Can't Restrict users form accessing folders

Similar Messages

• How can i restrict user to access database object (procedure) or JSP

  Hi
  I have 9ias infrastructure 902, on win2k box with 9i DB.
  and I have one PL/SQL web application and another J2EE application both are hosted by 9ias 902.
  Now we are looking forward to couple both with SSO.
  I have deloyed samples of both and works fine.
  Each application have different set of users, i mean there is no common user.
  How can i restrict user not to view the web page which is not authorised to them.
  as far as i understand from the Grocery demo is pick the role (which is a string only) from OID and programaticall apply security via if else endif construct.
  can any one through light upto my concern.
  regards
  [email protected]

  Hey Mary
  No i haven't try to do that via pl/sql....
  as the our application is j2ee app... deployed in oc4j.. with sso and ldap....
  still finding to do so....
  what i have realized that LDAP is just to store user information in inverted tree... and one have to build separated access security mechnisum that will be applicable to j2ee system....
  thanx...
  samir....

• How can we restrict users from changing the data in HFM.

  Hi All,
  We have requirement from users where, They don't want the base data being loaded from SAP to HFM via FDM through ERPi to get changed in HFM at <Entity Currency>. They want data to be read only and no body should be able to change neither Grid nor Forms and neither Smart View. If we restrict by Shared services access then again they can't change ownership management value.
  Regards,
  Sushil

  Hi Thanos, Thanks for your reply.
  Yes i am aware of the security class, so your suggestion is to use security classes to restrict users? And how can i use the phased submission for the same?  I am new to HFM so please bear with me.
  I have one more question that my Application is HFM EPMA application. So is it necessary to have Application Administrator to change hierarchy and Deploy the Application from EPMA?
  Thanks,
  Sushil

• Restricting users in accessing project/project reports

  Hi,
  We are having various Projects created thru PS Module, which can be categorized thru Project Types "Large", "Medium", "Small", "Utility" etc.
  We need to block users from accessing certain projects (by Project Type or individual project itself) which they are not attached. Access should not be available for create,change,display of master data and viewing all reports to these projects. Whether it is possible within PS Module or is it possible by authorization restriction thru basis.
  Please provide your valuable update.
  Regards,
  Vinod

  Ketul,
  You are right. SAP gives hierarchical reports in controlling area currency.
  All hierarchical reports are report painter reports. You need to copy the report going into CJE0 and in form change the currency to company code currency for all key figures.
  Later you can assign an transaction code to access these reports in company code currency.
  Hope it helps.

• Help needed restricting users admin access to devices using ACS 4.2

  I have users that access the network via a VPN client to a PIX 515 which authenticates to the ACS (using the default group for unknown users) which uses an external Active Directory Database.
  The problem I have is that as the ACS authenticates these users, it now allows them admin access to the PIX. How do I restrict access? I have looked at NARs using the 'All AAA clients, *, *' approach but that just stops their VPN access. ( I have a separate group called 'PIX ACCESS' which will contained only defined users for admin access).
  Incidentally I have other devices on the network which are AAA clients, in particular Nortel switches. I can set the group settings for that RADIUS set up to 'Authenticate Only' (RADIUS Nortel option) and that works fine, I was expecting the ACS to have a similar setting for TACACS+.
  So how do I allow the unknown users to authenticate to their AD database but restrict them admin access to the AAA clients?

  Very common problem. I've solved it twice over the last 6 years with ACS. I'm sketchy on the details. But here goes. First option to explore is using RADIUS for VPN access, then TACACS on all the Cisco switches and PIX firewall. That would make it alot easier. I think that with TACACS, you can build a NAR based on TCP port number instead of IP address....
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a0080858d3c.shtml
  So you'd have a group with 3-4 Administrators that can access PIX CLI, and another group of VPN users that can't access the PIX but can VPN in. So on the VPN group, put a NAR that restricts access to SSH/Telnet TCP ports?
  This comes up everytime I install an ACS server, (every 2-3 years), and it's always a trick.
  Please let me know if this works for you. And if it doesn't, let us know how you fixed it. I think I can get back into the ACS I last did this with and take a look, but I'd have to call up and make a special trip.

• How can i restrict users for entering manual expenditure batch for inventor

  Hi,
  Can someone explain me how to restrict users to enter manual pre approve batch for inventory expenditure class in projects??
  Regards,

  Forms Personalization.
  Regards
  Dharam

• CRM PCUI how can I restrict Users

  hi all,
  We are having 5 Portal Users for each User I assigned role in Portal called sales representative which is a part of standard CRM 5.0 Business package.
  Each user use to create Account, lead and opportunity.
  My requirement is, whenever User created account, lead and opportunity, the other Users should not see those details.
  So how can I restrict them?
  In CRM GUI we have created new role and changed,its working fine, But in CRM-Portal (PCUI)  its showing all other users details.
  There is any other way without using Access Control Engine (CRM-ACE), I can restrict the User.
  regards,
  Naresh

  Hi Naresh,
  While working on one project we had faced same problem for this we had used diffrent approch.
  for achiving this u can do below things:
  1) Create diffrent iview for each user. (Assign it for each user for PCUI Portal)
  2) In each iview in Show Advance Search window u have to make "Belonging To " field Freeeze with Value "Me"
  3) Using MAC(CRMC_BLUEPRINT_C) u can achive above steps.
  After doing above step u'll come to know that the respective user can only search and access only their Transaction and not others.
  Hope it'll help u, let me know if u want further help.
  Thanks,
  Dipesh.
  Edited by: Dipesh Date on Oct 8, 2008 1:21 PM

• UCM 9.1 7975 Sets can't restrict user preferences

  We have CallManger 9.1 installed and just noticed that we can't restrict the settings on the 7975 sets to only User Preferences - all 7 options are showing
  Is there a patch with the 9.1 for the 7975 sets?

