Controlling Access

Not sure if this is the right forum for this questions. I have a vpn concentrator 3005 with it's private interface connected to a dmz interface on my pix. The public interface to a hub hanging off my router facing the internet.
I have a vlan set-up on our core switch (4507) that contains servers that are used for our application developers. Our applications developers are able to access their servers by connecting and authenticating to our concentrator. The are given an ip and then access to their particular servers are controlled via the pix.
I would like to prevent the developers from being able to transfer any data from the development server to their computer they are using to make the vpn connection.
What would be the best why to accomplish this?
Thanks in advance for any assistance.

Transfer how? Secure copy, ftp, CIFS? There are multiple ways to transfer files and if the developers really want them, they will find a way to get them. Block the ports on the firewall or create a policy on the Concentrator to block ports will be your best bet.

Similar Messages

  • "Sorry, you don't have access to this page" when creating a sub site. I am in the owners group with full control access

    cannot provisioning a SharePoint 2013 site with full control access, I get the page with the "Sorry, you don’t have access to this page”. Any help will be greatly appreciated.

    Hi,
    Which template did you use for the parent site?
    Please check whether the site collection administrator could create a subsite.
    Please grant permissions on the Device Channels list
    http://sitecollection_URL/DeviceChannels/AllItems.aspx -> List -> List Settings -> Permissions for this list -> granted Read rights for the Everyone group, compare the result as
    it.
    Please navigated to the hidden list "TaxonomyHiddenList" on the site collection i.e.
    http://somdnetsp/lists/TaxonomyHiddenList/AllItems.aspx and check permissions on this list. Check whether the list has unique permissions and there were no users added to the list. If yes,
    add "authenticated users" in the list permissions.
    Then, try to create sub site, compare the result.
    If this issue still exists, please check the log file to find whether there are some message about this issue.
    Best Regards,
    Wendy
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback
    for TechNet Subscriber Support, contact [email protected]
    Wendy Li
    TechNet Community Support

  • Control Access in Message Monitoring

    Can I control access to payload within PI-Message-Monitoring? The topic has been discussed already:  How to Control Access To Payload
    By using the "S_XMB_MONI-authorization-object" I can protect access to payload for certain messages, regardless of viewing it with Transcation "SXMB_MONI" or with "RuntimeWorkbench";
    For me it is not clear, whether the "S_XMB_MONI-authorization-object" does only affect messages within the Integration-Server, or does it also work for messages in adapter-engine-message-monitoring? I mean, when using "Runtime-Workbench --> Message-Monitoring --> AdapterEngine..."?
    Regards, Josef

    Hi,
    It works only for SXMB_MONI (ABAP stack), user on adapter engine can still see payload.
    One hint I can give you to explore further, authorization on RWB are controlled by Visual Admin, you can explore something there to block user to view payload on RWB.
    I am exploring it and will update you.
    Regards,
    Gourav
    reward points if it helps you

  • Is following message due to 'Java' setting left unchecked? Mac OSX supportsUser Authentication Mechanism (UAM) plug - ins from other manufacturers to control access to servers.To use a UAM, copy the plug - in to: Library/ Filesystems/ AppleShare/ Authenti

    Is following message due to 'Java' setting left unchecked?
    Mac OSX supportsUser Authentication Mechanism (UAM) plug - ins from other manufacturers to control access to servers.To use a UAM, copy the plug - in to: Library/ Filesystems/ AppleShare/ Authenti

    Man that is an ancient message.
    The last time I saw that was using Mac clients connected to a Microsoft (Windows) Server running 'Services for Macintosh' which included the ability to act as an AppleShare compatible file server. Because Microsoft have a different security system for defining accounts which includes the 'domain' as well as username, the standard Mac AFP client did not know how to send that information.
    Therefore Apple made it possible to installed a plugin in the form of a UAM or User Authentication Mechanism which added the ability to send this information to login to the fileserver.
    See http://support.microsoft.com/kb/101747
    However Microsoft have long discontinued 'Services for Macintosh' and now the only way for a Mac to connect to a standard Windows Server is via SMB not AFP. I don't believe this plugin is available to download anymore.

