CSS rights to allow user to only suspend/activate servers
Is there a right combo that can do this, but not make config changes? The user that I created was not superuser, but had read/write "dir-access" to the release root directory. When I log in as the user I do not get a "Submit" button to activate/suspend servers.
Granting authorizations for working with query components depending on the component creator is possible with the authorization object S_RS_COMP1 You can either grant those authorizations for a team or grant authorizations for self-created queries with low maintenance effort by entering a variable ($USER).
Check the HOw to paper How to
grant authorizations for query components by creator
https://websmp109.sap-ag.de/~sapidp/002006825000000015622004E.gif
Jaya
Message was edited by: Jaya Mogali
Similar Messages
-
BEx/BW security - Allow users to only create/chage queries Y_*
Hello Gurus,
I am trying to allow certain users the capability to only create and change queries that start with Y_* and X_* prefix in the technical name.
I have the following in the security role:
S_RS_COMP:
RSINFOAREA *
RSINFOCUBE *
ACTVT 01, 02, 16
RSZCOMPID Y_, X_
RSZCOMPTP REP
I have tried different combinations of things, but no matter how I tried I only get 2 results, either users cannot change any query at all, or if they are allowed to change anything, they can change ANY query. Seems like Y_* and X_* restrictions on the name never work.
Please advise.
Thank you,
AndreiHi,
Please check note 540720.
540720 FAQ: Information on S_RS_COMP and S_RS_COMP1
Also check whether the following information helps you,
The authorization always is an OR process. If any particular user is
having authorization for a particular activity in any one auth object,
and the same activity restricted for him in some other auth object. The
user will be able to do that activity as auth is there for user in one
auth object. So even if you have defined all the activities
(change/create etc) for all the reports in S_RS_COMP and restricting the
activities to the user in S_RS_COMP1. So the user will be able to do all
the activities as he has auth as per object S_RS_COMP. What you can do
is just give display auth in S_RS_COMP and provide create/change options
in S_RS_COMP1 with owner = $USER.
Regards,
Amit -
Allow user to only access guest OS
I have a Redhat 6.2 virtual machine that I would like to be the only thing the user sees/interacts with. Is there anyway to launch this virtual machine automatically when the Host OS starts and then prevent the user from accessing the host OS? It would
be acceptable if the user had to enter a password to login to the host OS.
I have tried to boot directly from the virtual disk, but ran into issues with the Linux OS not being able to handle the virtual disk being stored on a NTFS partition.The think you tried is called Native Boot, and it has nothing to di with Hyper-V.
The short answer to your question is 'no'
The only solution like that I am aware of is XenClient from Citrix (that uses a hypervisor to provide a VM to the end use with only access to the VM).
Brian Ehlert
http://ITProctology.blogspot.com
Learn. Apply. Repeat. -
When in a hierarchy, a user right clicks on a node to crate a new node, he has two options
-Child
-Sibling
Is it possible to restrict the user from creating a sibling and allow him to ONLY create child nodes?
Business cases:
1. different level nodes need to have different prefixes.
- Thus, the default prefix property definition uses the level number to assign a prefix
- Also, a validation, to ensure the correct prefix, uses the level number
But if the user can create a child and a sibling then the default prefix will only be right for a single case and not both.
ThanksIf the images are exactly the same size then make sure the layer with the mask
is the active layer and in the other documents go to Select>Load Selection and choose
your document with the layer mask under Source document and under channel choose the layer mask.
After the selection loads press the layer mask icon at the bottom of the layers panel.
MTSTUNER -
Can we lock down user admin functionality to allow password changes only?
Hi,
Is it possible to lock down the user admin functionality so a specific role can only change passwords?
We have a large user base of >10K infrequent users that are forced to change their passwords every 30 days. We suspect a lot will require password changes and we are keen to not have the tech team spending most of their time dealing with such requests. We would like to pass this task onto data management but not allow them the system administrator functionality.
We know we can create a responsibility with a limited menu available so the operator can see only the security/user/define menu. But this will still allow the person to add responsibilities to existing user accounts and create new user accounts, both of which are deemed unacceptable security risks. Is it possible to lock down the form as well as the menu? Allowing operators to only change the password of existing users? Or can we use the custom.pll to error when a user tries to do anything except edit the password field when in this role?
