CMX Analytics Role based accounts
Hi,
I currently have Cisco CMX Analytics 7.6 installed and running quite nicely on my vMSE platform.
Now that I am ready for production I need to create some read-only accounts for business users to analyse the data from the system.
How is this done in CMX?
I have found the Context Aware accounts which allow me to log in, but the roles don't seem to do anything and the changes made by each user are globally significant to all users.
This is pretty important and seems to have been skipped when developing the documentation.
I am having the same problem when I try to calibrate. Could someone help me. The error this attachment
Similar Messages
-
Role-Based CLI Views with AAA method
Hi,
I'm configuring Role-Based CLI Views on a router for limiting access to users.
My criteria:
- There should be a local user account on the router that has the view 'service' attached to it
- If the router is online and can reach the radius server, people in the correct group are assigned the view 'service'
My configuration:
aaa new-model
enable secret 1234
username service view service secret 1234
aaa group server radius my_radius
server-private 10.1.1.1 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key 0 1234
server-private 10.1.1.2 auth-port 1645 acct-port 1646 timeout 2 retransmit 1 key 0 1234
aaa authorization console
aaa authentication login mgmt group my_radius local
aaa authorization exec mgmt group my_radius local
line con 0
authorization exec mgmt
logging synchronous
login authentication mgmt
line vty 0 4
authorization exec mgmt
logging synchronous
login authentication mgmt
transport input ssh
The ERROR
Now I want to go configure the cli view 'service'...
# enable view
Password: 1234
*Jun 1 08:00:02.991: AAA/AUTHEN/VIEW (0000000D): Pick method list 'mgmt'
*Jun 1 08:00:02.991: RADIUS/ENCODE(0000000D): ask "Password: "
*Jun 1 08:00:02.991: RADIUS/ENCODE(0000000D): send packet; GET_PASSWORD
*Jun 1 08:00:21.011: RADIUS: Received from id 1645/13 10.1.1.1:1645, Access-Reject, len 20
The Questions
Why does the 'enable view' try to pick a method list when you have to supply the enable secret to access the root view?
Can you change this behaviour to always use the enable secret?
The TEMP Solution
If you're logged on to the router via telnet or SSH, the solution or workaround to this issue is:
aaa authentication login VIEW_CONFG local
line vty 0 4
login authentication VIEW_CONFG
Do your configuration of the view and re-configure the line to use the correct (wanted) method of authentication.
Thanks so much for the suggestions
/JZNhi,
You have the following configured:
aaa authentication login mgmt group my_radius local
aaa authorization exec mgmt group my_radius local
line con 0
authorization exec mgmt
logging synchronous
login authentication mgmt
line vty 0 4
authorization exec mgmt
logging synchronous
login authentication mgmt
transport input ssh
Hence every time you try to login to the console or try the ssh the authentication will head to the radius server because of the following command "login authentication mgmt".
You cannot make it locally. Whatever defined on the method list mgmt first will be taking the precedence.
enable seceret will be locally defined. but you have the following configured:
aaa authorization exec mgmt group my_radius local
line con 0
authorization exec mgmt
line vty 0 4
authorization exec mgmt
Hence exec mode will also be done via radius server.
when you configure:
aaa authentication login VIEW_CONFG local
line vty 0 4
login authentication VIEW_CONFG
You are making the authentication local, hence it is working the way you want.
In short, whatever authentication is defined 1st on the method list will take precendence. the fallback will be checked only if the 1st aaa server is not reachable.
Hope this helps.
Regards,
Anisha
P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts. -
Pre-populate adapters behaviour during role based provisioning
Hi all,
I have a question about pre-populate adapters behaviour during role based provisioning.
I'll sortly describe our architecture: we have OIM 11.1.1.3, Active Direcotry connector and obviously Active Directory as target system.
Our scenario is: assigning a role to a user , OIM should provision two account for this user to the same target system but in two different organizational unit (Active Directory).
