BEx/BW security - Allow users to only create/chage queries Y_*

Similar Messages

• Is it possible to restrict the user from creating a sibling and allow him to ONLY create child nodes in DRM?

  When in a hierarchy, a user right clicks on a node to crate a new node, he has two options
  -Child
  -Sibling
  Is it possible to restrict the user from creating a sibling and allow him to ONLY create child nodes?
  Business cases:
  1. different level nodes need to have different prefixes.
  - Thus, the default prefix property definition uses the level number to assign a prefix
  - Also, a validation, to ensure the correct prefix, uses the level number
  But if the user can create a child and a sibling then the default prefix will only be right for a single case and not both.
  Thanks

  If the images are exactly the same size then make sure the layer with the mask
  is the active layer and in the other documents go to Select>Load Selection and choose
  your document with the layer mask under Source document and under channel choose the layer mask.
  After the selection loads press the layer mask icon at the bottom of the layers panel.
  MTSTUNER

• How To Restrict Users To Only Create Purchase Requisitions with Item Catalog?

  Hi, everyone 
  Please help me, 
  How To Restrict Users To Only Create Purchase Requisitions with Item Catalog? is it possible? 
  Regards,   Manuel

  Hi Steenie Norman
  First click on the text item ---> Tools ---> Property Pallete ---->
  and change the Keyboard State to Local Only also this Depend in your OS
  hope this useful ....
  Regards
  Mohammed

• Is security allow users include File item?

  I would like to know if there is documentation about File item and zip item security.
  There is any problem to allow users include File item?
  The could use it to broke or attack the system?

  John, My only doubt is if I set "Read
  items that were created by the user" and "Create
  items and edit items that were created by the user" in the Advanced settings sections, are these 4 super users can see all the items in the list even they have Full control access?

• CSS rights to allow user to only suspend/activate servers

  Is there a right combo that can do this, but not make config changes? The user that I created was not superuser, but had read/write "dir-access" to the release root directory. When I log in as the user I do not get a "Submit" button to activate/suspend servers.

  Granting authorizations for working with query components depending on the component creator is possible with the authorization object S_RS_COMP1  You can either grant those authorizations for a team or grant authorizations for self-created queries with low maintenance effort by entering a variable ($USER).
  Check the HOw to paper How to…
  grant authorizations for query components by creator
  https://websmp109.sap-ag.de/~sapidp/002006825000000015622004E.gif
  Jaya
  Message was edited by: Jaya Mogali

• Allow user to only access guest OS

  I have a Redhat 6.2 virtual machine that I would like to be the only thing the user sees/interacts with. Is there anyway to launch this virtual machine automatically when the Host OS starts and then prevent the user from accessing the host OS?  It would
  be acceptable if the user had to enter a password to login to the host OS.
  I have tried to boot directly from the virtual disk, but ran into issues with the Linux OS not being able to handle the virtual disk being stored on a NTFS partition. 

  The think you tried is called Native Boot, and it has nothing to di with Hyper-V.
  The short answer to your question is 'no'
  The only solution like that I am aware of is XenClient from Citrix (that uses a hypervisor to provide a VM to the end use with only access to the VM).
  Brian Ehlert
  http://ITProctology.blogspot.com
  Learn. Apply. Repeat.

• Zero Client Design - allowing user to create document like a word document

  Hi All,
  I am planning to develop an internet based application. How can i allow user to start creating a document (Let say Word document). User does not have Microsoft Word installed on his/her client computer. my application offers create new document.
  User clicks "create new" link on the page. Is it possible to lunch the word in create new page to let user to create document and at the end click Save link on the page to save it on to server?
  Is it possible to call the word application from the sever?
  Thanks
  Sam

  I've never tried it and there may be alternative ways of doing it, but I would think the only way you can provide formatting tools - without recreating each tool - is to use an Applet.
  What you're trying to do is create a document object on the server, have the user select an command on the client side (such as underlining text), have the client pass the command back to the server, and echo the results of that operation, right?
  It would be incredibly awkward and impractical to do that through a conventional stateless HTTP medium such as JSPs, PHP or JavaScript. It may have been done before, I'm just not aware of any attempts to do so.
  Are you willing to consider alternative third-party solutions, open source or not? Or is this something that you explicitly have to code?

• OLS Label Security: how users can view own level/compartment/group choices?

  I have an application using OLS (Oracle Label Security) Virtual Database (VDB) for security; to allow users to only view rows to which they have access.
  I'm creating a list of values (LOV) to allow the user to change the level or compartment of a database record to a different value for which they still have access. The views that show these values is DBA_SA_USER_LEVELS (and COMPARTMENTS, GROUPS) but this view is only visible to DBA users, not the regular user. We are considering giving regular users access to this view, or granting SELECT_ALL_TABLES as suggested in an article I read. However, this approach seems to loosen security, not maintain it.
  How can I allow a user to get a list of levels, compartments or groups available to them without loosening the security on the DBA_* views?
  thanks,
  Scott

  Bump

• NTFS Permissions for a scanner to only create files?

