Configured Nacs- how to restrict AAA client access by specified Password

Similar Messages

• How to restrict the change access in CRM for OLTP orders

  Hi Guru's,
  Please let me know  how to restrict the change access in CRM for the orders that are created in ECC. The ECC orders will only for display in CRM but not for change,
  We have  the orders that are  created in ECC, it will flows to CRM and should restrict the access to get in to the change mode in CRM but as of now CRM  system is allowing change mode for ECC orders and ending up with errors.
  Is there any additional middleware parameter that needs to be added to SMOFPARSFA table to get this functionality! Please advice! Thank your for your help.
  Regards
  Suneel

  Hi.
  You can use the PFCG role to control if the user is able to create, change, delete or only display a business transaction type.
  Regards.

• HT5509 How can I disable guided access without a password on my iphone

  How can I disable guided access without a password on my iphone? Please help. I can't use Find My Iphone and touch screen.

  See: http://support.apple.com/kb/HT5018
  The easiest way is to connect the phone to your computer, click on its name, and click the "Configure Accessibility..." button on the Summary screen.

• Adhoc Query Issue - How to restrict /SAPQUERY/H2 access

  Hi Experts,
  I have created two User Groups HR_1 (assigned to infosets for Time data) and HR_2 (assigned to Infosets for Payroll data). Also, I want to assign the HR_1 to a user Time_admin and HR_2 to Payroll_Admin, so that Payroll admin do not have access to Time data and vice versa.
  Now I can restrict the access but when I execute the Adhoc query for the user, I can see the User group that I have assigned with a default user
  group /SAPQUERY/H2, which has access to all data.
  My question is, how can I restrict the access for the /SAPQUERY/H2 for the users so that the users have only access to their user groups i.e.,
  Time_admin to HR_1 only and Payroll_admin to HR_2 only.
  Regards
  Vikrant

  I was expecting some Answer but was unfortunate enough.
  I have found a solution and will mention it for those who face this issue in future.
  Configuration in “The Global Area (Cross Client)”, has some limitations
  1)      1) Restricting the access via T-Code S_PH0_48000510 (Ad-hoc Query) is difficult as this t-code S_PH0_48000510 uses the user group /SAPQUERY/H2 to which an Infoset is assigned /SAPQUERY/HR_ADM. This infoset has access to all the master data and is standard one (default).
  2)      Also, this is available in “The Global Area (Cross Client)”, due to which there will be access to all HR master data.
  Configuration in “Standard Area, i.e., Client Specific”
  1)      With this approach, we will do the same configurations in “Standard Area (Client Specific)” i.e.,
  I.            Create User groups (ZHR_1 and ZHR_2)
  II.            Create Infosets (X1 for time management Infotypes and X2 for PM and PA Infotypes)
  III.            Assign User Groups to Infosets (X1 to ZHR_1 and X2 to ZHR_2)
  IV.            Assign Users to User Groups (As per the requirement)
  2)      Additionally, Admin need to do two things
  I.            For the Users Set Parameters via SU3 as:
  Parameters for Users for Time Data
  Parameter ID
  Parameter Value
  Description
  AQB
  ZHR_1
  ABAP Query: User group
  AQS
  X1
  SAP Query: Infoset
  AQW
  Standard
  ABAP Query: Query area
  Parameters for Users for OM/PA data
  Parameter ID
  Parameter Value
  Description
  AQB
  ZHR_2
  ABAP Query: User group
  AQS
  X2
  SAP Query: Infoset
  AQW
  Standard
  ABAP Query: Query area
  II.            Provide access to T-Code S_PH0_48000513 (also calls Adhoc Query but this t-code will respect the parameters set by us in SU3).
  III.            As a result of this approach, the Users on executing the T-Code S_PH0_48000513 will be directly moved to the Adhoc query screen with their authorized access.
  NOTE:
  these changes cannot be transported via Transport.
  Regards,
  Vikrant