  Mac OS X now uses the clang compiler, and it is possible the package has not been ported to work with the pickier clang compiler.
  If your system has gcc, you could maybe try hacking the Makefile to use gcc instead of cc (or maybe export CC=gcc, again assuming you have an older copy of gcc on your system).  You might also try specifying some CFLAGS to disable some compiler checks.  It is possible you will need to modify the sources to fix obnoxious coding violations that both clang and gcc will not ignore.
  Or you might check if one of the Mac OS X package managers have already ported the package:  http://MacPorts.org, http://brew.sh, http://www.finkproject.org

• How can i restrict user through material group

  Dear Guru's
  We have two business process CDMA and GSM
  Two purchase organisations, different document types and  different material groups
  our user  is procuring a materials for CDMA using GSM materials codes.
  How can i restrict him.if he selects GSM purchase organisation he should procure only for GSM using GSM materials codes.
  IS it possible to restrict  through material groups
  Regards
  subhash

  Hi Ha Tran,
  Thanks for your suggestion.
  But the problem is that we have two business CDMA and GSM business.
  The enitity and reporting will be in the same company code.
  So we came up with two purchasing organisation because the first purchase organisation was already assigned to company code.
  and the business want different material groups for difeerent business.
  Ex: one material   100000000  DESC : Switching  with material group  NWTR
  the same material  with different number 1000000001 Desc: Switching  material group : GNWTR
  Now the user while  creating purchase order for GSM ,he is using CDMA material.
  I want to restict the users that if he selects document type and purchasing organisation of GSM. System should allow only GSM materials.
  Regards
  Subhash

• Restriction user to access owa outside the organization

  I need a policy that a specific group of user, they can access owa in inside the organizational network but when they go outside they cannot access owa outside network.
  if possible please suggest

  Hi,
  Based on my research, we can block selected Users external OWA access by change the files
  startpage.aspx and basicmessageview.aspx
  For more information, you can refer to the following article:
  http://blog.leederbyshire.com/2012/11/27/block-or-allow-selected-users-depending-on-location-in-microsoft-exchange-2010-outlook-web-app/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Thanks,
  Angela Shi
  TechNet Community Support

• How can we restrict users from marking service orders as deleted

  Hi,
  Please guide me :
  Is it possible to restrict users (who are having authorization of marking service orders as deleted) from marking some service orders as deleted, if they have not created these service orders?
  In other words, requirement is : only the person creating the Service Order should be authorized to delete.
  Please guide.
  Thanks and Regards

  There are many BADI and EXITS available, you have find the appropriate place to put your code.
  USER - EXITS
  CNEX0013  Order: Cust. enhancement: Default item category comp. assgmt
  CNEX0026  Customer enhancement for general inspection of material
  CNEX0027  Customer enhancement: Plant, storage loc. finding for comp.
  IWO10004  Maintenance order: Customer check for order completion
  IWO10005  Maintenance order: Cust.-specif. determination of profit ctr
  IWO10006  Maint. order: Fcode exclusion through cust. enhancement
  IWO10007  Maint.order: Customer enhancement - permits in the order
  IWO10008  Cust. enhancement: Determination of tax jurisdiction code
  IWO10009  PM Order: Customer Check for 'Save' Event
  IWO10010  Maint. order: Cust. enhancement for determining WBS element
  IWO10011  Maint. order: Customer enhancement for component selection
  IWO10015  Maintenance order: F4 Help for user fields on operation
  IWO10016  PM Order: Cust. enhancement to check operation user fields
  IWO10017  Determine external order number by customer logic
  IWO10018  Maintenance order: User fields on order header
  IWO10020  Maintenance order: Automatically include task list
  IWO10021  Automatic task list transfer when creating order from notif.
  IWO10022  Determine calendar from user exit
  IWO10023  Service order: Change header data for advance shipment doc.
  IWO10024  Service order: Changes to items for advance shipment
  IWO10025  PM/SM order: Finding responsible cost center
  IWO10029  Inclusion of bill of material in PM/SM order
  IWO10030  Preset Fields for Event Object
  IWO10031  Hide personnel number in PM/SM order
  BADI
  Name of a BAdI Definition
  ARC_PM_ORDER_CHECK
  ARC_PM_ORDER_DELETE
  ARC_PM_ORDER_PREPROCESSING
  ARC_PM_ORDER_WRITE
  ARC_PM_QMEL_CHECK
  ARC_PM_QMEL_DELETE
  ARC_PM_QMEL_PREPROCESS
  ARC_PM_QMEL_WRITE
  IWO1_ORDER_BADI
  IWO1_PREQ_BADI
  IWO1_SCREEN_MODIFY
  IWO1_TL_INTEGRATION
  IWO1_TL_INTEGRATION2
  Edited by: Manish  Bisht on Jul 11, 2009 9:27 AM
  Edited by: Manish  Bisht on Jul 11, 2009 9:28 AM

