Background Administration Setup - End Users

Similar Messages

• Administrator and End user Permission

  Hello Everybody,
  How <b>Administrator permission</b> is different from <b>End user permission</b>, i cannot see any major changes if i assign or revoke those.
  2. If i have assigned <b>role assigner permission</b> to a user who does not User administrator or any other administrator rights, how he is able to assign role to other user.
  I have read on help.sap.com, but unable to understand.
  regards
  Santosh

  Hi Santhosh,
  1. The Name itself tells us the Difference .
      "Administrator" ->
         There r 3 types of Admn here
      a) "Content Admn" ( he is the one Who can create Iview / Role ..)
      b) "User Admn" ( he is the one who can Create Users and Assign Roles to the Users)
      c) "System Admn" ( he can change the System Properties ..Like Layout ,sys alias etc )
  and End User is the one who doesn't have any of the Admn Roles . A default user may contain Only EU_ROLE
  2.
     If u r a developer u must have Content Admn
     and for the basis guys must have User Admn and Sys   admn.
  Hope it helps .
  Regds,
  J

• User Administration  for End User

  Hello Everyone,
  I needing that a end-user can only insert other users in the user group where it is administrator.
  Somebody to know as if makes this?
  Thanks.

  Lucas,
  As far as I now, there is no possibility to differenciate users in a group.
  This means that if you can't differenciate users belonging to a group, you will not be able to identify if he is administrator or not of the group. So it will not be possible to assign him a specific role that will allow him to populate users in that group only.
  For your information, you can use the role "pcd:portal_content/administrator/user_admin/delegated_user_admin_role" to allow user to :
    - create other users
    - top grant roles for with they have the "Role Assigment" permissions
    - but not to populate groups (what could lead to security problem, ie you can make your self member of Administrators group, and so have the SuperAdmin role)
  Hope this help
  Vincent

• Dimension administration by end-users

  Dear colleagues,
  I am designing BPC solution for Headcount planning. End users should be able to change properties for employee dimension. This would be done by approx. 40 users (Fund Centre managers). Is this possible to be done within BPC admininstation, what are the challenges and risks? Has anyone done it with so many users? As far as I know it is not possible to customize or limit dimensions, which can be changed by a user. So it would be very risky that someone changes property, which he should not.
  Thank you!
  Kind regards
  Ivan

  Hi Ivan,
  If the user activity will be limited to member property change (not creating of new members) then the risk is moderate. It can be done by modified code of Master Data on the Fly http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/2020b522-cdb9-2e10-a1b1-873309454fce?QuickLink=index&…
  Using this badi you can add required restrictions. You will need to change code to allow update of properties only.
  Vadim

• End user account

  Dear all,
  I have created an application in the HTML DB repository and create a developer account to access the application. After logging in, the developer account user can use the standard feature such as SQL Workshop and Data Workshop of HTML DB. My question is if there is any method to control the priviledge of a user to use functions designed the application only and prohibit him to use any standard feature.

  Hello "73719",
  even the developer account won't see the edit links when calling the application link directly...
  Assuming your host is called myhost, your port is 7777, your DAD is called htmldb, your application is number 125 and your application's start page is 1, the URL you call to go directly to the app would be
  http://myhost:7777/pls/htmldb/f?p=125:1
  You may setup end user accounts inside HTMLDB by making them neither admin nor developers for the workspace. However, for a larger numer of users on production applications, it is recommended to perform authentication against an LDAP server (e.g. OID or Active Directory) and configure the apps accordingly.
  HTH,
  Holger

• How to Use the same iview for both KM End User and the KM Administrator

  Hi friends,
  *This is my scenario :* How to Use the same iview for both KM End User and the KM Administrator but with different Context
  Menu Options.
  i followed these steps but im getting same context menu for both KM End User and the KM Administrator .
  Assign the role Content Administrator to the user km_admin. This is needed so that km_admin can change
  the presentation settings for the KM Folder u201EReports_kmFolder‟.
  Now, login with user km_admin. Navigate to the Km Folder reports_kmFolder through Content Administration
  -> Km Content. Click on Details link of the folder reports_kmFolder.
  Go To Settings -> Presentation. Click on the tab u201ESettings for You‟-> Click on button u201ESelect Profile‟.
  Select the radio button corresponding to u201Elayout Set‟, and choose u201EConsumerExplorer‟ from the dropdown.
  Click u201EOK‟.
  Select both the check boxes corresponding to Items Affected as shown above, and click u201ESave‟
  Now, remove the u201ESuper Administrator‟ role from the user km_admin and login with this user.
  How rto resolve this????
  Regards,
  Prasad.

