BI content for access control

Similar Messages

• Importing a pkg with rely on server storage and roles for access control

  Hi we run std 2008 r2.  I'm reading documentation on prot levels during pkg import to catalog at
  https://msdn.microsoft.com/en-us/library/ms141747(v=sql.105).aspx but unfortunately the definition of prot level "rely on server storage and roles for access control"
  isn't clear.  They used the prot level name to define it which didn't help me.
  This option looks appealing but it isn't clear why I need to enter a pswd when choosing this option.  Will my peers need to know that pswd when they export?  Will the sql agent job need to present that pswd when running?  If I just keep current
  prot level "encrypt with user" will the agent job be able to run it?  I'm sure it (agent) isn't running with my creds now.  Also, how can I tell what prot level it was deployed with last?  I rt clicked on the pkg in the catalog
  and don't see anything obvious about that.  I already understand that on export prot level is changed to encrypt with user. 
  I'm going to look at the sql agen job right now to see what creds it runs with.

  First thing to understand is that protection level is used for determining how package (dtsx) file have to be protected. Once package is deployed in server and executed from agent, the conventional way is to use method of configurations or parameters if
  2012 to get required connection etc values and execute using it. It never uses the values that were set during the design time. So it doesnt matter what protection level was so far as its based on config
  However if you're planning to export existing package to your system and do modification thats where protection level comes to play. If its set to any of ENcryptSensitive... type value then you'll to provide the value (either a passowrd or your userkey which
  it takes automatically from login info) to see the sensitive info (connection info,passwords etc) The package will still open and so far as you manually type in missing values you will be able to execute the package. If protection level is set to one of ENcrptAll
  then you will have no way to open package itself unless you provide password/ have correct userkey.
  The rely on server storage option uses sql server security context itself ie it doesnt do any encryption within package by itself but will assume values based on sqlserver security. This is used when you store package itself in SQLServer itself (MSDB)
  Please Mark This As Answer if it solved your issue
  Please Vote This As Helpful if it helps to solve your issue
  Visakh
  My Wiki User Page
  My MSDN Page
  My Personal Blog
  My Facebook Page

• Landscape for Access Control (all components)

  Hi!
  I need to know the following:
  Does the implementation of GRC Access Control requires a landscape of three systems (DEV / QAS / PRD)?
  Is it possible to install on an existing system ECC 6.0, or should not be using the same host?
  Regards
  Gustavo Cabero

  Hi,
  it is recommended to have at least a DEV/QA and a Productive server, one for testing and one with productive data.
  As there is no "transport" system on the JAVA side as you know it from ABAP, most customers don't use the 3-step landscape.
  You can install the suite on any J2EE server in your landscape, as long as the requirements (disk space, memory, processor) are met.
  It can be a dual stack system, but it doesn't have to.
  Regards,
  Daniela

• Where can I find iPhone "Apple ID" # for Access Control on Airport Express?

  I'm running Apple Express (NOT Extreme) base station v5.5.1, & require Access Control on 802.11g network. I have "Apple IDs" for all our computers using network, but I can't figure how to get ID #s for iPhone. As workaround, I temporarily opened my network to standard 128-WEP encrypt w/ password, disabling Access Control. But some hash-chart wizard in my apt complex keeps beating WEP & bogging down network, no matter how many times I change passwords. Note: I can't set up WPA w/o Airport Extreme, so that's not an option.
  Thanks in advance for any suggestions...

  Yeah, this kinda had me going as well...at first I couldn't figure out where in the world was the MAC address for this iPhone! I check the iPhone, the box, online everything everywhere! I just happened to be in the Settings and went to About this iPhone...and Blam! there it was!!! Be sure and use the ID for WiFi. MAC Access Control is a great safeguard, though many say people can "spoof" MAC IDs. I haven't seen it and am not sure how it would be done.

• Default Keychain Access Control for Safari

  For the Keychain item Safari Forms Autofill, what are the default settings for Access Control? Mine are set to Confirm Before Access, and Ask For Keychain Password and no applications are listed. How it is out of the box?

