AUTHSERVER USE with security level of "MANDATORY_ACL"

Similar Messages

• SOAP Adapter with Security Levels - HTTP & HTTPS

  We have a successfully working interface scenario where SAP XI is hosting a web service and the partner systems calling it using SOAP Adapter URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel with Security Level HTTP on the SOAP Sender Communication channel.
  Going forward, for other similar interfaces (SAP XI hosting Web Service and partner systems calling it), we would like to use HTTPS and/or certificates.
  If we enable HTTPS on XI J2EE server as per the guide How to configure the [SAP J2EE Engine for using SSL - Notes - PDF|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4e1fc]....
  can partner systems still use the URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel or should they switch to https://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel?
  can we continue to have the existing interface working using HTTP Security Level i.e. partners not having to send the certificate with each message?
  If we use HTTPS security level, is it mandatory for the partner system need to send the certificate? Is it possible to have an HTTPS scenario w/o certificates?
  What is the difference between Security Levels  'HTTPS Without Client Authentication' & 'HTTPS with Client Authentication'?
  I appreciate your inputs on this.
  thx in adv
  praveen
  PS: We are currently on SAP PI 7.0 SP17

  Hi Praveen,
  There is no need to change the interface and It is manditory for the partners to send certificates in order to validate each other. Use the https in url.
  HTTPS With Client authentication:
  The HTTPS client identifies itself with a certificate that is to be verified by the server. To validate the HTTPS clientu2019s certificate, the HTTPS server must have a corresponding CA certificate that validates this certificate. After validation of the clientu2019s certificate, the server maps the certificate to an actual system user executing the HTTP request.
  and check this link.
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  Regards,
  Prasanna

• Use of Security Level on ASA with ACLs

  Hi,
  On my configuration, I'm using extended on the inbound of my 3 interfaces (inside,dmz,outside). I was wondering if there I should remove the security levels or if they are of any use since I have ACL in place already.

  Hi,
  After you have attached an ACL inbound to an interface it controls the traffic for networks behind that interface. So security-levels dont have a major role anymore.
  Though you should consider that there are still situations where the "security-level" might come into the picture.
  If you have identical "security-level" interfaces and you want to allow traffic between them then ACLs wont be enough but you also need to use the "same-security-traffic permit " format command to allow the traffic.
  Atleast in software 8.2 there is still some limitations regarding NAT depending on the "security-level" of the source and destination of the interface. I think for example you need to do Dynamic NAT/PAT between interfaces you cant do this from lower to higher direction.
  Best bet is to refer to your current software level Cisco documents. Both the Command Reference and Configuration Guide PDFs found online provide good information on these commands
  Please rate if the information was helpfull and/or ask more questions if needed
  - Jouni

• Service item not relevant for pricing if used with higher level item catego

  Hi,
  We have a service item e.g S900 with Item category ZTAD.
  This line Item automatically creates a Service Order.
  Requirement is , if this service item is used with an Equipement Item,
  Item 10 --> Equipment
  Item 20 --> Service
  --> There would be price required for the Equipment ( Condition type ZPRO - Mandatory )
  --> System should not ask for the price of Service Item, as it would be inclusive in the Equipmetn charges.
  --> In short if the Service item is used as Sub item with Equipment, it is not relevan for pricing.
  I tried copying ZTAD and creating a new item cateogry which is not relevant for pricing...would that be the correct approach, but facing several issues related to Automatic Service order generation.
  what could be possible ways to achieve above.
  Regards
  Trupti Deulkar

  Hi,
    System will ask the price for  item category TAD bcoz service also chargble,in your case insted of TAD use TANN as free,
     You can define based on your higher level item category  for Ex : OR + Normusage(Blank)Higherlevl item (Blank)= TAN
                                                                     you can config like this  ORNormUsge(Blank)  + TAN = TANN
  like this you can do it this correct way or els you can manually enter the item catagory (TANN) at sale order line item level.
  Thanks
  Vinayak.
  Edited by: vinayak4all on Jul 12, 2011 2:45 PM