• Restricting MDM client access when LDAP is in use

  Hi all,
  I'm struggling a bit with MDM's security concept an hope you can help.
  We're using LDAP integration so we don't need to create all users in MDM. Most users shall use the Portal with MDM iViews to access and maintain data. Very few users shall use rich clients, like Data Manager or Import Manager.
  Some MDM WebServices run in the background of the portal process to automate some tasks, but still with the portal user authentification to make sure that the change tracking / user stamp fields are filled correctly.
  I know that LDAP is either on or off, so if we use it, we must use it for both portal and rich client. This means, everybody with a Data Manager installation and MDMRoles in LDAP can log in to Data Manager and use it according to their role. This, we want to prevent, as Data Manager generally offers way more functionality than we want our endusers to have but which we cannot restrict in the role definition so as not to corrupt our portal integration (e.g. the Web Services need more functional rights than a Data Manager user shall have).
  Of course we will restrict who gets an installation of Data Manager, but this is hardly enough to ensure security policy, if people simply install the client software themselves.
  We already considered a firewall between client and server and only opening the port 20005 for select users (by fixed IP addresses), but that same port is used by Data Manager and Java API (meaning our portal / Web Services), so we would also restrict the portal access.
  Is there a solution to grant portal access for basically everyone and rich client access for a select few while having LDAP in use?
  Thanks a lot in advance!
  Cheers
  Christiane

  Hi Christiane,
  I think you can restrict more functionality of Data Manager for a LDAP User. For this user assign a role which do not have access to create data etc as per the Role assigned to that user of LDAP. I mean the user is able to perform operations in Data Manager according the groups he is member of (Roles in MDM). In MDM Console, You have Role table where you can see Table and Fields and Functions, here you can give access to none for the functions & table and Fields.
  Please refer for more details Page no 4 onwards [Step-by-Step Process to Configure LDAP Support for MDM|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/8054d5e1-1000-2c10-a09e-a168973f74b5?quicklink=index&overridelayout=true]
  Just check and revert with result.
  Hope it helps..
  Regards,
  Mandeep Saini

• How to add addition Client access licence in my runuing server

  Dear Team
  I have windows server 2012 with 9 user cal, but i need add more cal in my running server. So plz provide me the step , how to add cal in muy running server. 
  Regards
   Rashid

  Hi,
  Checkout the below thread on similar discussion,
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/63f9b46a-cacd-44de-8118-3bba3f2ef648/how-to-add-client-access-licenses-to-windows-server-2012-standard?forum=winserverTS
  Regards,
  Gopi
  www.jijitechnologies.com

• SHD0 transaction-how to restrict the variant transaction to specified users

  I have created a variant transaction for MM02 wherein am disabling a field .I want this field to be disabled only for certain users.The variant transaction which I created affects all users.So,for everyone the field is grayed out.How to restrict this for specified users???

  Hello,
  Try to look an exit for that transaction, either user exit or badi, then try to disable the field doing a LOOP AT SCREEN, but first you should have the restricted users in a Z table, or by cheking the profiles for each user..
  Another way to do it is trying to do it the profiles customization, maybe you can do it that way.
  Cheers!!
  Dont forget to reward.
  Gabriel P.

• How to restrict AP client-to-client traffic in same SSID

  Dear all,
  Please kindly advise how wireless client-to-client traffic can be restricted? The AP is controlled by WLC.
  Thanks.
  Eric

  Hi Eric,
  Great question! Here is the related info, note the nice change in WLC Version 4.2.x.x;
  Q. In autonomous APs, Public Secure Packet Forwarding (PSPF) is used to avoid client devices associated to this AP from inadvertently sharing files with other client devices on the wireless network. Is there any equivalent feature in Lightweight APs?
  A. The feature or the mode that performs the similar function of PSPF in Lightweight architecture is called peer-to-peer blocking mode. Peer-to-peer blocking mode is actually available with the controllers that manage the LAP.
  If this mode is disabled on the controller, which is by default, it allows the wireless clients to communicate with each other through the controller. If the mode is enabled, it blocks the communication between clients through the controller.
  It only works among the APs that have joined to the same controller. When enabled, this mode does not block wireless clients terminated on one controller from the ability to get to wireless clients terminated on a different controller, even in the same mobility group.
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00806a4da3.shtml
  Configuring Peer-to-Peer Blocking
  In controller software releases prior to 4.2, peer-to-peer blocking is applied globally to all clients on all WLANs and causes traffic between two clients on the same VLAN to be transferred to the upstream VLAN rather than being bridged by the controller. This behavior usually results in traffic being dropped at the upstream switch because switches do not forward packets out the same port on which they are received.
  In controller software release 4.2, peer-to-peer blocking is applied to individual WLANs, and each client inherits the peer-to-peer blocking setting of the WLAN to which it is associated.
  http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42wlan.html#wp1084832
  Hope this helps!
  Rob

• LSO: How to restrict employee from accessing LSO Web based course.

