Creation of roles with restricted access to infoarea

Similar Messages

• BW : RSA1 with restrict access, possible?

  Hi all,
  Its possible use RSA1 with restrict access ?
  You can implement the transaction RSA1 restriction of access.
  Example:
  Some users can not use the part of source systems (TCODE RSA13).
  In this example, we block the transaction RSA13, however using RSA1 itself unable to access the part of source systems.
  thz

  Just to add some more info to Durgesh's reply...
  Using obj S_RS_ADMWB you can restrict access to different ares of AWB. See online docu on this topic:
  [http://help.sap.com/saphelp_nw04/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/content.htm|http://help.sap.com/saphelp_nw04/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/content.htm]

• SUIM identify roles with restriction in P_ORGIN PERSK

  Hi all,
  I'm trying to identify role in SUIM which have a restriction in object P_ORGIN in employee subgroup (PERSK). I need the roles which have the restriction for the values 6-19 because I have to enhance the restriction to 6-22.
  Is there an option to solve this easily.
  Thx

  There is no option available in SUIM for "not equal to" selections of the object details nor specifying a range which must be inclusive of only that exact range. Unfortunately the latter is possible in authorizations.
  Other than checking your own documentation, you will need to do digging in the tables unfortunately.
  > The roles that can access also for example 1, 2, 3 etc. shouldn't be shown as result.
  What about from '1' to "26"? If that that is not to be included and you only want those with a range of exactly from "6" to "19" then I would sync the user tables and start from UST12 and map the authorizations back to the roles via the profiles. Others might differ in opinion, because there are other tables as well.
  Cheers,
  Julius

• Problem with Restrict Access to Page with access level using ASP

  I'm using Dreamweaver CS3 with ASP-VBScript and an Access
  database. The pages were created from scratch for this project,
  using those tools all the way through.
  I've created a login page, an admin homepage, and add, edit,
  and list records pages for three tables. The login page uses the
  Server Behavior "Log in User", all other pages use the Server
  Behavior "Restrict Access to Page". All of these are based on an
  Access Level.
  Login seems to work correctly, and redirects to the admin
  homepage. From the admin homepage, I can open any other page as
  expected, and they initially display correctly. On the add and edit
  pages, however,
  submitting the form often results in getting logged out, but
  not always.
  Once this happens, I can log back in, but other problems will
  sometimes occur during that second login session. Sometimes,
  logouts will occur on pages that worked fine during the first login
  session. Sometimes, another session variable that I've setup
  manually will change when it shouldn't...as if there were two
  values stored for my session variable, and reloading the page
  changes to the other value.
  This
  post seems closest to my experience, but it doesn't look like
  there was really an answer beyond "I had to fight with it for a bit
  to get it to work":
  I suspected that there is some problem with session settings
  on the server. We have an almost identical tool on the same server
  that was developed with an older version of DW that works more
  reliably; it sometimes has problems with the initial login, but
  never has a problem after that.
  Has anyone experienced problems like this? Any suggestions
  for what to check? I'm really pulling my hair out since it's so
  unreliable...the kind of problem that goes away when you try to
  show someone and comes back when they leave.

  Hello,
  I was thinking that all I would need would be the username, although username and paswsword would be more secure.  There are about 50 users and no groups or levels.  They are all equal ... same level.
  The website is private and there is a general content area for all users and then there will be private areas for each user where proprietary documents will be held.  I need to be able to ensure that user 'A' can only see the user 'A' pages, user 'B' can only see user 'B', etc.
  I don't really understand what the Dreamweaver script is doing, but the overview sounded like it was the right tool to accomplish what I'm trying to do.
  Any assistance greatly appreciated.
  thanks.

• Integrate IdM roles with Sun Access Manager roles

  Hi all,
  I am currently working on a solution involving Sun Identity Manager 7.1 and Sun Access Manager 7.1 as well. We use AM for overall authentication and SSO across the application, and IdM for user provisioning.
  I need to create roles in Identity Manager, and I would like that when I assign a role to a user in Identity Manager, he gets the same role in my Access Manager repository (Sun LDAP). Identity Manager does provide a way to set attribute values in resources when a role is set. Access Manager on the other hand has both dynamic roles, based on an LDAP search, and static roles.
  What are the important differences between static and dynamic roles in AM?
  Does anybody know a good way to propagate roles from Identity Manager to Access Manager?
  Thanks.

