DSP 2.1 ldconsole access / security setup

Hi,
I'm trying to figure out ( and am struggling)... how to configure access to the ldconsole. The scenario we have is some developers who do not have admin rights on the weblogic console, they do have limited rights to review some of the deployment configuration but not change anything. But what they need to be able to do is Purge their data cache etc in the LDConsole. I've added the group they are a member of to both the administrative and metadata security policies in the LDConsole and they can log in... however when they click their application they don't see the view you see if your an administrator. They just see an empty page. Also they don't see in the expandable tree view the Physical sources or anything else, just "Endpoint". Can any one tell me what I’m missing here or point me in the right direction, i'm finding the docs not very helpful so I’m either just not seeing it or looking in the wrong place :-S
Regards,
Dave

In DSP 2.x, you cannot access the console with different privileges as you might expect. This is a known issue. It is fixed in DSP 3.0

Similar Messages

Security Setup not working

Hi,
As a part of security setup we have done the following things:
- Users created and assigned as members of groups. One group is created per entity.
- Groups have been provisioned for the application and given security class access
- Security classes have been created and attached to metadata. for e.g, all entities have been attached a Sec class in properties.
- In application settings, Node Security = Entity, Security for Entities is Checked, Enable Metadata Sec Filtering is also checked.
Even after this, the security setup doesnt seem to be working. A user with minimal provision (only Data Form Writeback from Excel) and no security class access is also able to see all the entities, also other forms, grids, etc which have been attached diff security classes. He is able to edit the forms and grids.
Can anyone help out as to what is it that we are missing?

What role(s) do the users have? Any user with the Administrator role bypasses class access checking and is assumed to have full access to everything. No other role provides this bypass.
Editing forms and grids has nothing to do with Entity security. If the forms and grids have no class assigned to them, they use the [Default] class which I suggest all users have All rights to anyway. If there are grids/forms you do not want users to change, you should assign a specific class to them, other than [Default].
Enable Metadata security filtering should restrict users from seeing the members for which they have None access to, but as long as they have Read or All access, they will see the members in a pick list.
--Chris

Security Setup

Hi,
We are having HFM used for reporting and consolidation.
Two Specific issues/questions
1) We are having seperate Development, UAT and production environments. However the security setup/AD groups for all three environments are same. We cannot create different security groups in three different environments as it will affect meta data level changes.So the issue is that , person having UAT environment is also able to access the production system, as AD groups for security class are same. Is there a way we can diffentiate the security of three different environments?
2) HFM offers application adminsitrator roles. However, we are having 3 different team:
A) One performing change management such as meta data level changes
B)Second one performing security
C)Third one performing maintainance actiivites such as dispensation, bypass,validation tolerane limit load excahgne rate.
Is there a way we can segregate these responsibilites by setting up different access/roles for the users.
Your help would be much appreciated.

Hi,
In regards to question #1 :
Option a - Use Native Groups. If you were using Native Groups as opposed to the AD groups, you could keep everyone assigned to the same groups and simply have different levels of access between the apps. A lot of systems will use Native Groups with external directories (i.e. Active Directory) for users. This probably isn't something of interest since you already have everything in AD and would be a lot of hassle to rework....
The other options I propose really depend on what exactly are you trying to accomplish in DEV vs PROD in regards to security. They are somewhat hackish but would solve your issue....
Option b - If you want everyone to have full access to everything in DEV as opposed to more limited access in prod, give the WORLD built in group access to all of your security classes in DEV only.
Option c - If you want everyone to have the same entity / account access just a different level (i.e. Read to Write), then you can just extract the production security file and replace all the security class access items from Read to All, etc.
Option d / e - If you want to give people different account / entity access as opposed to level of access, this is a bit trickier because any moves you make in AD would apply for all of the apps.... I would think this wouldn't be that common and maybe you only need this for a couple people? For the few instances of this, I think the best bet optiosn are : d.) create a Native Group and put them in that with the proper security class access. e.) Assign the user directly to the security class with the proper access in the environment. Security class access is not contained in AD and the changes would not automatically propagate..... If you have to do this for a "ton" of users, it wouldn't be much fun though.
In regards to question #2 -
A) - First of all, if someone has the HFM client or a text editor and access to the metadata file, anyone can make the changes. Your best bet is to control the extracting and loading aspect of this. The 'Load System' role will control who can load metadata to HFM.
B) - Provisioning Manager will allow changes to user access to the App
C) Not sure what you're looking for here. Exchange rates would be a data load so they would need to be able to load data to the system. This sounds like more of an Account / Entity access item so you would need to make sure the user has proper security class access in HFM.