  • Is there a way to control access by IP Address?

     

    I'd like to follow up on this question using WLS 6.0/6.1.
    What I need to do is block access to a set of directories to public IP
    addresses. My usual approach would be to tweak the webserver
    configuration to deny the requests, but I can't seem to find
    documentation on how to accomplish this.
    So, if approach this with a ConnectionFilter, I can look at the
    ConnectionEvent's getRemoteAddress() method to determine whether the
    requestor is public or trusted, but can I get enough information from
    getProtocol() method to determine which directory they're requesting?
    Thanks,
    Matt Kleiderman
    Alvin wrote:
    Hi,Michael,
    Is there any way to control access to a particular application by ip address?
    For instance, there are multiple applications reside on the same WLS, some can
    be accessed publically, some only can be accessed by users from a certain ip address?
    The example you mentioned only applys to the whole WLS.
    Thanks.
    "Michael Girdley" <[email protected]> wrote:
    Yes:
    http://www.weblogic.com/docs51/classdocs/javadocs/weblogic/security/net/Conn
    ectionFilterImpl.html
    Thanks,
    Michael
    Michael Girdley
    Product Manager, WebLogic Server & Express
    BEA Systems Inc
    Mitchel Lang <[email protected]> wrote in message
    news:[email protected]..
    I was wondering if there is anyway to restrict access to WLS 5.1 by
    IP
    Address?
    I have a NES Server with SSL running communicating with a WLS server
    through
    the NASPI proxy. In order to maintain SSL we do not want anybody going
    directly against the WLS.
    Any Ideas would be helpful.
    Mitchel Lang
    Mgr. Application Architecture
    Time Inc.
    212.522.0748
    [email protected]

  • Controlled Access to device password - How do I disable it?

    Really hoping someone can help,
    I set up the controlled access to device password, however earlier today it rejected the password even though I had entered it correctly. On the last attempt it told me that failure would wipe device of all data! My network provider told me that if I entered it wrong on a final attempt it would wipe and block the phone and the only way to have phone unblocked would be to have it sent away! As a few hours had passed and I was unable to use the phone I took the chance of entering the password again and it worked.
    However, when I went to disable the password it would not allow me to! 
    Is there any way to disable it as I mostly use my phone for business I can not afford to have it blocked and/or wiped!

    Doesn't sound like it.  Your employer has put that in place.  You can change the password, but you cannot remove it.
    Please click the Thumbs Up icon if this comment has helped you!
    If your issue is resolved, please click the solution button on the resolution!
    Every BlackBerry should have BlackBerry Protect, get it now! | Follow me on Twitter | Bring Back BBM Music!

  • Using Oracle 11gR1 OID to control access to 11gR2 RAC database ?

    I have a two 11gR2 RAC Node database that I would like to implement Oracle 11gR1 OID to manage all access to the RAC database.
    Should I install and configure Oracle 11gR1 OID into the same RAC database to control access to the RAC database? Is this the appropriate approach?
    Please share your ideas... I couldn't make it to Openword to ask this type of question.

    Hi,
    I think there is some confusion here. OID doesnt protect your database. All OID is doing is taking the authentication of the user and authorization (privileges) of the user to OID and out of the database. This way you can centralize the management of all user accounts in one place and not worry about it in the database. This is helpful only if you have many databases. If you have a very small number of databases and small number of user accounts, then OID is not really buying you anything. The best practices is published in the oracle docs. Just that you have to read a lot to figure it all out. Here are some info from our installation.
    1. weblogic and oid application is installed on a application server
    2. Repository database is a independant database (not shared with other apps) in a shared RAC cluster.
    3. Replication (OID application replication) setup between a primary oid server and a secondary oid server in the DR site
    4. Load balancer configured to point to the primary server and if primary server is not available, point the connection to secondary server
    5. DIP configured to pull all users and groups from active directory
    6. Password filter installed on all DC's to capture passwords and ship it to oid.
    7. Users creation, modification,deletion, expiry, etc., is all controlled on active directory.
    8. Database registered with OID for user authentication and authorization
    For protecting you data, you will need to use additional security methods/products like :
    1. Database vault (to prevent privileged users from operating on the data)
    2. Database auditing
    3. Fine-grained access control
    4. table level policies
    5. Fine-grained auditing (column level)
    6. Audit vault (to consolidate all audit records to a central place for auditors to classify and research each audit event)
    7. operational/process to enforce security.
    Good luck :-).
    Regards,
    Shaji.

