AUTHSERVER USE with security level of "MANDATORY_ACL"
Has anyone done this? When i sent security to "MANDATORY_ACL", the AUTHSVC does
not come up. But if I change
that to "USER_AUTH" it comes up. Does it not work with MANDATORY_ACL level or
am I doing something wrong?
Any help appreciated. Thanks in advance.
Oops - of course SECURITY and AUTHSVC should be on
separate lines in the ubbconfig! It seems that one
needs to enter double-spaced lines when posting in
this newsgroup... (but the quote further down seems
OK though.)
I try again:
SECURITY MANDATORY_ACL
AUTHSVC "..AUTHSVC"
/Per
"Per Lindström" <[email protected]> wrote:
>
Hello Ramnath,
when you use ACL or MANDATORY_ACL security with the BEA-
supplied AUTHSVR, you must define AUTHSVC as "..AUTHSVC"
instead of "AUTHSVC", like this:
SECURITY MANDATORY_ACL
AUTHSVC "..AUTHSVC"
I hope this will solve your problem.
Best regards,
/Per
"Ramnath Cidambi" <[email protected]> wrote:
Has anyone done this? When i sent security to "MANDATORY_ACL", the AUTHSVC
does
not come up. But if I change
that to "USER_AUTH" it comes up. Does it not work with MANDATORY_ACL
level or
am I doing something wrong?
Any help appreciated. Thanks in advance.
Similar Messages
-
SOAP Adapter with Security Levels - HTTP & HTTPS
We have a successfully working interface scenario where SAP XI is hosting a web service and the partner systems calling it using SOAP Adapter URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel with Security Level HTTP on the SOAP Sender Communication channel.
Going forward, for other similar interfaces (SAP XI hosting Web Service and partner systems calling it), we would like to use HTTPS and/or certificates.
If we enable HTTPS on XI J2EE server as per the guide How to configure the [SAP J2EE Engine for using SSL - Notes - PDF|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4e1fc]....
can partner systems still use the URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel or should they switch to https://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel?
can we continue to have the existing interface working using HTTP Security Level i.e. partners not having to send the certificate with each message?
If we use HTTPS security level, is it mandatory for the partner system need to send the certificate? Is it possible to have an HTTPS scenario w/o certificates?
What is the difference between Security Levels 'HTTPS Without Client Authentication' & 'HTTPS with Client Authentication'?
I appreciate your inputs on this.
thx in adv
praveen
PS: We are currently on SAP PI 7.0 SP17Hi Praveen,
There is no need to change the interface and It is manditory for the partners to send certificates in order to validate each other. Use the https in url.
HTTPS With Client authentication:
The HTTPS client identifies itself with a certificate that is to be verified by the server. To validate the HTTPS clientu2019s certificate, the HTTPS server must have a corresponding CA certificate that validates this certificate. After validation of the clientu2019s certificate, the server maps the certificate to an actual system user executing the HTTP request.
and check this link.
http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
Regards,
Prasanna -
Use of Security Level on ASA with ACLs
Hi,
On my configuration, I'm using extended on the inbound of my 3 interfaces (inside,dmz,outside). I was wondering if there I should remove the security levels or if they are of any use since I have ACL in place already.Hi,
After you have attached an ACL inbound to an interface it controls the traffic for networks behind that interface. So security-levels dont have a major role anymore.
Though you should consider that there are still situations where the "security-level" might come into the picture.
If you have identical "security-level" interfaces and you want to allow traffic between them then ACLs wont be enough but you also need to use the "same-security-traffic permit " format command to allow the traffic.
Atleast in software 8.2 there is still some limitations regarding NAT depending on the "security-level" of the source and destination of the interface. I think for example you need to do Dynamic NAT/PAT between interfaces you cant do this from lower to higher direction.
Best bet is to refer to your current software level Cisco documents. Both the Command Reference and Configuration Guide PDFs found online provide good information on these commands
Please rate if the information was helpfull and/or ask more questions if needed
- Jouni -
Service item not relevant for pricing if used with higher level item catego
Hi,
We have a service item e.g S900 with Item category ZTAD.
