preferredlanguage -ne "")
  Set-QADUser $_.SamAccountName -ObjectAttributes @{Preferredlanguage=$_.preferredlanguage}
  } else
  Write-Output "$($_.samaccountname) PreferredLanguage field is blank"

• Setting proxy-user credentials

  Hi!
  I'm trying to make database reads through the proxy account ('main' proxy user)
  and writes through 'normal' proxy user depending on what user is logged in application and make this writes. Proxy user is authenticated by name and password.
  1) I've created accounts for proxy users in Oracle DB.
  2) I've implemented session event handler for the preLogin event like in the reference:
  http://www.oracle.com/technology/products/ias/toplink/doc/1013/main/_html/dblgcfg008.htm
  3)Then I need to acquire all client sessions of any logged in application user
  with their own proxy-user credentials, but
  a) there is no such event as preAcquireClientSession;
  b) when this is done in postAcquireClientSession it has no effect (all writes are performed by the 'main' proxy user).
  How to solve 3)? Is there any class or event in TopLink where I can set proxy-user credentials?
  Hints or ideas will be so helpfull.
  By the way, I'm using TopLink 10.1.3, Spring 2.0.

  Thanks for reply. I've already read that, very usefull thread. But before today I could not get where interaction with server is.
  Now I think I should investigate in org.springframework.orm.toplink.TopLinkTransactionManager, the key to solve my problem not only in TopLink but in Spring also.

• Job owner are set to users those no longer with the organization

  Hello, 
  I was reviewing the currently list of job owners in my organization and found a lot of them are set to users or people who have left the organization. 
  Could anybody advice if there would be any impact of this?
  Best regards, 
  Mohan

  The jobs may start failing when their AD accounts are removed. If the users have left it is better to change the job owner to a different account.
  To ensure such issues wont happen, it is better to create a generic AD account with only necessary permissions and use it dedicately for this purpose.
  Regards, Ashwin Menon My Blog - http:\\sqllearnings.com

• CV02N Authorization only to Object Link - Material

  Hi Gurus,
  I want to give special authorizations to a group of users where they can assign materials only in CV02N.
  When they enter Document Info Record there he should be accessing only Object Link - Material only, so that he can enter the relevant Materials.
  I found the Auth Object: C_DRAD_OBJ, but this is not helping me.. Please let me know if there is any alternative.
  Regards
  Naveen

  Hi,
  Apart from Ravi suggestion, you can also create a new document type from DC10 and define only one Object link i.e. material for that doc type. And after that you can provide this doc type authorization (with object C_DRAW_TCD) to your concern users. Its just other way around solution.
  Regards
  Shishir

• Installation of camera profiles and x-rite Profiles show up only in a certain folder of a catalogue

  Dear all,
  I'm working in a Maverics environment on which LR 5 is running. I've tried to install the camera profiles for the Nikon D800 by copying them to the users Library/Applicaton Support/Adobe/CameraRaw/Camera Profiles. After re-starting LR the profiles didn't show up. In a second attempt I tried to impoprt them with the extention manager which didn't work.
  The second problem I'm facing is, that I've created camera profiles with x-rite. The profiles show up only in a certain folder in LR in the same catalogue. This means in this certain folder named shootings i can choose the x-rite porfiles. When I go -without leaving the catalogue- to an other folder ie. named sports, I can not see the profiles.
  It would be great if somebody has a useful idea
  Thank you very much in advance.
  Cheers Stefan

  See the instruction below for the location where your profiles should be placed. If they are placed in the same folder where Lightroom install package places the profiles created by Adobe they will not be recognized.
  Your custom Camera Raw & Lens Profiles should be installed to the User folders…
  Lightroom 5 no longer uses the shared ProgramData (Windows) / Application Support (Mac) folders for Camera or Lens Profiles. Instead, it stores the built-in profiles with its program files.
  When you create camera or lens profiles, they must be stored in the user locations listed below. If you previously stored custom profiles in other locations, you’ll need to move them to these user folders, otherwise Lightroom won’t be able to find them.
  Windows—C: \ Users \ [your username] \ AppData \ Roaming \ Adobe \ CameraRaw \ CameraProfiles \
  Mac—Macintosh HD / Users / [your username] / Library / Application Support / Adobe / CameraRaw / CameraProfiles /
  For the lens profiles, substitute the LensProfiles folder for the CameraProfiles folder.
  The camera and lens profile file extensions are:
  .dcpr—camera profile recipe file used for creating/editing a profile in the DNG Profile Editor
  .dcp—camera profile
  .lcp—lens profile

• Set Default User Agent

  Safari 4.0.3
  Is there a way to Set the Default User Agent to Iphone 3 and the user agent does not revert back when the Safari is restarted.
  Current when I set the user agent to Iphone 3 and then restart the browser the Iphone 3 user agent is not retained. Is there a way to ensure that the Iphone 3 user agent is retained after a restart ?

  So my question = is there a possibility to set "Internet Explorer 9" as default User agent string.
  How about taking the tack that Compatibility Settings uses?  Its default is IE7 and it is semi-persistent, apparently lasts until you clear your Cookies for it.  So, what is in the Cookie?  If it says make UAS = IE7  perhaps you could
  change it to be something else?  Alternatively, find out how IE7 becomes that procedure's default and see if there is something in that path which is changeable.  Use ProcMon to investigate these ideas.
  Alternatively, on another tack, look at the implementation of the Microsoft list, in IECompatData.xml.   Some, apparently, have experimented with making custom changes in there.  Then a problem would be that they would have to disable regular
  checking and updating of that list or that again, their modifications would only be semi-persistent, and thus they would have to be prepared to periodically, on an unknown schedule, have to be ready to reassert their modifications.
  FYI
  Robert Aldwinckle