DataLevel Security

Similar Messages

• Datalevel security in Ldap

  Hi Experts,
  I have one doubt
  when we are using LDAP Security how should we give Data level security for a single user.
  Can you please explain this in details with example.
  thanks in advance
  Regards,
  Jel

  Hi,
  once LDAP got working then u can able to see AD users in RPD (identity user list) here u can just apply data level security.
  ley say userA is the AD users, once its shows in RPD
  Steps to set up data filters to apply row-level authorization rules for queries:
  1)
  Go to your repository in the Administration Tool--->
  Select Manage, then select Identity.--->
  In the Identity Manager dialog, in the tree pane, select BI Repository.-->
  In the right pane, select the Users tab , then double-click the anyof one AD user for which you want to set data filters.
  (if u r not able to find the AD user just set online filter and put it * then it will shows up)
  2) In the Application Role dialog, click Permissions.
  In the User Role Permissions dialog, click the Data Filters tab.
  To create filters, you first add objects on which you want to apply the filters. Then, you provide the filter expression information for the individual objects.
  For example,
  a filter like "Sample Sales"."D2 Market"."M00 Mkt Key" > 5 to restrict results based on a range of values for another column in the table.
  You can also use repository and session variables in filter definitions. Use Expression Builder to include these variables to ensure the correct syntax.
  Note: my suggestion beeter to set application role wise security (if u go with user level data security strange in feature case maintanance)
  Kindly refer the below (similar way for AD users)
  http://gerardnico.com/wiki/dat/obiee/security_level#data
  http://obieeblog.wordpress.com/category/obiee/obiee-security/
  http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security
  http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
  Thanks
  Deva

• How can you provide datalevel security on perticular user when using

  hi all
  how can we proved data level security for the single user when using external table authentication,
  again we have crated one more group in rpd and we have assigned user to that group,
  so ,is there any other way to do it????
  Thanks
  sreedhar

  Hi,
  If its is to restrict that user to view some data,then no need to place him in a separate group.Can achieve this...
  High priority is for restriction.
  Lets take group-Test with two users-test1,test2.These two users are under Test group.
  I applied data level security for only one user test1(restricted him to view market not equal to Central Region) but didn't apply data level security for test2.
  Now i added the group to presentation catalog and gave permission to dashboard showing Market report.
  When test1 logs in he can see all markets except Central Region,where as test2 logs in he can view all regions including Central Region.
  Here Test group is having full access so,test2 can view all regions but test1 user is restricted for some value and its working fine.
  If you want apply data level security to user to not view some data,then you can maintain that user in a group with many other users and achieve it.Above example shows it.
  If its is to restrict the whole group to view dashboard and make a single user in the group to view some data in the dashboard then its not possible(priority is for restriction) in this way,in this case its better to create that a new group to that user and assign him.
  Regards,
  Srikanth

• Datalevel security In Obiee11g

  Hi,
  How we will do data level security?if we have 4 (A,B,C,D)groups?in each group we have 10 users?if A group user entered if he run a report he can see 5000 records in report,if b group user entered he can see 8000,C group user entered he can see 10000 records,if D group member entered he can see 12000 records?How we will do?
  if Possible give me bit Detail Answer.

  Please follow the below steps to configure Data Level Security in OBIEE11g.
  1. Login to Console and try to use the existing groups BIConsurems, BIAUthors and BIAdministartors if suited for your requirements. If not create the new groups based on your requirement
  2. Add the users to the group
  3. Log in to EM, Use the existing roles if applicable, if not create new roles and assign proper roles like BIAuthor, BIConsumer and add the correposnding groups created at step 1
  4. Now open RPD in online mode and goto Manage -> Identity and then Action -> Synchronize Application Roles, Now in the Applciation Roles tab in Identity manager windows you will see the new Application Roles created at EM are present
  5. Now open properties of Application Roles and click Permissions and then Data Filters and specify the Data Filters for the corresponding cols in the corresponding Subject Areas
  6. In the Data Filters you can have hard coded value in the right side, if not you can have a Session initialization block and can have a SQL query which gets the corresponding site/region information from a database table and store the value into non system session variable as a single value of row wise initialization variable
  Once you are done with this save ur changes in RPD and then reload metadata services in Administration tab in analytics and re-login. Now you'll see Role Based Dashboards. You can verify the roles and groups that you are part of in the My Account -> Catalog groups and Catalog Roles...
  Thanks
  Sampat