  Hi Gurus,
  We have a requirement where we need to restrict few section of employees from accessing the LSO web nased courses. I know this can be done from Structural Authorization concept.
  Can anyone tell me how to implement this structural authorization of section of employees. or any link mentioning step-by-step process will be great help.
  Thanks,
  Swet

  Hello Satya,
  The status comes from entries in Table T77BW. I don't recommend that you change the status as I don't know what issue may occur.
  Relevant coding in RHPQ_INDIVIDUAL_PLAN_READ.
  IF history_tab-endda < sy-datum.            "begin note 588403
    pplans_tab-state_id = att_state_id.
    pplans_tab-statetxt = att_statetxt.
  ELSE.
    SELECT SINGLE * FROM t77bw INTO wa_t77bw
             WHERE context = 'EVENT_BOOK'.
    IF wa_t77bw-new_state IS INITIAL.
      pplans_tab-state_id = '02'.
    ELSE.
      pplans_tab-state_id = wa_t77bw-new_state.
    ENDIF.
  Regards,
  Manny

• How to restrict users to access the files directly from /irj/go/km/docs/doc

  Dear Experts,
  I have made a folder in KM where I have saved some files, and also I have made a application from where user can access those files.
  But the users are able to access the files by directly typing the path of the file in internet explorer, I have to restrict it that the user should not be able to access the files directly.
  Please give your helpful suggestions.
  Warm Regards
  Upendra Agrawal
  Edited by: Upendra Agrawal on May 15, 2009 4:49 PM

  Hello,
  You can have a link/button react to a mouse clic by reading the KM document and putting it on the htpp flux with the correct header (this is the same kind of code that is used when you generate the pdf). As the file access is in you server-code, user will not have access to the URL...
  an exemple for the WD Java (coming from this [PDF|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d0cc41cb-9576-2b10-99a6-ab90ef28c73b]), with slight modifications :
  public void exportToPDF( ) {
     //@@begin exportToPDF()
     ByteArrayOutputStream outputStream = null;
     outputStream = new ByteArrayOutputStream();
     // read the file with KM API and copy it to the outputStream
     showPopUp(WDWebResourceType.PDF, outputStream, "PDF Out Put");
     outputStream.close();
  //@@end
  regards
  Guillaume

• How to restrict employees from accessing managers data using custom security profile

  Hi,
  I am using custom security profile for restricting the employees from accessing supervisors details(PG.SEGMENT2=4). I have written the custom code as below :
  Responsibility :US Super HRMS Manager
  ASSIGNMENT.PERSON_ID
  IN
  (SELECT PAF.PERSON_ID FROM PER_ALL_PEOPLE_F PAF,
  PER_ALL_ASSIGNMENTS_F PF,
  PAY_PEOPLE_GROUPS PG,
  PER_PERSON_TYPE_USAGES_F PPU,
  FND_USER FNU
  WHERE PAF.PERSON_ID=PF.PERSON_ID
  AND :EFFECTIVE_DATE BETWEEN PAF.EFFECTIVE_START_DATE
  AND PAF.EFFECTIVE_END_DATE
  AND PF.PEOPLE_GROUP_ID=PG.PEOPLE_GROUP_ID
  AND :EFFECTIVE_DATE BETWEEN PF.EFFECTIVE_START_DATE AND PF.EFFECTIVE_END_DATE
  AND PPU.PERSON_ID=PAF.PERSON_ID
  AND PPU.PERSON_ID=PF.PERSON_ID
  AND :EFFECTIVE_DATE BETWEEN PPU.EFFECTIVE_START_daTE AND PPU.EFFECTIVE_END_DATE
  AND PAF.PERSON_ID=FNU.EMPLOYEE_ID
  AND PAF.PERSON_TYPE_ID =2
  AND PPU.PERSON_TYPE_ID
  IN(2,62)
  and PAF.person_id = FND_PROFILE.value('user_id')
  AND PG.SEGMENT2=8)
  and using "restrict the people visible to each other using this profile".
  I have assigned the security profile to HR user responsibility
  But when I query the supervisor name in HR User responsibility , it is not restricting me from viewing supervisor details.
  When I query for first time, its restricting me to view others details, but when I close that click on torch button and try searching, its allowing me to access manages details.
  Can any one please let me know what setups need to be done for restricting employees from viewing supervisors data.
  I have gone through the document "Understanding and Using HRMS Security in Oracle HRMS" but didn't got any idea.
  Please suggest.
  Thanks & Regards,
  Anusha.

