Extending/modifying UCM security

Similar Messages

• Command to set modify Advanced Security Settings (Audit Settings for folders) on windows 2008

  Hello,
  We have requirement to modify  Advanced Security Settings (Audit Settings for folders) on windows 2008. I am looking for a command which does this job.
  I know, using group policies I can do this; in fact I had done this using group policies. However, I need to do this on number of servers which are not in domain. There are around 15 folders on which I need to enable Auditing; manual editing folder advanced
  permissions is a cumbersome job. Hence, I am looking for a command line options.
  I need to know how command can be utilised to enable Audit option on a folder. Please share a command which can do this; once I get the command, I will create a batch file for other necessary folders. (BTW, this is not a scripting question, I just need to
  know the command hence, please do not re-direct me to scripting forum)
  Manually through GUI, I am setting following.. snaps are given below
  Thanks !

  You can try using Auditpol.exe: http://technet.microsoft.com/en-us/library/cc731451%28v=ws.10%29.aspx
  This
  posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   
  Microsoft
  Student Partner 2010 / 2011
  Microsoft
  Certified Professional
  Microsoft
  Certified Systems Administrator: Security
  Microsoft
  Certified Systems Engineer: Security
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows 7, Configuring
  Microsoft
  Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
  Microsoft Certified IT Professional: Enterprise Administrator
  Microsoft Certified IT Professional: Server Administrator
  Microsoft Certified Trainer
  Thanks but I guess, auditpol ca be used only to manipulate system audit policies. how do I specify a folder and user in auditpol ? I could not find or understand how folder can be included with auditpol command line options.
  Thanks !

• Extend/modify deadline in Acrobat Pro 8 shared document review

  Is it possible to extend or modify the deadline for an Acrobat Pro 8 shared document review?

  Christian,
  No it's not possible to extend/modify the deadline in Acrobat 8 shared reveiws. These features have beed added in Acrobat 9. In Acrobat 8, the reviewers can add comments even after the deadline has expired. The review file can however be checked out of the review by saving a copy of the file using the 'save an archive copy' option under file menu(File> Save as archive copy), when the reveiw process is complete.
  Thanks,
  Richa

• Extended/modified to accept characteristic values for BAPI_SALESORDER_CREAT

  Hi All,
    can any help me extended/modified to accept characteristic values for BAPI_SALESORDER_CREATFROMDAT2 BAPI.my requirement is
  Exploring the standard BAPI BAPI_SALESORDER_CREATEFROMDAT2 (or any other suitable)to be extended/modified to accept characteristic values
    and based on characteristic values, it should perform variant matching
    and if  in case variant matching is successful, the BAPI should replace the KMAT material with the exact matched variant material.In case the variant matching is unsuccessful, then retain the KMAT material in the sales order line item

  Hello Nagarajan,
  I have used this BAPI in my last task. You are passing the values correctly. I will tell you why it is giving like that message.
  Whenever we will create a sales order in VA01 transaction, you will get a message like "The sales order is not complete, would you like to EDIT" while saving the sales order.... This is because of not providing complete data required for careation of sales order.
  Try to implement the changes manually in VA02, if you get same errors, then you can find your code is correct.
  Even I got same type of messages when changing a sales order to change the Rejection Reason for the items.
  Best Regards,
  Sasidhar Reddy Matli.
  Edited by: Sasidhar Reddy Matli on Jul 31, 2008 2:20 PM

• I can not log in to the account from the iTunes Store's why I lost my security question! I want to modify the security question again I can not

  I can not log in to the account from the iTunes Store's why I lost my security question! I want to modify the security question again I can not

  BLANK Cloud Screen http://forums.adobe.com/message/5484303
  -and http://helpx.adobe.com/creative-cloud/kb/blank-white-screen-ccp.html

• UCM security modeling

  Hi,
  The use case is like this
  OID
  1. I have different groups in OID say Group1, Group2,...... 1000+ groups
  2. I have other groups (apart from the 1 mentioned above) as well in OID say OtherGroup1, OtherGroup2,...... 1000+ groups
  Please NOTE: The users presnt in Group1, Group2,.... and OtherGroup1, OtherGroup2,.... are completely different users
  Also all the groups mentioned above are already repsenr and I cannot modify the existing groups as they are used for some other purposes as well.
  I can just use the existing groups.
  In my webcenter application I crate a object say "Sales"
  And I want to create a folder in UCM by same name called as "Sales" and the contents inside this "Sales" folder should have the security as mentioned below
  1. "Content1"
       - "Group1" should have R, "Group2" should have RW, "Group3" should have RWD
       - "OtherGroup1" should have R, "OtherGroup2" should have RW, "OtherGroup3" should have RWD (This group might remain same for all contents)
  2. "Content2"
       - "Group4" should have RWD, "Group5" should have RW, "Group6" should have R
       - "OtherGroup1" should have R, "OtherGroup2" should have RW, "OtherGroup3" should have RWD (This group might remain same for all contents)
  and so on..
  So please suggest how can I achieve this type of security model in UCM.
  Thanks in advance.

