Columns multipling in Role based lists

Similar Messages

• Public/Role Based Lists

  Do you know if/how it is possible to create a new role based list and assign that list to multiple roles (keeping the same/identical name)?
  For example I want to create a list named Open Opportuntiies. I want to use slightly different criteria and create the same named list for just roles 2 and 3 ... and assign the original one to role 1 only. Can this be done? Seems that the list name must be unique. Is that true?

  Hi,
  Yes the list name has to be unique. You'll need to create different list names here
  Thanks
  Oli @ Innoveer

• GRC 10 Role based firefighter multiple users

  Hi All
  We are using GRC AC 10 SP12 and have Role based EAM implemented. We are looking at way to prevent the same user from being assigned multiple firefighters or a way for approver to know that another Firefighter ID is already assigned to this user?
  Thanks in advance
  Regards
  Vijaya

  Hi Vijaya,
  You can train approvers to Click on existing assignment button(in Access Request) to know the roles already assigned.
  And if in your environment, FF roles has distinguished naming convention then it can easily be identified
  by role owners.
  Thanks,
  mamoon

• Role-based view commands missing from config

  Hi All,
  I set up a 2960G with IOS 12.2(44)SE6 and created a role-based view to be used by our helpdesk.  One of the things they need to do is add rules to a MAC ACL on the switch.  I've successfully created a view for them and can include and exclude most commands, however, when I try to include the "commands mac-enacle include all permit" command, I get no syntax error, and there is no line in my configuration reflecting the change. As it stands, from the helpdesk view (named smco) I can get into mac acl configuration mode, but I can't issue any of the sub commands.
  Any advice would be greatly appreciated.  I tried upgraded to 12.2(55)SE and had the same result.
  The current configuration for the parser view is as follows:
  parser view smco
  secret 5 hashed_pw
  commands configure include mac access-list extended
  commands configure include all mac access-list
  commands configure include mac
  commands exec include configure terminal
  commands exec include configure

  After I issue the command "commands mac-enacl include all permit" there is no line in my startup or running configuration that says: "commands mac-enacl include all permit" or anything that closely resembles that.
  I've tested with multiple local accounts.  After authenticating, I issue the "enable view smco".

• Automatically populate custom list column with site name when list is created

  Hi All,
  I am using a CQWP to display selected contacts on subsites from one master contact list on the parent site. Each subsite is for a different project and is named according to the project number. In the master contact list I have a custom column called Projects
  that is populated with the various different project numbers that an individual contact is involved with.
  The CQWP on the subsite filters the results based on the Projects column of the master contact list. As it stands I have to manually input this job number into the CQWP's properties. What I would like to happen is for the project number (the subsite name)
  to automatically be input to the filter value.
  The closet I have come to reaching my desired behaviour is by adding a column to the Site Pages list called Title and setting the filter value to [PageFieldValue:Title]. This still doesn't get the automatic behaviour I require because I still have to input
  the project number into the Title column manually, but it is quicker than editing the CQWP properties.
  What I need to achieve is either a way of automatically populating this column with the subsite name or find a way for the CQWP to pick up the subsite name and filter its results accordingly.
  I have found this article http://www.andrewconnell.com/blog/Subclassing-the-Content-Query-Web-Part-Adding-Dynamic-Filtering which seems to be along the lines of what I want to achieve, but it is by no means a walk through and while I'm not completely
  unfamiliar with coding, I don't know enough to implement it without help.
  Any help would be greatly appreciated, I've been working on this for weeks on and off!
  Thanks in advance,
  Dan

  Hi,
  I believe the "Description" field type is Multiple Lines of Text. Sorting doesn't allow in this field type. In order to do the sorting, you would require to create additional column like single line of text column (note that it supports only 255
  chars and require to truncate the data if more than 255) and update the data using event receiver or workflow. and do the sorting with that column.
  kmhsad

• Uploading Multiple Documents To a List Item sharepoint 2010

  hi Guys ,
  Is there a way we can enable (out of the box )Uploading Multiple Documents To a List Item sharepoint 2010 ?
  cheers

  No, There is no OOB way to do the same you have to build a custom Page/Control OR customise OOB Form to attache multiple files and that will be through integration of ajax based control (multiple file uploader.)
  the other way to do the same is provision a custom field. we have done this for our many  clients.
  Hi, I also encountered the same problem, could u pls provide detailed information by a custom field?

