Configure Read-Acces via user-defined privilege level
Hello everybody,
I´m looking for the best configuration to restrict a user to read-only. The restriction should be configured via CLI not TACACS+.
Hardware: 3750 (probably not interesting for this question)
Oldest IOS: 12.2(53)SE1
The user should be allowed to:
see the running-configuration
trigger all kinds of show-commands
ping and traceroute from the device
The user should not be allowed to:
upload/delete/rename files on the flash-memory
get into level 15 (not sure if I can avoid this)
all other commands despite those from level 1 and those specified above
Can someone help me with this?
Thanks in advance!
I won´t forget to rate helpful posts
Hi Tobias,
You can
configure Multiple Privilege Levels on a switch as explained below.
By default, the Cisco IOS software has two modes of password security: user EXEC and
privileged EXEC. You can configure up to 16 hierarchical levels of commands for each mode.
By configuring multiple passwords, you can allow different sets of users to have access to
specified commands.
For example, if you want many users to have access to the clear line command, you can
assign it level 2 security and distribute the level 2 password fairly widely. But if you
want more restricted access to the configure command, you can assign it level 3 security
and distribute that password to a more restricted group of users.
Setting the Privilege Level for a Command
Beginning in privileged EXEC mode, follow these steps to set the privilege level for a
command mode:
Command Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
privilege mode level level command
Set the privilege level for a command.
For mode, enter configure for global configuration mode, exec for EXEC mode, interface
for interface configuration mode, or line for line configuration mode.
For level, the range is from 0 to 15. Level 1 is for normal user EXEC mode privileges.
Level 15 is the level of access permitted by the enable password.
For command, specify the command to which you want to restrict access.
Step 3
enable password level level password
Specify the enable password for the privilege level.
.For level, the range is from 0 to 15. Level 1 is for normal user EXEC mode privileges.
For password, specify a string from 1 to 25 alphanumeric characters. The string cannot
start with a number, is case sensitive, and allows spaces but ignores leading spaces. By
default, no password is defined.
Step 4
end
Return to privileged EXEC mode.
Step 5
show running-config
or
show privilege
Verify your entries.
The first command shows the password and access level configuration. The second command
shows the privilege level configuration.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.
When you set a command to a privilege level, all commands whose syntax is a subset of that
command are also set to that level. For example, if you set the show ip traffic command to
level 15, the show commands and show ip commands are automatically set to privilege level
15 unless you set them individually to different levels.
To return to the default privilege for a given command, use the no privilege mode level
level command global configuration command.
This example shows how to set the configure command to privilege level 14 and define
SecretPswd14 as the password users must enter to use level 14 commands:
Switch(config)# privilege exec level 14 configure
Switch(config)# enable password level 14 SecretPswd14
Also you can change the default privilege level for all the users .
Changing the Default Privilege Level for Lines Beginning in privileged EXEC mode, follow these steps to change the default privilege level for a line: Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 line vty line Select the virtual terminal line on which to restrict access.
Step 3 privilege level level Change the default privilege level for the line.
For level, the range is from 0 to 15. Level 1 is for normal user EXEC mode
privileges. Level 15 is the level of access permitted by the enable password.
Step 4 end Return to privileged EXEC mode.
Step 5 show running-config or show privilege
Verify your entries. The first command shows the password and access level configuration.
The second command shows the privilege level configuration.
Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file.
Users can override the privilege level you set using the privilege level line configuration command
by logging in to the line and enabling a different privilege level.
They can lower the privilege level by using the disable command.
If users know the password to a higher privilege level, they can use that password to enable the higher privilege level. You might specify a high level or privilege level for your console line to restrict line usage.
To return to the default line privilege level, use the no privilege level line configuration command. Also i am sending a document for your reference.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12225see/scg/swauthen.htm#wp1154063
HTH
Regards
Inayath
Similar Messages
-
How to make a reading implausible in user define validations?
Hi all,
Can any1 tell me how to make a reading implausible
in user define validations.
Regards,
Darshana.I don't have an example at hand right now, but I've done this in the past.
If my memory doesn't fail me, one of the return parameters of the user-exit in which you have to make your validations has a parameter that let's you define (im)plausibility.
Edit: the user exit has:
EXCEPTIONS
PLAUSI_ERROR
So, raise this exception to get an implausible reading.
Hope this helps!