Here some sample information to better understand our request:
- OIM User userID: userid1
- Active Directory IT Resource: ADServer1
- Active Directory Organizational Units: OU1 and OU2
- Role: Example Role
- UserID of the account provisioned in OU1: admin.userid1 (in this organizational unit the UserID is composted by a prefix "admin." and the OIM User UserID "user1")
- UserID of the account provisioned in OU2: user.userid1 (in this organizational unit the UserID is composted by a prefix "user." and the OIM User UserID "user1")
To achieve this goal, we have created two access policies AP1 and AP2. The first access policy provision the user account in OU1; while the second one in OU2.
Here some access policies form details:
### AP1 ###
- AD Server: ADServer1
- Organization Name: OU1
(other fields are empty)
### AP2 ###
- AD Server: ADServer1
- Organization Name: OU2
(other fields are empty)
Our idea was to develope two pre-populate adapter: one to compose the userID with "admin." prefix and the other one to compose userID with "user." prefix. However this solution cannot work because obviously you can link only one pre-populate adapter to a resource form field.
Any suggestion to avoid to create a second resource form?
Thank in advise,
DanieleHi,
probably your confusion is caused by my english....anyway....
I'm trying to generate two userids and in our scenario it's simple map the organizational units. For example userids in organizational units OU1 have "admin." prefix; while organizational units OU2 have "user." prefix.
Do you suggest to create a pre-populate adapter that use a lookup to set the correct prefix based on organizational unit name?
Thank you
Daniele -
Role-Based Security In SQL Server Reporting Services
Hi
I have created Reports,
Now I need to assign Role-Based Security, ie like some particular clients can access only some particular report.
http://localhost/reports/Pages/Folder.aspx
Here in the above link i can see the property tool bar where i need to set the user assignement roles.
could any one please help me out how to set different login assigned to a set of report.
Or is there any tutor links for this.
Thanks a lot.
ShanCreate folders under the Home page (the link you have there). For each folder set group athentication (AD) or harder managed, user account roles for the folders and the reports under the folder.
If you set security at that home level you will not be able to control what reports they see or can't see. You'll need to go all the way to the folder/report level.
It's also not best practice to deploy reports directly to the home level. Not best practice in it creating a very hard to manage security level. Think of the levels in security as such to SQL Server. Set the connect to sql level, database level and then down to the objects in them. Same priciples apply to SSRS.
Here is a cast going through some security settings as well http://technet.microsoft.com/en-us/sqlserver/dd391734.aspx fro creating your roles and utilizing them
Ted Krueger Blog on lessthandot.com @onpnt on twitter -
Role based authorisations in the Integration Directory
We have built a new PI landscape (Pi 7.11) and worked with our security teams to perfect the various roles. I am now attempting to implement role based authorisations in the ESR & ID so that objects in our QAS and PRD environments can be configured but not deleted or created.I have implemented role based authorsations as per the SAP standard process performing the following actions
Exchange profile com.sap.aii.ib.util.server.auth.activation was set to true and the Java Stack Restarted.
I created a role in the ID that allowed editing of any object.
I assigned the role to my userid in NWA useradmin
I am unable to edit ANY object in the ID
When I set the Exchange profile parameter to false I found I was able to edit any object in the ID.
So its obvious that the Exchange Profile Parameter does make a difference. However, it doesn't appear as if the role I created is being referenced, even though I assigned it to my account in NWA user admin. I looks like I may be missing some exchange profile parameters. I have the following exchange profiles set:
IntegrationBuilder.IntegrationBuilder.Repository com.sap.aii.util.server.auth.activation (string) = true
IntegrationBuilder.IntegrationBuilder.Repository com.sap.aii.ib.server.acl.enable (boolean) true
IntegrationBuilder.IntegrationBuilder.Directory com.sap.aii.util.server.auth.activation (string) = true
IntegrationBuilder.IntegrationBuilder.Directory com.sap.aii.ib.server.acl.enable (boolean) true
Any advice you can offer would be appreciatedResolved this issue.
The documentation is confusing but finally found the answer by referring to the SAP XI 3.0 documentation. -
IManager & Role Based Entitlements
I'm re-posting this here as I didn't get any response from the original post linked below:
https://forums.novell.com/showthread...-Entitilements
Hi,
A while back we had to re-create our Organisational CA and server certificates. (Don't ask why...) Everything seemed to go well except for one issue I've been having since.