  I found answers to my question. I succeeded in setting the Access Manager role from Identity Manager using the nsRoleDN attribute. Here are some references to begin with:
  About directory server roles:
  http://docs.sun.com/app/docs/doc/820-2493/fvbrn?a=view
  Forum thread reference:
  http://forums.sun.com/thread.jspa?threadID=5208694
  Here are roughly the steps I followed to get this working.
  Access Manager roles setup:
  1. In Access Manager, create a new static role named test_role under the identities realm (in Subjects > Role).
  Identity Manager roles setup:
  1. Create a new role in Identity Manager: tab Roles, click New....
  2. Assign the LDAP resource to synchronize the role with.
  3. On the Assigned Resources line, click the Set Attributes Values button. This shows up the attributes listing allowing you to bind your IdM role to your LDAP repository.
  4. Set the attribute nsRoleDN to the LDAP DN of the role that was created in AM (nsRoleDN must be added in the resource attributes mapping before).
  * In the column Value override, select Text.
  * In the column How to set, select Authoritative merge with value, clear existing. (* See IDM Admin guide about this setting, I am still not sure how it reacts with multi-value attributes)
  * In the text box, enter the role DN text (ex: cn=test_role,dc=com).
  5. Save the role. You can now add the role to a user.

• How to set-up Guest Client Wireless Access "PIN" with Restricted Access ???

  This is my first time, and, I am not familiar with the rules.
  Is it possible for someone to answer a slightly different question...
  I just bought a TC and hooked it up to my cable modem. I have 3 computers that I want to configure, with the following requirements: WPA/WPA2 security all around, only the 3 computers I have to be allowed use of the TC, and, no listing of the network should appear on remote computers (i.e., a "closed network"). With these basic needs, the three computers I want to be in this network are listed below --- subject to the following ACCESS limitations:
  1. A G4 iMAC (10.5.5), wired to the TC via an Ethernet cable: FULL ACCESS; i.e., shared file access, TM back-ups, HP printer access, internet access;
  2. A MacBook (10.5.5), airport wireless access to the TC: FULL ACCESS, as the iMAC.
  3. A (new generation) PC laptop: VERY LIMITED access --- access only to the internet, so that the TC looks only like a "wireless router." Internet access available at any time of the day or week. It would be good if this client did not have to use any of my passwords, just a "PIN." Also, I do NOT want this PC client to see my printer, and, also, to NOT see my TC base station and NOT have access to my TC/TM disks. To set this up, I entered the PC laptop name and the "MAC" address using the Airport Utility. Then, I selected the "PIN" choice for access, so that this client need not have to ever use or know of any of my passwords. After I selected the "PIN" option, the utility asked me to enter the PC client's PIN. How do I obtain the PC's PIN? This is very confusing to me, so, I apologize to you all (I'm very new at this).
  Hopefully, this TC-only network concern is within the guidelines to be answered.
  Thanks,
  David.

  Dear Smokerz,
  Well, this is where I'm confused. I did use the Airport Utility. I went to the place where it asks for the PIN number. So, I made up an 8-digit number and entered it. I assumed that after I entered the number, it would prompt me to do something with the PC. But, the "Continue" button did not become highlighted. Hence, my confusion. Can you please be more specific as to exactly what I should do using the Airport Utility? The detailed instructions are vague to me, unfortunately.
  Also, with respect to the PC Laptop: I only want it to have access to the internet via the TC (so that the TC acts as a wireless router). And, I want to set up restrictions for limited use of the PC: NO ACCESS to the HP printer, and NO ACCESS to the TM/TC (other than as a wireless router). As before, can you please be more specific as to exactly what I should do using the Airport Utility?
  I must be missing a trivial menu item, so, again, I apologize.
  Thank you,
  David.