• Help with asp ... security levels

  I made a change to the security level for the end user. i add
  a security feature by adding 12345 to their security level.
  <%@LANGUAGE="VBSCRIPT"%>
  <%Option Explicit%>
  <%
  'check to see if the page is submitted
  Dim validLogin
  Dim strErrorMessage
  Dim intLevel
  Dim sLevel
  If (Request.Form("uname")<>"") Then
  'user has submitted the form
  'get the entered values and hit the database
  Dim strUserName
  Dim strPassword
  'going to use an implicit connection, no connection object
  needed
  Dim objRS
  strUserName = UCase(Request.Form("uname"))
  strPassword = UCase(Request.Form("pwd"))
  response.write("strUserName")
  'prepare the RS
  Set objRS = Server.CreateObject("ADODB.Recordset")
  'set the sql statement
  objRS.Source = "SELECT * FROM tblEmployee WHERE
  strEmpUserName = '" & strUserName & "' AND strEmpPassword =
  '" & strPassword & "'"
  ' heres the implicit connection
  objRS.ActiveConnection =
  "Provider=Microsoft.Jet.OLEDB.4.0;Data
  Source=c:\Inetpub\db\IMPCustomers.mdb"
  objRS.CursorType = 0
  objRS.CursorLocation = 3
  objRS.Open
  'check for EOF
  If(objRS.EOF) Then
  'no records matched, invalid login
  Response.Redirect("invalidLogin.asp")
  'strErrorMessage = "Invalid Login. Try Again."
  validLogin = false
  Else
  'added intLevel to add more security on 3/29/07
  intLevel = Cint(objRS("intEmpSecurityLevel"))
  intLevel = intLevel + 12345
  sLevel = intLevel
  'valid login, set session variables
  Session("username") = UCase(strUserName)
  Session("userpass") = UCase(strPassword)
  Session("sLevel") = sLevel
  'Session("sLevel") = objRS("intEmpSecurityLevel") - changed
  to add more security on 3/29/07
  Session("fn") = objRS("strEmpFN")
  'release the RS
  Set objRS.ActiveConnection = Nothing
  Set objRS = nothing
  'redirect off this page
  Response.Redirect("custSearch.asp")
  End If
  End If
  %>
  I'm now having trouble removing the 12345 from their security
  level in the custSearch.asp.
  <%@LANGUAGE="VBSCRIPT"%>
  <%Option Explicit%>
  <%
  Dim strUserName
  Dim strPassword
  Dim intSLevel
  Dim isum
  Dim intS
  Dim intNewSLevel
  Dim sLevel
  Dim strFN
  Dim strErrorMessage
  Dim strError
  'get pass parameters
  strUserName = Session("username")
  strPassword = Session("userpass")
  intSLevel = Session("sLevel")
  'add on 3/29/07 for security
  'get the security level
  isum = sLevel
  'take isum which contains sLevel and subtract 12345 from it
  isum = isum - 12345
  'now intS equals security level in the db
  intS = isum
  'put into a session
  Session("intS") = intS
  strFN = Session("fn")
  strErrorMessage = ("strError")
  'If strErrorMessage = "" Then
  'strError = "There is no customer with that last name."
  'End If
  %>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
  Transitional//EN" "
  http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="
  http://www.w3.org/1999/xhtml">
  <head>
  <title>Employee Intranet - Customer Database, Search
  for a particular customer.</title>
  <meta http-equiv="content-type" content="text/html;
  charset=utf-8" />
  <link rel="stylesheet" type="text/css"
  href="../css/pop_style.css" />
  <link rel="stylesheet" type="text/css"
  href="../css/forms.css" />
  <style type="text/css">
  /* HMTL selectors start here */
  h2 {
  margin-bottom:15px;
  p {
  margin-bottom:20px;
  hr {
  border:thin;
  border-color:#CCCCCC;
  border-style:dotted;
  width:100%;
  text-align:center;
  table {
  width:300;
  align:center;
  cellpadding:2px;
  cellspacing:2px;
  margin-left:30%;
  td {
  font-size:14px;
  font-style:normal;
  font-weight:normal;
  border:0;
  padding:0;
  /* HMTL selectors start here */
  /* ID selectors start */
  #mainText {
  height:400px;
  font-family:Arial, Helvetica, sans-serif;