• Access Control Mechanism (data level security) not working properly

  Hi Experts,
  I have done datalevel security for groups by help of a database table. This table contains UserId, Dept. code, GroupName column. UserID are verified by LDAP server during logging into Dashboard. I have made two init blocks for GroupName and Dept.Code .
  Query is :
  SELECT 'Group', GroupName from TABLE
  Where
  UserId = ':USER'
  Similiar query is for Dept Code.
  There are two groups ; 1. CC_User 2. Full_User. I have applied filter in PERMISSIONS for CC_User on Fact table on Dept Code. So, user in this group may see data for Dept Code aligned to him in the table. All_User may see whole data for All Dept Codes as NO filter is applied on this group.
  Dept Code , UserId and GroupName are Varchar.
  Now problem is this when a user have membership of one group , it works fine. For CC_user it shows data for its Dept Code and All_user may see whole data.
  But When A user have permission of both the groups , only data related to CC_User group is visible. But, in my view , maximum permmision out of the both groups must be applied to the user if he belongs to more than one group.
  So , here , he must see whole data, as All_user group can see full data.
  Does least restrictive permmission happens in case of membership of more than one group in OBIEE.

  848839 wrote:
  Does least restrictive permmission happens in case of membership of more than one group in OBIEE.Indeed it does. The most restrictive filters get applied if a user belongs to multiple groups that have filters at various levels of data because its always an AND clause in the where condition. This is the sort of behavior in various tools I have seen apart from OBIEE.
  Hope this helps.
  Regards,
  -Amith.

• Data level security for Dashboard pages.

  Hi all,
  I have a question.I want to apply data level security to the data in Dashboard pages .
  Any Answers.
  Thanks Sunny.

  Thanks Srikanth and Aravind .
  I have studied abt the data level security for dashboard.
  My question is : Is there any way to apply dataleve security to dashboard pages . like id dashboard D1 has pages p1,p2,p3
  and if we want to implement datalevel security to page is that possible.
  Thanks
  Sunny.

• Object Level Security,Data Level Security&Row level Security

  can anyone explain main difference between "Object Level Security,Data Level Security & Row Level Security " and how to implement.
  Thanks in advance,
  Kumar

  Hi Kumar
  Dashboards, Reports, Guided Navigation Links, Texts, briefing books are all Dashboard OBJECTS which are available at UI level of OBIEE..if you restrict them Say User 'A' wants to see 2 Dashboards and USer 'B' Wants to see 1 Dashboard....these settings & permission u r restricting in Object level called Object Level Security
  lly datalevel security is restriction of Data.. consider the same above example and User 'B" wants to see 2-3 regions data where as User A will see only Single Region Data..which you will do/restrict at logical tables, using variables..
  Row level security: http://groups.google.com/group/obiee-enterprise-methodology/browse_thread/thread/131ee938a5aefde0 refer this link, clearly explains you
  Please mark Correct or helpful if this clears

• Error while invoking a WS-Security secured web service from Oracle BPEL..

  Hi ,
  We are facing some error while invoking a WS-Security secured web service from our BPEL Process on the windows platform(SOA 10.1.3.3.0).
  For the BPEL process we are following the same steps as given in an AMIS blog : - [http://technology.amis.nl/blog/1607/how-to-call-a-ws-security-secured-web-service-from-oracle-bpel]
  but sttill,after deploying it and passing values in it,we are getting the following error on the console :-
  “Header [http://schemas.xmlsoap.org/ws/2004/08/addressing:Action] for ultimate recipient is required but not present in the message”
  Any pointers in this regard will be highly appreciated.
  Thanks,
  Saurabh

  Hi James,
  Thanks for the quick reply.
  We've tried to call that web service from an HTML designed in Visual Studios with the same username and password and its working fine.
  But on the BPEL console, we are getting the error as mentioned.
  Also if you can tell me how to set the user name and password in the header of the parter link.I could not find how to do it.
  Thanks,
  Saurabh

• Malicious or not? Message popped up: Mozilla security found (something like too much, forget exact word) activity on your computer so it will do a fast scan of system file. With OK button.