  Hello Prasad,
  Most likely the user km_admin still has system principal roles assigned, even though you removed the Super Admin role, you should check that this user doesn't have any other admin roles, otherwise it will be considered a System Principal user and will therefore still have access to all content. For more information see http://help.sap.com/saphelp_nw70/helpdata/en/19/56f28fbd4e11d5993b00508b6b8b11/frameset.htm
  Try creating a new user with just read access to the content and you should see that it will not be able to make any changes etc.
  Regards,
  Lorcan.

• CUCM End User Administration

  Our Helpdesk staff performs the basic functions of add/remove phones and add/remove users from CUCM.  We've just upgraded from CM 4.2 to CUCM 8.5(1).  We are using the integrated CUCM LDAP and not AD integration.  My Helpdesk users are able to use the User/Phone Add option to create a new phone and a new CUCM End User.  They are able to edit all the necessary properties of the phone and line settings.  But with their current group/role memberships they are unable to change attributes of users or to be able to delete them.  The only Role I can see to add them to that allows changes to End Users is Standard CCMADMIN Administration and the only User Group is Standard CCM Super Users.  Both of those give far more rights than I would like Helpdesk staff to have.  Am I missing something obvious to allow them to perform End User management?  Has anyone else encountered this?  Below are the groups/roles my Helpdesk staff are currently part of.  Any help would be apprecitated.
  Bryan
  I've added the users on our Helpdesk to the following Groups:
  Standard CCM Admin Users
  Standard CCM End Users
  Standard CCM Phone Administration
  Standard CTI Enabled
  Standard RealtimeAndTraceCollection
  Which automatically adds them to the following Roles:
  Standard CCM Admin Users
  Stadard CCM End Users
  Standard CCM Phone Management
  Standard CCMADMIN Read Only
  Standard CCMUSER Administration
  Standard CTI Enabled
  Standard CUReporting
  Standard RealtimeAndTraceCollection

  Bryan,
  If I remember correctly, there isn't a pre-canned role that will allow for End User administration. I don't know why.
  Your best bet is to create a custom Role and User Group. This way, you can give your Helpdesk exactly the access they need. The descriptions for the Role permissions are pretty self-explanatory, so it should be pretty easy to accomplish.
  Steps:
  1) create new role
  2) assign permissions to the new role
  3) create a new User Group
  4) assign the new Role to the new User Group
  5) assign the new User Group to the End/Application User accounts for the helpdesk.
  This maybe helpful: http://www.cisco.com/en/US/partner/docs/voice_ip_comm/cucm/admin/8_5_1/ccmsys/a02mla.html#wp1062944
  HTH
  Adam

• End User's mailing list administration

  Hi,
  I have a customer who has just migrated from iMS 5 to newest JES05Q4. Everything seems to be OK except one thing: In iMS 5 end users were able to use Delegated Admin to manage their mailing lists.In 05Q4, Delegated Admin does not allow end users to login. Is this a configuration issue, or is that function removed from the newest Delegated Admin? What is the recommended way for web-based mailing list manipulations?

  Yeah, that's gone from the current DA. We're hoping to get better stuff into JES5, due out sometime around the end of the year.

• Administrator's notifications to end users.

  Hello,
  we do not have portal, but would like to know is there any simple solution to include admin's notifications to end users on the page of the transaction bbpglobal.
  I would like to have it on the left side of the page, under the long descriptions of the transactions.
  TIA
  Gordan

  Hello Gordan,
  With transaction SM02, you can define system messages. They can appear in first screen after logon if you define it the logon configuration of service bbpstart.
  IIs that what you are looking for ?
  Rgds,
  Pierre

• Imposible to login to an application like end user

  I try to develop an application with Oracle Application Express together with Oracle XE.
  Oracle XE is installed on a different computer.
  I'm working to a different computer that is a client. Also the application is already (partial) created some users with different rights are also created (developers, end users and workspace administrator). When I try to connect like end user, I get this message you have below:
  Logout (link to logout of application)
  Access denied by Application security check (message)
  Return to application. (link to return to application)
  What is wrong that I cannot connect like end user?