• Role to Restrict access to BW report acc. to plant & Region

  Hello,
  Can I restrict users to view the BW report according to the plant they are authorized to.
  Say I've User1(plant 1100) & User2(plant 1200).
  Now I want both the users to access same report (say, Plant Wise Sale Report) but to view data related to their plant only.
  Can I achieve the scenario by creating Role.
  Also I want to put a check on Region( East, West, North, South).
  Plz provide Authorization Object & complete procedure for both plant & Region.
  Thanks in Advance
  Shilpi

  its long procedure. Screenshots will help u. 
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/ded59342-0a01-0010-da92-f6b72d98f144
  http://help.sap.com/saphelp_nw2004s/helpdata/en/59/fd8b41b5b3b45fe10000000a1550b0/frameset.htm
  BI and Portals 2006 [original link is broken]
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/ded59342-0a01-0010-da92-f6b72d98f144
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d01852a1-772c-2a10-ada1-88300f31c6cf
  /people/prakash.darji/blog/2006/10/09/sap-netweaver-2004s-bi-authorizations-for-reporting
  let me know if you are not clear.

• Roles with Change Access to Table Maintenance

  Hello,
  We have many roles that have S_TABU_DIS-Table Maintenance, 02-Change access, *-Auth. Group. Many of these roles have very few transactions and are not Basis\Development related. My questions are what transactions do I need to make sure these roles don't have to so they can't change data in Tables? I know SM30 and SE16, any others? Also second question, should I be worried if these roles do not have the access to start these transactions but do have the access given in the S_TABU_DIS object?
  Thank You,
  Alex

  1. Asides from SM30 and SE16 you already mentioned, 'SE16N' and 'N' come to mind. Maybe there are others.
  2. Yes. You should be worried. Users could get authorizations for any of the aforementioned transactions from another role and get authorization to change all the tables from this role. Bad Stuff.
  I suggest that you figure out why exactly these roles includes S_TABU_DIS object with change authorizations for all table groups. Once you have that figured out - you can take appropriate actions. In my mind, it would be very hard to justify having S_TABU_DIS with 02/* in any role.

• Can I create a web page in Contribute with restricted access?

  We use Contribute to edit and update our property website.  I would like to create a page that will display on the website but only to those that have the login and password to look at it.  Can I do that?

  Hi newworld border,
  You sure can! Select the photos/album and go to Share>export
  In the export window there is a web page button
  hit that and set your options.
  there is also a plugin for iPhoto called BetterHTMLExport for iPhoto on Mac OS X
  This plugin gives you more choices for your web creation.

• VSTO: Word Automation how to Protect Document with Restricted Access

  hi all:
  As the title, how to achieve this in VSTO?
  Could you show some Word API for this requirement?
  Really thanks,
  Best regards,
  Riquel
  Please remember to mark the replies as answers if they help and unmark them if they provide no help.

  Actually I just want to use Automation/VSTO to implement "Restrict permission to content in files". Any idea?
  https://support.office.com/en-nz/article/Information-Rights-Management-in-Office-2010-c7a70797-6b1e-493f-acf7-92a39b85e30c?ui=en-US&rs=en-NZ&ad=NZ
  Thanks! 
  Best regards,
  Riquel
  Please remember to mark the replies as answers if they help and unmark them if they provide no help.

• User in 2 user groups always picks the rights from the group with least access -BOBJ 4.1 SP2

  We have BOBJ 4.1 SP2 installed.
  Lets say User1 is in a role1(User group) that has restricted access(no access to design menu for WEBI report in launchpad). Works fine when User1 logs into the launchpad. Cannot see the Design menu in Launchpad.
  User1 is also in another role2(user group) that has Design access for WEBI report (more like Power user access).
  Now when logged into a launch pad via SAP portal, and opening WEBI report on which role2 (user group) is applied that has Design access, user1 cannot see the Design menu of WEBI report. This is probably happening because User1 is also part of role1 that has restricted access. So it looks like it is always picking
  the role with least access and applying it no matter which report I am opening.
  I would expect the role to regulate the authorizations on the report. And one user could be a simple end user for one report and a power user for another report.
  Please advise if this is a Known issue or expected behavior. Is there a work around?
  Thank you very much
  Suman

  Hello Suman,
  Try avoid denial based security rights assignment instead you can specify the  unspecifed. As Greg said
  Denied + Granted = Denied
  Denied + Not Specified = Denied
  Granted + Not Specified = Granted.
  You should not deny rights for HR End User usergroup, Instead make them as unspecified. If you do so the whenever the user part of both the groups , your security rights aggregation would be
  Granted + Not Specified = Granted.
  Make sure you follow the approach as above.  You can refer the blog below for how to structure the folder, report and User group hierarchy and effective maintenance of security
  BusinessObjects Administration - Content Management Plan
  Regards
  Mani