We have OES2 SP3 (eDir 8.8 SP6) running on SLES 10 SP3.
iManager version is 2.7.4
Identity Manager Version is 3.6.1
When I try to edit a role based entitlement I get the error:
"Unable to obtain an LDAP context. Possible causes: the LDAP server is not running, or the LDAP server is for a tree other than the one iManager was originally set up for, and SSL has not been set up between the iManager server and the LDAP server. Either start the LDAP server, or set up SSL by importing a trusted certificate. "
I have tried deleting the iMKS file and importing the certificate manually as detailed here:
https://www.novell.com/documentation...a/bx8g5g8.html
There are plenty of other pages showing the same method of resolving this issue but none have worked.
Any ideas?
Thanks.For some reason I cannot find your old post via NNTP, though I see it on
the web interface. Perhaps the gateway had a problem, which would have
limited your responses. Either way, for future reference, you may want to
post questions on the RBE features in the iManager or IDM forums, both
located on https://forums.netiq.com/ (same looking page, same account,
just focused on the NetIQ products, including those moved over from
Novell). Also, for iManager problems, same thing: try the iManager forum
specifically on the NetIQ site. Considering you've been with Novell for a
while, it's definitely understandable that you'd look here for those
forums, though, as they used to be on this site.
The vast majority of iManager functions use NCP exclusively; adding users,
modifying them, associating with groups, setting up file services
(CIFS/SMB/AFP/NSS), managing most of IDM, configuring LDAP services
provided by eDirectory, etc.. eDirectory, after all, is NCP-based and
LDAP is an interface added to it to do things that work better via LDAP.
Thus, most things work just fine no matter what you do via LDAP.
In your case you are describing one of the few services where iManager
actually needs to work with eDirectory via LDAP. Other examples including
working with Universal Password (UP) under the Passwords role. In these
cases iManager uses eDirectory to find appropriate LDAP services and then
connects to those as well for specific operations. As a result, we look
at LDAP as it sounds like you have already done. TID# 7008836 seems to
have very similar instructions to the documentation link you posted, but
you may find it useful in some way.
You mentioned recreating your CA and server certificates (Key Material
Objects, or KMOs). Doing this SHOULD have made it so all certificates you
created (presumably after the CA change) would be minted by the new CA, so
if you browse to those certificates you should see them with a Trusted
Root of the new CA, which should have (by default) an expiration ten years
from its creation (individual KMOs expire by default two years after
creation). With this verified, your LDAP Server object (for which there
is usually one per NCP/eDirectory server) will also have a link to one
KMO. If you did not delete old certificates, it is very possible that the
LDAP Server is still pointed to an old KMO and using it happily even
though the rest of the tree is using new data, and the old KMO may be
expired causing issues with clients (like iManager). Be sure to check
that. If pointed to an old KMO, point it to a new one and then restart
eDirectory (or maybe just the LDAP module).
Other things you may try include setting up iManager Workstation 2.7 SP7;
it runs on your workstation and then otherwise acts like the server in
most areas. Getting old IDM 3.6.1 plugins on there may be the hardest
part, but really should not be that hard if you have the IDM media
somewhere. With this you can test pointing to your enviornment to see if
anything works there, ruling in/out a weird iManager problem.
Also, is it safe to assume that eDirectory 8.8 SP6 is the latest version
in your tree? If 8.8 SP8 exists there is a change in LDAP configuration
data, specifically the ldapInterfaces attribute on the LDAP Server object,
which can cause LDAP-using plugins to have a hard time finding 8.8 SP8
servers specifically.
Lastly, especially if you have iManager Workstation or if you have
iManager on a non-eDirectory box, getting a LAN trace could help us see
exactly what iManager is doing on the wire, and then isolate better why it
is failing.
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below... -
Weblogic security & EJB role based access
How does (or not) weblogic security tie into the EJB notion of role based
control ? Can we create a 'custom' security mechanism for EJB (which
basically uses the EJB facilities but extends it within the application) by
using custom weblogic realms ?