Kevin
Edited by: Kevin De Wilde on Jul 8, 2008 11:09 AM -
User Defined CoA Level 6 for Active Accounts
I have not selected indian CoA. Through User defined i have created entire CoA. There, i have given Active Accounts as Level 6 instead of Level 5 . Will it create Problem.
Rakesh NHi,
Absolutely no problem. Levels are only for COA grouping. IN B1 Upto 10 levels you can group your COAs.
Regards,
Venkatesan G. -
Username with privilege level 15 bypass enable
Hi experts,
I guess I never really understand the authentication process on Cisco routers and devices lol. Anyway I want users with privilege level 15 to be put in the enable mode right away after login without having to type in "enable" command and enable password. Users with other privilege levels will still be put in the EXEC mode.
AAA has to be enabled because I'm using it for 802.1x as well.
The privilege level eventually will be assigned by Radius server but right now the user is created locally on the switch. Right now I have:
aaa new-model
username admin privilege 15 secret 5 $1$2bdl$VIp53G4/zpo4f9aHh.t5v0
username cisco secret 5 $1$NGdD$ehTUzwappJFMxgA7tM/YW.
line vty 0 5
access-class 100 in
exec-timeout 30 0
logging synchronous
transport input ssh
And it's not working lol. No matter I log in with "admin" or "cisco" I'm put in EXEC mode... What do I have to do to achieve this?
Thanks!Hi,
The with default keyword authorization will get applied on all the lines i.e. CONSOLE, VTY, AUX.
In case you want it for users who are trying to login to via ssh or telnet use the following:
EXEC AUTHORIZATION
Router
router(config)#aaa authorization exec TEL GRoup radius local
router(config)#line vty 0 15
router(config-line)#authorization exec TEL
ACS
Interface configuration
Check user & group for cisco av-pair.
User setup à cisco ios/pix 6.x radius attributes àcisco av-pair [ shell:priv-lvl=15]
OR
Group setup à ios/pix 6.x radius attributes à shell:priv-lvl=15
In case of radius if exec authorization is enabled and if have not specified any privilege level in the ACS server. Then user will fall under the privilege level 1 and if enable authentication is enabled or enable password is defined on the router then we can go to enable mode by typing en or en
Regards,
Anisha
P.S.: please mark this thread as resolved if you think your query is answered. -
Privilege Levels on FWs, switches and Routers
One question - I am bothered with the privilege level settings.
Is there a default mapping between a priv lvl and teh commands you are allowed to execute or one needs to define that.
EX: I want somebody to only have the right of executing sh run on a device and nothing more.Can this be done?
Thx,
VladI would start by configuring a privilege level and then use the ? to list all the commands available at that level.
privilege level 0 - Includes the disable, enable, exit, help, and logout commands.
privilege level 1 - Normal level on Telnet; includes all user-level commands at the router> prompt.
privilege level 15 - Includes all enable-level commands at the router# prompt.
Commands available at a particular level in a particular router can be found by typing a ? at the router prompt. Commands may be moved between privilege levels by using the privilege command, as illustrated in the example. While this example shows local authentication and authorization, the commands work similarly for TACACS+ or RADIUS authentication and exec authorization (more granularity in control of the router may be achieved with implementation of TACACS+ command authorization with a server.)
Additional details on the users and privilege levels presented in the example:
User six is able to Telnet in and execute the show run command, but the resulting configuration is virtually blank because this user cannot configure anything (configure terminal is at level 8, not at level 6). The user is not permitted to see usernames and passwords of the other users, or to see Simple Network Management Protocol (SNMP) information.
User john is able to Telnet in and execute the show run command, but only sees commands that he can configure (the snmp-server community part of the router configuration, since this user is our network management administrator). He can configure snmp-server community because configure terminal is at level 8 (at or below level 9), and snmp-server community is a level 8 command. The user is not permitted to see usernames and passwords of the other users, but he is trusted with the SNMP configuration.
User inout is able to Telnet in, and, by virtue of being configured for autocommand show running, sees the configuration displayed but is disconnected thereafter.
User poweruser is able to to Telnet in and execute the show run command. This user is at level 15, and is able to see all commands. All commands are at or below level 15; users at this level can also view and control usernames and passwords.
HTH -
ASDM and privilege level (using TACACS)
Hi experts,
Initial question: How can I force ASDM to ask for the enable password when the user click on Apply ?
Environment description:
I have an ASA 5510 connected to an ACS 5.0.
Security policy:
I want the user defined on my ACS to be able to gain privilege level 15 but only after using their enable password. But by default the user must be in no privileged mode (<15).