  I was looking at youtube.com, which always tells me my browser is not supported and recommends I download Firefox, but that is what I was using, so I went to Firefox to check for updates. (I think I also had freecycle.org open.) Then this message popped up in a new page: Mozilla security found (something like "too much", forget exact word) activity on your computer so it will do a fast scan of system file. There was an OK button. The page address was: http://update17.stegner.ce.ms/index.php?Q7Lhl9ShbRxGJXpkM1VLSi4ZE8H4pTedoVPySgeppM3VpC+thEspcFG7qxHgn1pdsC2h5ygPGWI3t5hXqMzL9EQaZZ3J1e3CKXgCb0Qp. I did not click OK but copied the link and closed the window which closed the internet. I have never seen this before and would like to know if it is really Mozilla or possibly something malicious. Thank you.

  Good catch. That almost certainly is an invitation to download malware.
  There are a lot of infected web sites pushing "fake antivirus" software. If you have any doubts about whether your system might have become infected, you can supplement your regular security software with these two highly regarded scanners:
  Malwarebytes Anti-malware : http://www.malwarebytes.org/mbam.php
  SUPERAntiSpyware : http://www.superantispyware.com/

• TS2446 My phone want let me download apps I put the password in then it's say billing options which tell me I have invalid security code

  My phone want let me download any apps when I put the password in it take me to billing option which tell me I have the wrong security code and that's the security code that was on the card on the account

  iTunes Store: My credit card's security code or zip code does not match my bank's records
  http://support.apple.com/kb/TS1646

• My iPad wont let me download apps bc security questions, but when I try to make them it freezes

  Every time I try to download an app it tells me I need to update my security questions, but once I click to make the questions the box goes white. So I'm not sure how to fix it

  The new questions show on your account on http://appleid.apple.com ? If they do then try logging out and back into your account on your phone (assuming that is where you are trying to purchase from) and see if the new questions then show on it.

• Web app security not working

  Hi,
  I am using WebLogic 8.1 platform. I am trying to create a very basic secure web
  app.
  I created an App and created a web project. In it, I deleted the controller, etc
  and just have index. jsp. All the index.jsp does is: <%= request.getRemoteUser()
  %>
  In web.xml I have
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Success</web-resource-name>
  <url-pattern>*.jsp</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>*</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>default</realm-name>
  </login-config>
  <security-role>
  <role-name>*</role-name>
  </security-role>
  In weblogic.xml I have
  <security-role-assignment>
  <role-name>dealers</role-name>
  <principal-name>dealer1</principal-name>
  </security-role-assignment>
  When I run the app, it just renders the JSP and does not challenge me to login.
  Can you please help what is that I am doing wrong here?
  Thanks,
  John

  "john hryn" <[email protected]> wrote in message
  news:3fce2551$[email protected]..
  >
  Hi,
  I am using WebLogic 8.1 platform. I am trying to create a very basicsecure web
  app.
  I created an App and created a web project. In it, I deleted thecontroller, etc
  and just have index. jsp. All the index.jsp does is: <%=request.getRemoteUser()
  %>
  In web.xml I have
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Success</web-resource-name>
  <url-pattern>*.jsp</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>*</role-name>I think you should have dealers instead of *
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>default</realm-name>
  </login-config>
  <security-role>
  <role-name>*</role-name>And here too.
  </security-role>
  In weblogic.xml I have
  <security-role-assignment>
  <role-name>dealers</role-name>
  <principal-name>dealer1</principal-name>
  </security-role-assignment>