Thanks
RajuThanks !
"Terry" <[email protected]> wrote in message
news:[email protected]...
comments inline
r <[email protected]> wrote in message
news:[email protected]...
>>
Here are some more specific questions around an 'example' scenario:
The application has an entity bean 'Account' that can be accessed by the
roles 'Bank Employee' and 'Customer'
'Bank Employee' can execute the 'getBalance()' and 'placeOnHold()'
methods on the 'Account' bean
'Customer' can execute the 'withdraw()', 'deposit()', and'getBalance()'
methods on the 'Account' bean
These permissions are set up through the deployment descriptor by
mapping
the 'Bank Employee' and 'Customer' roles
to the particular bean methods that the role should be given access to.
1. How does weblogic provide the facility to map the EJB deployment
descriptor
<security-role> to a particular weblogic principal (user orgroup)
Or, should I say, how do I map the user or group to a
deployment-descriptor defined role?In the deployment tool, once in the jar select the 'Security' item,create
an application role (in your case it is probably best to create 2 security
roles - the bank employee role refering to the bank employee group (usethe
'in role' checkboxes, and the customer role refering to the customergroup -
there may at some point be use for an allUsers role, which includes both
groups, maybe not. What I am saying is that a role is made of a one ormore
of Principals - in our case groups)
In the Account Bean select the method permissions item, and create amethod
permission perm-0, select the perm-0 item that has just popped up in the
left hand window, tick the box for placeOnHold(), and the boxes for<remote>
and <home> one level deeper than this in the tree (as an aside, I have
absolutely no idea why there would be a 'home' box here, ho hum). Selectthe
'bank employee' 'can invoke' tickbox
Create perm-1, and do what you did above for 'withdraw()' and 'deposit()'
methods, and the 'customer' tickbox
I believe the documents say you would have to set up another permission to
allow both groups access to the getBalance method, but in practive Ihaven't
found this the case.
The documentation for this is at
http://www.weblogic.com/docs51/classdocs/API_ejb/EJB_deploy.html#1102211
(or
search for 'Deploying EJBs with DeployerTool'
2. Are there any administrative tools provided by weblogic to do
this
mapping ?The deployer tool. Otherwise I think it's the acse of writing your own xml
files
3. How much effort & complexity is involved in creating a custom
realm
Hmmm, depends - you could have the RDBMSRealm that is provided in'examples'
in half an hour or so (there is a problem with one of the RDBMSUser's
methods - getUserType or something like that - the solution can be foundin
the newsgroups if you search), the same is probably true of the LDAPRealm,
NTRealm etc (although I have never used these).
Which one you choose depends on what equipment you have available,although
I would say that the RDBMSRealm canuse a lot of optimisation
Thanks,Welcome
Raju
"Terry" <[email protected]> wrote in message
news:[email protected]...
The Principals (i.e. groups and users) from your custom realm are used
to
define application roles for the EJBs, but, as far as I am aware youcannot
use a custom implementation for the ACLs for EJBs
terry
r <[email protected]> wrote in message
news:[email protected]...
How does (or not) weblogic security tie into the EJB notion of rolebased
control ? Can we create a 'custom' security mechanism for EJB (which
basically uses the EJB facilities but extends it within the
application)
by
using custom weblogic realms ?
Thanks
Raju -
I have been researching and researching and I do not know if I am going about it the wrong way or what, but I cant seem to find anyway to do a role based userbar,
so lets say I have a user who's role is a 7 in the ldap, I want to have it so he has a certain set of menu's show that is completely different than a user whos role is 2 or 3 and so forth
Is there a way to issue a line that states what a can and cannot see?
I was going through and going to make seperate static bars for each user account but I thought I'd see if this was even possible before I got too far into a flash build that could be easily distributed by creating one document and setting a user role.
Any help on this would greatly be appreciated
-EricYou can create menuitems loading XML from external files based on the role. Search for XML based dataproviders for menubar. I'll bet there's an example at Peter DeHaan's site.