Shared Service Security Setup - Demo Doc

Hello Friends,
Was just checking if anyone of you have a quick small document which would explain the security setup module in Shared services
with Users, Roles, Groups, filters
Type of access READ WRITE, META READ WRITE etc in a pictorial format.
Just have to give a demo to my fellows.
Thanks in advance
MS

Try
http://docs.oracle.com/cd/E17236_01/epm.1112/hss_admin_1112200/apas02.html
http://docs.oracle.com/cd/E17236_01/epm.1112/hss_admin_1112200/ch09s04s08.html
http://docs.oracle.com/cd/E17236_01/epm.1112/hss_admin_1112200/ch09s04s07s01.html
http://docs.oracle.com/cd/E17236_01/epm.1112/esb_dbag/dsefilt.html
Cheers
John
http://john-goodwin.blogspot.com/

Nas can not access secure parts from Macbook pro

Black Armor 220 nas can not access secure parts from Macbook pro, although access sucess Public parts (no password), is any setting in Lion or else needed setup?
Late 2006 model , 15'

is any network sharing files Setting for secure files sharing in a NAS(wifi with mac via internet gateway), or to be able access Public files (but not secure), the password must be the problem?

What does 'security setup forms that accept sql statement' mean?

I was referring one white paper 'Best Practices for Securing Oracle E-Business Suite'.
I would like to know what does 'security setup forms that accept sql statement' mean in that?
My question is
Where can the SQL statements be entered?
It would be better if I can have some examples of the same. I am trying to understand this statement.
Edited by: Kavipriya on 30 Mar, 2011 3:37 PM

It is explained in the same docs.
Best Practices for Securing the E-Business Suite [ID 189367.1] -- Page 26, under "LIMIT ACCESS TO FORMS ALLOWING SQL ENTRY" section.
Best Practices For Securing Oracle E-Business Suite Release 12 [ID 403537.1] -- Page 22, under "LIMIT ACCESS TO FORMS ALLOWING SQL ENTRY" section.
Thanks,
Hussein

Error while accessing secure store

Hi Team,
We are on EP 7.0 on SQL server 2005 . Iam facing one problem , in sometimemy IRJ pOrtal site stops giving error " Java iView Runtime " .At this time what happens that in my usr/sap drive , the sap folder is not shown as shared its share goes away and that time when i connect to visual admin tool the authentication fails and that time config tool gives error
#1.5#00188B417A01007E0160B338000008FC00045DE876A4C303#1229152911187#com.sap.engine.services.dbpool.spi.ManagedConnectionFactoryImpl##com.sap.engine.services.dbpool.spi.ManagedConnectionFactoryImpl#Guest#2####f168def0c8c411dd9a2100188b417a01#SAPEngine_Application_Thread[impl:3]_29##0#0#Error##Plain###ManagedConnectionFactoryImpl.createManagedConnection(): SQLException occured while creating ManagedConnection: com.sap.sql.log.OpenSQLException: Error while accessing secure store: File "
musaprd
sapmnt
PWC
SYS
global
security
data
SecStore.properties" does not exist although it should..#
#1.5#00188B417A010085015AAAF5000008FC00045DE876A4C207#1229152911187#com.sap.sql.connect.OpenSQLDataSourceImpl##com.sap.sql.connect.OpenSQLDataSourceImpl#Guest#2####09e36ed0c8c711dd93b200188b417a01#SAPEngine_Application_Thread[impl:3]_39##0#0#Error#1#/System/Database/sql/connect#Java#com.sap.sql_0019##Exception of type com.sap.sql.log.OpenSQLException caught: Error while accessing secure store: File
When i check in this path SecStore.properties is there , also i have checked the permissions .....................please revert the reason of this error .
Main part of this all is that after taking a reboot everything becomes fine , this happens every few days .
Please revert to this .
Regards,
Somya

