Custom security JHeadstart 11gTP1 -Use Role-based Authorization is missing

Similar Messages

• Can't use role-based authorization

  We can't use role-based authorization because the permissions
  and their assignments change frequently. Is there any alternative
  where we can still use WLS to handle security?

  Dave,
  If you're using WLS6 the console supports dynamic user updates so you could
  change each users configuration as needed.
  Alex
  Dave <[email protected]> wrote in message
  news:3a672c81$[email protected]..
  >
  We can't use role-based authorization because the permissions
  and their assignments change frequently. Is there any alternative
  where we can still use WLS to handle security?

• How to set role based Authorization in JAAS

  how to set role based Authorization in JAAS
  i had user name , password and role in FileLogin
  thanks
  arun .v.

  http://dev2dev.bea.com/pub/a/2003/04/Kemp_Helton.html?page=last

• BlazeDS role based authorization

  Hi,
  I'm half the way in developing a POC for using flex as the front end of our application and I'm having some security issues.
  I'm using JBoss with JAAS and I figured that using BlazeDS just uses JAAS login module to perform authentication.
  * Will it use JAAS for authorization too? Will EJB method level permission will still apply?
  * How can I use the Subject/Principals/Policies in the client side flex application to inflect some UI restrictions on unauthorized operations?
  Thanks,
  Eyal

  Hey Jiby,
  I already posted this question to the forum http://swforum.sun.com/jive/thread.jspa?threadID=44893&tstart=15 prior to opening this ticket with Sun
  Regards
  Matthew Key

• Role-based view commands missing from config

  Hi All,
  I set up a 2960G with IOS 12.2(44)SE6 and created a role-based view to be used by our helpdesk.  One of the things they need to do is add rules to a MAC ACL on the switch.  I've successfully created a view for them and can include and exclude most commands, however, when I try to include the "commands mac-enacle include all permit" command, I get no syntax error, and there is no line in my configuration reflecting the change. As it stands, from the helpdesk view (named smco) I can get into mac acl configuration mode, but I can't issue any of the sub commands.
  Any advice would be greatly appreciated.  I tried upgraded to 12.2(55)SE and had the same result.
  The current configuration for the parser view is as follows:
  parser view smco
  secret 5 hashed_pw
  commands configure include mac access-list extended
  commands configure include all mac access-list
  commands configure include mac
  commands exec include configure terminal
  commands exec include configure

  After I issue the command "commands mac-enacl include all permit" there is no line in my startup or running configuration that says: "commands mac-enacl include all permit" or anything that closely resembles that.
  I've tested with multiple local accounts.  After authenticating, I issue the "enable view smco".

• XWS-Security, JAAS and role-based authorization

  What is my best bet to try to authorize users to use certain web services? For example, let's say a user logs into a web application A, who connects to a web application B implementing Web Services and XWSS.
  A passes along the userNameToken, and B authenticates it (let's say, using JAAS). Now it needs to authorize the user to use the actual web service. Can I do this with JAAS? What is the best way to define the policies? Does it mean I have to create PrivilegedActions for every webservice? What are my other alternatives besides JAAS?
  Thanks in advance.

  Alternatively, is there a way to see which web service the client is requesting from the SecurityEnvironmentHandler (callbackHandler)?

• Role based authorization in initiative

  Hi,
  We can assign default authorization for role types in Projects. For example a the role PM can be assigned Admin auth and the person assigned to PM role gets admin role.
  We want the same functionality in initiatives but it is not working. Has anyone tried DFM or any other method to solve this?
  Thanks and Regards,
  Anuradha

  Hi Anuradha,
  Thanks for the information.
  We are not able to access this note, it says 'Document is not released'. Are you able to view this note.
  Is this customer specific note?
  Regards,
  Ravi

• Customer security concerns with using OWC (Beehive)

  Hi,
  My customer is currently using strtc for OWCs but I believe that this will move to Beehive very soon.
  Their security team has locked down strtc and need answers to some security questions.
  When using Beehive for conferencing, can you answer what the support teams will be able to access please?
  The type of things that their security team want to know are:
  "we need to give them details of what can be done by Oracle Support while we are linked together via this site. Is this something you can gather details together for and send over to me? Type of things they want to know are whether files can be copied from our network / linked pc, can files be dropped onto our network / linked pc, can you explore our network via the linked pc without us knowing etc."
  Thanks for any advice.
  Kind Regards,
  Rachel