  font-size:14px;
  text-align:left;
  margin-left:1%;
  margin-right:1%;
  padding: 10px 5px;
  word-spacing:1px;
  letter-spacing:1px;
  /* id ends here */
  </style>
  <script language="JavaScript" type="text/JavaScript">
  <!-- function MM_reloadPage(init) { //reloads the window
  if Nav4 resized if (init==true) with (navigator) {if
  ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
  document.MM_pgW=innerWidth; document.MM_pgH=innerHeight;
  onresize=MM_reloadPage; }} else if (innerWidth!=document.MM_pgW ||
  innerHeight!=document.MM_pgH) location.reload(); }
  MM_reloadPage(true); //-->
  </script>
  </head>
  <body>
  <!-- CASCADING POPUP MENUS v5.2 by Angus Turnbill
  http://www.twinhelix.com -->
  <script language="javascript" type="text/javascript"
  src="../js/pop_core.js"></script>
  <script language="javascript" type="text/javascript"
  src="../js/pop_data.js"></script>
  <!-- border begins here -->
  <div id="border">
  <!-- second nav start here -->
  <div id="secNavBar"><a
  href="../index.htm">Home</a>  |  <a
  href="../htm/quality.htm">Quality</a> 
  |  <a href="../htm/contactUs.htm">Contact
  Us</a>  | <a
  href="../htm/siteMap.htm"> Site
  Map</a></div>
  <!-- logo starts here -->
  <div id="logo">
  <img src="../art/NewLogo.jpg" alt="Logo of IMPulse NC,
  INC." usemap="#Map" />
  <map name="Map" id="Map">
  <area shape="rect" coords="5,3,280,74"
  href="../index.htm" alt="Return to home page" />
  </map>
  </div>
  <!-- primary navigation div tags starts here -->
  <div id="priNav">
  <a id="home" name="home"
  style="visibility:hidden;">Home</a>
  <!-- primary navigation div tags ends here -->
  </div>
  <!-- main text starts here -->
  <div id="mainText">
  <h2>Customer Database </h2>
  <p
  style="font-size:14px;font-style:normal;font-weight:normal;">Welcome
  <%=strFN%></p>
  <p
  style="font-size:14px;font-style:normal;font-weight:normal;">Please
  search for a customer by using the fields below. You can use one
  field or multiple fields for your search.</p>
  <!-- signIn form starts here -->
  <div id="signIn">
  <div id="CSearch">
  <table>
  <form action="results.asp" method="post" name="search"
  id="search">
  <tr>
  <td width="98" height="29">Last Name:</td>
  <td width="150" tabindex="1"><input type="text"
  name="clname" size="25" maxlength="25" /></td>
  </tr>
  <tr>
  <td height="30">First Name:</td>
  <td tabindex="2"><input type="text" size="25"
  maxlength="25" name="cfname" /></td>
  </tr>
  <tr>
  <td height="30">Company:</td>
  <td tabindex="3"><input type="text" size="25"
  maxlength="25" name="ccomp" /></td>
  </tr>
  <tr>
  <td height="48" colspan="2" tabindex="4">
  <input type="submit" name="login" value="Submit" />
  <input type="reset" name="Reset" value="Reset" />
  <a href="logOut.asp">
  <input type="button" name="logOut" value="Log Out" />
  </a> </td>
  </tr>
  </form>
  </table>
  <!-- customer search form ends here -->
  </div>
  <blockquote> </blockquote>
  <!-- signIn form ends here -->
  </div>
  <!-- main text ends here -->
  </div>
  <div id="btm_Bar">
  100 IMPulse Way • Mount Olive, North Carolina 28365
  • Main (919) 658-2200 • Fax (919) 658-2268<br />
  &copy;2006 IMPulse NC, Inc. All Rights Reserved. </div>
  </div>
  <script language="javascript" type="text/javascript"
  src="../js/pop_events.js"></script>
  <!-- Places text blinker in the uname text box thru
  javascript -->
  <script language="javascript" type="text/javascript">
  document.search.clname.focus();
  </script>
  <!-- javascript ends here -->
  <%
  Response.Write(Session("username")) & "<br />"
  Response.Write(Session("userpass")) & "<br />"
  Response.Write(Session("sLevel")) & "<br />"
  Response.Write(Session("intS")) & "<br />"
  %>
  </body>
  </html>
  What am I doing wrong?