Hi,
This error crops up when the the folder usr/sap folder sharing is lost . We have recently faced this problem this is Windows OS level problem you can ask your OS admin. Applying a security patch will do.
Regards,
Vamshi.

Error while accessing secure store: File "SecStore.properties" does not exi

Hi ,
I have a java desktop application, and i am trying to get a connection from a datasource deployed on one SAP AS Java, I can get the datasource succsfullly but when i try to get a connection from the DS, it throughs this exception, I put the secstore..properties file in the classpath even after that it is not happy,
any solution/hint/light please!!!!
com.sap.sql.log.OpenSQLException: Error while accessing secure store: File "SecStore.properties" does not exist although it should..
     at com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:106)
     at com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:145)
     at com.sap.sql.connect.OpenSQLDataSourceImpl.setDataSourceName(OpenSQLDataSourceImpl.java:226)
     at com.sap.sql.connect.OpenSQLDataSourceImpl.setDataSourceName(OpenSQLDataSourceImpl.java:197)
     at com.sap.customcode.ConflictingActionFixture.(ConflictingActionFixture.java:53)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
     at java.lang.reflect.Constructor.newInstance(Unknown Source)
     at java.lang.Class.newInstance0(Unknown Source)
     at java.lang.Class.newInstance(Unknown Source)
     at fit.FixtureClass.newInstance(Unknown Source)
     at fit.FixtureLoader.instantiateFixture(Unknown Source)
     at fit.FixtureLoader.instantiateFirstValidFixtureClass(Unknown Source)
     at fit.FixtureLoader.disgraceThenLoad(Unknown Source)
     at fit.Fixture.loadFixture(Unknown Source)
     at fit.Fixture.getLinkedFixtureWithArgs(Unknown Source)
     at fit.Fixture.doTables(Unknown Source)
     at fit.FitServer.process(Unknown Source)
     at fit.FitServer.run(Unknown Source)
     at fit.FitServer.main(Unknown Source)
Caused by: com.sap.security.core.server.secstorefs.FileMissingException: File "SecStore.properties" does not exist although it should.
     at com.sap.security.core.server.secstorefs.StorageHandler.openExistingStore(StorageHandler.java:372)
     at com.sap.security.core.server.secstorefs.SecStoreFS.openExistingStore(SecStoreFS.java:1946)
     at com.sap.sql.connect.OpenSQLConnectInfo.getStore(OpenSQLConnectInfo.java:802)
     at com.sap.sql.connect.OpenSQLConnectInfo.lookup(OpenSQLConnectInfo.java:783)
     at com.sap.sql.connect.OpenSQLDataSourceImpl.setDataSourceName(OpenSQLDataSourceImpl.java:209)
     ... 18 more
caused by

the SecStore.key file was not there, I changed the passwd and checked the 'Encryption' on, after that my sever instance is not starting.
Any idea?
-Puneet

I just upgraded to Firefox 5.0.1 and since the "lock" icon never appears when accessing secure websites, where should I look for it?

I just recently upgraded to Firefox 5.0.1 and now the "lock" icon doesn't appear anywhere (I can find) when accessing secure websites. I haven't seen it once. It used to appear in the lower right corner of the screen. I also have Norton Internet Security.