• Web Service Security is not working when migrating application from Tomcat

  Hi,
  We have a application running successfully in tomcat6 It calls a Webservice call through TIBCO BW interface.
  When we deployed the same WAR file in Weblogic 10.3.2, it gives me a error on Prefix[ds] not able to locate namespace URI not found error.
  IN Tomcat, its a existing application uses AxilUtility to get the soap messages after signing document for bothe encyption and decryption.
  Please anybody help me out, is there any other jars needs to be locate in Weblogic to run this application. Its fine with Tomcat and gives error in Weblogic10.3.2
  Please help me out
  Thanks in advance

  Hi Rajkumar,
  Thanks for you reply. Please let me now if you have any ideas..thnks a lot....
  Below is the error message what i am getting through weblogic console.
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
  ervletContext.java:2202)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
  ontext.java:2108)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
  ava:1432)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  Caused by: java.io.IOException: error:weblogic.xml.stream.XMLStreamException: Pr
  efix [ds] used without binding it to a namespace URI
  at weblogic.xml.xmlnode.XMLNode.read(XMLNode.java:744)
  at weblogic.xml.xmlnode.XMLNode.readChildren(XMLNode.java:1054)
  at weblogic.xml.xmlnode.XMLNode.read(XMLNode.java:742)
  at weblogic.xml.xmlnode.XMLNode.readChildren(XMLNode.java:1054)
  at weblogic.xml.xmlnode.XMLNode.read(XMLNode.java:742)
  at weblogic.xml.xmlnode.XMLNode.readChildren(XMLNode.java:1054)
  at weblogic.xml.xmlnode.XMLNode.read(XMLNode.java:742)
  at weblogic.xml.xmlnode.XMLNode.readInternal(XMLNode.java:713)
  at weblogic.xml.xmlnode.XMLNode.readInternal(XMLNode.java:722)
  at weblogic.xml.xmlnode.NodeBuilder.build(NodeBuilder.java:44)
  at weblogic.xml.xmlnode.NodeBuilder.<init>(NodeBuilder.java:24)
  at weblogic.webservice.core.soap.SOAPEnvelopeImpl.<init>(SOAPEnvelopeImp
  l.java:154)
  at weblogic.webservice.core.soap.SOAPPartImpl.getEnvelope(SOAPPartImpl.j
  ava:200)
  ... 78 more
  java.lang.NullPointerException
  at java.io.ByteArrayInputStream.<init>(ByteArrayInputStream.java:89)
  at com.db.alat.wss.WSSClient.postSoapMessage(WSSClient.java:358)
  at com.db.alat.wss.WSSClient.WSSEncDec(WSSClient.java:102)
  at com.db.alat.service.CollateralAccounts.getAccountsSummary(CollateralA
  ccounts.java:55)
  at com.db.alat.CH.CHMapper.getGroup(CHMapper.java:281)
  at com.db.alat.BackingBeans.BorrowerDetailsBean.getClientDataCH(Borrower
  DetailsBean.java:1034)
  at com.db.alat.BackingBeans.BorrowerDetailsBean.<init>(BorrowerDetailsBe
  an.java:766)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstruct
  orAccessorImpl.java:39)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingC
  onstructorAccessorImpl.java:27)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
  at java.lang.Class.newInstance0(Class.java:355)
  at java.lang.Class.newInstance(Class.java:308)
  at com.sun.faces.mgbean.BeanBuilder.newBeanInstance(BeanBuilder.java:186
  at com.sun.faces.mgbean.BeanBuilder.build(BeanBuilder.java:106)
  at com.sun.faces.mgbean.BeanManager.createAndPush(BeanManager.java:368)
  at com.sun.faces.mgbean.BeanManager.create(BeanManager.java:222)
  at com.sun.faces.el.ManagedBeanELResolver.getValue(ManagedBeanELResolver
  .java:86)
  at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:143)
  at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELRe
  solver.java:72)
  at com.sun.el.parser.AstIdentifier.getValue(AstIdentifier.java:68)
  at com.sun.el.parser.AstValue.getValue(AstValue.java:107)
  at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:192)
  And i have the loggers which gives the system out statements. You can identify the difference in both logs is the sys out ...Convert Signed Document back to Soap Message.
  IN tomcat i am getting the return object after calling the method
  SOAPMessage signedMsg = (SOAPMessage) AxisUtil.toSOAPMessage(signedDoc);