  • Best authentication method for controlling access to wlan

    What is the best method for controlling access to a wlan with a 5508 wlan controller
    The requirments are
    -Needs to support all types of clients (Mac, PC, smartphones, tablets)
    -Clients need to be able to connect easily and without errors or installing certs or wireless profiles etc..
    -Secure
    This doesn't seem like alot to ask but I keep running into problems.
    What are people using?
    Thanks

    I can't find an errors in any area of the event viewer.
    Here is these files cat'd together.
    GeoTrustGlobalCA
    GeoTrustDVSSLCA
    corp-vs-ca2.########-export
    -----BEGIN CERTIFICATE-----
    MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
    EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
    R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
    9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
    fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
    iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
    1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
    bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
    MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
    ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
    uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
    Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
    tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
    PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
    hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
    5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIID+jCCAuKgAwIBAgIDAjbSMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    YWwgQ0EwHhcNMTAwMjI2MjEzMjMxWhcNMjAwMjI1MjEzMjMxWjBhMQswCQYDVQQG
    EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UECxMURG9tYWluIFZh
    bGlkYXRlZCBTU0wxGzAZBgNVBAMTEkdlb1RydXN0IERWIFNTTCBDQTCCASIwDQYJ
    KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKa7jnrNpJxiV9RRMEJ7ixqy0ogGrTs8
    KRMMMbxp+Z9alNoGuqwkBJ7O1KrESGAA+DSuoZOv3gR+zfhcIlINVlPrqZTP+3RE
    60OUpJd6QFc1tqRi2tVI+Hrx7JC1Xzn+Y3JwyBKF0KUuhhNAbOtsTdJU/V8+Jh9m
    cajAuIWe9fV1j9qRTonjynh0MF8VCpmnyoM6djVI0NyLGiJOhaRO+kltK3C+jgwh
    w2LMpNGtFmuae8tk/426QsMmqhV4aJzs9mvIDFcN5TgH02pXA50gDkvEe4GwKhz1
    SupKmEn+Als9AxSQKH6a9HjQMYRX5Uw4ekIR4vUoUQNLIBW7Ihq28BUCAwEAAaOB
    2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIz02ZMKR7wAoErOS3VuoLaw
    sn78MB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMBIGA1UdEwEB/wQI
    MAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5j
    b20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAB
    hhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZIhvcNAQEFBQADggEBADOR
    NxHbQPnejLICiHevYyHBrbAN+qB4VqOC/btJXxRtyNxflNoRZnwekcW22G1PqvK/
    ISh+UqKSeAhhaSH+LeyCGIT0043FiruKzF3mo7bMbq1vsw5h7onOEzRPSVX1ObuZ