-
Role-based view commands missing from config
Hi All,
I set up a 2960G with IOS 12.2(44)SE6 and created a role-based view to be used by our helpdesk. One of the things they need to do is add rules to a MAC ACL on the switch. I've successfully created a view for them and can include and exclude most commands, however, when I try to include the "commands mac-enacle include all permit" command, I get no syntax error, and there is no line in my configuration reflecting the change. As it stands, from the helpdesk view (named smco) I can get into mac acl configuration mode, but I can't issue any of the sub commands.
Any advice would be greatly appreciated. I tried upgraded to 12.2(55)SE and had the same result.
The current configuration for the parser view is as follows:
parser view smco
secret 5 hashed_pw
commands configure include mac access-list extended
commands configure include all mac access-list
commands configure include mac
commands exec include configure terminal
commands exec include configureAfter I issue the command "commands mac-enacl include all permit" there is no line in my startup or running configuration that says: "commands mac-enacl include all permit" or anything that closely resembles that.
I've tested with multiple local accounts. After authenticating, I issue the "enable view smco". -
Does Cisco Security Manager 4.x and Cisco Secure Access Control Server 5.x integrated role based administration has fine-grained control for devices? E.g.,
* User-a can only manage policy-a for device-a
* User-b can only manage policy-b for device-bACS 4.2 should allow role-based access, but until the final build of CSM 4.0 is released this cannot be confirmed.
I am not aware of plans to add the support within ACS 5.x, but you can always engage your Cisco account team to submit a product enhancement request on your behalf.
Scott -
MM role in Account determination
hii
What are major MM consultant roles in account determination.??
Explain in detail...?
ThanksHi MM Group,
SAP MM Role in Account Determination :
This account determination is for MM settings u2013 Rajgeetha
Account determination is based for combination of valuation grouping code, general modifier/account modifier, valuation class in SAP MM.
This will be defined for particular transaction event key. Transaction event key will inturn be defined for each movement type of SAP MM.
Basically GL account are assigned for certain combination of above.
To put down in flowchart format-
- Movement type-
- Transaction event key
- GL account determination (one debit and one credit)- based on below combination
- Valuation grouping code (see definition below)
- Account modifier (see definition below)
- Valuation class (see definition below)
SAP will see transaction is made in MM, it searches the transaction event key from movement types. Based on valuation grouping code, account modifier and valuation class, determination will be done for GL account for debit and credit.
Some definitions and assignments
1) SAP MM Valuation grouping code: It is maintained as part of plant configuration same for all plants within company code having same chart of account.
This will be applicable only if valuation control is active for organization
2) SAP MM Account modifier: This is defined in each movement type. There may be more than one account modifier per movement type based on combinations of different special stock, movement indicator, consumption type.
3) SAP MM valuation class: This is maintained in material master. Material type is taken from material master. Account category reference is taken from material type which in turn is assigned to valuation class. GL account are assigned to valuation class
Example:
Material 1016101 is received in stock for plant SEPC by movement 101 in SAP MM.
1) Valuation class determination from material master of 1016101.
2) Valuation grouping code determination based on plant SEPC
3) Account modifier will be taken from movement type 101
4) Transaction event key will be always BSX for inventory posting. (that is programmed) and also defined in movement type
5) In account assignment, for combination of above GL account determination as we saw in above hierarchy.
Hope, it is useful for you,
Regards,
K.Rajendran -
Privileges and Roles Based Views
Hello,
I have been confguring Roles based Views with Windows radius authentication on our 2960's and 3750's and it is working great. I have 2 users, one with a Roles Base View called "priv3" and the other is for admins of login as the "root" view. I have one Windows Active Directory group for "priv3" users and the other for admins using "root".
Now I have to configure this on our 2955 switches and to my horror they don't seem to support Roles Based Views!! fI you know if they can then all this would be solved, I've using the latest IOS c2955-i6k2l2q4-mz.121-22.EA13.bin.
How can convert the Roles Base Views to privileges and use radius and not effect the other switches,as I've never used privilges.
I hope someone can help with the config:
Below is the config I use on the 2960's and 3750's and also what I use on the radius servers. I guess I would need ot use a priv 15 setup and a custom view called priv3?