Thanks
MattYou should be able to do that. You would create a new privilege level (ie 7), assign all commands to that level except (this is my guess) the command vpn-sessiondb, you would put that at a lower privilege level (ie 6). Here's a write-up that may help getting you in the right direction.
http://www.packetpros.com/2012/08/read-only-asdm.html -
Corporate Templates allowing users to postback through SharePoint rights settings
We currently have our corporate MS Word 2013 templates on SharePoint. We have tested using group policy to set the Workgroup template folder and pull the templates into MS Word templates gallery through SharePoint/OneDrive and it has worked. We
are now needing assistance with the following issues:
1. The first problem is that the rights required for users to access the templates (Contribute) also allows them to post back to SharePoint and not only edit the template files but other folders are inadvertently appearing, such as Document Themes.
This is a deal breaker for us if we can't set permissions to allow them to use the templates but not have write access back up to SP.
2. The second issue is that the Document Properties box pops up every time a template is used from SharePoint. This is annoying, but more importantly as in problem 1, users can then edit the document properties which are posted back to SP.
We tried making the templates available with user rights set to Viewing or Download levels (which were the read levels), but had to move up to Contribute (edit) to get it to work. Help is much appreciated!The result of gpresult is very interesting since I have found this:
That GPO called Default domain policy is doing exactly the contrary than my actual GPO. So I removed the settings seen here so the good GPO called standard user printer install
can work. The thing is that even with GPupdate those settings never changes! I've recheck the Default Domain GPO and the old settings are gone since yesterday. For a reason unknown, it always stay on my computer.
Do you know why? -
Is there any way to provide only Install / Uninstall rights to domain users in AD 2008?
I need to provide just Install / Uninstall rights to domain users avoiding all other admin privileges.
I cant provide admin rights to them.
Is there any way I can provide them???Greetings!
Install and uninstalling the software needs specific permissions to write and modify the registry keys and other locations. By default only members of local administrators group are allowed to take a part in this process. There is no possible way to implement
only this right in your domain. They must be member of local administrators.
Regards.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers? -
How can i create a new user with only read rights ?
How can i create a new user with only read rights ?
You are asking about a Database User I hope.
You can look into the Oracle 8i Documentation and find various privillages listed.
In particular, you may find:
Chapter 27 Privileges, Roles, and Security Policies
an intresting chapter.
You may want to do this with the various tools included with 8i - including the
Oracle DBA Studio - expand the Security node and you can create USERS and ROLES.
Or use SQL*Plus. To create a
user / password named John / Smith, you would login to SQL*Plus as System/manager (or other) and type in:
Create user John identified by Smith;
Grant CONNECT to John;
Grant SELECT ANY TABLE to John;
commit;
There is much more you can do
depending on your needs.
Please read the documentation.
-John
null -
On an iPad, how do I :
Allow User To Enter Custom Text
(Dropdown only) Enables users to enter a value other than the ones in the list.'?Are you using the built-in Currency option under the Format tab? If so,
what you're describing should not happen. -
Allow user to take exams only once?
Is there any way to allow a user to only take an exam once?
I have 4 exams, and they are all seperate captivate files (IE: exam 1, exam 2, exam 3, exam 4), they are in no way linked together, but is there any way to see if a user has taken exam 1, and then disallow them from taking it again?
thanksIn order to pull this off you would need to store variable data outside the Captivate module that records whether or not the user has attempted a given quiz.
Off-the-shelf Captivate doesn't currently provide a way to write persistent data outside the Captivate module. But fortunately there are now widgets that CAN do this.
Check them out here: http://www.cpguru.com/2011/10/04/save-and-load-data-widgets-for-adobe-captivate-updated/
With the Save Data widget you can write data to a shared object variable on the user's PC that records the fact they have attempted a quiz, and what score, pass/fail etc.
Then on the same or subsequent modules you can insert the other Load Data widget to read the stored variables and use Advanced Actions to decide what to do.
For example, if the Load Data widget sees that the user has already attempted the quiz in the current module, it could immediately jump them to a slide that informs them of the fact that they have used up their allocated attempts and will not be permitted to do the quiz again.
You'll need to think through all the possible ways a user might try to thwart your attempts to lock them out. E.g. Can they circumvent the warning and still get to the quiz via playbar navigation or TOC.