• Restricting Sales Order Creation for Customers with specific AccountGroup

  Hi
  We have 2 Accont Groups for Customers namely Actual & Prospective.
  We wish to allow Enquiry / Quotation and Order creation for customers with Account Group ACTUAL and wish to allow only Enquiry and Quotation creation for customers with Account Group as Prospective.Is there anyway i can apply Sales Order creation block on an ACCOUNT GROUP on whole and not on Individual customers...
  Regards
  Sanjeev Bagaria

  Hello
  I did this through Listing Inclusion / Exclusion.
  (1) We created a new Customer Group 99 for Prospective Customer
  (2) We then created a new Condition table xxx with Customer Group & Material Type(as footer)
  (3) We then created this new Access Sequence Customer Group / Material Type to Exclusion Procedure B00001
  (4) We then assign the Exclusion Type B00001 to Sales Documents ZDOM & ZEOR our Order Sales Documetn Types
  (5) And finally we created a record for Exclusion with 99 Customer Group and Material Type as FERT..
  This now restricts creation of Sales Orders for all my Prospective Customers provided Customer Group is maintained in Customer Master. We are now also able to make Enquiry / Quotation and Sample Sales Order for Prospective Customers sicne we have Different Sales Document Types for all these and have assigned Exclusion only to normal Sales Order Document Type.
  Thanks a lot for all the suggestions provided.
  Regards
  Sanjeev