A SNMP alert is sent when the ASA catches a "User priv level changed" syslog message. (logging customization)
ACS configuration:
Maybe I misunderstand the TACACS privilege level parameters on ACS.
I set a Shell Profile which gives the user the following privilege levels:
Default Privilege Level = 7
Maximum Privilege Level = 15
1st config tested on ASA:
aaa authentication ssh console grp-tacacs LOCAL
aaa authentication http console grp-tacacs LOCAL
aaa authentication enable console grp-tacacs LOCAL
! no authorization set
Results:
On CLI: perfect
My user authenticates with his network password to get EXEC access. Then he gains privilege access using the enable command and his enable password
On ASDM: policy security failure
When the user connects through ASDM, he gains privilege level 15 directly
It seems that if authorization is not set, ASDM always gives privilege level 15 to any user
So OK for CLI, but NOK pour ASDM
2nd config tested on ASA:
aaa authentication ssh console grp-tacacs LOCAL
aaa authentication http console grp-tacacs LOCAL
aaa authentication enable console grp-tacacs LOCAL
aaa authorization exec authentication-server
! no authorization command set
Results:
On CLI: lose enable access
I can't gain privilege level 15 access anymore. When I use the enable command, I move to privilege level 7 only. So in this case ASA use the TACACS Default Privilege Level value.
On ASDM: policy security failure
When the user connects through ASDM, he gains privilege level 7 as describe on the bottom of the ASDM window BUT the user has full rights and can change settings.
So NOK for CLI and ASDM
Question: Why do I have more access rights with ASDM as on CLI with the same settings ?
3rd config tested on ASA:
aaa authentication ssh console grp-tacacs LOCAL
aaa authentication http console grp-tacacs LOCAL
aaa authentication enable console grp-tacacs LOCAL
aaa authorization exec authentication-server
aaa authorization command LOCAL
! specific authorization command set for ASDM applied
Results:
On CLI: lose enable access (same as config 2)
On ASDM: unenable to gain privilege level 15 --> acceptable
When the user connects through ASDM, he gains privilege level 7 as describe on the bottom of the ASDM window AND the user really has level 7 access rights.
So NOK for CLI and Acceptable for ASDM
Question: Is there no possibility to move to enable mode on ASDM ?
4th config tested on ASA:
aaa authentication ssh console grp-tacacs LOCAL
aaa authentication http console grp-tacacs LOCAL
aaa authorization exec authentication-server
aaa authorization command LOCAL
! no aaa authentication for 'enable access', using local enable_15 account
! specific authorization command set for ASDM applied
Results:
On CLI: acceptable
My user authenticates with his network password to get EXEC access. Then he gains privilege access using the enable command and the local enable password
On ASDM: unenable to gain privilege level 15 --> acceptable (same as config 3)
So Acceptable for CLI and ASDM
Questions review:
1 - Is it possible to force ASDM to ask for the enable password when the user click on Apply ?
2 - Why do I have different access rights using ASDM as on CLI with the same settings ?
3 - Is there no possibility to move to enable mode on ASDM when the user is on privilege level 7 whereas he has Maximum Privilege Level = 15 ?
4 - How may I understand these parameters on TACACS: Default Privilege Level and Maximum Privilege Level ?
Thanks for your help.Thanks for your answer jedubois.
In fact, my security policy is like this:
A) Authentication has to be nominative with password enforcement policy
--> I'm using CS ACS v5.1 appliance with local user database on it
B) Every "network" user can be granted priviledge level 15
--> max user priviledged level is set to 15 in my authentication mechanism on ACS
C) A "network" user can log onto the network equipments (RTR, SW and FW) but having monitor access only first.
D) A "network" user can be granted priviledged level 15 after a second authentication which generates a log message
--> SNMP trap sent to supervision server
E) The user password and enable password have to be personal.
So, I need only 2 priviledged level:
- monitor (any level from 1 to 14. I set 7)
- admin (level 15)
For RTR, SW and FW (on CLI), it works as wanted: the "network" users connect to the equipment in monitor mode. They type "enable" and they use their private enable password to be granted priviledged level 15.
ASDM interface is requested by the customer.
For ASDM, as I were not able to satisfy the security policy, I apply this:
1- I activated Exec Shell Access authorization to get the default user priviledge level value from ACS
--> Then, when I log onto the ASDM using a "network" user, I have priviledge level 7 but I am able to change the parameter.