  Hmmm... if I open Keychain Access, I do not see separate keychains for each browser - just one for "System", "Login", "scott" and "X509Anchors" - and all of my internet passwords are stored in "scott". Also, if I open an internet item, I get a window that shows a tab for "Access Control" - where I can give access to all applications, or I can specify any specific application to have access to that info.
  So, from that I had assumed that when I add Camino to the list of applications under "Always allow access to these applications" for an internet password item, that it would automatically be pulled from there by Camino when needed (and I was pretty sure that's what had happened when I was dealing with this yesterday).
  However, after testing a couple more by adding Camino to that list, and changing another to allow access by any application, the username and passwords did not automatically come up in Camino. I must have been dreaming it. :?
  Are the "Internet Password" and "Web form password" items in Keychain Access not what the browsers draw from? Do they maintain their own "keychains" as part of their "Application Support" files?

• How to allow multiple domains under Access-Control-Allow-Origin

  Hi,
  We have a domain where will get CORS request from another domain hosted on seperate DC. We can't set
  Access-Control-Allow-Origin as * due to security concerns & IIS can't take more than 1 value at a time. Kindly suggest how to pass multiple httpheader  for
  Access-Control-Allow-Origin.
  Regards,
  Dhiraj

  Hello Dhiraj,
  This is not the suitable forum for your question, you may post in
  IIS forums for more help.
  Thanks for your understanding.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Reporting on Access Control 5.3 with SAP BO 4.0

  Hello All,
  I have to develop WebI reports on Access Control 5.3 data. Are there any direct connectivity options available in IDT for Access Control 5.3 or Do I have to go through Oracle database connectivity as Access control 5.3 backend database is Oracle? And also for authorization data I have to connect to ERP system.
  Any help that you can provide will be greatly appreciated.
  Thanks and Regards,
  Aashutosh

  Hi,
  Generally speaking,  i believe GRC 10  is more closely aligned to BI4.0 in terms of product releases.
  However, to the best of my knowledge, there's no direct connector from BI semantic layer (IDT/UDT) specifically for GRC.
  I believe there is a web-based UI (dynpro) for dashboard-like analysis of the compliance topology, but that's it:
  http://help.sap.com/saphelp_grcac10/helpdata/en/16/7a5f2e29744e078f9305017fee2fc2/frameset.htm
  You may want to contact the GRC forum to confirm.
  Regards
  H

• Business Content for Product Cost Collector analysis - KKBC_PKO

  Hello,
  I have a user requirement to setup a report that matches the KKBC_PKO report in ECC.
  Is there any business content that can help me do that?
  Many thanks,
  Claudio

  Hi,
  I guess you shoud check out one of the 0CO_PC_* datasources. Check also the business content for applicaten controlling->product cost controlling. [BCT|http://help.sap.com/saphelp_nw70/helpdata/en/37/dc143c65b8b800e10000000a114084/frameset.htm]
  Siggi
  Edited by: Siegfried Szameitat on Jul 14, 2010 2:47 PM

• Custom GRC  access control reports

  Hi,
  Is it possible to have custom reports for access control?  Specifically we are looking at developing reports based on roles and users for compliance calibrator (risk analysis and remidiation). 
  Thanks.

  Hi Clark,
  Just go through with the following document......
  http://www.sdn.sap.com/irj/bpx/index?rid=/library/uuid/706f48c6-9694-2c10-319f-c379570dc988&overridelayout=true
  You will come to know all the new features about custom reports.
  Regards,
  Mohit

• EA4500 - poor parental access controls.

  What's great about it: Easy to setup. Fast. Good range.
  What's not so great: Parental controls are limited to the point of being useless for my needs.
  I love this router but it's going back. The parental access controls are extremely limited. Limited to the point of being useless IMO. For instance, I can't restrict access to Tues - Friday 3:00PM - 8:00PM. The router also predefines weekends and school days and you are limited to a time limit that begins in PM and ends in AM. Your defined end time must be after midnight because you are limited to an AM ending time. The router defines weekends as Saturday - Sunday. What about holiday weekends? No way to account for that in the access controls. It's very limiting and frustrating for a high dollar router. If you don't have use for access controls, it's a great router.
  This product has...
  Fast connection
  Secure connection
  Easy to set up
  Reliable connection
  No, I would not recommend this to a friend.
  I use it in...:Small home

  I have to agree. I set this up on Friday, gave it the weekend to run and see how it works. Tonight I read pages upon pages about how to get the parental controls to work -the number one reason I bought this one. I watched my son using skype, minecraft, facebook and youtube right under my nose while I reset and reset and reset the parental controls to block those sites on his PC.
  The cloud is not there.  Apps? What apps? Misleading. There is a Droid app that is almost useless as it has no parental control. And the setting for limiting access? Give me a break. Who designed that data set, a kid?
  It was presented as if this device would have apps to be able to customize the operation. That would be good. Where are the apps?
  Its going back by Wednesday just because I have already sold my old DGL-4300 and now I have to get another router. NetGear here I come again.  Oh, please please please spare me the posting of  two links to how to set up the parental controls with the web interface or Cisco Connect. The issue is NOT that I don't know how to use the feature. The issue is the feature is sufficiently lacking in scope and options. It sucks.