  which account am I suppose to add on "Contnent1"The account will be Content1. @Content1_R is the name of a group in LDAP, which grants its members R permission to the Content1 account.
  And also what should be the "SecurityGroup" for "Content1" since "SecurityGroup" is mandatory for a content item check in. You may have to create a generic group where all users have RWD permissions - resulting permission are intersection of those from SG and accounts.
  Also once the account is added I cannot change the permission for a particular user, so the option left with me will be to assign him to different account which has desired permission for given content (that too if I can add multiple accounts).Account is a setting on a content item, and it is expected to be changed only exceptionally. What you can change, though, is membership of users in your created groups - thus, granting/revoking permissions of users to particular accounts. This can be as dynamic as you need.

• [ask] ucm security model case study

  hi fellow stellent users,
  i have a question to ask about
  this case study, that im trying to solve.
  the case study is,
  suppose a corporate named acme
  then i create security groups (public, internal, sensitive, secret),
  semantically a clearance level.
  then i create hierarchical accounts based on acme's divisions:
  acme/finance
  acme/acct
  acme/marketing
  then i create this virtual folders (primarily used in webdav integration)
  /finance: account: acme/finance
  /acct: account: acme/acct
  /marketing: account: acme/marketing
  this seems ok, so all users in the finance dept
  can only view/access/edit the /finance folder (and its contents)
  but there are new requirements:
  -suppose finance users want to create subfolder in the /finance
  eg: /finance/shared
  but they want to share this folder so that it can be accessible to
  acct and marketing users.
  so how can i do this ?
  i already tried creating new account acme/finance/shared
  assign that to the /finance/shared folder,
  and adding that account to all users that need to access that folder
  but, there seems a problem,
  when i browse ucm with Windows Explorer (webdav) with a marketing user id.
  i cant see the /finance/shared folder.
  maybe because the parent /finance folder is hidden/not permissible to them (marketing guys).
  but then, what is the workaround for this problem? can a user
  create a folder that can be shared to other accounts ? with a parent
  folder that is not shared.
  what's the best practice in ucm to accomplish this scenario,
  especially for working in windows/webdav environment.
  is there any changes that i must make to my current security model ??
  thanks,
  your answers will be very appreciated. :)

  Sapan, Yes I understand that and I have read it also. The problem is we would rather take care of the ROLES within UCM, such that subadmins should be allowed to create roles etc with UCM who have no access to LDAP. Basically we would like to give access of role creation to a subadmin rather then set it up in LDAP, but at the same time we would like users to get authenticated via LDAP, because we want to use Single Sign On.
  So basically the solution that I am looking for is following:
  1) Users get Authenticated ONLY via LDAP. No group mappings or filtering needs to be done (Use Group Filtering/Use Full Group Names in LDAP provider are NOT checked)
  2) Setup user's roles/groups within UCM by a Sub Admin.
  Basically what I would like to do is that we can have several websites in our UCM and each website can have Subadmins who can give/remove permission for users that reside in UCM (External/Internal anyone). Moreover I would like to give subadmins only rights to there OWN Website and they should not be allowed to do any administration work for other websites that they are not sub admin for. Also, none of the users/subadmins can see any search results from any other website data that they do not have permission for.
  This is a little complex requirement, first I do not know if UCM is capable of this, second I am a newbie with UCM, I have worked with Documentum in the past, so any suggestion is very welcome. Thanks!

• UCM security module issue

  Hi all,
  I am now working on the security of ucm and find that it is based on security group to control the operation.
  Mr J is one of the VPs in our company. I create a virtual folder and assign the security group to VP group. Mr J has a contributor role that has RWDA perssions of VP group.
  Is there any possibility that Mr J can but others in VP group can not access the folder and check in/out files ?
  Your suggestion will be appreciated!
  Jiahua

  Dennis,
  You can create separate group for every VP, but consider carefully performance issues (http://download.oracle.com/docs/cd/E10316_01/urm/urm_doc_10/documentation/addons/admin_pcm_10en.pdf).
  Also consider using collaboration projects, which can be considered as folders with individual ACL.
  Jakub