This line Item automatically creates a Service Order.
Requirement is , if this service item is used with an Equipement Item,
Item 10 --> Equipment
Item 20 --> Service
--> There would be price required for the Equipment ( Condition type ZPRO - Mandatory )
--> System should not ask for the price of Service Item, as it would be inclusive in the Equipmetn charges.
--> In short if the Service item is used as Sub item with Equipment, it is not relevan for pricing.
I tried copying ZTAD and creating a new item cateogry which is not relevant for pricing...would that be the correct approach, but facing several issues related to Automatic Service order generation.
what could be possible ways to achieve above.
Regards
Trupti DeulkarHi,
System will ask the price for item category TAD bcoz service also chargble,in your case insted of TAD use TANN as free,
You can define based on your higher level item category for Ex : OR + Normusage(Blank)Higherlevl item (Blank)= TAN
you can config like this ORNormUsge(Blank) + TAN = TANN
like this you can do it this correct way or els you can manually enter the item catagory (TANN) at sale order line item level.
Thanks
Vinayak.
Edited by: vinayak4all on Jul 12, 2011 2:45 PM -
Help with asp ... security levels
I made a change to the security level for the end user. i add
a security feature by adding 12345 to their security level.
<%@LANGUAGE="VBSCRIPT"%>
<%Option Explicit%>
<%
'check to see if the page is submitted
Dim validLogin
Dim strErrorMessage
Dim intLevel
Dim sLevel
If (Request.Form("uname")<>"") Then
'user has submitted the form
'get the entered values and hit the database
Dim strUserName
Dim strPassword
'going to use an implicit connection, no connection object
needed
Dim objRS
strUserName = UCase(Request.Form("uname"))
strPassword = UCase(Request.Form("pwd"))
response.write("strUserName")
'prepare the RS
Set objRS = Server.CreateObject("ADODB.Recordset")
'set the sql statement
objRS.Source = "SELECT * FROM tblEmployee WHERE
strEmpUserName = '" & strUserName & "' AND strEmpPassword =
'" & strPassword & "'"
' heres the implicit connection
objRS.ActiveConnection =
"Provider=Microsoft.Jet.OLEDB.4.0;Data
Source=c:\Inetpub\db\IMPCustomers.mdb"
objRS.CursorType = 0
objRS.CursorLocation = 3
objRS.Open
'check for EOF
If(objRS.EOF) Then
'no records matched, invalid login
Response.Redirect("invalidLogin.asp")
'strErrorMessage = "Invalid Login. Try Again."
validLogin = false
Else
'added intLevel to add more security on 3/29/07
intLevel = Cint(objRS("intEmpSecurityLevel"))
intLevel = intLevel + 12345
sLevel = intLevel
'valid login, set session variables
Session("username") = UCase(strUserName)
Session("userpass") = UCase(strPassword)
Session("sLevel") = sLevel
'Session("sLevel") = objRS("intEmpSecurityLevel") - changed
to add more security on 3/29/07
Session("fn") = objRS("strEmpFN")
'release the RS
Set objRS.ActiveConnection = Nothing
Set objRS = nothing
'redirect off this page
Response.Redirect("custSearch.asp")
End If
End If
%>
I'm now having trouble removing the 12345 from their security
level in the custSearch.asp.
<%@LANGUAGE="VBSCRIPT"%>
<%Option Explicit%>
<%
Dim strUserName
Dim strPassword
Dim intSLevel
Dim isum
Dim intS
Dim intNewSLevel
Dim sLevel
Dim strFN
Dim strErrorMessage
Dim strError
'get pass parameters
strUserName = Session("username")
strPassword = Session("userpass")
intSLevel = Session("sLevel")
'add on 3/29/07 for security
'get the security level
isum = sLevel
'take isum which contains sLevel and subtract 12345 from it
isum = isum - 12345
'now intS equals security level in the db
intS = isum
'put into a session
Session("intS") = intS
strFN = Session("fn")
strErrorMessage = ("strError")
'If strErrorMessage = "" Then
'strError = "There is no customer with that last name."