  "pqer" <[email protected]> wrote in message
  news:eugsik$kt5$[email protected]..
  > What am I doing wrong?
  1. You're allowing unfiltered user input into your SQL query.
  I could do
  some horrible damage to your system.
  2. You have SELECT * in your query.
  3. You're doing something that doesn't make any sense. Why
  add a constant
  to the security level just to subtract it again when you
  actually want to
  use it? You're just making more work for yourself. There is
  no benefit
  there.

• Reports XI: Infoview behavior with Row Level Security

  Post Author: pwilliamsbssp
  CA Forum: General
  I have a report that is based off a business view that has project information with an additional table used to assign report users to certain clients (each project has a client).  A filter is used to assign the report user to the current ce username.The report is scheduled by the administrator login.  Each user goes to view their report on Infoview and is able to view data for only those clients specifically assigned.   This functionality seems to work fine - everyone views one instance of the report and InfoView assigns the row level security.However, I'm running into a problem viewing report histories when adding or changing client assignments.   The historical reports come up either blank or with erroneous information (such as the current week's information instead of the previous week's data saved with the instance of the report).   I have not found a logical link between the behavior of the historical reports and the specific users.  Some can see one week and not another while others have the reverse, regardless of their security assignments.Does anyone understand the behavior of view historical reports with row-level security?  I have no idea what data/metadata is saved with each report instance and when the row-level security is being read.  Is it read when viewing the report? or, is it specific to the structure of the data when the report was run?With other reports using the same row-level security model I'm able to view the historical reports although it has the client assignments at the time the report was created.  But, at least I'm able to view the reports.Any insight welcome.Patrick Williams

  Post Author: pwilliamsbssp
  CA Forum: General
  Bump.  Anyone is welcome to tackle this question.  Please.

• Migrate SQL 2008 Analysis database to 2012 AS database along with data level security defined in current production cube

  I want to migrate Analysis Services 2008 database to 2012 AS database along with data level security defined in current production cube
  Note: Only Production environment have security, while no security is defined in development environment
  Potential Approach:
  1 - Using Synchronization Wizard: Gives me error : "The OLAP element at line1 can not appear under envelope......" and this is because Synchrinzation works only for same version
  and in my case, there are different versions of SQL (SQL 2008 and 2012)
  2 - Using Visual studio conversion wizard - Convert SQL 2008 AS project to 2012 and then process cube, so I can get the cube working but then how can I get data level security since 100's of data level security is defined in production Cube, so how can I
  migrate that across
  3 - Script out XMLA and deploy cube - But then again having issues with how can i script SSAS security
  4 - Would taking backup of SSAS 2008 database and restore to SSAS 2012 will help ?
  Any suggestions would be appreciated
  Thanks,
  Mihir

  Hi Mihir,
  According to your description, you want to migrate the SQL Server Analysis Services (SSAS) 2008 database which have some security setting with it to SSAS 2012, right? We can migrate existing Analysis Services databases either during Setup, by upgrading an
  existing instance of Analysis Services, or after Setup, by running the Migration Wizard. Generally, when migrating a database to another server, all the setting will be migrated. So in your scenario, you can refer to the steps on the links below to migrate
  your SSAS database.
  How to: Migrate Analysis Services Databases
  Migrating Existing Analysis Services Databases
  Regards,
  Charlie Liao
  TechNet Community Support

• Using WS-Security with Spring application in WebLogic

  From a high level, are there any issues with using WS-Security in WebLogic 8 or 9 with an application constructed with Spring? What issues might come up between WS-Security and Spring that might make this complicated?