    lvD16lo8nBa9AlPwKg5BbuvvnvdwNs2AKnbIh+PrI7OWLOYdlF8cpOLNJDErBjgy
    YWE5XIlMSB1CyWee0r9Y9/k3MbBn3Y0mNhp4GgkZPJMHcCrhfCn13mZXCxJeFu1e
    vTezMGnGkqX2Gdgd+DYSuUuVlZzQzmwwpxb79k1ktl8qFJymyFWOIPllByTMOAVM
    IIi0tWeUz12OYjf+xLQ=
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIIFaDCCBFCgAwIBAgIDBo5UMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQLExREb21haW4gVmFsaWRh
    dGVkIFNTTDEbMBkGA1UEAxMSR2VvVHJ1c3QgRFYgU1NMIENBMB4XDTEzMDQyNTA4
    NTEzNVoXDTE1MDQxNTA0NDcyOVowgdQxKTAnBgNVBAUTIHNZbkoyTG0tb2dGZnZC
    aFlodWRqWVZIMndEek43MGdOMRMwEQYDVQQLEwpHVDU3NDYxMTU1MTEwLwYDVQQL
    EyhTZWUgd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzIChjKTEzMTcwNQYD
    VQQLEy5Eb21haW4gQ29udHJvbCBWYWxpZGF0ZWQgLSBRdWlja1NTTChSKSBQcmVt
    aXVtMSYwJAYDVQQDEx1jb3JwLXZzLWNhMi5wb3BtdWx0aW1lZGlhLmNvbTCCASIw
    DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM4jgpKBeo8rtM/zJIEyho3HppeU
    tZeK+wmLfPeBTJxr2UmQFOmcniQblgsHREAGyJR0KT5yrYzxx6wpZaqCUcZlxl1Z
    lUz5mfxHnL5Oc14sUnqwaJuxprXV5Rnclci6W6BMFjI4QoxXjQwSa+3A1enf+ZsO
    sXUojQbQx62MX8rINuQ+srgdDielK/mJqTAMt11x6+NqIpwlGAgOxKd7vjG6aKRf
    a2efvS/hK4Pi0ieWPGn1GXz/AlYpHQv0cppUr8huL/+2+9cEvd1sp8XN/ASN3YTm
    WWo//fVpbXIlzp8mU4Q7t8+7LglxFQabhl4eMBarMi8SnNuh2zYKQxJRPvsCAwEA
    AaOCAbMwggGvMB8GA1UdIwQYMBaAFIz02ZMKR7wAoErOS3VuoLawsn78MA4GA1Ud
    DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwKAYDVR0R
    BCEwH4IdY29ycC12cy1jYTIucG9wbXVsdGltZWRpYS5jb20wQQYDVR0fBDowODA2
    oDSgMoYwaHR0cDovL2d0c3NsZHYtY3JsLmdlb3RydXN0LmNvbS9jcmxzL2d0c3Ns
    ZHYuY3JsMB0GA1UdDgQWBBSODVVgPunABo61x13N20tEP66egDAMBgNVHRMBAf8E
    AjAAMHUGCCsGAQUFBwEBBGkwZzAsBggrBgEFBQcwAYYgaHR0cDovL2d0c3NsZHYt
    b2NzcC5nZW90cnVzdC5jb20wNwYIKwYBBQUHMAKGK2h0dHA6Ly9ndHNzbGR2LWFp
    YS5nZW90cnVzdC5jb20vZ3Rzc2xkdi5jcnQwTAYDVR0gBEUwQzBBBgpghkgBhvhF
    AQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291
    cmNlcy9jcHMwDQYJKoZIhvcNAQEFBQADggEBAC2Kadfzc6X/3dI//J5SGR9fnCa7
    6NVl8SV5aAYAvmOdkZBiurIYa1eHYYaDUGmOO8awTOXTfc4QzX75QwBUmcZeZKdj
    ZMPiJlm7Bsz/3Q1eolxHCqkAiDZIEohoT0o8Spw6+Eq8KcPnhf+K5+rIzJnWBZ9P
    tmpS4SEtrGHIfj3+638eqTydxuOCZ0Be9EanVK0ERav25fTRgRoZ+yEDiFP/MjQd
    rAgW7SyLOjm4I6bTmzjugmXf2Axm2kFuoyyZdrvdrJ+GBku5F6DOufGdGu13j80S
    lp148qh7gCREWrCqn3pH14qPKeHwC47jAQ3+ikRDfB090h9HGRi/8+w7Tx4=
    -----END CERTIFICATE-----

  • Controlled Access Mode

    Hello,
    Why I only can login to Sun Ray when I use Controlled Access Mode????
    Where does Sun Ray Server Software save users???
    Thanks.

    Sorry...
    When I enable the local policy Controlled Access Mode, then I can login in Sun Ray Client with smart card or Solaris user... but when I disable Controlled Access Mode, I can't login with any user.
    Thanks.

  • How do you set a security password to control access to an external hard drive?

    how do you set a security password to control access to an external hard drive?