'End If
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Transitional//EN" "
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="
http://www.w3.org/1999/xhtml">
<head>
<title>Employee Intranet - Customer Database, Search
for a particular customer.</title>
<meta http-equiv="content-type" content="text/html;
charset=utf-8" />
<link rel="stylesheet" type="text/css"
href="../css/pop_style.css" />
<link rel="stylesheet" type="text/css"
href="../css/forms.css" />
<style type="text/css">
/* HMTL selectors start here */
h2 {
margin-bottom:15px;
p {
margin-bottom:20px;
hr {
border:thin;
border-color:#CCCCCC;
border-style:dotted;
width:100%;
text-align:center;
table {
width:300;
align:center;
cellpadding:2px;
cellspacing:2px;
margin-left:30%;
td {
font-size:14px;
font-style:normal;
font-weight:normal;
border:0;
padding:0;
/* HMTL selectors start here */
/* ID selectors start */
#mainText {
height:400px;
font-family:Arial, Helvetica, sans-serif;
font-size:14px;
text-align:left;
margin-left:1%;
margin-right:1%;
padding: 10px 5px;
word-spacing:1px;
letter-spacing:1px;
/* id ends here */
</style>
<script language="JavaScript" type="text/JavaScript">
<!-- function MM_reloadPage(init) { //reloads the window
if Nav4 resized if (init==true) with (navigator) {if
((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight;
onresize=MM_reloadPage; }} else if (innerWidth!=document.MM_pgW ||
innerHeight!=document.MM_pgH) location.reload(); }
MM_reloadPage(true); //-->
</script>
</head>
<body>
<!-- CASCADING POPUP MENUS v5.2 by Angus Turnbill
http://www.twinhelix.com -->
<script language="javascript" type="text/javascript"
src="../js/pop_core.js"></script>
<script language="javascript" type="text/javascript"
src="../js/pop_data.js"></script>
<!-- border begins here -->
<div id="border">
<!-- second nav start here -->
<div id="secNavBar"><a
href="../index.htm">Home</a> | <a
href="../htm/quality.htm">Quality</a>
| <a href="../htm/contactUs.htm">Contact
Us</a> | <a
href="../htm/siteMap.htm"> Site
Map</a></div>
<!-- logo starts here -->
<div id="logo">
<img src="../art/NewLogo.jpg" alt="Logo of IMPulse NC,
INC." usemap="#Map" />
<map name="Map" id="Map">
<area shape="rect" coords="5,3,280,74"
href="../index.htm" alt="Return to home page" />
</map>
</div>
<!-- primary navigation div tags starts here -->
<div id="priNav">
<a id="home" name="home"
style="visibility:hidden;">Home</a>
<!-- primary navigation div tags ends here -->
</div>
<!-- main text starts here -->
<div id="mainText">
<h2>Customer Database </h2>
<p
style="font-size:14px;font-style:normal;font-weight:normal;">Welcome
<%=strFN%></p>
<p
style="font-size:14px;font-style:normal;font-weight:normal;">Please
search for a customer by using the fields below. You can use one
field or multiple fields for your search.</p>
<!-- signIn form starts here -->
<div id="signIn">
<div id="CSearch">
<table>
<form action="results.asp" method="post" name="search"
id="search">
<tr>
<td width="98" height="29">Last Name:</td>
<td width="150" tabindex="1"><input type="text"
name="clname" size="25" maxlength="25" /></td>
</tr>
<tr>
<td height="30">First Name:</td>
<td tabindex="2"><input type="text" size="25"
maxlength="25" name="cfname" /></td>
</tr>
<tr>
<td height="30">Company:</td>
<td tabindex="3"><input type="text" size="25"
maxlength="25" name="ccomp" /></td>
</tr>
<tr>
<td height="48" colspan="2" tabindex="4">
<input type="submit" name="login" value="Submit" />
<input type="reset" name="Reset" value="Reset" />
<a href="logOut.asp">
<input type="button" name="logOut" value="Log Out" />
</a> </td>
</tr>
</form>
</table>
<!-- customer search form ends here -->
</div>
<blockquote> </blockquote>
<!-- signIn form ends here -->
</div>
<!-- main text ends here -->
</div>
<div id="btm_Bar">
100 IMPulse Way • Mount Olive, North Carolina 28365
• Main (919) 658-2200 • Fax (919) 658-2268<br />
©2006 IMPulse NC, Inc. All Rights Reserved. </div>
</div>
<script language="javascript" type="text/javascript"
src="../js/pop_events.js"></script>
<!-- Places text blinker in the uname text box thru
javascript -->
<script language="javascript" type="text/javascript">
document.search.clname.focus();
</script>
<!-- javascript ends here -->
<%
Response.Write(Session("username")) & "<br />"
Response.Write(Session("userpass")) & "<br />"
Response.Write(Session("sLevel")) & "<br />"
Response.Write(Session("intS")) & "<br />"
%>
</body>
</html>
What am I doing wrong?"pqer" <[email protected]> wrote in message
news:eugsik$kt5$[email protected]..