Priv3 radius user settings
cisco av-pair cli-view-name=priv3
Priv 15 or root user settings
cisco av-pair shell:priv-lvl=15
cisco av-pair shell:cli-view-name=root
Config:
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname 3750
boot-start-marker
boot-end-marker
logging buffered 64000
logging console informational
logging monitor informational
enable secret 5 $1$1UGK$kHB.S2UwMVXaG3C0
username admin privilege 15 secret 5 $1$BsaS$cLHllovL2ZFb1
username priv3users view priv3 secret 5 $1$JfnH$vUu.B.natnyB.
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default line
aaa authorization console
aaa authorization exec default group radius local
aaa session-id common
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
switch 1 provision ws-c3750g-12s
switch 2 provision ws-c3750g-12s
system mtu routing 1500
udld aggressive
no ip domain-lookup
ip domain-name CB-DI
login on-failure log
login on-success log
crypto pki trustpoint TP-self-signed-3817403392
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3817403392
revocation-check none
rsakeypair TP-self-signed-3817403392
crypto pki certificate chain TP-self-signed-3817403392
certificate self-signed 01
removed
quit
archive
log config
logging enable
logging size 200
notify syslog contenttype plaintext
hidekeys
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 10 priority 8192
vlan internal allocation policy ascending
ip ssh version 2
interface GigabitEthernet1/0/1
interface GigabitEthernet1/0/24
interface Vlan1
description ***Default VLAN not to be used***
no ip address
no ip route-cache
no ip mroute-cache
shutdown
interface Vlan10
description ****
ip address 10.10.150.11 255.255.255.0
no ip route-cache
no ip mroute-cache
ip default-gateway 10.10.150.1
ip classless
no ip http server
ip http secure-server
logging trap notifications
logging facility local4
logging source-interface Vlan10
logging 10.10.21.8
logging 172.23.1.3
access-list 23 permit 10.10.1.65
snmp-server community transm1t! RO
snmp-server trap-source Vlan10
radius-server host 10.10.1.33 auth-port 1645 acct-port 1646 key 7 090D7E080D37471E48
radius-server host 10.10.1.34 auth-port 1645 acct-port 1646 key 7 08607C4F1D2B551B51
radius-server vsa send accounting
radius-server vsa send authentication
line con 0
exec-timeout 60 0
logging synchronous
line vty 0 4
access-class 23 in
exec-timeout 60 0
logging synchronous
transport input ssh
line vty 5 14
access-class 23 in
no exec
transport input ssh
parser view priv3
secret 5 $1$XSCo$feyS.YaFlakfGYUgKHO/
! Last configuration change at 16:34:56 BST Fri Apr 13 2012
commands interface include shutdown
commands interface include no shutdown
commands interface include no
commands configure include interface
commands exec include configure terminal
commands exec include configure
commands exec include show ip interface brief
commands exec include show ip interface
commands exec include show ip
commands exec include show arp
commands exec include show privilege
commands exec include show interfaces status
commands exec include show interfaces Vlan10 status
commands exec include show interfaces Vlan1 status
commands exec include show interfaces GigabitEthernet2/0/12 status
commands exec include show interfaces GigabitEthernet2/0/11 status
commands exec include show interfaces GigabitEthernet2/0/10 status
commands exec include show interfaces GigabitEthernet2/0/9 status
commands exec include show interfaces GigabitEthernet2/0/8 status
commands exec include show interfaces GigabitEthernet2/0/7 status
commands exec include show interfaces GigabitEthernet2/0/6 status
commands exec include show interfaces GigabitEthernet2/0/5 status
commands exec include show interfaces GigabitEthernet2/0/4 status
commands exec include show interfaces GigabitEthernet2/0/3 status
commands exec include show interfaces GigabitEthernet2/0/2 status