Padlock is no longer part of Firefox; it was removed beginning in Firefox 4. The padlock shows that there is a secure connection but does not supply additional information. You could have made a typographical error and still have been connected to a secure connection. The padlock was replaced in Firefox 3 with the Site Identity Button. Familiarize yourself with the Site Identity Button at the left end of the Location Bar:
*https://www.mozilla.com/en-US/firefox/security/identity/
*https://support.mozilla.com/en-US/kb/Site+Identity+Button
*http://www.dria.org/wordpress/archives/2008/05/06/635/
You can install this add-on if you wish: *https://addons.mozilla.org/en-US/firefox/addon/padlock-icon/
'''If this reply solves your problem, please click "Solved It" next to this reply when <u>signed-in</u> to the forum.'''
Not related to your question, but...
You need to update some plug-ins:
*Plug-in check: https://www-trunk.stage.mozilla.com/en-US/plugincheck/
*Adobe PDF Plug-In For Firefox and Netscape: [https://support.mozilla.com/en-US/kb/Using%20the%20Adobe%20Reader%20plugin%20with%20Firefox#w_installing-and-updating-adobe-reader Installing/Updating Adobe Reader in Firefox]
*Next Generation Java Plug-in for Mozilla browsers: [https://support.mozilla.com/en-US/kb/Using%20the%20Java%20plugin%20with%20Firefox#w_installing-or-updating-java Installing or Updating Java in Firefox]

Remote Access VPN Setup

Hello Support,
I have a question regarding a remote access VPN setup with the following. I have a Cisco 6500 with multiple VLANs, and an FWSM setup in mutliple context mode. Each of our clients sits behind their own context, and has their own associated VLANs. Each context has a shared interface, so that one network (our management network) can see all of the networks. We are using a Cisco ASA to terminate P2P VPNs as the FWSms cannot do so, but I would like to setup a remote access VPN from the ASA, but I will need to connect in and have access to all networks. Currently the ASA has an outside interface for internet, two client inside interfaces, and one interface on the shared network.
If I setup a remote access VPN from the ASA with a separate scope will I be able to see all the networks that I setup routes and nonats for or is there more to it?
I provided a brief diagram showing all the vlans, I will need to be able to access all of the 6500s vlans when connected using the VPN.
Thanks in advance for all ideas, suggestions, and assistance.

Hello John,
You will need to configure the respective IP Address pool for the Anyconnect users,
Then create the no_nat rules from all of the internal subnets to the Anyconnect Pool.
That should do it bud . I mean just make sure the internal network (core) knows that in order to reach the anyconnect pool must send the traffic to the ASA.
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com

After upgrading to Mountain Lion I am not able to access "security and privacy" button under "system preferences". I like to activate "find my mac" but cannot access privacy setting after upgrade. Kindly advice.

After upgrading to Mountain Lion I am not able to access "security and privacy" button under "system preferences". I like to activate "find my mac" but cannot access privacy setting after upgrade. Kindly advice.

Can't Access Secure (HTTPS) Sites On One Account, FF or Safari???

