CHARM - Restrict access to other documents

Similar Messages

• Restrict access to bw_metadata documents in WAD NW04S

  Dear All,
  We are deploying a new reporting and analysis application on NW04S BI.
  In this application we set in a toolbar an access to some help documentation that are stored in KM as bw_metadata documents for the concerned web template (command OPEN_DIALOG_DLG_DOC_BROWSER).
  But the problem is that every one is able to create, change and delete these documents !
  I would like to restrict the access to these documents only in read for everyone and change for some power users.
  In the permissions in KM, i cannot change access on this repository.
  Did someone have an idea on how to change these permissions/authorizions ?
  Thanks in advance for your suggestions.
  Fred.

  Fred,
  sorry about that did not see the KM part...
  help.sap.com still talks about setting up the BI document repository on the portal and not about KM when I did a search for OPEN_DIALOG_DLG_DOC_BROWSER ,
  http://help.sap.com/saphelp_nw04s/helpdata/en/43/17348cfa923614e10000000a422035/content.htm
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/0901c9bb-0601-0010-49ab-c1770c527673
  The WEB API does not seem to make a distinction betweek KM and the BDS . and not much given on single document..... maybe the single document is worth a try....
  Arun
  Hope it helps...
  P.S BTW is the WEB API for 7.0 documented anywhere ? not able to find the same .. keep running into the 3.x version ....

• Restricted access to confidential documents in DMS

  Hello Gurus,
  Need your expert guidance on the following requirement.
  The requirement is to restrict the access of the document to users like Author, Reviewer and  Approver, for all the documents.
  I am confused which authorization object will work in my case and what settings I've to maintain for this.
  Authorization Object C_DRAW_BGR u2014 Authorization Group
  Authorization Object C_DRAW_DOK u2014 Document Access
  Authorization Object C_DRAW_TCD u2014 Activities for Documents
  Say I am having document types to us those are confidential.
  ABC (finance docs)
  LMN (Legal docs)
  XYZ (design docs)
  We want to allow only the users who are having below roles.
  DMS_APPROVER
  DMS_REVIEWER
  For rest of the user we don't want to allow change/display acccess to the above documents.
  Please guide me how to proceed, what need to be done.
  Regards,
  Ganesh

  Hello Ravindra/DMS Gurus,
  Sorry, but still my requirement is not met.
  Actually our business scenario is as below:
  Say there is a special document Type APR (Employee appraisal document)
  And for 5 different employee created (Authors) the document giving their self-inputs.
  Now these employee are assigned to say 3 different Supervisors (Reviewers) and one Manager (Approver)
  {Author; Reviewer and Approver are maintained in Additional Data of the document.}
  So each document will have a Reviewer and Approver assigned along with the Author.
  Our requirement is to restrict the access of these 5 documents to the Employees (Authors), so that none of these employee can view each others document. And allow display/change to respective Supervisor (Reviewer) and Manager (Approver) only.
  We need to restrict document access based on the above scenario
  After checking, I think using authorization object the above requiremment can not be met. Can we use any user exit?
  Your valuable comments are appreciated.
  Regards,
  Ganesh
  Edited by: ganesh sarasvati on Aug 12, 2010 5:35 PM
  Edited by: ganesh sarasvati on Aug 12, 2010 5:37 PM

• Problem restricting access to additional document directory

  Hi,
  Plattform: Win2K + iPlanet 6sp6
  I'm having a bit of a problem setting restrictions on an addtional document directory (the "manual" directory is a good example).
  I have a couple of virtual servers.
  I do not want to use .htaccess.
  Is it at all possible ?
  any pointers ?
  Best wishes,
  B.L

  Is it possible?Yes.
  Any pointers?Umm. Use the "Restrict Access" screen to select the directory you want to restrict, and then set the permissions for it.
  Without knowing what kind sof problems you're having we can't really make any recommendations.
  Are you following the instructions in the Admin Guide?