    The only way to reliably protect data, especially on an external hard drive, is to encrypt it.  Permissions don't have to be respected.  One way to encrypt data is to create an encrypted sparse bundle disk image with Disk Utility.  See:
    http://support.apple.com/kb/HT1578
    (Be sure to use the 256-bit encryption.)
    Alternately, you could use some whole-disk encryption, though I have no experience with any of the software for doing that.  You could try the following:
    http://www.truecrypt.org/
    I don't know that I would recommend the product being advertised inappropriately by keynesis.

  • Control access to proxy??

    I've set up the proxy on my osx 10.5 server. All seems to work fine until i want to block facebook, i take it to block hosts url's you have control access to proxy. So whatever domain name i restrict it to it just halts all trafic to the proxy. what is the naming convention to put in the domain tab?
    my server is called studio21.xserve.xxxxx.ac.uk
    so what should i put in here? also do i have to set up realms? i'm a bit lost and can't find a decent tutorial on it. Any ideas would be greatly appreciated

    To block sites you don't control access to the proxy: You block the sites at the proxy.
    You can get a good idea on how proxies work by doing a google search for "squid proxy" and reading some of the documentation.

  • Remote panel and selective control access through Security with DSC

    Hi Everyone,
    I looked around to see what labview had to offer concerning security of remote panel and all the solutions I've found only propose full access to a remote panel, or none. The login page is not an option for me as everyone on the intranet can access the remote panel for monitoring but not everyone can have control to the buttons on it.
    With the DSC module, I can give securities to the different controls and it works great with the exe, if I log in or out, the controls appears or disapears. Unfortunately, with remote panels, those controls are always visibles. Furthermore, when I log in from a remote panel, all the other remote panels get logged in with the same username and priviledges. When I log out, same thing, it logs out all the other remote panels. So the last guy who logs in gives its priviledges to every one else who is monitoring the remote panel at that time. when he logs out, he logs everyone out. I used a reentrant vi hoping that this would solve the problem but it didnt.
    I would like to do what my colleague does with Advantech without any problem. He has only 1 .exe is running on the server and whoever connects to it through webserver, just needs to log in and he has all the priviledges of an guest, operator, admin, etc.. with access to controls and features accordingly. All this without interfering with the other people using the remote panels. This colleague has always been doubtful about the capabilities of labview to do SCADA systems and uptil now, I've been able to prove him wrong.. please help me continue
    There are workarounds, using remote desktop to the server instead of webserver but it definitely is not as practical for the client and it will need quite some work to to synchronise all the exes open from the differents sessions, through the use of shared variables, binding and securities.
    Thank you for your help.
    Solved!
    Go to Solution.

    Thank you very much for your reply Jordan.
    The NI security info is on the server (local domain with groups and users), and the running exes as well. The remote panel is not supposed to be accessed by internet, at least not yet, but just by the computers on the network and thinkline computers who are directly connected to the servers. the remote panel is accessed through the simple url: http://serverip/Application.html
    There is no problem with accessing the remote panel of the exes on the server from another computer on the network. But there are several security issues when logging in and out with the NI Security Programmatic Login and logout VIs through the remote panel..
    The 1st problem occurs when several people access the remote panel at the same time. In my setup, everyone is allowed to check what's happening on the front panel of the running exe, go through the tabs, check the graphs, the tables, etc.. , but only the administrators and the operators can send commands to the machines and the production line through this remote panel. Hence some buttons are accessible to all users, while others are only accessible depending  on the privileges of the person logged in.
    So like I said in the 1st post, I configured some buttons to be accessible only by the users of the admin group. When the exe runs, it's perfect, if I log in and out with an admin account, the buttons appears and disappear accordingly. But when I check the remote panel, those admin buttons are always visible, even if I am logged in as a guest or even logged out. Is it because the remote panel only needs minimum runtime engine and doesnt use the dsc runtime engine? if so, any work around?
    Furthermore, another big problem is that if I login as an admin in one remote panel, then login as an guest in another remote panel, and then logout back from the first remote panel, it says: "User Domain/Guest logged out". Hence, my second login logged out my first user. I can actually see the admin buttons appearing and disappearing on the exe when login as admin and guest from the different remote panels.
    So that's it, I would like my remote panel to behave like a normal scada system, with one exe running in the back (on the server) and with all the users accessing it through web server. Several users might/will access the remote panel at the same time and each of the users have a login/password that grant some of them the privileges to take some actions while giving the others only monitoring rights.
    I hope that I have been more clear in this 2nd post,
    Thank you again for your time.
    Best Regards,
    Tom.