• Issue while enabling Access Control for a Coherence server node

  Hi
  Im trying to enable access control for a Coherence server node, using the default Keystore login method shipped with Coherence. When i start the server i get the error "java.security.AccessControlException: Unsufficient rights to perform the operation". Please see below for the sequence of steps I've followed to enable access control. I just need to be enable Authentication (not authorization) at this stage
  1. I have added the following entry in the Coherence Operational override file
  <security-config>
            <enabled system-property="tangosol.coherence.security">true</enabled>
            <login-module-name>Coherence</login-module-name>
            <access-controller>
                 <class-name>com.tangosol.net.security.DefaultController</class-name>
                 <init-params>
                      <init-param id="1">
                           <param-type>java.io.File</param-type>
                           <param-value>keystore.jks</param-value>
                      </init-param>
                      <init-param id="2">
                           <param-type>java.io.File</param-type>
                           <param-value>permissions.xml</param-value>
                      </init-param>
                 </init-params>
            </access-controller>
            <callback-handler>
                 <class-name>com.sun.security.auth.callback.TextCallbackHandler</class-name>
            </callback-handler>
       </security-config>
  2. The following is the entry in the Permissions.xml
  <?xml version='1.0'?>
  <permissions>
  <grant>
  <principal>
  <class>javax.security.auth.x500.X500Principal</class>
  <name>CN=admin,OU=Coherence,O=Oracle,C=US</name>
  </principal>
  <permission>
  <target>*</target>
  <action>all</action>
  </permission>
  </grant>
  </permissions>
  3. The following is the content of the Login configuration file "Coherence_Login.conf"
  Coherence {
  com.tangosol.security.KeystoreLogin required
  keyStorePath="keystore.jks";
  4. The following is the command line tag for starting the server
  java -server -showversion -Djava.security.auth.login.config=Coherence_Login.conf -Xms%memory% -Xmx%memory% -Dtangosol.coherence.cacheconfig=PROXY-cache-config.xml -Dtangosol.coherence.override=FOL-coherence-override.xml -Dcom.sun.management.jmxremote.port=6789 -Dcom.sun.management.jmxremote.authenticate=false -Dtangosol.coherence.security=true -cp "%coherence_home%\lib\coherence.jar" com.tangosol.net.DefaultCacheServer %1
  Following is the output on the Console when running the command. It asks for a username and password for the JKS store (If i provide the wrong password, it gives a different error, which shows that it is able to authenticate aganst the Keystore). After i put in the password, it throws the error as shown below "java.security.AccessControlException: Unsufficient rights to perform the operation"
  D:\Coherence\FOL_CacheServer>fol-cache-server
  java version "1.6.0_20"
  Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
  Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)
  Username:admin
  Password:
  Exception in thread "main" java.security.AccessControlException: Unsufficient ri
  ghts to perform the operation
  at com.tangosol.net.security.DefaultController.checkPermission(DefaultCo
  ntroller.java:153)
  at com.tangosol.coherence.component.net.security.Standard.checkPermissio
  n(Standard.CDB:32)
  at com.tangosol.coherence.component.net.Security.checkPermission(Securit
  y.CDB:11)
  at com.tangosol.coherence.component.util.SafeCluster.ensureService(SafeC
  luster.CDB:6)
  at com.tangosol.coherence.component.net.management.Connector.startServic
  e(Connector.CDB:20)
  at com.tangosol.coherence.component.net.management.gateway.Remote.regist
  erLocalModel(Remote.CDB:10)
  at com.tangosol.coherence.component.net.management.gateway.Local.registe
  rLocalModel(Local.CDB:10)
  at com.tangosol.coherence.component.net.management.Gateway.register(Gate
  way.CDB:6)
  at com.tangosol.coherence.component.util.SafeCluster.ensureRunningCluste
  r(SafeCluster.CDB:46)
  at com.tangosol.coherence.component.util.SafeCluster.start(SafeCluster.C
  DB:2)
  at com.tangosol.net.CacheFactory.ensureCluster(CacheFactory.java:998)
  at com.tangosol.net.DefaultConfigurableCacheFactory.ensureServiceInterna
  l(DefaultConfigurableCacheFactory.java:923)
  at com.tangosol.net.DefaultConfigurableCacheFactory.ensureService(Defaul
  tConfigurableCacheFactory.java:892)
  at com.tangosol.net.DefaultCacheServer.startServices(DefaultCacheServer.
  java:81)
  at com.tangosol.net.DefaultCacheServer.intialStartServices(DefaultCacheS
  erver.java:250)
  at com.tangosol.net.DefaultCacheServer.startAndMonitor(DefaultCacheServe
  r.java:55)
  at com.tangosol.net.DefaultCacheServer.main(DefaultCacheServer.java:197)