• Restrict Access To Page Not Working with Different Auth Levels

  I have just started playing with the idea of using different auth levels to allow different users access to certain pages on my site.
  Within my SQL database I have a authlevel table consisting of 3 possible levels (guest, user, admin)
  I am using the Dreamweaver "Log in user" to log in users based on username, pass, and auth level and "Restrict access to page" set to allow user levels 'user' and 'admin'.
  The problem, however, occurs when trying to log in.  No matter what auth level I try I am redirected to my page where users should be redirected if they are not allowed to enter that page.
  I have included below my code from my login page and the page where all authorized users (user and admin) should be directed upon entering the restricted area.
  Login Page:
  <?php require_once('../Connections/hondovfd.php'); ?>
  <?php
  if (!function_exists("GetSQLValueString")) {
  function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
    if (PHP_VERSION < 6) {
      $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
    $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
    switch ($theType) {
      case "text":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;   
      case "long":
      case "int":
        $theValue = ($theValue != "") ? intval($theValue) : "NULL";
        break;
      case "double":
        $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
        break;
      case "date":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;
      case "defined":
        $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
        break;
    return $theValue;
  ?>
  <?php
  // *** Validate request to login to this site.
  if (!isset($_SESSION)) {
    session_start();
  $loginFormAction = $_SERVER['PHP_SELF'];
  if (isset($_GET['accesscheck'])) {
    $_SESSION['PrevUrl'] = $_GET['accesscheck'];
  if (isset($_POST['username'])) {
    $loginUsername=$_POST['username'];
    $password=$_POST['password'];
    $MM_fldUserAuthorization = "authlevel";
    $MM_redirectLoginSuccess = "/membersonly/membersonly.php";
    $MM_redirectLoginFailed = "/membersonly/loginfailed.php";
    $MM_redirecttoReferrer = false;
    mysql_select_db($database_hondovfd, $hondovfd);
    $LoginRS__query=sprintf("SELECT username, password, authlevel FROM login WHERE username=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
    $LoginRS = mysql_query($LoginRS__query, $hondovfd) or die(mysql_error());
    $loginFoundUser = mysql_num_rows($LoginRS);
    if ($loginFoundUser) {
      $loginStrGroup  = mysql_result($LoginRS,0,'authlevel');
      //declare two session variables and assign them
      $_SESSION['MM_Username'] = $loginUsername;
      $_SESSION['MM_UserGroup'] = $loginStrGroup;          
      if (isset($_SESSION['PrevUrl']) && false) {
        $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];    
      header("Location: " . $MM_redirectLoginSuccess );
    else {
      header("Location: ". $MM_redirectLoginFailed );
  ?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/phptemplate.dwt" codeOutsideHTMLIsLocked="false" -->
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  <!-- InstanceBeginEditable name="Title" -->
  <title>Log In</title>
  <!-- InstanceEndEditable -->
  <meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
  <meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
  <link href="../stylesheet.css" type="text/css" rel="stylesheet" />
  <!--[if IE]>
  <style type="text/css">
  #mainContent, #sidebar1 { zoom: 1;}
  </style>
  <![endif]-->
  <script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
  <link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
  </head>
  <body class="thrColLiqHdr">
  <div id="container">
  <div id="header"></div>
    <div id="sidebar1">
    <h3>Navigation : </h3>
    <ul id="MenuBar1" class="MenuBarVertical">
    <li><a href="/index.php">Home</a></li>
  <li><a href="/support.php">Support Hondo</a></li>
    <li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
      <ul>
        <li><a href="/people.php">Our People</a></li>
        <li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
        <li><a href="/medical.php">Medical</a></li>
        <li><a href="/apparatus.php">Apparatus</a></li>
        <li><a href="/training.php">Training</a></li>
        <li><a href="/volunteer.php">Volunteer</a></li>
        <li><a href="/statistics.php">Statistics</a></li>
        <li><a href="/patchtrading.php">Patch Trading</a></li>
      </ul>
    </li>
    <li><a href="/album.php">Photo Gallery</a></li>
    <li><a href="/calendar.php">Calendar</a></li>
    <li><a href="/news.php">Blog/News</a></li>
    <li><a href="/links.php">Links</a></li>
    <li><a href="/contact.php">Contact Us</a></li>
  </ul>
  <br />
  <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
    <span class="lefttext">
  <input type="hidden" name="cmd" value="_s-xclick">
  <input type="hidden" name="hosted_button_id" value="8567201">
  <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
  <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
  </img></input></input>
    </span>
  </form>
  <span class="lefttext"><br />
  </span>
  <center>
    <span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
  </center>
    <!-- end #sidebar1 --></div>
    <div id="sidebar2"> 
      <p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
      <p>Call Statistics for <?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?> as of <?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?></p>
    <table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td width="60%">EMS Calls</td>
      <td width="40%"><?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?></td>
    </tr>
    <tr>
      <td>Fire Calls</td>
      <td><?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?></td>
    </tr>
  </table>
    <hr />
      <div id="cse" style="width:100%;">Loading</div>
  <script src="http://www.google.com/jsapi" type="text/javascript"></script>
  <script type="text/javascript">
    google.load('search', '1');
    google.setOnLoadCallback(function(){
      new google.search.CustomSearchControl().draw('cse');
    }, true);
  </script>
       <!-- End Google Search Element -->
    </div>
    <!-- end #sidebar2 -->
    <div id="mainContent">
    <div class="top"></div><div class="wrap"><!-- InstanceBeginEditable name="Main Content" -->
  <table width="100%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td height="47" class="h2">Members Only Login</td>
    </tr>
    <tr>
      <td><form ACTION="<?php echo $loginFormAction; ?>" id="login" name="login" method="POST">
      <table width="40%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td width="31%">Username:</td>
      <td width="69%"><input name="username" type="text" /></td>
    </tr>
    <tr>
      <td>Password</td>
      <td><input name="password" type="password" /></td>
