DBA Proviledge and Access Level

Similar Messages

• Security and access levels

  I have created 4 users access levels, however, when I try to implement, when I keep inheritence, default security keeps coming up,   e.g. try changing everyone to my new access level and I get the new access level, but I also get view (inherited) - how can I "clean out" the old security settings??

  Sorry for the delay!
  OK, here's our situation - it's pretty straight forward;
  1500 users
  1500 (all) users in Everyone
  Of the 1500 users in Everyone;
  1200 in subgroup A
  200 in subgroup B
  90 in subgroup C
  10 users in Administrators
  4 universes
  1 connection
  Goal:
  Everyone and subgroups, same as admin, exception: can't delete or save to "corp" doc's.  My thought is to use same access level, then use the advanced configuration on the folders to prevent everyone from deleting any "corp docs"
  I have applied this access level to everyone and admin at;
  application > infoview, webi. cmc, deski, discussions, search
  universes > all 4
  connections > the 1
  folders > root folder,  level 1, denied access to everyone accordingly on level 2
  I have also added this access level to the top level security for users and groups
  Issues; 
  1. When I check the access level for everyone on folders, level 1 and below, I get the custom access level as inherited, but also view aslo as inherited.
  2. The users added to the admin group do not have same rights as the "administrator - for example, administrator can delete objects in the folders, but other users (within admin group) can not?  if I manually add the users to the folders, I can get this to work,  but doesn;t make sense, why would a user within a group have different rights, than any other user within the same group, with the same rights???
  Hope this helps!
  Edited by: Michael Bujarski on Jun 5, 2009 3:56 PM

• Multiple Access Level Management

  Let's say there are 8 pages on a web site. Each of the pages
  until now has had a different access level defined in the database.
  A user logs in, and access levels are checked via the predefined
  levels on the pages he is attempting to view. Now users begin to
  require access to different combinations of the 8 pages. So user A
  might require page 1, 3, 5, 7 user B 1, 2, 3, 4 and user C wants 2,
  4, 6, 8.
  Is there a way to tell coldfusion to examine a string in the
  access level field in which case a 1 means grant access and a 0
  means no access? In other words, a string of 11001000 would grant
  access to page 1,2 and 5 while a string of 00011100 would grant
  access to 4, 5 and 6.
  It seems as though this should be relatively easy, but after
  searching the documentation, I cannot find any solution.

  It would be easier to store individual database records
  resembling
  user_id has_access_to
  1 1
  1 3
  1 5
  etc

• Help creating apple script to create folder and set access levels

  I'm trying to create folders in FileMaker Pro using apple script and need some help in setting the access level for the folders.  I want to set both Staff and everyone to Read and Write access.   Secondly I would like to have a function key set on the desktop to create new folders and set that same access level.  The default access is Read and I can not find a way to change that.
  Thanks

  I'm trying to create folders in FileMaker Pro using apple script and need some help in setting the access level for the folders.  I want to set both Staff and everyone to Read and Write access.   Secondly I would like to have a function key set on the desktop to create new folders and set that same access level.  The default access is Read and I can not find a way to change that.
  Thanks

• Query users, access level and last logon date

  <p>Hello,</p><p> </p><p>Does anybody know how to query Essbase to look up users accesslevel and last logon date?</p><p> </p><p> </p><p>Rey Fiesta</p>

  It can be done using the API. Access level is a little complicated because it can be by individual or group they belong to and it of course is different by application/database

• Regarding Customization , Access and Protection Levels

  Hi All,
  I need some information on Customization , Access and Protection Levels.
  I need to modify a Oracle Seeded workflow to do some customization wrt approval process.
  How do I determine which process can be modified or not.
  What is quick check to understand what values should I be looking for Customization , Access and Protection Levels on a process that needs to be modified.
  Please help...
  Thanks,

  Hi All,
  We have a requirement to modify the seeded oracle workflow in Purchasing.
  I need to add additional levels of validations by creating some custom processes which would be invoked from the seeded oracle process.
  Could anyone pls advise how do I make my customizations retain even after an upgrade takes place ?
  Thanks,

• Page and Record level Authentication / Access control.