> What am I doing wrong?
1. You're allowing unfiltered user input into your SQL query.
I could do
some horrible damage to your system.
2. You have SELECT * in your query.
3. You're doing something that doesn't make any sense. Why
add a constant
to the security level just to subtract it again when you
actually want to
use it? You're just making more work for yourself. There is
no benefit
there. -
Reports XI: Infoview behavior with Row Level Security
Post Author: pwilliamsbssp
CA Forum: General
I have a report that is based off a business view that has project information with an additional table used to assign report users to certain clients (each project has a client). A filter is used to assign the report user to the current ce username.The report is scheduled by the administrator login. Each user goes to view their report on Infoview and is able to view data for only those clients specifically assigned. This functionality seems to work fine - everyone views one instance of the report and InfoView assigns the row level security.However, I'm running into a problem viewing report histories when adding or changing client assignments. The historical reports come up either blank or with erroneous information (such as the current week's information instead of the previous week's data saved with the instance of the report). I have not found a logical link between the behavior of the historical reports and the specific users. Some can see one week and not another while others have the reverse, regardless of their security assignments.Does anyone understand the behavior of view historical reports with row-level security? I have no idea what data/metadata is saved with each report instance and when the row-level security is being read. Is it read when viewing the report? or, is it specific to the structure of the data when the report was run?With other reports using the same row-level security model I'm able to view the historical reports although it has the client assignments at the time the report was created. But, at least I'm able to view the reports.Any insight welcome.Patrick WilliamsPost Author: pwilliamsbssp
CA Forum: General
Bump. Anyone is welcome to tackle this question. Please. -
I want to migrate Analysis Services 2008 database to 2012 AS database along with data level security defined in current production cube
Note: Only Production environment have security, while no security is defined in development environment
Potential Approach:
1 - Using Synchronization Wizard: Gives me error : "The OLAP element at line1 can not appear under envelope......" and this is because Synchrinzation works only for same version
and in my case, there are different versions of SQL (SQL 2008 and 2012)
2 - Using Visual studio conversion wizard - Convert SQL 2008 AS project to 2012 and then process cube, so I can get the cube working but then how can I get data level security since 100's of data level security is defined in production Cube, so how can I
migrate that across
3 - Script out XMLA and deploy cube - But then again having issues with how can i script SSAS security
4 - Would taking backup of SSAS 2008 database and restore to SSAS 2012 will help ?
Any suggestions would be appreciated
Thanks,
MihirHi Mihir,
According to your description, you want to migrate the SQL Server Analysis Services (SSAS) 2008 database which have some security setting with it to SSAS 2012, right? We can migrate existing Analysis Services databases either during Setup, by upgrading an
existing instance of Analysis Services, or after Setup, by running the Migration Wizard. Generally, when migrating a database to another server, all the setting will be migrated. So in your scenario, you can refer to the steps on the links below to migrate
your SSAS database.
How to: Migrate Analysis Services Databases
Migrating Existing Analysis Services Databases
Regards,
Charlie Liao
TechNet Community Support -
Using WS-Security with Spring application in WebLogic
From a high level, are there any issues with using WS-Security in WebLogic 8 or 9 with an application constructed with Spring? What issues might come up between WS-Security and Spring that might make this complicated?