• OBIEE 11g issue - same user assigned to the multiple application role

  Hi All,
  We are facing an issue when assigning a user to the multiple application role and applying the data level filter on the different column of the same table.
  For example, we have a table Department with three columns Department No, Department name, Department location.
  Application Role A1 and A2 are created.
  Data Level security Applied on the application role A1: Department Name='Finance'
  Data Level Security Applied on the application role A2: Department location='US'
  The user "User1" is created in LDAP and is assigned to both the Application roles A1 and A2.
  When logged in with "User1", none of the filters of Role A1 or A2 is applied in the report. If this user is assigned to only one role, either A1 or A2, then the filter is applied. It seems the filter will not be applied if a user belongs to multiple roles with data filter applied on the same table across these roles.
  Please reply if anyone has faced similar issue.

  Hi All,
  Regarding the above issue to update the analysis we came up that the user if assigned to the multiple group with the data filter applied on the same column of the table is getting an *"OR"* join.
  We had a requirement to get an "AND" in the query condition. Please let us know if any one faced the issue and the resolution of the same.
  Regards,
  Jyotshna

• EAM ID based or Role based? Why settle for just one?

  G'Day All,
  I've raised a question in the following blog, however I would like to open it up to other people as well so they might get something out of it and in the process might share their own thoughts on the matter at hand.
  ID-Based Firefighting vs. Role-Based Firefighting
  So this is where I am at this point:
  From what I can gather so far, my understanding of EAM ID/ROLE based is as follows:
  - Id Based: Logs in using own U.ID and through GRAC_SPM accesess FFID from the GRC Server and logs into the system assigned to them (ECC, SRM, CRM etc)
  Only one user at a time can use a FFID.
  Firefighter need not exist in every system assigned to them due to central logon however they need to exist in the GRC system
  Knows exactly when FFID is being used as he/she has to login so has a psychological effect (good thing)
  Better tracking of FF tasks - Specific log reports with Reason Codes. Bonus point from Auditors!
  Two Log ins so potential to commit fraud. (1 action using own UserID and 1 action using FFID)
  Could be hard to track and find out when a fraud has been committed so can be a problem with auditors.
        ID Based -> GRAC_SPM : TCode for Centralised FFighting -> You will see FFIDs assigned to you
        ID Based -> /n/GRCPI/GRIA_EAM : TCode for DCentralised FFighting -> You can see  the FFIDs assigned to you
  - Role Based: Logs into the remote system only using U.ID, so everything gets logged against that one ID. 
  Multiple users can use the FFROLE at once.
  Firefighter has to exist in every system assigned to them - so multiple logons.
  Hard to differentiate between FF tasks and normal tasks as no login required  So easy to slip up
  Time consuming to track FF tasks - No Specific log reports. No Reason Codes
       R.Based -> GRAC_SPM : TCode for Centralised FFighting -> You will see FFROLEs
       R.Based -> /n/GRCPI/GRIA_EAM : TCode for DCentralised FFighting -> Not applicable so wont work
  So based on this there are pros and cons in both however according to SAP only one can be used. To me personally,  it makes more sense to get the best of both the worlds right? So here is my question why can’t we just use both?
      . Really critical tasks -> FFID
      . Normal EAM tasks -> FFRole
  Alessandaro from the original post pointed this out:
  "Per design it isn't possible to achieve both types of firefighting at the same time. It's a system limitation and hence to configurable."
  Well this is what I can't seem to get my head around. For a FFID, there is a logon session so it has to be enabled and as far as I can tell there is no way around it.
  However for FFRole, there isn't such limitations/restrictions like starting a separate session. FFRole is just assigned to an end user for him/her to perform those tasks using their own user ID.
  So in what way is it different from any of their other tasks/roles, other than the fact that they've got an Owner/Controller assigned to the FFRole? and
  What is stopping us from using it when ID based is the default?
  If I were to do the following does it mean I can use both ?
      . Config Parameter: 4000 = 1 (GRC System) -> ID Based
      . Config Parameter: 4000 = 2 (Plug-In)  - > Role Based
  Please excuse me if my logic is a bit silly, Role Based firefighting is only done on Plug-in systems so the following should work just fine:
     . Config Parameter: 4000 = 2 (Plug-In)  - > Role Based
  However for ID based, it is a Central Logon, so the following is a must:
      . Config Parameter: 4000 = 1 (GRC System) -> ID Based
  Which means both ID/Role based can be used at the same time, which seems to be working just fine on my system. Either way I leave it you experts and I hope you will shed some light on it.
  Cheers
  Leo..