  Hi,
  I hope some of you might have come across this kind of issues. I am trying to setup page level authentication and record level access control. Please see below for the detailed description.
  1. Does APEX have any functionality where I can implement my page level authentication schemes.
  Say there are 5 pages/tabs and 10 users, and I want to restrict access as follows.
  All users can read the data in all the pages.
  User 1 thru 8 can read all the pages and edit page 1 and 2
  User 9 and 10 can read and delete the records inside the page.
  2. Is there any mechanism, that supports record level access control.
  Example : There is a page, it shows a product information of all the products. Is there a mecanism inside APEX wherein this page shows only the products created by it's creater (any end user)
  Is there a way in APEX, we can implement this functionality without having user information stored in the DB. ?
  Thanx in advannce.
  Vijay.

  Vijay,
  When a user creates the product why not store the user who created it in a column in the same table. That way you can write something like this:<BR>
  CREATE TABLE products_tab
    productid NUMBER PRIMARY KEY,
    product_name VARCHAR2(200),
    user_created VARCHAR2(30)
  );<br>
  SELECT
    productid,
    product_name,
    ( CASE
        WHEN user_created = :F_USER THEN
          --link to edit page goes here
        ELSE '<nbsp>'
      END ) edit_link,
    ( CASE
       WHEN user_created = :F_USER THEN
         --link to delete page goes here
       ELSE '<nbsp>'
      END ) delete_link
  FROM products_tab<br>
  I don't believe you can use an authorization scheme on a button the way you desired. It either displays the column or it doesn't.<br><br>
  Hope this helps.<br><br>
  chet<br><br>

• Account Team Members and access to Open and Closed Activities

  Is there not a way to allow account team members access to view other members on the teams activities?

  If you are the owner of the pertinent Account, then for the other users on the Account Team, the Default Access Profile would be applicable, which you should change.
  For the Account record type, the access level can be kept as anything (read only, read/edit or read/edit/delete). In the related information for the Account record type, have the access levels of Completed and Open Activities as View.
  So, if you add the account team members in the Users section in the Account activities, the activities (appointments/task) would appear in each of the user’s calendars and tasks section.
  Aditya

• Creation of developement class,package and access key

  COULD ANYBODY EXPLAIN about
  creation of developement class,package and access key
  and who will create them?