2- I activated LOCAL Command authorization (adding "ASDM defined User Roles")
--> Then, when I log onto the ASDM using a "network" user, I have priviledge level 7 and I can't push any modification.
--> The issue is that I can't push any modification on CLI either ... :-( because my user is stuck on "default priviledge level" 7 and can't get access to "max priviledge level 15" as defined on ACS when LOCAL authorization is set
(ok I go on my ACS and move the default priviledge level to 15 to restore an admin access to the ASA and apply 3- before resetting it to default priviledge level to 7)
3- I remove "aaa authorization enable console TACACS" to use local enable password
--> now I can't get admin access on ASDM: OK
--> and I can get admin access on CLI entering the local enable password
At the end, I satisfy my policy security tokens A to D but not E. That's a good compromise but do you see a solution to satisfy E either ?
Thanks -
Set user Defined Status in the Shopping Cart
Hello,
I am facing problem while Setting user defined Status in the shopping cart. Below are the steps which I have followed.
1. I have created Status profile via Transaction 'BS02' and also created the Status 'On Hold' with Status number 'Exxxxx'.
2. Entry of this external status is also created in the table TJ30.
3. Also I tried assigning this Status profile in Transaction type for "BUS2121".
After making the above configuration for the new User defined status I have used below function module in my program.
I am using FM "CRM_STATUS_CHANGE_EXTERN" to set the User defined status in the shopping cart.
CALL FUNCTION 'CRM_STATUS_CHANGE_EXTERN'
EXPORTING
objnr = ls_header-guid
user_status = lv_stat
IMPORTING
stonr = lv_stonr
After this FM I am also using "COMMIT WORK AND WAIT ".
But still my Status is not updated in the Shopping Cart.
Expert please suggest if some one has work in this scenario.
Best Regards,
Chirag ShahHi Chirag,
try to initialize Status schema before update.
CALL FUNCTION 'CRM_STATUS_OBJECT_CREATE'
EXPORTING
objnr = ls_header-guid
obtyp = 'SCH'
stsma = 'ZHOLD'
EXCEPTIONS
obtyp_invalid = 1
status_object_already_exists = 2
stsma_invalid = 3
stsma_obtyp_invalid = 4
error_ocurred = 5
OTHERS = 6.
Regards
K -
Data Encryption - Removable Storage - User-Defined Password
Hello,
we are testing Data encryption for USB Storage and want "Enable encryption via user-defined password" to the entire device.
But this is not working.
When i select "Apply password encryption to this folder only" and copy files to the specified folder, i got asked, which password i want to use and it works fine on the 2nd device without Endpoint Security Client to decrypt the files.
But reselect "Apply password encryption to the entire device" i got no prompt to set a password, neither i can open the files on the 2nd device.
I tried a lot. Formatting the USB Device (multiple times), clean the RSD Password, rebooting the devices, but nothing works.
Can someone confirm this issue or better give a solution?! )
BRsprause,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/ -
AAA Local with Privilege Levels
The goal....
1. local usernames on a router to control access
2. Use privilege levels in the username command to reflect what a user is allowed to do
3. Define a set of commands available to users with privilege level 1
My trouble here is that I cannot seem to find this exact combination of commands for what I want to do on CCO or Google. I have tried several combinations and here is what I have so far, but its not working.
aaa new-model
aaa authentication login default local
aaa authorization commands 1 default local
username engineer priv 15 pass XXXX
username tech priv 1 pass XXXX
privilege exec level 1 traceroute
â¨privilege exec level 1 pingHi,
This link answers your question.
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml
aaa authori command is not reqd.
Regards,
~JG
Do rate helpful posts -
User inherits privilege 15 when inside a tunnel-group - ASA 5510 7.2(2)
Hello
After enabling AAA and assigning a user a privilege level of 3(Read only) for management purposes, I realize that user has in fact a privilege 15 when logged in to ASDM (5.22). If I create a new account outside a tunnel-group, it works fine but if I move that new user inside a tunnel-group then it gets a privilege of 15.
Any thoughts?
Thanks!
GuidoHello,
I'm sorry but you posted on the wrong forum, this one is for small business devices.
Try posting on this forum:
LAN, Switching and Routing
I hope this hels -
Default Privilege Level for ASA users authenticated by Radius or TACACS when using ASDM
Hello,
I'm trying to figure out what the default privilege level is for users that are authenticated to the ASA via a remote authentication server when using the ASDM.
the command "aaa authentication http console TACACS+ LOCAL" is used in the ASA config.