• Airport Express to extend network - WEP security issue

  I have an existing Time Capsule based wireless network (set to WEP Transitional Security). I just bought Airport Express with the intent to extend my network. The TC is set to allow the network to be extended. I also set up the Airport Express to extend an existing network - however, I am not sure what security protocol to set since WEP Transitional is not an option. I chose WEP 128 but it resulted in the Airport Express hanging when it tries to update and restart. If I chose a WPA protocol it does update and restarts fine. iTunes recognizes this as a speaker. However, I'm not sure if this is a correct setting. Also the Airport Express does not show up in the list of wireless networks to connect (which I assume is the way it should work).
  I went through the discussion board but could not find any solution. Any help would be greatly appreciated

  Welcome to the discussion area, Katan!
  If I chose a WPA protocol it does update and restarts fine. iTunes recognizes this as a speaker. However, I'm not sure if this is a correct setting
  That is the correct setting.
  Also the Airport Express does not show up in the list of wireless networks to connect (which I assume is the way it should work).
  That's correct. It's extending your wireless network, so you'll only see that wireless network as a choice to join from each computer or device.
  Your computer will automatically connect to the device with the strongest signal, which is almost always also be the closest device unless there are major obstructions involved in the signal path.
  Post back if you are interested in checking to see which device your computer is actually connected to at any given time.

• Extending Modify Request OIM SPML Webservice

  can you please help me with any document related to enabling OIM web serives to other applications for modifying attributes in OIM.
  Modify Request it allows only OOTB default attributes i want to extend the schema for custom attributes. please let me know if have steps for it?

  I could not find examples on the modifyRequest. SPML Attributes and LDAP Mappings, and Oracle Identity Manager Attributes does talk about custom attributes and the addRequest example seems to contain section for User Defined Field. You may want to post this question to the Identity Management (MOSC) support forum.
  Jani Rautiainen
  Fusion Applications Developer Relations
  https://blogs.oracle.com/fadevrel/

• Extending/Modifying VOImpl Class Methods

  Hi All
  In iExpense Module, there is one CreditCardsVO, which is already extended by a developer as BTCreditCardsVO
  The standard CreditCardsVOImpl class has its contructor method, executeQuery, encodeCardNumber, etc methods.
  My requirement is to modify the encodeCardNumber method ( This method masks the CreditCard Number with '****' , leaving just last 4 digits to display using substring function)
  I need to modify this 4 digits to 9 digits.
  This encodeCardNumber is called in executeQuery method. Also, this method is private type.
  Extending standard VO is possible and usually SQLs are modified to add new columns.
  Is it possible to modify/extend the methods of the standard VOImpl classes.
  Rgds
  Vaddi Rakesh

  Hi Kumar,
  Thanks for the reply.
  Correct me if I have got it wrong.
  To extend the private method EncodeCardNumber, I need to copy the standard ExecuteQuery method in the extended VOImpl class and also the EncodeCardNUmber method with modifications.
  I have Copy/Pasted whats in the standard VOImpl and Also what I intend to change in extended VOImpl.
  Standard VOImpl Class:
  public class CreditCardsVOImpl extends OAViewObjectImpl
  public CreditCardsVOImpl()
  public void executeQuery()
  super.executeQuery();
  while(hasNext())
  CreditCardsVORowImpl creditcardsvorowimpl = (CreditCardsVORowImpl)next();
  String s = creditcardsvorowimpl.getCardProgramName() + encodeCardNumber(creditcardsvorowimpl.getCardNumber());
  creditcardsvorowimpl.setDisplayedValue(s);
  if(Boolean.TRUE.equals(isMultPaymentsForCard(creditcardsvorowimpl)))
  creditcardsvorowimpl.setDisplayedValue(creditcardsvorowimpl.getDisplayedValue() + " - " + creditcardsvorowimpl.getPaymentDueFrom());
  private String encodeCardNumber(String s)
  if(s.length() > 4)
  return " ****" + s.substring(s.length() - 4);
  else
  return " ****";
  /// Other Public methods ...........
  Extended Code :
  public class BTCreditCardsVOImpl extends CreditCardsVOImpl
  * This is the default constructor (do not remove)
  public BTCreditCardsVOImpl()
  // COPIED FROM STANDARD VOImpl CLASS
  public void executeQuery()
  super.executeQuery();
  while(hasNext())
  CreditCardsVORowImpl creditcardsvorowimpl = (CreditCardsVORowImpl)next();
  String s = creditcardsvorowimpl.getCardProgramName() + encodeCardNumber(creditcardsvorowimpl.getCardNumber());
  creditcardsvorowimpl.setDisplayedValue(s);
  if(Boolean.TRUE.equals(isMultPaymentsForCard(creditcardsvorowimpl)))
  creditcardsvorowimpl.setDisplayedValue(creditcardsvorowimpl.getDisplayedValue() + " - " + creditcardsvorowimpl.getPaymentDueFrom());
  // MY VERSION OF ENCODE METHOD
  private String encodeCardNumber(String s)
  if(s.length() > 4)
  return " ****" + s.substring(s.length() - 9); // changed from 4 to 9
  else
  return " ****";
  My Query would be, the ExecuteQuery would be calling super.executeQuery.
  Does this refer back to Standard ExecuteQuery and then subsequent EncodeCardNumber.
  Or is it, my concepts are not clear. And extending the Standard methods, would simply replace any call to the methods of the Standard class, with the ones extended in the Extended VOImpl
  Please advise
  Rgds
  Vaddi Rakesh