  Working With Development Objects
  Any component of an application program that is stored as a separate unit in the R/3 Repository is called a development object or a Repository Object. In the SAP System, all development objects that logically belong together are assigned to the same development class.
  Object Lists
  In the Object Navigator, development objects are displayed in object lists, which contain all of the elements in a development class, a program, global class, or function group.
  Object lists show not only a hierarchical overview of the development objects in a category, but also tell you how the objects are related to each other. The Object Navigator displays object lists as a tree.
  The topmost node of an object list is the development class. From here, you can navigate right down to the lowest hierarchical level of objects. If you select an object from the tree structure that itself describes an object list, the system displays just the new object list.
  For example:
  Selecting an Object List in the Object Navigator
  To select development objects, you use a selection list in the Object Navigator. This contains the following categories:
  Category
  Meaning
  Application hierarchy
  A list of all of the development classes in the SAP System. This list is arranged hierarchically by application components, component codes, and the development classes belonging to them
  Development class
  A list of all of the objects in the development class
  Program
  A list of all of the components in an ABAP program
  Function group
  A list of all of the function modules and their components that are defined within a function group
  Class
  A list of all of the components of a global class. It also lists the superclasses of the class, and all of the inherited and redefined methods of the current class.
  Internet service
  A list of all of the componentse of an Internet service:
  Service description, themes, language resources, HTML templates and MIME objects.
  When you choose an Internet service from the tree display, the Web Application Builder is started.
  See also Integrating Internet Services.
  Local objects
  A list of all of the local private objects of a user.
  Objects in this list belong to development class $TMP and are not transported. You can display both your own local private objects and those of other users. Local objects are used mostly for testing. If you want to transport a local object, you must assign it to another development class. For further information, refer to Changing Development Classes
  http://help.sap.com/saphelp_46c/helpdata/en/d1/80194b454211d189710000e8322d00/content.htm
  Creating the Main Package
  Use
  The main package is primarily a container for development objects that belong together, in that they share the same system, transport layer, and customer delivery status. However, you must store development objects in sub-packages, not in the main package itself.
  Several main packages can be grouped together to form a structure package.
  Prerequisites
  You have the authorization for the activity L0 (All Functions) using the S_DEVELOP authorization object.
  Procedure
  You create each normal package in a similar procedure to the one described below. It can then be included as a sub-package in a main package.
  To create a main package:
  1.       Open the Package Builder initial screen (SE21 or SPACKAGE).
  2.       In the Package field, enter a name for the package that complies with the tool’s Naming Conventions
  Within SAP itself, the name must begin with a letter from A to S, or from U to X.
  3.       Choose Create.
  The system displays the Create Package dialog box.
  4.       Enter the following package attributes:
  Short Text
  Application Component
  From the component hierarchy of the SAP system, choose the abbreviation for the application component to which you want to assign the new package.
  Software component
  Select an entry. The software component describes a set of development objects that can only be delivered in a single unit. You should assign all the sub-packages of the main package to this software component.
  Exception: Sub-packages that will not be delivered to customers must be assigned to the HOMEsoftware component.
  Main Package
  This checkbox appears only if you have the appropriate authorization (see Prerequisites).
  To indicate that the package is a main package, check this box.
  5.       Choose  Save.
  6.       In the dialog box that appears, assign a transport request.
  Result
  The Change package screen displays the attributes of the new package. To display the object list for the package in the Object Navigator as well, choose  from the button bar.
  You have created your main package and can now define a structure within it. Generally, you will continue by adding sub-packages to the main package. They themselves will contain the package elements you have assigned.
  See also
  Adding Sub-Packages to the Main Package
  http://help.sap.com/saphelp_nw04/helpdata/en/ea/c05d8cf01011d3964000a0c94260a5/content.htm
  access key used for change standard program.
  www.sap.service.com

• What is the use of access level

  Hi Experts,
  What is the access level and what is use of each option in access level
  1  Application
  2  Superior component
  3. Top Component
  4. Sap
  5. Global
  and in Details section what is the use Properties tab
  1. Application Component
  2. Software Component
  3. Development Package
  4. Settings Class
  Please explain Each option use.
  Thank you in advance,
  Srini M.

  Hi Srini,
  just read the documentation (although the current status on SAP Help Portal isn't really up-to-date):
  1. [Entry point|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/cc/85414842c8470bb19b53038c4b5259/frameset.htm]
  2. [Setting an Access Level|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/32/6aba9c49fd41a5a14f710e121220f1/content.htm]
  W/r to "Application Component" etc., docu on Help Portal is definitely not sufficient. Here, the following applies:
  An application offers attributes for the application component and the software component. The application component and software component have to be the same as defined for the development package. Application and software component are automatically derived from the development package if they are not set explicitly.
  For the definition of the development package, application component, and software component, we recommend that you choose the same values that are in effect for the software solution that you want to enhance by a new BRFplus application. This simplifies all activities related to the software infrastructure, especially transports.
  CU
  Claus

• How to include group access level in a ws call

  I want to include a Group Access Label in a Permission for a Course using an iTunes web service call.
  I don't see how to do this in the docs.
  (The example in iTunesUAdministratorsGuide.pdf at page 111 doesn't include the Group Access Label.
  And it's not in the schema for the ws xml document at http://deimos.apple.com/iTunesURequest-1.0.xsd)
  Is this an obvious omission or am I missing something? Anyone know how to do this?
  Background:
  We're creating most Courses programmatically.
  Obviously, we'd strongly prefer not to require an administrator to go into every Course and manually add a common Group Access Label to the Permission. (This manual piece is essentially what's now missing from the ws call or at least from my understanding of it.)
  Either way -- manually by an administrator or programmatically -- our instructors would then be able to set Permissions themselves on any Group they create -- doing this themselves and without the help of an administrator.