  Gretchen,
  Thank you for thoughts on this.
  Looks like I'm failing to articulate my thoughts properly as the conversation seems to be going in a different direction from what I am after. I'll try once more!
  My query/issue is not in regards to if/what SAP needs to do about this or why there isn't more support from Companies/Organizations and not even, which one is a better option.
  My query is what is stopping us(as in the end users ) from using both ID/Role based at the same time?
  Now before people start referencing SAP documentation and about parameter 4000, humour me with the following scenario please. Again I would like to reiterate that I am still in the learning phase so my logic might be all wrong/misguided, so please do point out to me where I am going wrong in my thought process as I sincerely would like to know why I am the odd one out in regards to this.
  Scenario
  I've created the following:
  FFID
  FFROLE
  Assigned them to, two end users
  John Doe
  Jane Doe
  I set the Configuration Parameters as follows: 
  IMG-> GRC-> AC-> Maintain Configuration Settings -> 4000:1 - ID Based
  IMG-> GRC (Plug-in)-> AC-> Maintain Plug-In Configuration Settings-> 4000:2 - Role Based
  User1
  John Doe logs into his regular backend system (ECCPROD001)-> executes GRAC_SPM-> Enters the GRC system (GRCPROD001)-> Because the parameter is set to ID based in the GRC Box, so he will be able to see the FFID assigned to him-> and will be presented with the logon screen-> Logs in -> Enters the assigned system (lets say CRMPROD001) At this point the firefighting session is under progress
  User2
  Jane Doe logs into her regular backend system (ECCPROD001) -> (can execute GRAC_SPM to check which FF Role has been assigned to her but she can see that in her regular menu, so there is no point) -> Executes the transactions assigned in FFROLEThis is done at the same time while FFID session is in progress
  So all I want to know is if this scenario is possible? if the answer is No, then why not?
  I physically carried out this scenario in my system and I had no problems(unless I am really missing the plot here), which brings me back to my original question: Why settle for just one?
  Again to reiterate I am not getting into the efficacy or merits of this or even if one should use this. Just want to know if it is possible/feasible or not.
  So there you have it. That's the whole enchilada(as they say there in Texas). I tried to word my thoughts as concisely as I can, if there are still any clarifications, more information you or anyone else reading this would like, please do let me know.
  Regards,
  Leo..

• Role-Based CLI Views with AAA method

  Hi,
  I'm configuring Role-Based CLI Views on a router for limiting access to users.
  My criteria:
  - There should be a local user account on the router that has the view 'service' attached to it
  - If the router is online and can reach the radius server, people in the correct group are assigned the view 'service'
  My configuration:
  aaa new-model
  enable secret 1234
  username service view service secret 1234
  aaa group server radius my_radius
  server-private 10.1.1.1 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key 0 1234
  server-private 10.1.1.2 auth-port 1645 acct-port 1646 timeout 2 retransmit 1 key 0 1234
  aaa authorization console
  aaa authentication login mgmt group my_radius local
  aaa authorization exec mgmt group my_radius local
  line con 0
  authorization exec mgmt
  logging synchronous
  login authentication mgmt
  line vty 0 4
  authorization exec mgmt
  logging synchronous
  login authentication mgmt
  transport input ssh
  The ERROR
  Now I want to go configure the cli view 'service'...
  # enable view
  Password: 1234
  *Jun  1 08:00:02.991: AAA/AUTHEN/VIEW (0000000D): Pick method list 'mgmt'
  *Jun  1 08:00:02.991: RADIUS/ENCODE(0000000D): ask "Password: "
  *Jun  1 08:00:02.991: RADIUS/ENCODE(0000000D): send packet; GET_PASSWORD
  *Jun  1 08:00:21.011: RADIUS: Received from id 1645/13 10.1.1.1:1645, Access-Reject, len 20
  The Questions
  Why does the 'enable view' try to pick a method list when you have to supply the enable secret to access the root view?
  Can you change this behaviour to always use the enable secret?
  The TEMP Solution
  If you're logged on to the router via telnet or SSH, the solution or workaround to this issue is:
  aaa authentication login VIEW_CONFG local
  line vty 0 4
  login authentication VIEW_CONFG
  Do your configuration of the view and re-configure the line to use the correct (wanted) method of authentication.
  Thanks so much for the suggestions
  /JZN