  I'm having some trouble correctly configuring NTFS permissions. My file structure is as such:
  \Scanner\%username%\
  We want anyone to be able to walk up to the scanner, scan a document and drop it in a particular users folder. What we don't want is users being able to view files via the scanner interface.
  My permissions are configured as such:
  Root Folder \scanner\
  Allow
  This Folder & Subfolders
  Traverse, List folder, Read Attributes, Read Extended, Read Permissions
  Allow
  Subfolders & files only
  Create Files / write data
  What am i missing here? 
  This topic first appeared in the Spiceworks Community

  By Guest Blogger Brad Mathis, Senior Consultant, InformationSecurity It is mid-2015. By now, we have all seen incoming emails claiming we have been bequeathed a huge sum of money from a Nigerian Prince, or we have won a foreign lottery we never entered. Most employees have seen these scam emails long enough to know they are not real. However, What about the seemingly benign email coming in from a recognizable sender? What if this legitimate looking email has an attached PDF or Word document? What if it contains a seemingly real link to a web site? How many of your employees would open the attachment or click on the link? How many employees will assume it is safe since it made it unscathed through all of your layers of security, including email and web content filters? Do your users understand the ramifications of...

• How to set authorization for only Create infotype record

  How can I set the authorization so that the user can only create Infotype 14,15,2010,2001,2006 but cannot change and delete the record for these infotypes.
  But user has the authorization to create,change and delete other infotypes.

  Hi irene,
  1. For this we have to use the
     authorisation object
    P_ORGIN
  2. It has got the following fields, on which authorisations can be controlled.
  AUTHC     Authorization level
  INFTY     Infotype           
  PERSA     Personnel Area     
  PERSG     Employee Group     
  PERSK     Employee Subgroup  
  SUBTY     Subtype            
  VDSK1     Organizational Key 
  regards,
  amit m.

• Allowing user to access only documents created by him.

  Hi!, is there a way to allow users to read only the documents created by them?, so when they click on the browse data buttons on top they navigate through the documents created only by the specific user?
  Thank you!

  Hi,
  Please check Data Ownership Authorisation if the same is of help in your case.
  [Data Ownership Authorisation|https://websmp201.sap-ag.de/~form/sapnet?_FRAME=CONTAINER&_HIER_KEY=701100035871000371280&_OBJECT=011000358700004490662004E&_SCENARIO=01100035870000000183&]
  Regards,
  Jitin
  SAP Business One Forum Team

• Create Roles to allow users to see only what they have to see

  Hi everyone,
  I created a Menu using Forms 6i and I would like to know the steps to create a role and then assign those roles to my menu so users can only see the programs they use and not what the administrators are going to be using like some options under one of my menu called maintenance.

  So you mean that I have to open Module Roles under Menu Security and write a name for each role on that small window that appear? For example I want a role to be called SHOW_MENU then I type that name on that window and that's it?No, thats just the definition that this role is relevant for the menu. In the next step, you have to assign that role to every menu-item which should be accessible with the role.
  After that do I need a special command on Oracle to assign the user that role and tell the database that I want that user just to see that menu item?Do don't tell the database anything about the menu, the database doesn't even know what a menu is. You assign the role to a database user, and then forms checks which roles are assigned to the connected user and with that information checks, which of the menuitems should be shown to the user.
  The command to grant a role to a dbuser is
  GRANT <ROLENAME> TO <USERNAME>;

• Can we lock down user admin functionality to allow password changes only?

  Hi,
  Is it possible to lock down the user admin functionality so a specific role can only change passwords?
  We have a large user base of >10K infrequent users that are forced to change their passwords every 30 days. We suspect a lot will require password changes and we are keen to not have the tech team spending most of their time dealing with such requests. We would like to pass this task onto data management but not allow them the system administrator functionality.
  We know we can create a responsibility with a limited menu available so the operator can see only the security/user/define menu. But this will still allow the person to add responsibilities to existing user accounts and create new user accounts, both of which are deemed unacceptable security risks. Is it possible to lock down the form as well as the menu? Allowing operators to only change the password of existing users? Or can we use the custom.pll to error when a user tries to do anything except edit the password field when in this role?
  Thanks
  Matt

  You should be able to do that. You would create a new privilege level (ie 7), assign all commands to that level except (this is my guess) the command vpn-sessiondb, you would put that at a lower privilege level (ie 6). Here's a write-up that may help getting you in the right direction.
  http://www.packetpros.com/2012/08/read-only-asdm.html

• How can i create a new user with only read rights ?

  How can i create a new user with only read rights ?

  You are asking about a Database User I hope.
  You can look into the Oracle 8i Documentation and find various privillages listed.
  In particular, you may find:
  Chapter 27 Privileges, Roles, and Security Policies
  an intresting chapter.
  You may want to do this with the various tools included with 8i - including the
  Oracle DBA Studio - expand the Security node and you can create USERS and ROLES.
  Or use SQL*Plus. To create a
  user / password named John / Smith, you would login to SQL*Plus as System/manager (or other) and type in:
  Create user John identified by Smith;
  Grant CONNECT to John;
  Grant SELECT ANY TABLE to John;
  commit;
  There is much more you can do
  depending on your needs.
  Please read the documentation.
  -John
  null

• How do I allow users to create folders in a shared folder where we all then have read/write access to those new folders?

  I have three users who need to access a particular folder on one of our other Macs. The folder resides on the desktop of that particular Mac and it is set as "shared" with all of our accounts set to access the folder. When a user creates a new subfolder in that shared folder, the permissions are instantly set to allow the creator read/write access but the other users are only allowed read-only access. Is there a way to set the permissions so that any new folder created in that shared folder automatically gives read/write access to all accounts who are authorized access to that shared folder?

  You should be able to take the permissions you have set and "apply to enclosed items." I am trying to attach a picture of what this looks like so my apologies if it does not work.
  Highlight your folder you want and go to File>Get Info or command+I and at the bottom where it has Sharing and Permissions, click the lock button to authenticate. Click the gear and click "apply to enclosed items". See if that works.