  To resume with a little progress made:
  I have a Section
  * with Access Level == Edit for Credential == Instructor@...${IDENTIFIER} with no Group Access Label, and also
  * with Access Level == Download for Credential == Student@...${IDENTIFIER} with Group Access Label == Student.
  I'm doing ws calls to add a Course including an identifier. This is successful, and I can then go into the iTunes client as Instructor@...${IDENTIFIER} (substitution made) and manually add Groups and change Access to each individually. (I'm adding Groups "Download", "Shared Uploads", and "Drop Box", changing the Access Level accordingly for Group Access Label "Student".
  But naturally I want to do the manual part programmatically, to save n instructors from having to learn how to do this same thing and then to do it.
  So I'm trying to change my ws call to add the Groups, including Permissions. Schema http://deimos.apple.com/rsrc/xsd/iTunesURequest-1.1.xsd doesn't include Group Access Label for Permission. What does this mean?
  I've tried the actual Credential == Student@...${IDENTIFIER} (with IDENTIFIER substitution made before the call) and also Credential == Student (to see if I'm supposed to match the Group Access Label, instead).
  For either of these trials, the ws call successfully adds the Groups and a ShowTree includes the Permissions for the Groups. But in the iTunes client user interface, it's as if I gave no Permissions in adding the Groups.
  Am I approaching this wrong or is there a bug here?
  (I haven't tried yet a separate call to add the Group Permissions, not wanting to suffer the processing wait of getting handles for the three Groups.)
  Anyone else doing this? (successfully or not ) Thanks.

• The best way to implement user's access level via Servlet & JSP (or more)?

  Hi all,
  I am trying to implement user's access level in an application to allow certain access to certain page or components within a page (buttons, etc.). From my experience with JSP, Java, servlet, I am think of having the jsp/servlet to check for user's access level to decide what jsp components or forward page to go to next but that doesn't seem clean or elegant way to handle it.
  Any suggestions of how to do this? Are there other technologies (Struts) out there that can handle this?
  Thanks so much in advance for your feedback or suggestion,
  Thong Bui

  I haven't experienced a lot in defining security roles before, and there is probably a lot to learn about this area. However I might be able to assist you in some way. Whenever I have 2 or more objects that need to be stored in the session, I create a class called UserContainer. Say you have three properties:
  empSsn (String) , isAdmin (Boolean), isAgent (Boolean), then:
  public class UserContainer implements Serializable  {
  private String empSsn = null;
  private Boolean isAdmin = null;
  private Boolean isAgent = null;
  public UserContainer() {
  super();
  public void setIsAdmin(Boolean isAdmin) {
  this.isAdmin = isAdmin;
  public Boolean getIsAdmin() {
  return this.isAdmin;
  // getters and setters for the other properties
  Of course after you decide (in your sevlet) whether the app user is an administrator or an agent, you can set the corresponding property in the user container, and then save it in the session. Afterwords, in any jsp, you can decide to display a certain element (e.g a button) after you check the user's role. Example:
  // Welcome.jsp
  <% UserContainer userContainer = (UserContainer) session.getAttribute("userContainer");
  boolean isAdmin = userContainer.getIsAdmin().booleanValue();
  boolean isAgent = userContainer.getIsAgent.booleanValue();
  if(isAdmin) { %>
  <!-- HTML/Code corresponding to an administrator -->
  <% } if(isAgent) { %>
  <!-- HTML /Code corresponding to an agent -->
  <% } >Of course, this is a very simple way of doing such a task, you will find more secure ways if you look at LDAP or something of that matter.
  Cheers