commands exec include show interfaces GigabitEthernet2/0/1 status
commands exec include show interfaces GigabitEthernet1/0/12 status
commands exec include show interfaces GigabitEthernet1/0/11 status
commands exec include show interfaces GigabitEthernet1/0/10 status
commands exec include show interfaces GigabitEthernet1/0/9 status
commands exec include show interfaces GigabitEthernet1/0/8 status
commands exec include show interfaces GigabitEthernet1/0/7 status
commands exec include show interfaces GigabitEthernet1/0/6 status
commands exec include show interfaces GigabitEthernet1/0/5 status
commands exec include show interfaces GigabitEthernet1/0/4 status
commands exec include show interfaces GigabitEthernet1/0/3 status
commands exec include show interfaces GigabitEthernet1/0/2 status
commands exec include show interfaces GigabitEthernet1/0/1 status
commands exec include show interfaces Null0 status
commands exec include show interfaces
commands exec include show configuration
commands exec include show
commands configure include interface GigabitEthernet1/0/1
commands configure include interface GigabitEthernet1/0/2
commands configure include interface GigabitEthernet1/0/3
commands configure include interface GigabitEthernet1/0/4
commands configure include interface GigabitEthernet1/0/5
commands configure include interface GigabitEthernet1/0/6
commands configure include interface GigabitEthernet1/0/7
commands configure include interface GigabitEthernet1/0/8
commands configure include interface GigabitEthernet1/0/9
commands configure include interface GigabitEthernet1/0/10
commands configure include interface GigabitEthernet1/0/11
commands configure include interface GigabitEthernet1/0/12
commands configure include interface GigabitEthernet2/0/1
commands configure include interface GigabitEthernet2/0/2
commands configure include interface GigabitEthernet2/0/3
commands configure include interface GigabitEthernet2/0/4
commands configure include interface GigabitEthernet2/0/5
commands configure include interface GigabitEthernet2/0/6
commands configure include interface GigabitEthernet2/0/7
commands configure include interface GigabitEthernet2/0/8
commands configure include interface GigabitEthernet2/0/9
commands configure include interface GigabitEthernet2/0/10
commands configure include interface GigabitEthernet2/0/11
commands configure include interface GigabitEthernet2/0/12
ntp logging
ntp clock-period 36028961
ntp server 10.10.1.33
ntp server 10.10.1.34
end
Thanks!!!!DBelt --
Hopefully this example suffices.
Setup
SQL> CREATE USER test IDENTIFIED BY test;
User created.
SQL> GRANT CREATE SESSION TO test;
Grant succeeded.
SQL> GRANT CREATE PROCEDURE TO test;
Grant succeeded.
SQL> CREATE ROLE test_role;
Role created.
SQL> GRANT CREATE SEQUENCE TO test_role;
Grant succeeded.
SQL> GRANT test_role TO test;
logged on as Test
SQL> CREATE OR REPLACE PACKAGE definer_rights_test
2 AS
3 PROCEDURE test_sequence;
4 END definer_rights_test;
5 /
Package created.
SQL> CREATE OR REPLACE PACKAGE BODY definer_rights_test
2 AS
3 PROCEDURE test_sequence
4 AS
5 BEGIN
6 EXECUTE IMMEDIATE 'CREATE SEQUENCE test_seq';
7 END;
8 END definer_rights_test;
9 /
Package body created.
SQL> CREATE OR REPLACE PACKAGE invoker_rights_test
2 AUTHID CURRENT_USER
3 AS
4 PROCEDURE test_sequence;
5 END invoker_rights_test;
6 /
Package created.
SQL> CREATE OR REPLACE PACKAGE BODY invoker_rights_test
2 AS
3 PROCEDURE test_sequence
4 AS
5 BEGIN
6 EXECUTE IMMEDIATE 'CREATE SEQUENCE test_seq';
7 END;
8 END invoker_rights_test;
9 /
Package body created.
SQL> EXEC definer_rights_test.test_sequence;
BEGIN definer_rights_test.test_sequence; END;
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "TEST.DEFINER_RIGHTS_TEST", line 7
ORA-06512: at line 1
SQL> EXEC invoker_rights_test.test_sequence;
PL/SQL procedure successfully completed.