  Hi All ,
  i solved the problem by using event 01 of header view and using the table "Extract" .
  Regards,
  Neha

• How to restrict the all access ? Single user mode....

  I am doing export/import of schema objects from Windows to Oracle. How to make sure when I do the export in the migration database no one else is modifying the data. Is there any single user mode so that I can be sure of only one connection while exporting?
  Oracle 10g R2 on Windows Server.
  Thank you,
  Smith

  Perhaps you are not familiar with the concept of multi-version read consistency.
  No one can see that which is not committed and reads can never be blocked.
  If you want a system where no one can see things kill their sessions and do a STARTUP RESTRICT.

• How to restrict External Drive access in other user accounts

  I just purchased an external HD and moved my iTunes and iPhoto libraries to it. No problem there.
  My Mac mini has four user accounts and I'd like to set the permissions on the external HD so that only I can write to it from my account. I'm attempting to do this through 'Get Info' on the external drive, then setting Sharing & Permissions to 'Read and Write' for myself and 'Read only' for the other three accounts. But it seems that when I set one of these it gets set for all four accounts.
  Am I doing something wrong trying to set the permissions this way, or, is there a better way to do it?
  Thanks,
  Andy

  I didn't realize you could set the privileges for other user accounts in the 'Get Info' box from my account. I added the names of the other three accounts and set them to 'Read Only' but I am still able to delete files from the drive when I'm logged into those accounts.
  What I'm trying to do is set it up so that either (1) they can't accidentally delete files from the external disk or (2) they can't even see the disk at all from those accounts. I would have thought that 'Read Only' would not allow them to delete files, but with the privilege set to 'Read Only' I'm still able to delete files from the disk.
  Maybe I'm missing a step? Or maybe there's another way to do it?
  Thanks,
  Andy

• Restrict DBA from accessing User's Tables

  How to restrict DBA from accessing objects created by a user?
  Regards
  Sumit

  mbobak wrote:
  Hi Ed,
  Actually, if I understand it correctly (and I may not, as I've never installed or used Database Vault and the presentation I saw was a long time ago), my understanding of the security model is that the "DBA" that has system level privileges, is separate from the "security administrator" role, which is the person who decides which user can see what application data. In Database Vault parlance, the DBA has access to the system, system views, etc, but not the application data. The application data lives in a different "realm". There can be multiple "realms", and you must be assign specific rights in the different realms to access different data. The DBA doesn't get access to any realms.
  If you do not assign those two roles to different people, then you might as well not configure Database Vault at all.
  At least, that's my understanding.
  -MarkMark,
  That was pretty much my understanding as well. But even when I worked for a credit card processing company, they didn't have that separation of duties - even though the auditors kept asking for ways to keep the DBA's out of the database.
  And even with strictly defined separation of duties, wouldn't it still come down to someone who having to have the keys to it all? How about the guy who has the password for "root"?

• How to restrict MD04 and MIGO

  How to restrict MD04 to materials belonging to a particular specified  material group?
  How to restrict MIGO to a particular specified vendor no ?
  thanks,

  Hi,
  The material group (MAKTL) restriction cannot be imposed directly via authorization for tcode MD04. Similar is the case restricting MIGO by vendor no.
  The Tcode MD04 checks for auth onject M_MTDI_ORG
  which restricts for only for
  MRP Controller
  Plant
  Acctivity types in Materials
  Similarly MIGO checks for the foll fields only in the concerned auth objects
  Plant
  Movement Type
  Storage Location.
  So thsi cannot be restricted via authorization concept normally.
  However you may take the help of your basis /ABAPERs to explore the user exits /BADIs of the related programs.
  Or your ABAPERS may help you in this regard by developing some customized reports to restrict the same.
  Pl dont forget to award suitably.Regards