• Cisco ISE - How to map User- Location - Restrict Access to other locations

  Hi,
  i've got a simple question and I hope someone here can help me out with this mess.
  The problem is about WLAN 802.1x Auth with Cisco WLC and a ISE.
  The design goal is the following:
  There are several branch facilities. A user belongs to only ONE facility. This user should not access the WLAN in other facilities.
  The technical design is this:
  Local WLC and/or central vWLC. In the datacenter is one ISE which must handle the auth-requests. The identity source of the users, where I add and manage them, should be the ISE itself for the first time, later I want to AD and LDAP sources.
  Here is the problem:
  I don't understand how I can create a ruleset or something else where I can define that a user of facility A can only login over APs, WLCs,.....in facility A and NOT facility B. Or maybe my design is so bad that I have to start from scratch.
  PLEASE HELP.

  I don't know but may be this is the correct way to validate the user:
  NAS-ID in AP-Groups (One AP-Group per facility) must match "12345" AND Identity-Group must match "12345".
  Iam confused because there is no way to compare these values. 
  In this case to compare the value of "NAS-ID" and die users "IDENTITY-GROUP".
  If they match against each other than "Permit-Access".

• Workset validation and restricted access to other workset based on first

  Hi All,
      I have a requirement in which I need to allow other worksets in ESS to be accessed only if one workset "Personal Information" is completed.
  in this workset, there is an iView "Certify Own Data". In this ivew there are couple of checkboxes which need to be ticked and saved. this checkboxes will automatically be checked when the user enters required data in other related ivews such as "Address", "Family Details", "communications" etc.
  Please someone suggest me how to achive this functionality. Do i need to develop new application or i can achieve this functionality by just maintaining some kind of  iview validation.
  Earlier response would be much appreciated.
  Thanks
  Uday

  HI
  In your case,If your users are limited users then no worries....
  They cannot open it with their license...
  Only "Super user" can do that....
  OR
  You can restrict the other users by giving 'Authorisations'.
  Goto Administration -> system initialisation ->Authorisation_>General Authorisation.
  Now you select the users to whom you want to restrict the access and at right hand side you can see "Customization tools"
  You can set as "No authorisation" for Customization tools for that particular user and update it...
  So that he cannot do anything with the user defined windows
  Edited by: kambadasan on May 25, 2011 2:21 PM

• Sharepoint 2010 restrict access to a document library unless loggin to domain

  Have a requirement that has stumped me for awhile. we have a Sharepoint 2010 site that has some document libraries that have to be setup to ONLY allow users that are loggin  to the domain to be able to access those libraries.
  We are currently using active directory to authenicate user on login. and use active directory security groups for site, page and library access.
  Any ideas if this is possible and if so where to start? 

  the easy answer: nothing built in can do that.
  options can include: custom dev (potentially lots of it), "intelligent" app firewalls/proxies... but the practical answer is to either trust users with information, or disable public access (thus SP would *only* be accessible via LAN / VPN routing)
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• Need advice for an application that restricts access to other applications using a smart card

  Hello everybody,
  I am developing a system that uses a smart card reader attached to a USB port of a PC.
  What the system should provide is:
  When computer boots up and shows the users login screen, a user, previously registered, can use his smart card to access the system, instead of entering his password
  Once the user is logged in, when he tries to launch an application, which has previously marked as "secured", a dialog box is shown indicating that the user has to present his smart card. If the smart card has access to the application, the application
  is launched, otherwise an error message is shown to the user and the application is not executed.
  I develop in C++ and C#. I have already created a library (in Visual C++) that manages the smart card reader and provides the card presented to it.
  Now I am developing the applicastion (in C#) that will configure the security (assigning cards to users and applications).
  Concerning this, I have 2 questions regarding each point above:
  Is it possible to create the centralized application that lists all users and allows to assign cards to them? Then, when the users login screen is shown, the system must access that data before logging in, so that it can check which card was presented and
  what user it corresponds to. I have seen in laptops, that have embedded fingerprint readers, a user must login to his account first and then he can register his fingerprints. In fact, what I need to do is something similar but with smart card reader instead
  of fingerprint reader. So, perhaps, user must login into his account first and then he will be able to add his card and store that information somewhere (in windows registry maybe).
  How can I launch my application when other application is executed but before its interface is actually shown? this is similar to what antivirus programs do, because they check the executable before it is actually ran. What is the best method to address
  the application? by executable file name? process name? or other? if the best is by process name, how can I know the process name without actually running the application?
  Well, that is all what I need to do. Please advice regarding this subject.
  I look forward to hearing from you,
  Best regards,
  Jaime
  Powered by C++