  Did you create the weblogic domain with the Oracle Webcenter Spaces option selected? This should install the relevant libraries into the domain that you will need to deploy your application. My experience is based off WC 11.1.1.0. If you haven't, you can extend your domain by re-running the Domain Config Wizard again (WLS_HOME/common/bin/config.sh)
  Cappa

• Error while turning on Access control for web proxy

  When I try turning on access control setting for the service (using web-based server admin page: sever preferences->restrict access), i got this pop-up error message:
  System Error:
  The POST variables could not be read from stdin.
  Environment:
  Windows2000 SP2
  Sun ONE WebProxy 3.6 SP1
  File-System NTFS
  Thx

  Hi,
  Please mention on which platform you have installed the iplanet web proxy server. If it is on NT then make sure it must on NTFS partition.
  refer the following link for more details
  http://docs.iplanet.com/docs/manuals/proxy/36/adminnt/contents.htm

• WRT 120 Internet Access Control Problem for itouch

  I've just set up my router. Cannot seem to control access to the internet for my son's itouch. The router recognizes it on the map as a wireless device part of the network, but it will not show up in the menu that allows for internet access control. My lap top shows up, but no itouch. I'm running Windows XP home premium edition - not sure if this makes a difference.

  Open the linksys setup page...Under the Wireless tab,Change the Channel Width to 20MHz only,Channel to 11 and click on save settings...Under the Advanced Wireless Settings,Change the Beacon Interval to 75,Change the Fragmentation Threshold to 2304,Change the RTS Threshold to 2304 and Click on Save Settings... 
  On the I-Touch..Go to Settings>>>General>>>Reset>>>Now select Reset Network Settings.This will now reboot and restore you network connections.

• How do I set up timed access control for a time past midnight

  I would like to set up timed access control for a number of my devices that would stretch past midnight...   An open network from 6AM to 2AM - effectively only blocking access from 2AM tp 6AM in the morning....
  Any notion on how to do this?  the timed factily does not like the setting to enable 6A to 2A, says the times are invalid. 
  Setting up timed access from 6AM to 11:59P, then doing another from 12A to 2A causes a service "hiccup" of 1 Minute.

  Set up each device as follows:
  Everyday........Between.......6:00 AM and 11:59 PM
  Add a second rule for each device that will state....
  Everyday.....Between.......12:00 AM and 2:00 AM
  You might think that there would be a one minute break between 11:59 PM and 12:00 AM, but that will not be the case, at least on every AirPort that I have ever programmed..  Reason.....11:59 is really 11:59:59:59 turning off at 12:00 AM.  But, you have a second rule to allow access at 12:00 AM, so the AirPort will be "on" at the same time the first rule ends, so there will be no break.
  If you really want the second rule to turn the AirPort "off" at 2:00 AM.......then set that time for 1:59 AM. If you set the rule for 2:00 AM, then AirPort will really turn off at 2:01 AM.

• Looking for some best practice regarding Content Administrator access

  Hi. I am looking for some best practice or rule of thumb from SAP or from different companies how they address Portal Content Administrator access in Production environment. Basically, our company is implementing portal to work with SAP BW.  We are on SP 9. Basically, I am trying to determine if we should have 1-2 Portal Content Administrator in Production with 24/7 access or we should limit them from NOT having this.  Can you share with me some ideas of what is right? and what is not?
  Should we have access in Production? Or Should we have this access but limited? By the way, our users are allow to Publish BI reports/queries into Production.

  Hello Michael,
  Refer to this guide about managing initial content in portal.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/00bfbf7c-7aa1-2910-6b9e-94f4b1d320e1
  Regards
  Deb
  [Reward Points for helpful answers]