• Restrict certain function based on access level

  I'm working through an approval process with Office 365 SharePoint Lists and Infopath, and I want certain people to be able to submit items in a Sharepoint list on behalf of someone else. So, the boss might have her assistant post news for her,
  but her name will be on it. I only want certain people with a higher access level to be able to do this. Most people will just be able to submit news on their own behalf. I'm not sure how to do this other than to actually have a separate list that only certain
  people can access to support this one function.
  Currently I have lists for...
  Draft Items
  Submitted Items
  Published Items
  and I might create a fourth one for "Drafts Items on behalf of." Can you think of a better way than to actually create a fourth list?

  Hi  ,
  According to your description, my understanding is that you want to three permission level for a list: unable submit and unable approval, able submit and unable approval, able submit and able approval.
  If you just want to restrict  for a list, you can try to stop inheriting permissions for the list.
  For the above permission level, it can be reflected to the SharePoint default permission level: read, edit, approve. So for achieving your demand, you can add the users  into  suitable permission
  group (Site Visitors, Site Members, Approvers).
  Then you can go to the list ->List Settings ->Versioning Settings, select “Yes” for Require content approval for submitted items.
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• Access levels in dreamweaver cs4

  Hi,
  I have been playing around with dreamweaver cs4 using the tutorials and videos i have thanks to you guys.
  I created a simple login mysql database and used the login features within dreamweaver cs4 which was great and so simple.
  I have came across login to a secured site so many times over the past few years pulling down sample asp with access scripts and never getting it right.worked first time no problem.
  however what i do also get asked is access level security for a secured area. i noticed in the login objects properties there was an option "secure page and get access level from database table" however what i want to be able to do is have it so an admin would see all contacts in the database but the individual agents only have access to their own assigned contacts.
  i would be greatful anyone could point me in right direction from within dreamweaver to do this, also not sure how i would setup the table in mysql to reflect this?
  any pointers or help would be greatly appreciated.
  many thanks
  andy

  Not sure if this is what you want, at least it will give you an example
  <!DOCTYPE HTML>
  <html>
  <head>
  <meta charset="utf-8">
  <title>Untitled Document</title>
  <style>
  body {width: 980px; margin: auto; background: #FEE49A;}
  #header {height: 120px; background: #060;}
  #article {height: 400px; width: 749px; float: right; background: #FFF; border-right: 1px solid #060;}
  #aside {height: 400px; width: 228px;    float: left; border-right: 1px solid #060; border-left: 1px solid #060; background: #CCC;}
  #footer {height: 50px; background: #060; clear: both;}
  </style>
  </head>
  <body>
  <div id="header"></div>
  <div id="aside"></div>
  <div id="article"></div>
  <div id="footer"></div>
  </body>
  </html>
  Gramps

• Managing "Access Levels" on a domain level from Lync 2010 client

  Hello,
  Our company moved from Office Communicator 2007 R2 clients to Lync 2010 clients.
  Previously in Office Communicator 2007 R2 client, it was possible to set default Access Levels for complete domains (instead of individual users only), using the Access Level Management view.
  In the Lync 2010 this options seems to be missing. The management options per user are still there (by right-clicking a user), but the access to manage it for a domain is no longer visible.
  Is there any way to manage Access Levels for domains, in a similar way we had in Communicator 2007? It appears that Lync 2010 stilluses the Access Levels set previously for domains, but users do no longer have any possibility to make further updates,
  and are stuck (from their perspective at least) with the settings made in 2007 before.
  Thanks.

  Lync 2010 doesn’t have the feature natively.
  With Lync Server 2010, by default, the contacts from federated domains are added as External Contacts.
  Lisa Zheng
  TechNet Community Support