Control/restrict user access

Similar Messages

• APO Security to control the users access

  Hi,
  Is there any possibility to control the users access by controlling through selection ID's or does it possible through any of the product lines (Characteristics)?
  My requirement is I have to control all the APO DP users in various levels of Product lines and the access has to be granted at specific product level. Right now I am trying do through selection ids, but I am looking for more effective way.
  Please help me with your views.
  Thank you in advance!
  Jegan

  Hi Jegan,
                There are so many security objects in DP that you can try out and see if they meet your requirement.
  The way I understand your issue is to restrict user by certain products or BW characteristics.
  To control by Products, try the object  C_APO_PROD with activity APO_PROD (Product Identifier). You can select specific products here for each role and restrict by either display, change, execute, delete etc.
  If you want to restrict by BI characteristics, try  object S_RS_AUTH.
  Be careful with this as you are selecting BI objects, the system restricts them even if they are remote part of your work.
  If you have to restrict by specific product levels like all product lines, I am not sure how to do it but you can certainly try searching based on keyword "PROD".
  Please let us know if you discover something useful.

• How to restrict user access in Oracle Application Server 10g (9.0.4)?

  Can anybody please let me know how to restrict user access in 10g AS? To be specific, how to allow http requests from specific IPs only?

  Hi,
  You have to edit httpd.conf and modify acces rights for each protected directory
  e.g.
  <Directory /var/www/sub/payroll/>
  Order allow,deny
  Allow from 192.168.1.0/24
  </Directory>
  then you have to restart Oracle HTTP Server
  jm--

• Time restricted user access

  Dear Experts,
  we are dealing with the following issue. Is it possible to set up time restricted user access in BPC 7.5? It means e.g. we want user to have access to BPC only in the first half of the year or (a bit trickier) in every first half of each month.
  And is it possible to temporarily prohibit access for an user without deleting him or his rights?
  Thanks for the reply,
  Jakub

  Hi Jakub,
  Can you explain why you want to set up your system this way? Depending on what you are trying to accomplish, there may be a good way to make it work in BPC (work status, security, data model design), but as Nilanjan said, there is not an easy way to totally lock out users based on date.
  Ethan

• Restricted User Access

  Hi All!
  Is it possible to restrict the access of a user in that way that he can only edit a part of the columns, but he can see the whole table even the columns he isn't permitted to change! How can i solve this problem?

  Hi user552848,
  please provide your first name...
  I would see 2 possible solutions here:
  1) Create or own access roles
  a) create an application item where you store which "access role" the user has and
  b) use the "Read only" property of the page item, where you specify a condition of type "Value of Item in Expression 1 != Expression 2". Write the name of your application item into Expression 1 and eg UPDATE_ALLOWED (=>name of your access role) into Expression 2
  2) You use the APEX authorization.
  a) Create one at Shared Components\Authorization Schemes).
  b) Use the "Read only" property of the page item, where you specify a condition of type "PL/SQL Expression" with the following code in Expression 1
  NOT WWV_Flow.public_security_check('Name of the Authorization you created');Note 1: "Name of the Authorization you created" is case sensitive
  Note 2: WWV_Flow.public_security_check isn't a documented function, so use it at your own risk, Oracle may change it/remove in the next release.
  Hope that helps
  Patrick
  Check out my APEX-blog: http://inside-apex.blogspot.com

• Restricting user access based on a site column value in a document library.

   
  We have a business requirement to show the contents of a document library based on a value (or values) in the site column (or multiple columns). For example, my document library has a custom site column called confidentiality. This
  will have values like restricted, internal and public. Now, based on the AD Group the user belongs to, I should be able to control the access to Restricted or Restricted and Internal files from the document library. We are using SharePoint Online 2010.
  Please suggest the best way to achieve this requirement?