  > what was the guidance?
  1. Research other software that does similar things (not just exactly the same) as you need. If you like something in their solutions, copy it :)
  The only software I know that does that is an antivirus, but I am unlucky to find some code in c++ that allows to intercept the program execution before actually executing it.
  2. If a kernel driver would fit in your solution, go for it (google for what is available for free, or find a consultant to write it for you).
  There are a lot of information about kernel drivers, but the question is, is that really the solution?
  Otherwise, you can just hide the application from user's reach and substitute the executable in shortcuts, etc. to run your program instead.
  Definetly this is not the way to go
  What is the best method to address the application? by executable file name? process name? or other?
  By executable file name, like in the Windows Applocker, I think. Processes do not have names (they are artifact of Task manager and debugging tools, to represent the processes for user somehow). Or, only by the filename part of the full path.
  I agree with that
  if the best is by process name, how can I know the process name without actually running the application?
  When the user runs the application, the driver will detect this and do its magic.
  I have found this page: http://stackoverflow.com/questions/3556048/how-to-detect-win32-process-creation-termination-in-c. They mention WMI, but I will study it tommorow... it is so late for today :-)
  Regards,
  -- pa
  Regards
  Jaime
  Powered by C++

• Restrict access to other WLN clients

  When clients are associated to a Cisco AP, is there away to restrict the clients from sending traffic to other clients associated to the same AP?

  Yes, the feature is called "Public Secure Packet Forwarding".
  This works like protected ports (Private VLAN edge) on switches,
  blocking all layer 2 traffic between clients associated to the same AP.
  On the GUI it's enabled/disabled under Network Interfaces->Radio...->Settings->Public Secure Packet Forwarding
  With the CLI you configure "protected port" for the bridge group.
  <http://www.cisco.com/en/US/partner/products/hw/wireless/ps430/products_configuration_guide_chapter09186a00804e7d2f.html#wp1038494>

• Best way to restrict access to documents (outside of the group or library level)

  Hi, we're thinking of implementing SharePoint Server 2013 Standard Edition for our organization. Many of our employees are research scientists working on proprietary information. From the (admittedly little) I understand about SharePoint, if a user wants
  to restrict access to a particular document to the 2 or 3 people with whom they're collaborating (and also have it not appear in the search results), they will have to email their power user to request that a new document library be created in which they can
  store their documents. Is that correct? In this case, what is the best way to handle item-level permissions? Users absolutely want to have the freedom to restrict access to their documents themselves rather than being forced to go to their power user. Thanks.

  Hi,
  Per my knowledge, if you want to restrict access to the documents to some users, then you need to have Manage Permissions permission to modify other users’ permission on the documents.
  If you do not have the Manage Permissions permission, I recommend to ask the site administrator to create a workflow as below to remove the corresponding users’ permission on the documents which you uploaded. You can start the workflow on the document you
  upload and then the permission of the users set on the workflow will be removed from the document.
  Best regards.
  Thanks
  Victoria Xia
  TechNet Community Support