  • Controlling access to build in iSight/microphone

    I hate to say I told you so, but considering some of the answers I got on my original posting (http://discussions.apple.com/thread.jspa?threadID=426480&tstart=0) I can not but say "I told you so" ...
    Fact 1: security update 2006-008
    Fact 2: exploit demo
    My question is not answered yet: How do I control which applications/processes accesses my iSight/microphone? As far as I can tell, Apple provides no way for that ...
    Regards
    Jim
    AiPB 15'' 1,25 GHz   Mac OS X (10.4.8)  

    Thanks for your reply, Leopard Pagan, but my question goes into another direction: What if an application does make use of the build in camera without telling my so as to spy on me, for example?
    I know there is a small light that is supposed to warn me that the camera is on. But it might be overlooked or nobody is sitting in front of the computer or maybe it can be turned off while the camera is still on.
    So, what I am looking for basically is a way to control which application can make use of the camera/microphone, and I have'nt found one yet. Maybe there is none at the time, but then hopefully someone finds one soon.
    Regards
    Jim

  • Controlling access to display attributes that are also characteristics

    In earlier versions of BI an authorization relevant characteristic (such as profit center) could be secured in navigation but could be made visible universally by creating a second authorization object for the characteristic and granting * access for the second object and restricted access for the first. As long as one authorization object for the characteristic had * access the display attribute was visible but one could still control navigation and selection. Now that authorization objects are no longer created what mechanism would be used to allow restrictions on navigation while keeping access open for a display attribute?
    For those that are having trouble seeing where this might be relevant: consider a cube that has both  consolidation unit and a profit center characteristics that are both authorization relevant. They are not exactly orthogonal for business reasons (especially at the node level) but someone who is reporting on the profit center characteristic may want to see what consolidation unit that the profit center belongs to. The consolidation unit is also a display attribute of the profit center but the user may not be authorized for the entire consolidation unit. Without authorization he cannot see the display attribute. There is no authorization issue for the attribute display but there is a restriction for the consolidation unit as a whole. The user can summarize over the CU ( only.   How is this allowed in the latest versions that use analysis authorizations and not authorization objects?

    Good afternoon Corwin,
    Have a look at SAP Note 761089 - point 4 might be helpful. It may be that you haven't given the users enough authorisations to see and use the attributes.
    Regards,
    Karen

  • Controlling Access to Build In Camera & Microphone

    Is there a way to control which application has access to the build in camera and microphone?
    Thanks in advance
    Jim

    Thanks for your reply, Leopard Pagan, but my question goes into another direction: What if an application does make use of the build in camera without telling my so as to spy on me, for example?
    I know there is a small light that is supposed to warn me that the camera is on. But it might be overlooked or nobody is sitting in front of the computer or maybe it can be turned off while the camera is still on.
    So, what I am looking for basically is a way to control which application can make use of the camera/microphone, and I have'nt found one yet. Maybe there is none at the time, but then hopefully someone finds one soon.
    Regards
    Jim

  • Controlling Access to Certain Reports When Using Crystal Reports Server

    Hi,
    I was wondering exactly how security is managed when using Crystal Reports Server?  Do you assign rights to individual reports via user ids in Active Directory?  Or what exactly is used for user authentication?  Is it possible to create local accounts?  Thanks.

    Usually access is controlled by permissions which are set in the CMC (BO web admin tool). You can map 3rd party groups from AD or LDAP and then assign permissions to those groups or set up security with built in enterprise groups as well. You may elect to use any combination of the above. For more complex security models there can use database and row level security built into our meta layers called business views and universes.
    Regards,
    Tim

Maybe you are looking for