  SharePoint's security model doesn't allow you to specify security based on metadata. You could however create a Sandboxed Solution containing a Feature that registers a custom event receiver on the Document Library. The logic inside this
  Event Receiver would fire after editing item properties (ItemUpdated) to apply item-level permissions based on the rules you need.
  Make sure to read the article below to determine if fine-grained permissions are suitable in your case:
  http://technet.microsoft.com/en-us/library/gg128955.aspx

• Restrict User Access to Planning Books- Creation of Roles

  Hi All
  I want to restrict the users to access/see only limited number of planning books in SDP94
  menu
  For this, I tried creating a role and assigned authorization C_APO_PB with required planning book values
  However I am not sure how to create the role properly. In the change role screen, the "Menu" and the "Workflow" tabs are red, while authorization tab is green
  Do I need to do any activity in Menu and Workflow tabs
  Please guide
  Any help on this is highly appreciated
  Thanks
  Vijay

  Moderator message - Cross post locked
  Rob

• Restricting Users access to BW Query based on Criteria

  Hello  ,
  Haven't found much help with the security implementation documents , i have been given a objective to create Profiles/roles and which would be used only for reporting on 1 single Cube by users from multiple departments. 
  Create profile/Roles and provide access to users for Query ZREP_C0_1 .
  User belonging to comp_code1 & region4 & plant6 should be able to view only his data and none other  even if the user wishes to see Compcode2 & region3 & plant4. 
  ( Reporting with restrictions over the User authorizations  on Region/Compcode )
  Creating the Role has been the easy as it was just to provide access to the infoarea , cubes, infobjects , query and authorization objects to execute query.   However i am stuck on how to proceed further on the above scenario  regarding restricting the users.
  Your help is much appreciated .
  Regards
  Raja

  Hi Pratheesh,
  If you are going to use client authentication in SSL and if client authentication fails since not all users will have client cert provided by you, SSL handshake will not complete and hence no access. But this is a performance impacting option. Restricting access on FW would be a good option.
  During the flow of a normal SSL handshake, the server sends its certificate to the client. The client verifies the identity of the server through the certificate. However, the client does not send any identification of its own to the server. When you enable the client authentication feature on the ACE, the ACE requires that the client sends a certificate to the server. The server then verifies the following information on the certificate:
  The CA has not revoked the certificate.The certificate signature is valid. The valid period of the certificate is still in effect. A recognized CA issued the certificate.
  You can specify the certificate authentication group that the ACE uses during the SSL handshake and enable client authentication on this SSL proxy service by using the  authgroup command in SSL proxy configuration mode. The ACE includes the certificates configured in the group with the certificate that you specified for the SSL proxy service
  Regards,
  Kanwal

• Restricting user access to delegated administration pages

  I have a question about delegated administration services.
  When a user is defined, regardless of its privileges, it has access to OIDDAS pages.
  And he or she can see the other users' information. (through Directory and Users tabs)
  Is there any way to restrict OIDDAS pages to selected userids?
  Regards
  Farbod

  If your version of the servlet container is compliant (I assume iPlanet is), then you can declaratively set your security in the web.xml. You can specify entire directories (HTML, JSP, graphics, etc) to be secured. This also prevents you from converting all your static content to JSP and inserting code into each one to validate the user. You may define your own custom login page as well. This is by far the best method of security if you're not trying to do anything fancy like data-level security. The J2EE security model is role-based.
  Hope this helps.
  Chris

• HT201304 Is there a way to restrict user access to find my ipad with out restricting the mail app?

  I am working on setting up multiple Ipad 2 tablets with iOS 5.1.1 and I need to restrict access to turn off find my ipad. The only way I see to do this is to turn on restrictions and dont allow changes on accounts. The issue I have then is it also restricts the Mail app setup. Is there a way to restrict one and not the other? We use microsoft exchange mail and I would be willing to use another mail app if anyone can suggest one that works as an alternative?
  Thank you.

  I don't know of any reliable tracking app, but perhaps someone else here can suggest one I'm not aware of. Any could be defeated by just restoring the iPad, though, so about all you could hope to do would be make things a bit more difficult to turn off. For a third-party app, you'd have to restrict the user's ability to uninstall apps, something which might be equally problematic for you.
  Regards.