  Hi,
  Beehive Web conferencing has similar capabilities to STRTC and the transfer of files between the server and the client is not one of our capabilities - the system allows co-browsing to be enabled to allow the customer to show the support staff the problem in situ and the capability exist for the support staff to control the remote users desktop - with their approval should it be thought valuable to solving the problem. The session can also be recorded.
  So we cannot do anything on the remote PC without their knowledge and approval.
  File movement between support and the customer is done via the Oracle Support portal not the web conferencing system.
  Phil

• NxOS and Role Based Authorization

  Guys,
  Basic setup - using default default user admin I login and no problems - commands such as show mod and config changes, no problem: role =
  network-admin
  I create a user account with the same role as the admin user and I cannot issue the same commands - permission denied?
  Stumped - any ideas what's missing here?
  Thanks

  Out of desperation, I tried combinations of shorter usernames, similar to the admin username
  The result - for whatever reason it seems (I cannot confirm as such) if you use usernames for authentication locally in excess of 8 characters you cannot get full network-admin role privilidges
  even though when you do a show user-account, it displays your full username and the correct role.
  It seems almost as if the authenticaion element works, but the the role categorisation seems to fail for whatever reason (what I would call authorisation).
  Feels like a bug to me, anyway putting it on tacacs tomorrow hopefully with different results
  I am running 4.2(1)SV1(4) on an nexus 1000v.  I hope this saves you some time.
  Apologies if this is a known issue or "feature" - but I was not aware of it. 

• JHeadStart Security problem-error page cannot be found- role based security

  JHeadStart Security problem-error page cannot be found- role based security
  Good morning! How are you? I would need some help in a jheadstart 10.1.3.2 security case and I was wondering if you could give me a hand to go on. I create the Model project with tables of oe schema. Then in JHeadStart to perform security I follow the following steps: In ViewController/WEB-INF/web.xml – properties I do the following: login configuration: http basic authentication rfc 7617: realm:jazn.com
  Security roles : I define two roles: customer and administrator , Security Constraints: web_resources: All_pages, Url Patterns: faces/*. Then in Tools/Embedded OC4J Preferences/Global/Authentication JAZN/Realms/jazn.com/users: I define two users c1, password c1 and a1,password a1, roles/member users/ I attribute the roles to the relevant users c1—customer and a1—administrator. Then in application definition editor on service level I define security/use role based authorization=true , authorization type: JAAS and when access denied go to next group=true. On group level e.g.: ProductInformation: Authorization/Authorized Roles Permissions: administrator.On item level : Orders/Items/OrderTotal/Operations/Update Allowed: #{jhsUserRoles['administrator']},Then I generate the pages (run the jag) . The generation is completed successfully but when I run the View Controller project a “the website declined to show this webpage…(page cannot be found)’ is displayed. What should I do? I would appreciate it if you would help me on this issue! Thank you very much.

  Thand you very much for your reply! Unfortunately there is a specific restriction-convention in the project I work in. I am supposed to perform role based security with my own tables and no by the jheadstart’s ones. Could you find out what is my fault with the steps I follow trying to perform the process?
  To remind you my steps I paste the following again:
  JHeadStart Security problem-error page cannot be found- role based security
  Good morning! How are you? I would need some help in a jheadstart 10.1.3.2 security case and I was wondering if you could give me a hand to go on. I create the Model project with tables of oe schema. Then in JHeadStart to perform security I follow the following steps: In ViewController/WEB-INF/web.xml – properties I do the following: login configuration: http basic authentication rfc 7617: realm:jazn.com
  Security roles : I define two roles: customer and administrator , Security Constraints: web_resources: All_pages, Url Patterns: faces/*. Then in Tools/Embedded OC4J Preferences/Global/Authentication JAZN/Realms/jazn.com/users: I define two users c1, password c1 and a1,password a1, roles/member users/ I attribute the roles to the relevant users c1—customer and a1—administrator. Then in application definition editor on service level I define security/use role based authorization=true , authorization type: JAAS and when access denied go to next group=true. On group level e.g.: ProductInformation: Authorization/Authorized Roles Permissions: administrator.On item level : Orders/Items/OrderTotal/Operations/Update Allowed: #{jhsUserRoles['administrator']},Then I generate the pages (run the jag) . The generation is completed successfully but when I run the View Controller project a “the website declined to show this webpage…(page cannot be found)’ is displayed. What should I do? I would appreciate it if you would help me on this issue! Thank you very much.