You won't be able to do this using the WSSE file.
An easy way to get around this is to use an XML Bean built from the WS-Security XML Schema. You'll have to read the WS-Security spec to determine how to create the nonce, but you'll be able to convert this XML Bean into the Element[] that the setOutputHeaders() method, which is on the service control you call the .NET Web Service with.
Regards,
Mike Wooten -
Security Profile with Assignment-level Security limitations
Hi, We are on an R12 installation, and have a security profile based on Organization Hierarchy (With Assignment-Level Security - i.e. 'Restrict on Individual Assignments' checkbox is ticked); this is based on a specific organisation as the 'Top Org' rather than the User's own Assignment.
The profile option "HR: Access Non-Current Employee Data" is set to 'Yes', but the security profile still restricts access to Future-Dated Assignments and Ended Assignments. Is this expected behaviour, and is the only solution to develop a Custom security profile, and is this even feasible (to replicate organisation hierarchy security using SQL in the custom security tab), or would we have to use a different criteria, such as Payroll?
Regards, ChrisFurther investigation reveals this is a limitation of the product - within security, the selection criteria which determines which individuals (or assignments) is handled seperately to Assignment-level security (i.e. whether individual assignments are restricted), it is not possible to get around this issue even using custom security, as that does not give one the power to determine how individual assignments are handled. Thus if assignment-level security is implemented, the user cannot see Ended or Future-Dated assignments, even if the profile option "HR: Access Non-Current Employee Data" is set to 'Yes'.
The only workaround we have found for this is to:
a) remove assignment-level security, and
b) ensure that where an employee has multiple assignments that cross security groups, this individual is set up twice, as two separate employees. -
4 security level with 2 FWSM contexts
Hello,
I have to implement a DC with two 6509, ACE and FWMS with only a default license for 2 VFW.
But the problem I have, is that I have 4 separate networks where I like to give a different security level.
I'm using the FWSM in transparent mode.
Any idea ? about using VRF ? ACE or something else ?
Suggestions will be appreciated.
Regards,
OmarHello Omar,
Although I'm not familiar with the ACE blade we do run 2 X 6509s with FWSMs.
In your case you could connect your 4 networks to a single context (VFW) since the max network connections per context is 8. You would create 4 BVIs (Bridge Virtual Interfaces.) Security levels in FWSMs don't have much meaning since you are required to specifically allow traffic to pass through the context regardless of which side of the BVI it comes from. By default no traffic flows at all. All traffic is filtered with ACLs.
You could also create a VRF on the 6509 that could act as a central or core routing point for your networks. (We do this for 18 separate contexts and call it the fusion VRF.) However you would only use a VRF if you wanted to keep the routing table isolated from the global table running on the 6509's.
Otherwise this is unnecessary.
If you chose to run the FWSMs in multiple context mode you could have two networks per context, still connect them to a fusion VRF, and also run an Active/Active FWSM configuration which allows you to do a type of load sharing along with failover. One context is active and one context is standby on FWSM A and on FWSM B the roles reverse. This shares active traffic across the FWSM blades.
Hope this brief description is helpful for you.
Simon -
Workflow 2013 use app model for higher security levels
In a workflow 2013, I am currently calling a workflow 2010 so that I can use the impersonate step to run steps at a higher security level than the user that submitted the workflow. In the impersonate step, everything that needs to be run at a higher security
level are placed in the impersonate step.
I have found that the app model in workflow 2013 looks like it replaces the impersonate step in workflow 2010, correct?
Due to that fact if I want to use the app model in workflow 2013 instead of using the impersonate step in workflow 2010, will I need to place all actions and conditionals within in the app model step for everything that needs to be executed at a higher security
level? If so, can you show me how to accomplish this goal?
If this is not true, what actions and steps do I need to place within the app model so that those actions and conditionals occur at a higher security level?Hi wendy,
What is app model in SharePoint 2013 workflow? Based on your description, it seems like “App Step”. Is it right?