• Restricted access to attachments in SRM 7.0 web applications

  Hi,
  We have a very specific problem regarding the handling of attachments with SRM 7.0 web applications. The system is configured to use ArchiveLink for storing documents on a remote content server, which is working fine.
  Now we have a requirement which should restrict access to certain documents to specific user groups. As an example you could say that a Purchase order has (besides others) two documents attached, e.g.
  - signed contract
  - meeting minutes
  The contract should only be visible to a limited number of people, whereas the Meeting Minutes are accessible to everybody.
  Our problem is that apparently only one Content Category ("BBPFILESYS") is used by the SRM web applications for an upload. When granting authorizations on this content category, we cannot distinguish between contracts and meeting minutes anymore.
  Comparing this with the config in ECC we can freely define document types which can be used in AUTH profiles. Is there any similar solution that can be used in SRM 7.0?
  Any help would be greatly appreciated.
  Cheers,
  Mark

  Hello,
  Have a look at note 1334202. It provides some inputs.
  Regards,
  Ricardo

• How to restrict read access to certain document in stellent content server

  Hi,
  We are using stellent content server to store project documents. We would like to restrict access to certain confidential documents.
  Users with Read / Write permission should not be able to access but admins with RWDA permission should be able to access these confidential documents.
  Appreciate your inputs on this.
  Thanks,
  Nayana

  Without seeing your setup and environment its a bit hard..
  But...
  Make sure that user has read only access to public security group.
  You could setup an addition role with readOnly access and apply it those users.
  Or restrict there account to have Read only access.
  Remember if the user has Admin access on the Account but only readonly access on the security group then they will only have read only access on the files and visa versa.. :)
  J.
  Message was edited by:
  JRS

• Restrict access to bid invitation cFolder documents

  SRM Experts,
  I have a requirement to restrict access to bid invitation cFolder documents.
  Here is the scenario:
  Buyer1 creates a bid invitation and a cFolder. We do not want any other buyers within our organization to access this bid invitation cFolder.
  How can this be achived?
  At this time, if a buyer (ex: Buyer2) has access to create a bid invitation or view a bid invitation, the system is automatically gives Buyer2 access to cFolder created by Buyer1.
  This needs to be restricted, any advice would be appreciated.
  Note: BADI BAdI BBP_CFOLDER_BADI is already deactivated in the system
  Please let me know if you have any ideas.
  Thanks

  Hi,
  You can restrict the access through Product categories in the PPOMA_BBP for each user .
  So that he can create  Bid invitation only to that product category..
  please check this link
  you can find the customization guide for Cfolders on
  https://websmp202.sap-ag.de/~form/sapnet?_FRAME=CONTAINER&_OBJECT=011000358700007402242002E
  Please check with SAP PLM consultant . You can controlled through Authorisation role
  This is the role used :User
  - Role name: SAP_CFX_USER
  Better check with the above link
  Regards
  G.Ganesh Kumar

• How can I set up my imac so that I have access to other family members documents?

  How can I set my my imac so that I have access to other family members documents when I am logged on my side?

  Hello,
  I find Dropbox a great way of having access to my files on all Mac accounts, any PC on the web and my iOS device. 
  regards
  mrtotes

• Do I understand correctly that if I own a Mac but no other Apple mobile devices, I will not be able to access my photos, documents, contacts, and calendar in iCloud?

  Do I understand correctly that if I own a Mac but no other Apple mobile devices, I will not be able to access my photos, documents, contacts, and calendar in iCloud?

  No, you don't understand correctly.
  Apple iCloud Related Support/How-To/Troubleshooting Docs:
  Apple IDs and iCloud
  iCloud: iCloud security and privacy overview
  MobileMe: About moving to iCloud
  Frequently asked questions about the MobileMe transition and iCloud
  iCloud: Troubleshooting the move from MobileMe to iCloud
  iCloud: MobileMe services that no longer sync after moving to iCloud
  iCloud: Supported system requirements
  iCloud: What if my device or computer doesn't meet iCloud system requirements?
  Creating an iCloud account: Frequently Asked Questions
  iCloud: Managing your iCloud storage
  iCloud: Purchasing iCloud Storage and Billing
  iCloud: Resetting your Photo Stream
  iCloud: Calendar & reminder data removed from iCal when disabling iCloud Calendar
  MobileMe: Advanced iCal troubleshooting for MobileMe Calendar data
  iCloud: What version of Windows software am I using for iCloud?