• Acrobat 9 Pro Extended Document Processing Security

  Is there a way to associate a defined security policy in a sequence when securing PDFs inside a Portfolio?  We prefer our professionals use a managed security policy rather than set their own passwords when security deliverables.

  Please send me email [email protected] if you are interesting of how to apply managed security policy in the PDF.
  Steven;

• UCM security issue

  Hi,
  How to avoid the user input the idocs script in the contribution data file. I input the Idoc script as the contributor and it is executed. The user should not be able to input the Idoc script.
  Thanks!

  Assuming you're using site studio contributor, the best way is to prevent them from entering "source mode". Another option is to write your own validation script and test for the idoc tags. However, this doesn't prevent your users from just checking the XML file out, putting in the idoc script, and then checking it back in. There's only so much you can handle.

• UCM 11g - how to accessing secured content using open WCM service

  Hi All,
  Does any one has an idea on how to access the contents that are checked in with security groups as "Secured". If the contents are checked in as "Public" then, we can easily access the same with the following open WCM servervice:l
  http://<ucm_server>:16200/cs/idcplg??IdcService=WCM_PLACEHOLDER&dataFileDocName=<data_file_name>&templateDocName=<region_template_name>
  Regards,
  Sanjay

  Hi Donato,
  Did you ever get an answer for this issue? I'm trying to get a similar case working and would be curious on how you ended up doing this...
  For what I know so far, this may help you:
  1) The trigger-EBSProfile requires you to pass th afGuid value, this value, is created automatically by the IPM process, basically, when you click the MA button in EBS, the SOA call to IPM does 2 things:
  First, it creates a row in the AFGRANTS table in the WCContent DB, this basically overwrites UCM security and give the user access to the documents, this table has the information of the EBS record (Business Object, and Primary Key) as well as the auto generated afGuid
  Second it sends back the URL to WCContent, mainly "/cs/idcplg/_p/min/af/trigger-EBSProfile?IdcService=GET_SEARCH_RESULTS_FORCELOGIN" and passes the afGuid created in the first step, which identifies the EBS record.
  So if you need to make direct calls to UCM under the trigger-EBSProfile you will need to manually (custom) add the afGuid and details of the EBS record to the table, the entries in this table get removed automatically based on the dexpirationdate value
  2) While the IPM SOA call overwrites the UCM security, if you have implemented your own security structure (assign a different security group to the documents and give the users access to it) you could make calls directly to UCM bypassing the "trigger-EBSProfile"..
  for example, in the call you were trying to make originally to DOC_INFO, if you know the dDocName of the document, you can simply call the service as "/cs/idcplg?IdcService=DOC_INFO_BY_NAME&dDocName=POC2001" (I use DOC_INFO_BY_NAME because you need to know the dDocId for DOC_INFO)
  You can do the same with other services like checkin/checkout etc, (for checking you will need to pass the additional parameters dfBusinessObejct, dAFBusinessObject and dfApplication to link the document to the EBS record)
  Regards,
  Juan Becerra

• How to associate more than one security group for UCM documents?

  When checking in a document we are only able to associate one security group to documents. In our case, a particular document can be seen by more than one group e.g a document can be seen bu both finance and marketing groups.
  How can we associate more than one group for documents?
  Our requirement is related to search. We want to display the documents to the end user based on the security group that is associated with the document. We are planning to use IDM and have all the groups/roles that are possible in the end site (also delivered by same ldap) available in UCM so that when checking in the documents we can associate desired groups who can see these documents.
  Regards,
  Pratap

  One thing before all, is that I suggest that you think through your security model before implementing it in UCM. You should ask yourself questions like :
  - Is security really based on department ?
  - Why two departments need to have access to the same category of document ?
  - Is it really security that I need or classification ? Is it a problem if Accouting have access to Finance or you just don't want Marketing documents in a finance related search ?
  - Maybe what you want is that finance guys to have access to marketing document.
  Without a clear business security model, it's hard to find a UCM security model as it is impossible to associate 2 security groups to one document.