  Hi Paul,
  This is the setting in this moment for my application. I tried also to set different security check for every one page and then try to connect only to that page only.
  Also I have some endusers that must to connect to my application like enduser. Answer is same.
  I try to setup authorisation schema properly using database users (I've done some users in my XE database with same name and same password). Also, I get same answer.
  I'll try step by step all possible combinations for security check, because there is no logic answer for my mind in this moment with all these security schemas. See here what they are saying in help files:
  Application Express Authentication checks the user name and password against the Oracle Application Express account repository.
  There is a nonsense answer that I get from application part, because a developer account is working very well.
  Best regards to you,
  Daniel

• Small Business Deployment on End-User-Owned iPads/iPhones

  Background:
  6 employees (6 iPads, 5 iPhones) at an architectural firm
  Need cloud-syncing of large PDF libraries of drawings and CAD files for use in the field
  Office server is Windows Server 2003 (currently locked-down to local LAN & wi-fi only, no external access (boss' fear of security))
  Office workstations are Windows-only (I've got Macs at home)
  We have just been gifted iPads (personally-owned) to use for work/play and I received the tasks of setup & deployment.  I would prefer to implement a controlled system to limit my headaches, this isn't entirely possible because these iPads were given as personal gifts and the employees would raise ****.  After downloading/researching the Apple Configurator, it seems like it creates too much of a locked system - so end-users couldn't have their personal Apple IDs on their devices and buy/configure their personal stuff while being managed (work-purchased apps and PDF/CAD deployment) by me.  Correct me if I'm wrong. 
  MDM implementations seem a little overboard.  $$$
  I have come across the iAnnotate app, which syncs with Dropbox (I can convince my boss to pay for Dropbox for Teams).  While I would rather rely on an Apple-developed app (iBooks) to manage our library of PDFs, iAnnotate seems stable through user reviews.  AutoCAD WS would be used for CAD files, with Autodesk's built-in syncing service.
  1. My headaches aside, should I have each user buy/download/update apps with their personal AppleID and reimburse them (or gift them through iTunes from our corporate account)?
  2. How could I control the wiping of a lost iPad/iPhone?
  3. Any other recommendations for deployment in my situation?

  boss would rather not have iTunes
  The name is rather unfortunate in your situation. iTunes came out as a way buying music for the iPad.  Apple had iTunes around, so they added features over time.  It's now a device manager for all Apple i devices. It's more than a way to purchase music.
  Do you take the iPad on customer visits.  iTunes can load presentation on iPad.
  If you sync the iPad on multiple computers, check this out.
  http://support.apple.com/kb/HT1202
  Robert
  ps. Windows makes you paranoid.
  If it is not broke, do not fix it.

• End user releasing own emails based on Policy/Content

  Hiya all,
  New to this forum and my first post so hello to all
  We recently installed a couple of C360 and an M series and they all are working well.
  We have also setup Profanity based filtering and as a result many swear words are being rejected.
  This is setup using dictionaries.
  But we are also getting a high number of false positives and as a result our Techsupport team is inundated with requests to release emails.
  I know with SPAM Quarantine there is End-User Quarantine Access but I don’t see this with Policy Quarantine.
  The end result I want is for end users to release their own emails blocked based on profanity.
  Is this possible?
  My apologies if this has been asked in the past.
  Ivan.
  :D :D

  Welcome aboard Ivan!
  The main reason there is a separation between ironport spam quarantine(isq) and policy quarantine(aka system quarantine) is that ISQ is mainly used in conjunction with the anti-spam verdict/results. While policy quarantine is used as a result of administrative/company policy(e.g. like a profanity dictionary filter in your case).
  Another difference between the two is ISQ is accessible by the end user. Policy quarantine is accessibly only by the admin of the machine.
  Here is a KB article that goes over their diffs.
  What is the difference between IronPort Spam Quarantine and System Quarantine?
  http://tinyurl.com/233qkq
  Now, there is a way to tweak it so that the content filter sends it over to the ISQ. Now keep in mind by doing this, you're mixing profanity filter verdicts with anti-spam results. It may be confusing for the end user unless you preprend the profanity stuff with "[Contains profanity]" at the beginning of the subject line.
  This Cisco IronPort support portal KB article goes over how to send content filter results over to the ISQ.
  Can a Content Filter divert messages to the IronPort Spam Quarantine?
  http://tinyurl.com/coebj3
  Good luck and let me know if that doesn't address your concern.