The remote server is NOT setting any privilege levels for users. There are also no aaa authorization commands present in the config.
So what privilege level do the users receive when they login with the ASDM? I'm being told that the users receive admin access which includes config write, reboot, and debug. But I cannot find any documentation stating hte default level.
Please advise. And providing links to cisco documentation would be great too.
Thanks,
BrendanHi Berendan,
Hope the below exerpt from document clarifies your query. also i have provided the link to refer.
About Authorization
Authorization controls access per user after users authenticate. You can configure the security appliance to authorize the following items:
•Management commands
•Network access
•VPN access
Authorization controls the services and commands available to each authenticated user. Were you not to enable authorization, authentication alone would provide the same access to services for all authenticated users.
If you need the control that authorization provides, you can configure a broad authentication rule, and then have a detailed authorization configuration. For example, you authenticate inside users who attempt to access any server on the outside network and then limit the outside servers that a particular user can access using authorization.
The security appliance caches the first 16 authorization requests per user, so if the user accesses the same services during the current authentication session, the security appliance does not resend the request to the authorization server.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/asdm60/user/guide/usrguide/aaasetup.html
Regards
Karthik -
ASDM Privilege Level default 15 for Radius users
So this may be a bit of a dumb question...
I stumbled upon an ASA today that is configured to authenticate against a Radius server for SSH and HTTPS connections. If I log in via SSH, I can't gain a privilege level of more than 1 (tried login command, etc).
However, if I log in with ASDM, I always have privilege level 15.
Command authorization is not enabled.
Is this default behavior. If so, why? Do I need to enable command authorization to override this behavior?
FYI, the system in question is running ASA 8.3(1)
Thanks muchaaa-server RADGR protocol radius
aaa-server RADGR host 10.2.2.2
timeout 4
key cisco123
aaa authentication enable console RADGR LOCAL
After logging in, use the enable command with your user password.
http://www.cisco.com/en/US/partner/docs/security/asa/asa83/configuration/guide/access_management.html#wp1145571 -
What is Meter reading validations (System defined & User defined)
Hi Experts,
1 )How to configure Meter Readings (Technical Control Parameters, MR Control, MR Notes etc)
2) what is Meter reading validations (System defined & User defined) and how to configure it.
3) What is Register Relationships,Device Groupings & Device Allocations and how to configure.
Kindly explain with examples.
Thanks in advance.
Regards,
Shabnumhi,
Meter Validation Steps:
1. The Validation Process begins with Meter Reading Order Creation when the expected consumption is determined for the meter reading to be recorded for each register. The meter reading status is u201C0u201D or un-entered at this time.
2. The meter reading is entered via an upload program as part of the batch processing or entered manually.
This result is validated or evaluated against the permitted range of allowable meter reads/consumption for that register. The expected consumption is the basis for determining the range of the minimum and maximum values for the meter reading.
If the result is plausible, or valid, for all registers of the meter, the billing order becomes billable and the contract/installation is passed to billing for further processing. The meter reading status is updated to u201C1u201D or billable.
If the meter reading is validated as implausible, the meter reading result is transferred to the List of Implausibles for further processing (EL70). The status of the meter reading is u201C2u201D or automatically blocked. One or more independent validations can be failed in this validation process.
3. During processing, the agent can release the meter reading for billing; the status is updated to u201C4u201D, released by clerk. The reading is accepted as measured. The agent can also process the implausible meter reading result using transaction code: EL27 Execute Correct Implausible Meter Reading Results. EL27 is recommended for individual processing.
SAP Easy Access Utility Industry Device Management Meter Reading Correction of Meter Reading Results Implausible Results (Transaction EL27)
EL70 is recommended for processing of implausibles for mass processing. It is not on the menu, however, one way to open the screen is:
SAP Easy Access Utilities Device Management Meter Reading Correction of Meter Reading Results Implausible Results
Once the screen opens, click on the List button on the application toolbar
4. The agent may also correct the meter reading. If this corrected read is validated as within range, the status is updated to u201C1u201D, billable.
5. Alternatively, the reading can be determined to require follow up action and a service order is executed from the IC for re-read. A read status has been configured to support this flagging of the account for follow-up service order processing.
6. When the service order is returned from the field, the CSR releases corrects, resets or possibly estimates the meter reading depending on the outcome of the service order processing.