  But in Weblogic i am getting NULL. You can c in SOAPMessageImpl[SOAPPartImpl[null]]
  Tomocat Logs:
  Message Context..................1.........................org.apache.axis.MessageContext@c393a1
  2011-04-21 05:35:56,906 8672 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) Unsigned Envelop............2.........................<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/><SOAP-ENV:Body><RqDetail xmlns="http://schemas.db.com/esb/emf/pwm/ALAT/Services/CLIENT-getCandidateCollateralAccounts-RR" xmlns:cli="http://schemas.db.com/esb/emf/pwm/ClientElements" xmlns:com="http://schemas.db.com/esb/emf/pwm/CommonAggregates" xmlns:com1="http://schemas.db.com/esb/emf/pwm/CommonElements">
  <cli:ClientID BusinessUnit="CH">7cf8e78f86212a65398d50766de95a762318d3eee1350c1105d4b751825a690b</cli:ClientID>
  <cli:ClientType>B</cli:ClientType>
  <com:Field>
  <com1:Name>INITIALPAGE</com1:Name>
  <com1:Value>YES</com1:Value>
  </com:Field>
  </RqDetail></SOAP-ENV:Body></SOAP-ENV:Envelope>
  2011-04-21 05:35:56,906 8672 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) DOCUMENT is .......:[#document: null]
  2011-04-21 05:35:56,906 8672 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) KEYSTORE is .......:java.security.KeyStore@127fa03
  2011-04-21 05:35:57,078 8844 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) ..................................3.........................
  2011-04-21 05:35:57,094 8860 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) ..................................4.........................
  2011-04-21 05:35:57,297 9063 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) Signed Document is .......:[#document: null]
  2011-04-21 05:35:57,437 9203 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) Convert Signed Document back to Soap Message .......:[email protected]33662
  2011-04-21 05:35:57,469 9235 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) ..................................5.........................
  Weblogic Logs:
  Message Context..................1.........................org.apache.axis.MessageContext@460d4
  2011-04-26 01:15:45,859 2640 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) Unsigned Envelop............2.........................<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/><SOAP-ENV:Body><RqDetail xmlns="http://schemas.db.com/esb/emf/pwm/ALAT/Services/CLIENT-getCandidateCollateralAccounts-RR" xmlns:cli="http://schemas.db.com/esb/emf/pwm/ClientElements" xmlns:com="http://schemas.db.com/esb/emf/pwm/CommonAggregates" xmlns:com1="http://schemas.db.com/esb/emf/pwm/CommonElements">
  <cli:ClientID BusinessUnit="CH">2b285aa27f1899d87de00f04099506ad24aaf1c18b0b6b071a8acd19b1732fb9</cli:ClientID>
  <cli:ClientType>B</cli:ClientType>
  <com:Field>
  <com1:Name>INITIALPAGE</com1:Name>
  <com1:Value>YES</com1:Value>
  </com:Field>
  </RqDetail></SOAP-ENV:Body></SOAP-ENV:Envelope>
  2011-04-26 01:15:45,875 2656 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) DOCUMENT is .......:[#document: null]
  2011-04-26 01:15:45,875 2656 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) KEYSTORE is .......:java.security.KeyStore@167d3c4
  2011-04-26 01:15:45,984 2765 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) ..................................3.........................
  2011-04-26 01:15:46,016 2797 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) ..................................4.........................
  2011-04-26 01:15:46,234 3015 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) Signed Document is .......:[#document: null]
  2011-04-26 01:15:46,313 3094 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) Convert Signed Document back to Soap Message .......:SOAPMessageImpl[SOAPPartImpl[null]]
  2011-04-26 01:15:46,328 3109 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) ..................................5.........................

• How to disable IE Security Warning on opening a "local" visio file with Visio Viewer ActiveX?