    </tr>
  </table>
  <input name="Submit" type="submit" />
      </form></td>
    </tr>
  </table>
    <!-- InstanceEndEditable -->
  </div>
  <div class="bottom"></div>
  </div>
       <!-- This clearing element should immediately follow the #mainContent div in order to force the #container div to contain all child floats --> <br class="clearfloat" />
    <div id="footer">
      <p align="center">&copy; Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
    <!-- end #footer --></div>
  <!-- end #container --></div>
  <script type="text/javascript">
  <!--
  var MenuBar1 = new Spry.Widget.MenuBar("MenuBar1", {imgRight:"../SpryAssets/SpryMenuBarRightHover.gif"});
  //-->
  </script>
  <?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
  </body>
  <!-- InstanceEnd --></html>
  Other Page:
  <?php
  if (!isset($_SESSION)) {
    session_start();
  $MM_authorizedUsers = "user,admin";
  $MM_donotCheckaccess = "false";
  // *** Restrict Access To Page: Grant or deny access to this page
  function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
    // For security, start by assuming the visitor is NOT authorized.
    $isValid = False;
    // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
    // Therefore, we know that a user is NOT logged in if that Session variable is blank.
    if (!empty($UserName)) {
      // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
      // Parse the strings into arrays.
      $arrUsers = Explode(",", $strUsers);
      $arrGroups = Explode(",", $strGroups);
      if (in_array($UserName, $arrUsers)) {
        $isValid = true;
      // Or, you may restrict access to only certain users based on their username.
      if (in_array($UserGroup, $arrGroups)) {
        $isValid = true;
      if (($strUsers == "") && false) {
        $isValid = true;
    return $isValid;
  $MM_restrictGoTo = "/membersonly/loginfailed.php";
  if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {  
    $MM_qsChar = "?";
    $MM_referrer = $_SERVER['PHP_SELF'];
    if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
    if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
    $MM_referrer .= "?" . $QUERY_STRING;
    $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
    header("Location: ". $MM_restrictGoTo);
    exit;
  ?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/phptemplate.dwt" codeOutsideHTMLIsLocked="false" -->
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  <!-- InstanceBeginEditable name="Title" -->
  <title>Members Only Area</title>
  <!-- InstanceEndEditable -->
  <meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
  <meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
  <link href="../stylesheet.css" type="text/css" rel="stylesheet" />
  <!--[if IE]>
  <style type="text/css">
  #mainContent, #sidebar1 { zoom: 1;}
  </style>
  <![endif]-->
  <script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
  <link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
  </head>
  <body class="thrColLiqHdr">
  <div id="container">
  <div id="header"></div>
    <div id="sidebar1">
    <h3>Navigation : </h3>
    <ul id="MenuBar1" class="MenuBarVertical">
    <li><a href="/index.php">Home</a></li>
  <li><a href="/support.php">Support Hondo</a></li>
    <li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
      <ul>
        <li><a href="/people.php">Our People</a></li>
        <li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
        <li><a href="/medical.php">Medical</a></li>
        <li><a href="/apparatus.php">Apparatus</a></li>
        <li><a href="/training.php">Training</a></li>
        <li><a href="/volunteer.php">Volunteer</a></li>
        <li><a href="/statistics.php">Statistics</a></li>
        <li><a href="/patchtrading.php">Patch Trading</a></li>
      </ul>
    </li>
    <li><a href="/album.php">Photo Gallery</a></li>
    <li><a href="/calendar.php">Calendar</a></li>
    <li><a href="/news.php">Blog/News</a></li>
    <li><a href="/links.php">Links</a></li>
    <li><a href="/contact.php">Contact Us</a></li>
  </ul>
  <br />
  <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
    <span class="lefttext">
  <input type="hidden" name="cmd" value="_s-xclick">
  <input type="hidden" name="hosted_button_id" value="8567201">
  <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
  <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
  </img></input></input>
    </span>
  </form>
  <span class="lefttext"><br />
  </span>
  <center>
    <span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
  </center>
    <!-- end #sidebar1 --></div>
    <div id="sidebar2"> 
      <p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
      <p>Call Statistics for <?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?> as of <?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?></p>
    <table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td width="60%">EMS Calls</td>
      <td width="40%"><?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?></td>
    </tr>
    <tr>
      <td>Fire Calls</td>
      <td><?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?></td>
    </tr>
  </table>
    <hr />
      <div id="cse" style="width:100%;">Loading</div>
  <script src="http://www.google.com/jsapi" type="text/javascript"></script>
  <script type="text/javascript">
    google.load('search', '1');
    google.setOnLoadCallback(function(){
      new google.search.CustomSearchControl().draw('cse');
    }, true);
  </script>
       <!-- End Google Search Element -->
    </div>
    <!-- end #sidebar2 -->
    <div id="mainContent">
    <div class="top"></div><div class="wrap"><!-- InstanceBeginEditable name="Main Content" -->
      <table width="100%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td height="47" class="h2">Members Only Area</td>
    </tr>
    <tr>
      <td><p><a href="/membersonly/documents.php">Useful Documents</a></p>
        <p><a href="/membersonly/IncidentCount01_08.pdf">Current Call Statistics</a> as of 9/3/09</p>
        </td>
    </tr>
  </table>
    <script type="text/javascript">
  <!--
  var MenuBar1 = new Spry.Widget.MenuBar("MenuBar1", {imgRight:"../SpryAssets/SpryMenuBarRightHover.gif"});
  //-->
  </script><!-- InstanceEndEditable -->
  </div>
  <div class="bottom"></div>
  </div>
       <!-- This clearing element should immediately follow the #mainContent div in order to force the #container div to contain all child floats --> <br class="clearfloat" />
    <div id="footer">
      <p align="center">&copy; Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
    <!-- end #footer --></div>
  <!-- end #container --></div>
  <script type="text/javascript">
  <!--
  var MenuBar1 = new Spry.Widget.MenuBar("MenuBar1", {imgRight:"../SpryAssets/SpryMenuBarRightHover.gif"});
  //-->
  </script>
  <?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
  </body>
  <!-- InstanceEnd --></html>