  hi,
  You have the following configured:
  aaa  authentication login mgmt group my_radius local
  aaa authorization  exec mgmt group my_radius local
  line  con 0
  authorization exec mgmt
  logging synchronous
  login  authentication mgmt
  line vty 0 4
  authorization exec mgmt
  logging synchronous
  login authentication mgmt
  transport  input ssh
  Hence every time you try to login to the console or try the ssh the authentication will head to the radius server because of the following command "login  authentication mgmt".
  You cannot make it locally. Whatever defined on the method list mgmt first will be taking the precedence.
  enable seceret will be locally defined. but you have the following configured:
  aaa  authorization  exec mgmt group my_radius local
  line  con 0
  authorization exec mgmt
  line  vty 0 4
  authorization exec mgmt
  Hence exec mode will also be done via radius server.
  when you configure:
  aaa  authentication login VIEW_CONFG local
  line vty 0 4
  login  authentication VIEW_CONFG
  You are making the authentication local, hence it is working the way you want.
  In short, whatever authentication is defined 1st on the method list will take precendence. the fallback will be checked only if the 1st aaa server is not reachable.
  Hope this helps.
  Regards,
  Anisha
  P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

• Role Based Access problem in forms

  This would be a long reading.
  I'm having a problem with forms Role Based Access.
  We have two databases, one in London and one in Zurich. We have installed
  application server and oracle forms on London database. We have implemented
  Role Based Access to forms. For this we have created a database role (say ZUR_USER)
  in both databases. The view FRM50_ENABLED_ROLES which is used by forms role based access control
  is also created in both databases with a 'grant select to public'.
  Our form system has a menu and forms under that menu. Both menu and the underlying forms have been
  assigned Menu Security/Item Roles to the above mentioned ZUR_USER role and the role is assigned
  to various users.
  Now a Zurich user is trying to login to Zurich database using the URL for forms installation
  in London server. He can login successfully and can see the menu heading in the main screen but
  when he clicks the menu he doesn't see the underlying forms list.
  When we try the same user id and database from London (using the same URL) we see all the forms.
  Any idea what are we missing. The Menu Security is setup at menu level as well as the form level under
  that menu. User can see the menu but not the form under that menu from Zurich. No such problem while
  login from London.

  I'm using the Forms 10g
  and yes the only difference is between login from Zurich and London.
  Problem definitely is due to Role Based Access setup.
  The user in Zurich can see the Menu but not the items under that menu.
  I have set the security set up at both menu and menu item(i.e. form name) level.

• Duet Enterprise 1.0 SP2 - SAP Role based authantication

  Hi All,
  We have implemented Duet Enterprise 1.0 SP2 in our landscape. Now we try to implement SAP Role based authantication.
  But don't know which role to assign for which authorisation. In my scenario i have created 2 users. For one user i want to have only read access to all lists (Contact, Employee, etc) and for another user i want to have all acess (read, write, modify, delete) on all lists available at sharepoint.
  Can someone help me to tell what roles (template) need to assign for what operation.
  Which roles i do assign to user in SAP that which ristrict users access at Sharepoint.
  Thanks & Regards
  Virender Solanki
  09818316550

  Hi Binson,
  I want to ristrict the crude operation (create, update etc) by giving roles in backend system. i am able to apply restriction at sharepoint end but i don't want that. i want SAP role based security.
  So i want, according to given roles in backend system user is able to do operations at sharepoint.
  Thanks & Regards
  Virender Solanki

• How to create context sensitive help and call the role based help from my Java Project?

  Hello All,
  I am new to Robo Help. I have created a Robo help for my Java Web Applicaion. My application is role base i.e some user's will not see some of the pages of the application. So I want to hide those pages in Robo help as well. I tried creating multiple TOC for different Roles.
  My Question is
  How to call robo Help from my application?(I will be calling using java script. If it is with RoboHelp_CSH.js where can I get that and How to implement it in my project)
  How to implement role based help?
  Thanks,
  Siva.