SQL> SELECT test_seq.NEXTVAL from dual;
NEXTVAL
1 -
Help needed in Role Based authorisations in WEB UI for RESELLER Role
Hi All,
I am working on a requirement where i need to disable/hide/grey out EDIT button on Account Details and on all assignment blocks in WEBUI(CRM2007). This is needed for the accounts having the Role RESELLER only.
The same functionality is working fine in GUI. This is achieved by Role based authorizations.But the role based authorizations are not working in WEBUI.Any pointers on how to achieve Role Based authorizations in WEBUI.
Thanks in advance.
Regards,
Udaya
Edited by: Udaya Bhaskar Perecharla on Aug 20, 2008 12:31 PM
Edited by: Udaya Bhaskar Perecharla on Aug 20, 2008 12:33 PMHi Uday,
Could you let me know the process to disable the edit button for the following scenario -
Using Account Managment, you can display the Account and on double clicking the reponsible employee (hyperlink), WEB UI displays the employee master record with option edit. You can edit the employee details here, which I don't want. User should only be displayed with the employee details without option of editing the master record. How can I achieve this without changing any code..
Your kind assistance will be highly appreciated.....
Cheers,
Peter J. -
To run OHS at port 80 using solaris role based access control
Hi.
I already know & have done setuid root to ohs/bin/.apachectl to allow ohs to listen to port 80. Now on a new OFM 11.1.1.4 install, I want to use Solaris Role Based Access Control (RBAC) instead. Is it possible? RBAC does work as I can run a home built apache2 httpd at port 80 withOUT suid root.
On Solaris 10, I enabled oracle uid to run process below port 1024 using RBAC
/etc/user_attr:
oracle::::type=normal;defaultpriv=basic,net_privaddr
Change OHS httpd.conf Listen from port 8888 to port 80.
However, opmnctl startproc process-type=OHS
failed as below with nothing showing in the diag logs:
opmnctl startproc: starting opmn managed processes...
================================================================================
opmn id=truffle:6701
0 of 1 processes started.
ias-instance id=asinst_1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ias-component/process-type/process-set:
ohs1/OHS/OHS/
Error
--> Process (index=1,uid=187636255,pid=25563)
failed to start a managed process after the maximum retry limit
Thx,
KenJust to add my two cents here.
The commando used on Solaris to assign the right privilege to bind TCP ports < 1024 is:
# usermod -K defaultpriv=basic,*net_privaddr* <your_user_name>
Restart the opmnctl daemond.
After that OHS/Apache user can bind to lower TCP ports.
Regards.
Edited by: Tuelho on Oct 9, 2012 6:05 AM -
PS and Project Based Accounting
Is PS and Project Based Accounting one and the same? can you please explain more about the above in simple terms? thanks
GangaHello,
We have a PS project soon in Incasol organization. By the way, the project leader who belongs to Incasol can help you. I am sure, because this person will earn
63400u20AC the first year (2008)
67000u20AC the second year (2009)
Best Regards.
Maybe you are looking for
-
Is there a way to create a link to jump to a section of a page with iWeb?
For example, if you have a list of items categorized in alphabetical order, can you create a menu bar with the letters of the alphabet, and jump to each section by clicking on a letter? Thanks for any assistance. HM.
-
Connect to secure LDAP server from iWS 4.1
I am trying to connect to a secure LDAP server that is expecting client authentication. I installed a client cert (provided by the LDAP admin) on the iWS admin server, and I can search/view user records housed on the LDAP server. However, when I try
-
How to assign a cost center to a person without Position?
Dear Experts, OM and PA is integrated. When I hire an employee to position 99999999, the cost center field in infotype 0001 is an output field, can't be manually maintained. I wanna assign an cost center to this employee in infotype 0001, not 0027 or
-
Frustrating Camera RAW colour issue
Hi guys, I have a really frustrating issue when using CameraRAW in PS. Basically when I switch on the filter CameraRAW it will mess with the colours. I haven't changed anything settings in CameraRAW. I've attached an image to illustrate. Please help.
-
How to re-install a lost app?
I purchased an app and I shut down my mac in the installing process, now I can't find it anywhere and I can't install it again via the app store. Please Help!