Hello Mac Fans
First let me say I'm new to Mac. On one account I can't access secures sites like I can in the admin account. This may be a function of rights but am not sure? All updates have been done.
I can't login to this forum, my MobileMe account or my bank for example. I had to change to my other account or gasp, use a PC to post this message.
I installed FireFox trying to isolate the problem to Safari but that didn't pan out, I can't get to HTTPS pages in FF either.
I turned off Little Snitch thinking I might have denied something by mistake but that didn't help. I checked the rules and found nothing that wasn't allowed.
Nothing was changed in the router. I just turned on Mac and it worked. The iMac is connected to the router via ethernet cable.
I've used the search function and tried a few things that have been recommended for others but they didn't help me. I went to the keychain and did a repair, although it didn't find any problem. I over rode a couple keys to always allow them (Apple site stuff) and I ran the disk utility to no avail.
For reference I will post the information for both Safari and FF.
Safari:
Safari can’t open the page “https://support.apple.com/cgi-bin/WebObjects/ACAuthWeb.woa/wa/login?
appIdKey=2ddbca23a85d20e5bf7478812379ae23&path=/login.jspa%3FsuccessURL%3D/index .jspa” because Safari can’t
establish a secure connection to the server “support.apple.com”.
Safari can’t open the page “https://www.mln'sbank.com/” because Safari can’t establish a secure connection to the server
“www.mln'sbank.com”.
Safari can’t open the page “https://auth.apple.com/authenticate?service=DockStatus&realm=primary-
me&returnURL=aHR0cDovL3d3dy5tZS5jb20vd28vV2ViT2JqZWN0cy9Eb2NrU3RhdHVzLndvYS93YS9 0cmFtcG9saW5l&destinationU
rl=” because Safari can’t establish a secure connection to the server “auth.apple.com”.
FireFox:
The connection was interrupted
The connection to support.apple.com was interrupted while the page was loading.
* The site could be temporarily unavailable or too busy. Try again in a few
moments.
* If you are unable to load any pages, check your computer's network
connection.
* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.
I've done a lot of snooping around on this forum and have ran out of ideas so now I must ask for help.
Thanks
Message was edited by: MLN1963

I think I may have found the problem. It's embarrassing to find it minutes after posting the message yet I tried to solve it off and on for three days! My brother who is a 20 year Mac user has been trying to help me too. I guess it's true what they say... sometimes it's better to be lucky than good. LOL
I turned off the parental controls. What I don't understand is that the no website restrictions box was checked. To me this means I should be able to go to any site I wanted. Can anyone explain why I couldn't got to a HTTPS page on a parental controlled account even though there were no restrictions placed on it?
It's late and I need sleep. I'll leave this open for now until I have more time to test it.

Reset Safari -- Now I Can No Longer Access Secure Sites Or iTunes Store.

Hi, A few days ago I reset Safari (I'm still not sure why... boredom??). Well, now I'm paying for it. Now I can't access secure sites (such as gmail, bank accounts, etc.). in Safari. When trying to access a secure site I get an error window that reads something along the lines of: "Safari can’t open the page because it couldn’t establish a secure connection to the server." Even more annoying, I can't access my account on iTunes or access the iTunes store. When trying to do so an error window pops up that reads: "iTunes could not connect to the iTunes store. The requested keychain was invalid. Open keychain access and run Keychain first aid, then try again."... Did all that. No help. Incidentally, all my keychains are now gone).
I tried accessing the secure sites through Firefox, which still works fine. But the iTunes problem persists no matter what.
Has anyone else been encountered these same problems or know what I need to do to fix them? Any advice would be appreciated. I'm stuck!
Thanks in advance!

Still having this problem - is there no one out there who can help me? Surely someone must have had this happen before, no? You're all making me feel really stupid!!

BT infinity installed and cant access secure sites...

Had BT Infinity installed last Friday and now cant access secure sites such as my Bank to check my account or Credit Card site to check latest outgoings. My laptop accesses but PC doesnt using the same router. Any suggestions please.
Solved!
Go to Solution.

Seen this hundreds of times, the most likely cause is CMOS battery in your PC running flat, it means that whenever you unplug your PC it loses the date and time.
SSL certificates are valid for date periods and your PC things it's not in that date period.
First thing to check is your Date/Time

Mac being unable to sever connections and I can't access secure databases

Recently my university library underwent a security rehaul, since then I have been unable to access secure databases to do research for papers and the like. After resetting my browser, emptying my cache, and shutting down my computer, I am unable to sever my old connection to the library page.
The weird thing was I was in a chat with a librarian at the school at the time, and it never signed off even when my computer was shut down...
What do?

This will tell you if your apps are compatible:
http://roaringapps.com/apps:table
Thanks ... Ken

DSP 2.1 ldconsole access / security setup

Similar Messages

Maybe you are looking for