• Error in Role Based security using weblogic 9

  Hi All,
  Currently I am working with Weblogic Server 9. I am trying to use role based security. Below is the entries for web.xml.
  <security-constraint>
       <web-resource-collection>
            <web-resource-name>Success</web-resource-name>
            <url-pattern>/form.jsp</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
            <role-name>admin</role-name>
       </auth-constraint>
       <user-data-constraint>
  <transport-guarantee>INTEGRAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>myrealm</realm-name>
  </login-config>
  <security-role>
       <role-name>admin</role-name>
  </security-role>
  When I am calling form.jsp from the browser it is asking for the username and password, but after giving the username and password it is showing the followig error:
  Error 403--Forbidden
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.4 403 Forbidden
  The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
  So can any one provide me the solution for the above problem.
  Thanks in advance.
  By,
  Sandip Pradhan

  Here is a blog post for the backend (WebLogic Admin GUI) http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-role.html and a blog post for the web.xml in your project http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-ear.html.

• Open source role based framework

  We have an application which is using :-
  1) spring framework/j2ee code at the backend
  2) while the front end is comprised of Adobe flex and action script. The app is web based.
  A need of the application at the moment is for a role based authorization framework, based on which a decision can be made as to which widgets/tabs/screens should be visible to the user and which should be hidden from him.
  Wanted to know
  1) if somebody was willing to share some of his experiences on a similar project.
  2) found and existing framework open source or otherwise helpful.
  3) would recommend one architecture over the other
  4) or anything else he would think might be beneficial to know.
  Thanks

  Most app servers have some built in container managed security (for example Tomcat Realms) which may or may not meet your requirements.

• User based authorization

  I have a question about role based authorization. Guess we have 100 transactions and 100 users. I know we have to create a new role for a new combination of transaction list. Ex: 1,2,3,4,14,15 is RoleA and 1,4,25,34 for RoleB and so on. What will it be If we have a really mixed authorization combination. Guess 15 users use A Role and 20 B Role. But we have a three new user. They mustn't use only two transaction in A Role. Now we came subject of my question. I don't want to create a new role for these users. Is it possible to restrict authorization? As if in same role but restricted to use these transactions. (without abap coding) In a clear expression user based transaction authorization, not role based.

  Hi,
  in my opinion that isn't possible without coding.
  Sorry ;-(
  Regards
  Bernd

• Help needed in Role Based authorisations in WEB UI for RESELLER Role

  Hi All,
  I am working on a requirement where i need to disable/hide/grey out EDIT button on Account Details and on all assignment blocks in WEBUI(CRM2007). This is needed for the accounts having  the Role RESELLER only.
  The same functionality is working fine in GUI. This is achieved by Role based authorizations.But the role based authorizations are not working in WEBUI.Any pointers on how to achieve Role Based authorizations in WEBUI.
  Thanks in advance.
  Regards,
  Udaya
  Edited by: Udaya Bhaskar Perecharla on Aug 20, 2008 12:31 PM
  Edited by: Udaya Bhaskar Perecharla on Aug 20, 2008 12:33 PM

  Hi Uday,
  Could you let me know the process to disable the edit button for the following scenario -
  Using Account Managment, you can display the Account and on double clicking the reponsible employee (hyperlink), WEB UI displays the employee master record with option edit. You can edit  the employee details here, which I don't want. User should only be displayed with the employee details without option of editing the master record. How can I achieve this without changing any code..
  Your kind assistance will be highly appreciated.....
  Cheers,
  Peter J.

• Role Based FireFighter with GRC 10.0 (CEA)

  Does anyone know how the Role Based functionality of FireFighter exactly works besides putting the application type parameter to Role Based in SPRO?
  The manuals explain that the FF users log in to the remote system with their own users, but how are the FF roles or roles that are enabled for Firefighting assigned to these users and how will the log file know which activity to record?

  Good question, and the answer is not pretty.
  In Role-Based Firefighter Application, the firefighter ID on the target system contains the user's regular access plus his/her firefighter access.
  Reporting turns on when the user runs a transaction in the firefighter role.
  If the transaction is in both the user's regular access and the firefighter role, reporting will turn on because the firefighter role access is in use.
  The reports only track firefighter role usage.  So if a user runs a firefighter transaction but also uses access defined in the user's regular access, the only thing recorded is the transaction.
  If your company is not completely married to the idea of using Role-Based Firefighter Application, I suggest you consider the ID-Based Firefighter Application.  In this, there are separate firefighter IDs on the target system and a firefighter gains access to them by going into GRC and completing a form showing how the firefighter ID will be used, and then the GRC system will let the firefighter into the target system using that firefighter ID.