  You won't be able to do this using the WSSE file.
  An easy way to get around this is to use an XML Bean built from the WS-Security XML Schema. You'll have to read the WS-Security spec to determine how to create the nonce, but you'll be able to convert this XML Bean into the Element[] that the setOutputHeaders() method, which is on the service control you call the .NET Web Service with.
  Regards,
  Mike Wooten

• Security Profile with Assignment-level Security limitations

  Hi, We are on an R12 installation, and have a security profile based on Organization Hierarchy (With Assignment-Level Security - i.e. 'Restrict on Individual Assignments' checkbox is ticked); this is based on a specific organisation as the 'Top Org' rather than the User's own Assignment.
  The profile option "HR: Access Non-Current Employee Data" is set to 'Yes', but the security profile still restricts access to Future-Dated Assignments and Ended Assignments. Is this expected behaviour, and is the only solution to develop a Custom security profile, and is this even feasible (to replicate organisation hierarchy security using SQL in the custom security tab), or would we have to use a different criteria, such as Payroll?
  Regards, Chris

  Further investigation reveals this is a limitation of the product - within security, the selection criteria which determines which individuals (or assignments) is handled seperately to Assignment-level security (i.e. whether individual assignments are restricted), it is not possible to get around this issue even using custom security, as that does not give one the power to determine how individual assignments are handled. Thus if assignment-level security is implemented, the user cannot see Ended or Future-Dated assignments, even if the profile option "HR: Access Non-Current Employee Data" is set to 'Yes'.
  The only workaround we have found for this is to:
  a) remove assignment-level security, and
  b) ensure that where an employee has multiple assignments that cross security groups, this individual is set up twice, as two separate employees.

• 4 security level with 2 FWSM contexts

  Hello,
  I have to implement a DC with two 6509, ACE and FWMS with only a default license for 2 VFW.
  But the problem I have, is that I have 4 separate networks where I like to give a different security level.
  I'm using the FWSM in transparent mode.
  Any idea ? about using VRF ? ACE or something else ?
  Suggestions will be appreciated.
  Regards,
  Omar

  Hello Omar,
  Although I'm not familiar with the ACE blade we do run 2 X 6509s with FWSMs.
  In your case you could connect your 4 networks to a single context (VFW) since the max network connections per context is 8. You would create 4 BVIs (Bridge Virtual Interfaces.) Security levels in FWSMs don't have much meaning since you are required to specifically allow traffic to pass through the context regardless of which side of the BVI it comes from. By default no traffic flows at all. All traffic is filtered with ACLs.
  You could also create a VRF on the 6509 that could act as a central or core routing point for your networks. (We do this for 18 separate contexts and call it the fusion VRF.) However you would only use a VRF if you wanted to keep the routing table isolated from the global table running on the 6509's.
  Otherwise this is unnecessary.
  If you chose to run the FWSMs in multiple context mode you could have two networks per context, still connect them to a fusion VRF, and also run an Active/Active FWSM configuration which allows you to do a type of load sharing along with failover. One context is active and one context is standby on FWSM A and on FWSM B the roles reverse. This shares active traffic across the FWSM blades.
  Hope this brief description is helpful for you.
  Simon

• Workflow 2013 use app model for higher security levels

  In a workflow 2013, I am currently calling a workflow 2010 so that I can use the impersonate step to run steps at a higher security level than the user that submitted the workflow. In the impersonate step, everything that needs to be run at a higher security
  level are placed in the impersonate step.
   I have found that the app model in workflow 2013 looks like it replaces the impersonate step in workflow 2010, correct?
  Due to that fact if I want to use the app model in workflow 2013 instead of using the impersonate step in workflow 2010, will I need to place all actions and conditionals within in the app model step for everything that needs to be executed at a higher security
  level? If so, can you show me how to accomplish this goal?
  If this is not true, what actions and steps do I need to place within the app model so that those actions and conditionals occur at a higher security level?