• Restrict user to access report of a specific layout

  Hello experts,
  We have a std. CJI3 report. In this report I have created a layout (see screen shot) and I want a user to access only that data of the report which comes with this layout.
  Kindly suggest if there is a way to control the access in this way.
  I though of creating z-report using call transaction function (to call cji3) and use screen variant for it.. but I dont want to go this way..
  Kindly suggest.
  Thank You.
  Regards
  Saurabh

  That would work nicely, if you also implemented note http://service.sap.com/sap/support/notes/1113939.
  However, I doubt this will be enough for CJI3, which has "Free Selections" as well as "Extended Selections" AND DB-Profiles.

• How can I grant users to access/modify system folders (C:/Windows/Fonts) by using GPO in Win7 ?

  In our company there are some folks that require often new fonts that they take from the internet. Unfortunately, some of them have offices on in a diferrent country, so going there to insert my admin paswoord is not a solution.
  If you copy the ttf file into the C:/Windows/Font folder is enough, you don't have to also add the registry.
  One way to bypass the window that asks for admin credentials is to insert my crdentials into the bat file (runas). But this is very unsecure, as I am an administrator.
  Is there a way to create a shared folder that can also store fonts that can be used by windows? Can I give them the right to modify files in this folder without making them administrators? Or do you see any solution to this issue? Any help would
  be greatly appreciated.
  Thank you in advance.

  Another solution which will not compromise your security is to create a share folder and have the users to download fonts to the folder. After that a simple schedule task GPO on clients to copy the
  *.ttf files from the folder to the C:\Windows\Fonts folder. Since tha task can be run by administrative privileges I guess there will be no problem.
  Regards.
  Mahdi Tehrani Loves Powershell
  Please kindly click on Propose As Answer
  or to mark this post as
  and helpful to other people.

• How can I allow users to access SQLPLUS?

  Hi everyone,
  I have been charged with the task of creating an Oracle server on a CentOS VM. Installation and configuration is complete and SQL is working fine for the database admin user "oracle." I copied the environment variables to the .bashrc file for "oracle" and SQLPLUS starts without a hitch.
  Here is where I need a little guidance...
  I need to create basic Linux user accounts that will have access to the database, so they can then in turn log into their SQLPLUS accounts. The problem is, all of the database files and software are in located in the user "oracle's" directory. This means that no one but "oracle" and root have access to these files because they are the only ones with proper permissions.
  Before I put a ton of time into this, I thought I would pose these questions to the Oracle Linux community:
  1) Could I enable a specific Linux group (ex. "Oracle Users") to have access to the main database folder or possibly all folders along the path? I am hoping this would allow any users I put in the group access to the folders, and essentially the SQLPLUS application. (here is ORACLE_HOME=/home/oracle/app/oracle/product/11.2.0/dbhome_1)
  2) If that is not an option, will I need to make a completely new database and locate it in a location that all users can access?
  I understand that my first idea may not be the SAFEST method, but this is only for a small class of students learning how to use SQL and writing queries. There will be no sensitive information at risk. This would be a quick fix until I learned more about Oracle and how to use it.
  Thank you everyone.

  It certainly is rather a question for the General Database forum, though I doubt you will get a lot of happy replies for such a basic question.
  You can use / as sysdba OS authentication through SSH or using the server console, provided the user's account belongs to the "dba" user group. For remote connection through sqlnet you need create a $ORACLE_HOME/dbs/orapw$SID password file.
  If you would like to know more about this:
  Connecting / as sysdba is used for OS authentication. It ignores password credentials stored in the database and allows any user belonging to the OSDBA system group to connect to the database. Connections as sysdba will always connect to the SYS schema of the database, regardless of any username or password specified. Using OS authentication relies on the BEQ protocol, which connects to the database directly, without using the Oracle Listener process.
  The "oinstall" group will give access to the database software repository. There could be different oracle home installations, each with a different oracle user/owner like "oracle_prod1" and "oracle_prod2", but both users must be able to read/write the shared oraInventory, in which case both users must have read and write access to the oraInventory directory, hence the oinstall group.

• Multiple Users CANNOT access folders

  I recently created multiple users on my IMAC G4 (10.3.9). The additional users CAN access applications when logged in to their individual accounts. They CANNOT create new folders or access USB drives. The new folder command is dimmed. Recommendations?
  Thanks!

  Hi Appleallie, and a warm welcome to the forums!
  From the Account that can, in the Finder, do a Get info on the places/locations/drives that the others cannot access/ create in, report the 3 Permissions at the bottom.