  I answered that. My point in asking whether it matters was that if it does, then you cannot use content categories and point different users to different categories and not allow them to see the others.
  The alternative, as I said, would be to produce different outputs for each role.
  As it does matter, then using webhelp you will have to use your RoboHelp project to produce a number of outputs, one for each category. Your app would install each webhelp into different folders and when your app determines the user role, you will link to the appropriate help.
  There is another thread running where it has been explained by Willam van Weelden that you can achieve what you want using browser based AIR help. If that form of help can be considered, then the thread is at http://forums.adobe.com/message/4914753?tstart=0#4914753
  Browser based AIR help must be run from a web server. It cannot be installed locally.
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge

• OIM 11.1.1.5 provisioning role based objectclasses and attributes

  TL;DR You can't provision some attributes in our LDAP directory without the objectclass and I can't figure out the best way to inject the dynamic objectclasses into the create user process without the user being created already.
  Some background:
  I have configured our oim 11.1.1.5 instance and LDAP connector to provision ODSEE.  At another's recommendation, I put all possible LDAP attributes in a single form regardless of which objectclass was needed for them.  In ODSEE, sets of attributes are allowed through objectclasses for each 'Role'.  ie. Student, Employee, Guest, etc objectclasses.  I have all of the roles identified in OIM and can map them to an objectclass in LDAP
  My question is, how can I provision role based objectclasses along with the common ones that are configured in the lookup so that when the associated attributes are provisioned, I don't get objectclass violations? 
  Can I append objectclasses to the list stored in the Configuration lookup in ldapUserObjectClass?
  Should I create a child form containing the objectclasses and try to provision them?
  Can/should I create a child form for each set of attributes by role?  Common attribs in the LDAP_USR form and role based attribs in UD_LDAP_STU, UD_LDAP_EMP, UD_LDAP_GST, etc.  Would prepop and the rest of the main form functions work the same?
  Anything else I'm not thinking of? I am still a novice with some of these topics and may be way off base.
  Any help will be greatly appreciated and thank you in advance

  It is definitely doable if you use a custom LDAP connection implementation and just add objectclass update calls as needed as precursor tasks for the Update tasks.
  Here is a small LDAP demo tool that you can adapt to do the update: http://iamreflections.blogspot.com/2010/08/manage-ad-with-jndi-demo-tool.html
  There may be a smarter and more out of the box way to do it but this will work.
  Martin

• Role Based Access through business roles? Switch b/w business roles?

  Hey Guruz:
  We have a situation where we want to really chop down on what the user should see in UI.
  What this basically means is that we want to define job based business roles. In essence a user should only see what he is allowed to execute as part of his job function.
  One solution would have been to create 1 business role and control everything through the pfcg role. But, this will be a very unfriendly approach, as the user would never really know what is part of job profile and what not till he clicks on it to find out that it doesnt work and is not authorized for it.
  To avoid the above situation, we want to give managers and users the liberty to pick out their own combination of business roles which suits a users job profile. I know this would mean we might have to create quite a few business roles, but atleast it avoids reduntant access.
  Any thoughts are welcome.
  Questions:
  If a user is assigned multiple business roles how to switch without really logging off?
  Can we have tabs or something on the header or nav bar which allows a user to switch b/w business roles?
  Can the net affect of multiple business roles be combined when assigned to a user ?
  Thanks
  KT

  Hi KT
  The whole concept around assigning a Business Roles is to provide a specific set of functions to a specific user or user group.
  There should not be any reason for a User to log off from one role and then log in with another.
  If for example you want a user to have some Sales Professional access as well as some Service Professional access then you would copy Sales Professional Role to you own custom role, remove the Sales Professional attributes that you do not want, then add in the required Service Professional attirbutes required.
  The WEB UI views can then be configured for that particular Custom role you have created.
  Hope this helps
  Arden

• Does "Access Enforcer" only support "role" based SOD analyse?

  Hi Expert,
  In the demo script, when the user create the "Access Request Form", he can choose the "Role" he wanted from "Select roles" list, I'm just wondering whether each role here is corresponding to the role in the backend system? for example,
  If I choose role "Z_AP_ACCOUNTANT" actualy at that time there is a role called "Z_AP_ACCOUNTANT" already in the backend system if the system is a SAP ECC system.
  Another question is, if so, does that mean it can only support "Role" based SOD analyse? as you know, each role may contain several "authorization objects", can it be done from "authorization object" level?
  Thanks and best regards.

  Hi,
  The Roles are normally determined based on the SOD.Using T/code:PFCG the roles are mapped to the system.These Roles are common to all the system,regardless of R3,Virsa etc.
  The roles also can be determined without SOD [but this is not recommended.].
  The SOD is only to ensure that there exist no internal control weaknesses while creating the Roles at an organizational level.Thus it is only an excercise outside the System,be it SAP,Virsa or else.
  At the system level we map only the roles [ using :PFCG].We dont map SOD here.So,SOD or No SOD,the system supports the Roles.
  Hope this helps.
  Regards,
  Ramesh.