  Hi wendy,
  What is app model in SharePoint 2013 workflow? Based on your description, it seems like “App Step”. Is it right?
  “App Step” provides all the workflow actions added to it, with Read from and Write to Permissions to all the Items in the Site.
  App Step is not available by default you need to activate Workflows can use app permissions feature in your Site to get this displayed for that site in SharePoint Designer.
  You need to place all actions and conditionals within the App Step for everything that needs to be executed at a higher security level.
  More information about App Step in SharePoint 2013 Designer, please refer to the links below:
  Create a workflow with elevated permissions by using the SharePoint 2013 Workflow platform
  A word about App Step in SharePoint 2013 Workflow Platform
  SharePoint Designer 2013 – The new “App Step”
  Best Regards,
  Wendy
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Wendy Li
  TechNet Community Support

• Connect to Azure SQL DB with Security Enabled Access required using SSMS

  I'm looking to connect to an Azure SQL DB with Security Enabled Access required using SQL Server Management Studio 2014. I have tried checking off "Encrypt connection", but still errors out with "Cannot open database 'db name' on server 'hostname'
  requested by the login. Access to the database is only allowed using a security-enabled connection string."
  Thanks,
  Scott

  Hi Scott,
  Sorry, I missunderstood your initial question and the documentation I referenced is not updated appropriately. You have to change the connection string to <server-name>.database.secure.windows.net when you enable the security/auditing features.
  Documentation for this can be found
  here
  Thanks,
  Jan

• Sharing a PM's project with a TeamMember using SharePoint Security Mode

  When using SharePoint Security Mode, is it possible for a Project Manager to share a his project plan with a particular Team Member?  If so what are the steps?
  I am asking because we want certain Team Member to be the Status Manager for certain assignments in the project plan. 
  Thanks in advance,
  \Spiro Theopoulos PMP, MCITP. Montreal, QC (Canada)

  Hi Spiro,
  Have you tried assigning the particular Team member to the Owners group for that Project/Site so the team member can edit the project?
  Paul

• Do i have to use norton security with firefox

  Do i need to have norton security if i have firefox or do i need to install norton.
  becky

  Absolutely not! Mozilla has no specific requirements as to which security program should be used with Firefox. If you are happy with what comes with Windows 7, keep using it. If you aren't, I think you should consider using Avira Personal Free - http://www.free-av.com/. That is my current choice and has been for that last 3 years.
  I have access to a free version of Norton every "back to school" sales season, and my only use for those CD's is as a frisbee-like toy.

• With no "lock" or "HTTPS" showing up, how do I know in Safari if an online store is actually using a secure link when their web page makes that claim?

  With no "lock" or "HTTPS" showing up, how do I know in Safari if an online store is actually using a secure link when their web page makes that claim?

  The link in your example - https://www.gmx.com/ - is loading non- secure content from http://themes.googleusercontent.com/
  The lock will display only if everything on the page is secure - in this case it's not.
  As Safari has no way of knowing if theme.googleusercontent.com is going to be transmitting or receiving content that should be encrypted, then the overall page is in no way secure, and as such Safari won't display the lock icon.
  This is correct behaviour - it would be dangerous to users to identify pages as secure when they're clearly not.
  Reloading the page above uses cached copies of the fonts, thus no insecure connection is required on the reload. The issue in the link above (GMX) is not a Safari issue, just really bad web development by whomever built the site and mixed secure and insecure content.