• Restrict user access to sales order

  Hi all...
  We have the following situation:
  A user xxxxx creates a sales order with va01 ... how can be limited the access to this sales order??..another user  yyyyyy is not allowed to modify this sales order but user yyyyyy can create orders/modiffy ordes with va01/va02.(something like limit access to o sales order created by another user).
  Regards,

  Hello Viadi,
  Your basis person can help you out in providing this restrictions.
  I would like to tell you that you can restrict a particular user from accessing a t-code entirely for eg: you can restrict a user to only VA01 & VA03 i.e., creation and display  and another user should be given access to VA02 i.e, change SO.
  This way you can maintain security measures for SAP usage.
  If you give authorization for creation and change there might not be sanctity of usage. But this again depends upon the client requirement.
  Hope this helps.
  SAP gurus any additions or corrections to this are welcome.
  Thanks
  Swami

• Is it possible to restrict user access to files that need read/write permissions?

  I am in the process of implementing electronic payments for a company's AP department.  Dynamics GP (Great Plains) needs to create an EFT file that will get sent to the bank.  After it is created, a script is run that sends the TXT file to the
  bank and then renames the file extension to SNT.  Users are logged on to the Great Plains server and have their own permission group.
  Because the file is sending payment instructions, it is essential that users cannot modify or create a file with fraudulent payment instructions to the bank (incorrect bank account info).
  With testing, I was able to save the file from GP to a folder where users cannot read it's contents, however the script cannot send the file to the bank without "read access" (it says not files available).
  Any ideas for solutions?  For instance, is it possible to make Great Plains and/or the script file "system" so that it can override the user profile's permissions? 
  I was also looking into the ability to hide the folder/files, but it appears users can choose to view hidden files and folders.

  I dont think so you can do it that way..

• Generic Object Services restrict user access

  Hi
  I have the following scenario, could anyone offer any pointers as to how to achieve a solution.
  I have two groups of people, A and B, my requirement is to only allow group A to access/delete documents that have been created by users in group A, and for Group B to only have access to attachments created by users in group B.
  An in addition to Ideally have two content repositories one for A and one for B
  Thanks
  John

  Hi John,
              Please adjust role with S_OC_ROLE and S_GOS_ATT.
            1) If a user has a role with S_OC_ROLE with *, then he will be able to delete the attachements made by any othe user, then in this case S_GOS_ATT will not be checked.
             2) If a user has a role with S_OC_ROLE with " ", then he will be NOT able to delete the attachements made by any othe user, unless S_GOS_ATT is assigned.
  Thanks,
  CB

• FAGLB03 - Restrict user access to view only two GL accounts.

  We want certain users to access only two GL accounts using transaction FAGLB03. Any help will be highly appreciated.

  Hi
  I do not think we have any authorization object based on GL Account value for T Code FAGLB03. However, you could probably write an FI validation rule based on GL Account No and user id. You can maintain the user id in a set
  Prerequisite
  Company Code = XXXX and System T Code = FAGLB03 and GL Account = XXXXXX
  Check User ID = ABCD
  If the check fails, system should throw an error message
  Regards
  Sanil Bhandari

• Restricting user access through single machine without entering password

  Dear All,
  We would like to provide access to temporary user and he should be able to access our Production R/3 using SAP GUI from the machine which is allocated to him and not from any other machines in the same network.He should be able to login when he click on the login pad without entering password.
  Please let me know is there a way to achieve this by changing the SAP gui settings in that machine alone/suggest me if you have an alternate solution?
  Appreciate your response.
  Thanks,
  Vadi

  Hello Vadivambal,
  Actually the second thing might be possible with logon pad. In the logon pad there is an option for short cuts. You can create a short cut for a system in launch pad which gives you the option for specifying user id and password also. However this is relevant for SAP GUI 640 or higher only. The GUI launch pad has two tabs: Shortcuts and systems. Check the short cut part.
  Regards.
  Ruchit,