• 5 Systems Admin relationship tips for end users

  "you know how unlikely it would be for them to host a relationship-fixing TV show. Were they born like this, or did IT support requests just grind them into jaded powder?"
  More eloquent and beautiful words I have not read before :)

  For SysAdmin Appreciation Day, one of our security researchers, Cameron Camp, wrote a blog post for the end user that I think everyone here could appreciate. While he did leave out the daily tribute of coffee and bacon, I'll let that one slide for now. :)If you’ve spent much time interacting with system administrators, you know how unlikely it would be for them to host a relationship-fixing TV show. Were they born like this, or did IT support requests just grind them into jaded powder?With a combination of endless patches, glitches, and caffeinated techno pulsing in the background, they do get edgy (and court the look of pallor). Want to mend your systems admin relationship? On this Systems Administration appreciation day, we give you a few tips to help mend fences...Read the list and the rest of the postHERE
  This topic first appeared in the Spiceworks Community

• Jabber for Mac - End User unable to Cut & Paste Images in IM

  Full discloure: I am an END USER, not an IT admin or anything like that. Not sure if this is the proper forum to ask this question but figured it was worth a shot...
  Running OSX 10.9.1 and Jabber 9.2.1.
  I am unable to copy-and-paste images into IM conversations with co-workers.
  My "cachedPresenceConfigStore.xml" file shows:
  "<im_cutandpaste_enabled>TRUE</im_cutandpaste_enabled>"
  and
  "<screen_capture_enabled>TRUE</screen_capture_enabled>"
  ...yet these functions seem to be missing from the IM client. As far as I know our organization's service-side policy allows for sending images over IM (confirmed this using the jabber client on a windows machine).
  Am I just "doing it wrong" somehow? Is there some special method I need to use to be able to paste images into an IM conversation?
  Any help or direction is appreciated.
  Thank you,
  Jason

  It appears they disabled it server-side as the button (a paperclip) normaly appears to the right of the emoticon button. While the jabber-config.xml file can block specific file extensions, it cannot disable the feature entirely. This is done within the Service Parameters of the server, which only an admin can see.
  ProcedureStep 1 Choose Cisco Unified CM IM and Presence Administration > System > Service Parameters.Step 2 From the Server menu, choose an IM and Presence node .Step 3 In the Service Parameter Configuration window, choose Cisco XCP Router as the service.Step 4 From the Enable file transfer drop-down list, click On or Off.Step 5 Click Save.Step 6 Restart the Cisco XCP Router Service on every node in the cluster. For more information, see Restart CiscoXCP Router service, on page 43.
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/im_presence/deployment/9_1_1/CUP0_BK_D5B4C107_00_deployment-guide-for-imp-91.html
  Please remember to rate helpful responses and identify helpful or correct answers.

• How can end users execute rules files ?

  There is a need to have Hyperion Planning end users kick off a rules file in EAS. Obviously we can not give end users access to EAS to execute a SQL based rules file. Our Admin is now executing the same rules files 20 times a day. What is the best way for the end user to execute a rules file themselves or load data to Essbase from a SQL source ?
  Thanks

  Thanks for the suggestions. The first reply of using the MaxL script to call the load rule is what you would do if you were an administrator. My problem is that this solution is for end users and they would need to somehow need to use a Remote Desktop Protocol to log into a server and call a batch file that contained the MaxL script to load data.
  The second reply seems a little bit more elegant in that the end users could theoretically kick off a data load by executing a BR that calls an ODI Package. This way, the users don't have to leave the Planning Application to load data.
  We do use ERPi and therfore we do have ODI, but I'm new to ODI and it would take me awhile to piece together all the moving pieces to make this work. I guess the first reply is my path of least resistance so I'm going to give it a try. I'm more perplexed however, in that we can't be the only company out there that has a need for the end users to execute a load rule at their own discretion. Are there any more suggestions out there ?
  Thanks Gurus.