  you don't need all that bloat.  set a session during login of some kind of uniquely identifying id.  i.e.
  $_SESSION['id'] = $row_rs['id'];
  then on the pages you need to protect, check it like this....
  <?php
  session_start();
  if (!(isset($_SESSION['id']) && $_SESSION['id'] != '')) {
  die(header("Location: http://www.notinprotectedareas.com")); }
  ?>
  you can use an include file i.e.
  <?php require_once('login_check.php'); ?>
  where file is name login_check.php to make your auth controls clean on your protected pages.

• Restrict access with object F_LFA1_BEK - problem with F4 search

  Hello,
  we want to restrict access to some vendor accounts, which can be shown with transaction FK03 for example.
  There is an authorization object F_LFA1_BEK, which can be maintained in the special vendor accounts in field authorization group.
  A user with authorization for vendor account with authorization group ZZZZ in it can see all vendors with authorization group ZZZZ and all vendors with no authorization group. But he can't see vendor accounts with authorization group YYYY. To this point, it's ok.
  If the user uses the F4 search help he is able to see the vendor accounts with authorization group YYYY too. And this is the problem - the user should not see these vendor accounts. With this option user is able to see address data of a vendor account he should not see.
  Is there any possiblity to solve this problem?
  Regards,
  Julia

  I don't know the current status, but this is being looked into generally as it is not only limited to the F4 on LFA/B/M1.
  As you only access the name and some attribute data which you can display, it is not necessarily critical and there is no transaction data involved.
  Good news is that the BAPIs for search help make these same granular checks which you are expecting.
  If I hear something further about these developments I will let you know.
  Cheers,
  Julius

• Request help with restricting site access

  I have posted before, and received a mix of condescension and
  such, but I am okay with that. I know very little about web design,
  but I am willing to learn.
  I built a website for my lab (home.uchicago.edu/~beilock) and
  the professor for whom I work would like a password protected
  portion of the site. Previous advice led me to try PHP/MySQL (for a
  newbie like me, these terms were foreign), and I downloaded and
  followed all of Dreamweaver's help section and to no avail (it says
  cannot connect to FTP host)...and I have tried many things to fix
  that, but could not.
  Anyway, so this post is for multiple purposes. 1.
  Opinions/Advice on the website; 2. Solutions to my connection
  problem; 3. simpler alternatives to making a site restricted (I
  know nothing of ColdFusion, but if it is easier, please let me
  know)
  I don't mind being condescended to or berated if you help me
  out successfully, in fact, let that be your motivation.
  Any help appreciated,
  Jamie

  Use coldfusion it is the best out there/ quick and easy to
  learn. Check out easycfm.com (they have a great tutorial about
  security and restricting access)and post any questions there or on
  the adobe coldfusion forum.
  If you don[t know anything thenm the quickest language to
  learn is coldfusion. You then have to decide if you are going to
  use access database or mysql. If it is a huge site use mysql if not
  use access. Access is like excel and is easy to use, mysql you will
  need to use a program like navicat (google it) to connect to the db
  and be able to display it like access. They both come with nearly
  all hosts. Who does your hosting ask them how to connect via ftp.
  You will need a username, password and hostname as minimum. I
  imagine you arent trying to connect to RDS at this stage most hosts
  dont allow this(remote development)
  Well Good luck!!