“App Step” provides all the workflow actions added to it, with Read from and Write to Permissions to all the Items in the Site.
App Step is not available by default you need to activate Workflows can use app permissions feature in your Site to get this displayed for that site in SharePoint Designer.
You need to place all actions and conditionals within the App Step for everything that needs to be executed at a higher security level.
More information about App Step in SharePoint 2013 Designer, please refer to the links below:
Create a workflow with elevated permissions by using the SharePoint 2013 Workflow platform
A word about App Step in SharePoint 2013 Workflow Platform
SharePoint Designer 2013 – The new “App Step”
Best Regards,
Wendy
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Wendy Li
TechNet Community Support -
Connect to Azure SQL DB with Security Enabled Access required using SSMS
I'm looking to connect to an Azure SQL DB with Security Enabled Access required using SQL Server Management Studio 2014. I have tried checking off "Encrypt connection", but still errors out with "Cannot open database 'db name' on server 'hostname'
requested by the login. Access to the database is only allowed using a security-enabled connection string."
Thanks,
ScottHi Scott,
Sorry, I missunderstood your initial question and the documentation I referenced is not updated appropriately. You have to change the connection string to <server-name>.database.secure.windows.net when you enable the security/auditing features.
Documentation for this can be found
here
Thanks,
Jan -
Sharing a PM's project with a TeamMember using SharePoint Security Mode
When using SharePoint Security Mode, is it possible for a Project Manager to share a his project plan with a particular Team Member? If so what are the steps?
I am asking because we want certain Team Member to be the Status Manager for certain assignments in the project plan.
Thanks in advance,
\Spiro Theopoulos PMP, MCITP. Montreal, QC (Canada)Hi Spiro,
Have you tried assigning the particular Team member to the Owners group for that Project/Site so the team member can edit the project?
Paul -
Do i have to use norton security with firefox
Do i need to have norton security if i have firefox or do i need to install norton.
beckyAbsolutely not! Mozilla has no specific requirements as to which security program should be used with Firefox. If you are happy with what comes with Windows 7, keep using it. If you aren't, I think you should consider using Avira Personal Free - http://www.free-av.com/. That is my current choice and has been for that last 3 years.
I have access to a free version of Norton every "back to school" sales season, and my only use for those CD's is as a frisbee-like toy. -
With no "lock" or "HTTPS" showing up, how do I know in Safari if an online store is actually using a secure link when their web page makes that claim?
The link in your example - https://www.gmx.com/ - is loading non- secure content from http://themes.googleusercontent.com/
The lock will display only if everything on the page is secure - in this case it's not.
As Safari has no way of knowing if theme.googleusercontent.com is going to be transmitting or receiving content that should be encrypted, then the overall page is in no way secure, and as such Safari won't display the lock icon.
This is correct behaviour - it would be dangerous to users to identify pages as secure when they're clearly not.
Reloading the page above uses cached copies of the fonts, thus no insecure connection is required on the reload. The issue in the link above (GMX) is not a Safari issue, just really bad web development by whomever built the site and mixed secure and insecure content.
Maybe you are looking for
-
How do i delete groups of emails from specific contacts all at one
how do i delete groups of emails from specific contacts all at once without deleting ALL emails in inbox? i need to clear 14,000 emails!
-
I just inserted a CD, how to I rip it onto my Ipod Classic?
-
Browser Language Setting not effective in Application Module
I am using "LANGUAGE = SYS_CONTEXT('USERENV','LANG')" in WHERE clause to fetch List data based on User's Language. I saw this in JDev 11g's Fusion Order Demo sample. It seems that i always get data where LANGUAGE='US', as my AM's locale is always set
-
No Crystal Report data returned in the InfoView - Critical Issue
Hey all, We have been trying to solve this issue since 2 weeks after updating the licenses in our BOBJ dev/production environment. There are a handful of Crystal Reports in the production environment based on a SAP ECC Infoset. The crystal reports ha
-
I have class like this import java.io.*; public class TimeTest3 { private static BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in)); public static void main(String[] args) throws IOException {