  Hello all,
  Everyone knows that Microsoft released ActiveX based Visio Viewer for free and allow the users to open Visio drawing and view/print via IE browser.
  The problem that I am facing is that some users are complaining about IE browser's security warning on "active content to run in files on My Computer".
  It means that opening .VSD files from the network, internet, intranet would be all OK but if the user wants to open .VSD files from the local hard drive (or open it as a mail attachment, which will extract it to a temp folder), it prompt the user to select "Allow Blocked Content" EVERYTIME they open them.
  I know that I can GLOBALLY disable this warning by going through Tools - Internet Options - Security section and enable "Allow active content to run in files on My Computer" but I hope that there is a way (or workaround) to allow them by file type or location, etc.
  Questions:
  1. Is there any way to disable those warning for all .VSD only while we still UNCHECK the option on Internet Options?
  2. Is there any 3rd party Win32 based viewer which wouldn't have those restriction?
  3. Is it safe assumption that McAfee VirusScan and Host IPS protection is sufficient enough to remove the IE's security warning feature?
  Thanks in advance?
  Young-

  Are you able to host/launch the VSD file via an HTM page? In that case you can format the HTM page as shown below. This will trick IE into thinking it is loading the file off of a website. Commonly called 'mark of the web'.
  <?xml version="1.0" encoding="utf-8" ?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <!-- saved from url=(0014)about:internet -->
  <html>
  </html>

• Why is my Apple ID being locked out every time I go to use it?  I haven't even attempted to log in for about 4 or 5 days, but today on my first attempt to do so, it said my account had been locked for security reasons.  This is the third time.

  I only sign in to iTunes' store about once a week or so.  But during each of my last 3 attempts (on different days, several days apart) on my first attempt to enter my password and hit submit, I am immediately told that my Apple account has been locked for security reasons and it wants to take me to a page to reset my 'forgotten' password.  I am using the CORRECT password.
  Perhaps someone else is trying to break into my account or is mis-entering theirs but my account should not be getting locked like this.  It is very frustrating to have to go through the reset password procedure each and every time I want to go into the store.  It seems to me that Apple really doesn't want me to buy any more apps from them as they keep refusing me entry into my own account, each and every time I have tried to use it, for the past few weeks.  I am not their best customer, but they aren't giving me much of a welcome invitation to become one, if I'm going to be treated like this.
  I just bought my iPhone 4 less than 2 months ago.  I paid extra money to upgrade early, just to get this phone because it was so highly recommended by everyone I spoke with in different stores (BestBuy and Verizon).  I even bought the 2 year upgrade to my Apple services in case I needed to ever call them, and so far I haven't had to, yet.  But I definitely will call them if this isn't straightened out.
  It looks like this other user could be tracked and an email could be sent to them from Apple to let them know what they are doing - trying to sign into the wrong account, and are locking somebody else out of their own account because of their error....and to remind them of their correct information or how to get it and to write it down or save it somewhere so they don't keep on doing this.
  I have seen literally DOZENS of other people in these discussions with exactly the same issue that I'm having so it is NOT an isolated incident, and it seems to be a growing problem as Apple's sales and user base continues to grow, so this problem is seriously needing to be addressed in some way, and soon, before they start losing new customers because of it.  If I was still within my original 14 day return period with this phone, I would definitely be returning it and buying an Android model because of how frustrating this is to me.  If my bank was doing this to me, I'd have already switched banks by now if they hadn't fixed it - just to give an example of how I feel about this.

  For what it's worth, you posted this in 2011, and here in 2014 I am still having this same issue. Over the last two days, I have had to unlock my apple account 8 times. I didn't get any new devices. I haven't initiated a password reset. I didn't forget my password. I set up two factor authentication and have been able to do the unlocking with the key and using a code sent to one of my devices. 
  That all works.
  It's this having to unlock my account every time I go to use any of my devices. And I have many: iMac, iPad, iPad2, iPad mini, iPhone 5s, iPod touch (daughter), and my old iPhone 4 being used as an ipod touch now.  They are all synced, and all was working just fine.
  I have initiated an incident with Apple (again) but I know they are just going to suggest I change my Apple ID. It's a simple one, and one that I am sure others think is theirs. I don't want to change it. I shouldn't have to. Apple should be able to tell me who is trying to use it, or at least from where.
  Thanks for listening,
  Melissa