But you can see how the widgets make this solution possible? -
Allowing user to access only documents created by him.
Hi!, is there a way to allow users to read only the documents created by them?, so when they click on the browse data buttons on top they navigate through the documents created only by the specific user?
Thank you!Hi,
Please check Data Ownership Authorisation if the same is of help in your case.
[Data Ownership Authorisation|https://websmp201.sap-ag.de/~form/sapnet?_FRAME=CONTAINER&_HIER_KEY=701100035871000371280&_OBJECT=011000358700004490662004E&_SCENARIO=01100035870000000183&]
Regards,
Jitin
SAP Business One Forum Team -
User Access- EP must allow user to login only once
Hi,
I have requirement similar to yahoo messanger.
In yahoo messanger you can only login with single user id only once. i.e if you try to login once again with the same user id in yahoo messanger it will noe allow to login.
the same functionality i need in EP.
user must login into EP with single user ID only once.
how can we do this??
please provide some documentation or steps on this
regards
srinivasSri,
It sounds like you need a custom logon module. There is no configuration that can be done in the portal to make this happen in the ume. Here is a starting point for customizing the login module...
http://help.sap.com/saphelp_nw70/helpdata/en/3f/1be040e136742ae10000000a155106/frameset.htm
One way it could be done is:
1. Set up a an LDAP for your users
2. Create a custom login module to authenticate the user credentials in the LDAP, then in the login module after a successful authentication, lock the account.
Regards,
Tom -
Hi
How can I have a check box that a user checks and populates a field with read only text, then if another check box is checked it will allow user text input into that same field, her is my javascript
var a ="Not Applicable"
if (this.getField("Do").value == "Yes")
a=""
if (this.getField("DoNot").value =="Yes")
a=a + ""
event.value=a
say if the "Do" cb is checked, Not Applicable would populate the text field, and if the "DoNot" cb is checked it would allow user input into the same text field, the javascript I have will not allow user input,
thanks for any help I am new to javascriptAre these fields mutually exclusive?
-
Only allow that users write only in uppercase in all fields of ICWEB.
It's possible only allow that users write only in uppercase???
Thanks in advance.
BestHi Javier,
I dont think that this is possible for all the attributes as most of them will be standard.
But for custom attributes the case can be controlled from the domain.
Check this thread where users experienced problems with the case of the text.
Change of CASE in ZCOMPONENT ZFields
Here too...user cannot be restricted, but after a server event system takes care of case conversion.
Regards,
Masood Imrani S. -
How to grant LOGON ONLY Rights to two users (no domain admins) on Domain Controllers
Dear Techies,
I wish to grant LOGON ONLY Rights to two users, who are not the members of Domain Admins, on Domain Controllers.
Can someone please suggest the best and easiest possible way to do this keeping up with Compliance?
Regards
Amit KumarI think it is by design, the readers don't have access to the operations and application management section. If you look at the URL's you will notice they are of the form http://servername:portnumber/_admin/operations.aspx and http://servername:portnumber/_admin/applications.aspx. Giving read only access to these pages means, they will be not able to modify the settings on these pages.
Looks like it is not possible to give read only access.
Thanks,
Prashanth
Maybe you are looking for
-
Want to check if Iv'e got this right: PC External Drive PC Mac
Hi, I'm going to attempt something and I just want to make sure I'm doing it right (I've searched the forums and this is what I've come up with). I have an iPod formatted to a Windows XP computer and all my iTunes on that computer. STEP 1: I want to
-
Open PDF in a specific page from another PDF
Acrobat vs8 - XP - Windows While in one PDF file, create a link to open another PDF file in the same folder - to a specific page number.
-
Hi, I am trying to archive files from a SharePoint 2010 document library by moving them to another library that's a dedicated archive/folder/library. The files to be moved are selected based on their modified date column value that should range betwe
-
hi. i m trying te use the union with the query which has blob column.The query works fine with out union but with union it gave me error inconsistant data type.
-
Implementation of SEM 6.0 as comapred to SEM 4.0
Hi, I've worked on R/3 4.7 + SEM BCS 4.0. I've fair idea about how the data flows from R/3 to BW and then BW to SEM. 1. Could you advise in case of ECC6.0+ SEM BCS 6.0 how is this set up different? My question is more like what is different in the da