7. The meter reading is then passed to the billing engine for billing execution when the reading is validated as plausible.
-Siva -
Is it possible to read the user in a user defined fuction in a PI mapping?
I am running PI 7.0. I have a service call to the HTTP adapter on my Integration Engine to initiate a message. I would like to capture the username used to connect to the HTTP service when this message was called.
The call is initiated with the endpoint http://<myhost>:<http port>/sap/xi/engine?type=entry&sap-user=THISUSER&sap-password=MyPassword&version=3.0&Sender.Service=MyBServ&Interface=MyNamespace^MyInterface
When I look at the message in the RWB, I can see that the username is captured as part of the SOAP Header, in the RunTime area of the input message,
<!-- Inbound Message -->
<SAP:RunTime>
<SAP:Date>20101216</SAP:Date>
<SAP:Time>102057</SAP:Time>
<SAP:Host>myhost</SAP:Host>
<SAP:SystemId>xxx</SAP:SystemId>
<SAP:SystemNr>xx</SAP:SystemNr>
<SAP:OS>OS400</SAP:OS>
<SAP:DB>DB400</SAP:DB>
<SAP:Language/>
<SAP:ProcStatus>000</SAP:ProcStatus>
<SAP:AdapterStatus>000</SAP:AdapterStatus>
<SAP:User>THISUSER</SAP:User>
Is there a way that I can return this username in a User Defined Function (UDF)?You have to make use of the ASMA....dynamic configuration....sap-user will be a URL paarmeter....check point4 from this help section: http://help.sap.com/saphelp_nwpi711/helpdata/en/43/64db4daf9f30b4e10000000a11466f/content.htm
(sould be applicable for PI7.0 also)
Regards,
Abhishek. -
Hi everybody who has some spare time to read my stuff
I had a problem that some of you might have had. I have a user defined table, lets call it ProductTypes. Now system by default creates two columns in this table, one is Code (primary key) and another is Name (Index). I have added third column called Department. Now, if I wanted to add the following data (see bellow) to the table I would have had a constraint violation message pointing me out that I have problems with indexing.
Code, Name, Department
1, Cream, Fragrances
2, Cream, Beauty Products
^^
I could thing of couple workarounds of this problem
1. Is to duplicate Code into Name and storing rest of the data using user columns
Code, Name, Product Name, Department
1, 1,Cream, Fragrances
2, 2, Cream, Beauty Products
This approach isnt very convenient as it requires UI development should we decide to attach this table to the Item master data form in a form of combo box.
2. Is to amend Index on the database level. Initially, the index KProductTypes_Name consisted of only one column Name, what I have done is added another column which is Code to indexing. I dont see how this can harm database consistency or damage the core system. Please correct me if I am wrong.
Another way of amending index in order to solve my problem could be choosing ignoring duplicate values option for column Name.
Please let me know what are your thoughts.
Best wishes> Why don't you try adding a trigger 'instead of
> insert' where code = max(code)1 and name=max(name)1
> and use only user columns for your data. This
> provided you know SQL basics.
in this scenario we would have to do UI SDK development for the output and going to have an extra column with meaningless data in it.
Maybe you are looking for
-
Login error in OIM 11.1.1.5
Hi, I am getting the below error when trying to login on OIM application. Earlier it was working fine. Message: Automation server can't create object Line: 5689 Char: 2 Code: 0 URI: http://HostName:14000/oim/afr/partition/ie/default/opt/boot-11.1.1.5
-
Hello All, I have a requirement where I have to upload an XML from from my local machine to the CRM 2007 web-ui. I have created a button in the front-end of the order screen and on clicking of the button, some process (which I need to know actually)
-
WEBI : Dos & Donts for SAP BI
Hi All, I have my BEx Queries ready, While moving to WEBI what are the considerations need to take from SAP BI point of you & SAP BO point of view. Dos & donu2019tsu2026. for WEBI Best Practicesu2026. keeping view on Performance Thanks in advance.. K
-
I've got a menu I built in Photoshop that uses smart objects to warp and give perspective to both button text as well as pictures in the menu. I built the menu at 300dpi, then resized it to 72 for working in Encore. That 72dpi menu then became a temp
-
How to remove an email address from the spam filter?
Hi, my bank has this service of sending me an email each time I perform a transaction. But for some reason, Mail always marks these messages as spam. I've been marking tehm as "not spam" for months, but Mail never "learns" this and keeps marking them