FAGLB03 - Restrict user access to view only two GL accounts.

Similar Messages

• Seeburger Workbench access - restrict users to Message Monitor only

  Hi All
  Does anyone know if it's possible to restrict users to Message Monitor only access in the Seeburger Workbench?

  Hi Andy,
  if by "restrict" you mean if you can change the links available in the workbench, then sadly no - this is currently not possible. If you're ok with getting a HTTP Forbidden when clicking on other links than the Message Monitor, then yes - this can be configured within the SAP NetWeaver Administrator -> Identity Management. Check for example to documentation of the Message Monitor
  Extracted from there:
      Log on to the NetWeaver Administrator (NWA).
      Open Operation Management | Users and Access | Identity Managemet (UME).
      Create a role and assign the manage action for com.seeburger.xi.frontend.messageidmonitor to that role.
      Now you can assign the newly created role to any user you want to grant access to the SEEBURGER Message ID Monitor.
  This is for explicitly granting some user the access to the Message Monitor. The manage action is per default set to "Everyone". You need to remove Everyone on the corresponding frontends (search for actions with name com.seeburger.xi.frontend*)
  Hope that helps
  Greetings
  -Sascha-

• How to restrict user access in Oracle Application Server 10g (9.0.4)?

  Can anybody please let me know how to restrict user access in 10g AS? To be specific, how to allow http requests from specific IPs only?

  Hi,
  You have to edit httpd.conf and modify acces rights for each protected directory
  e.g.
  <Directory /var/www/sub/payroll/>
  Order allow,deny
  Allow from 192.168.1.0/24
  </Directory>
  then you have to restart Oracle HTTP Server
  jm--

• Time restricted user access

  Dear Experts,
  we are dealing with the following issue. Is it possible to set up time restricted user access in BPC 7.5? It means e.g. we want user to have access to BPC only in the first half of the year or (a bit trickier) in every first half of each month.
  And is it possible to temporarily prohibit access for an user without deleting him or his rights?
  Thanks for the reply,
  Jakub

  Hi Jakub,
  Can you explain why you want to set up your system this way? Depending on what you are trying to accomplish, there may be a good way to make it work in BPC (work status, security, data model design), but as Nilanjan said, there is not an easy way to totally lock out users based on date.
  Ethan

• DateField: Restrict user to select date only from the calender control ??

  How can I restrict user to select date only by using the Calender control, not by typing.
  Abhinav

  Hi,
  This is working perfectly but user can enter or delete date into the text_item >>>through keyboard i want to restrict that they can only select date from calendarSet Insert allowed to 'NO' in property pallete of item ENTRY_DATE.
  In ON-ERROR Trigger::
  BEGIN
  DECLARE
  err_code CONSTANT NUMBER := error_code;
  err_type CONSTANT VARCHAR2(3) := error_type;
  BEGIN
  IF (err_type = 'FRM'
  AND err_code IN (40200)) THEN
  Message('Updates Not allowed, Please Select Your Date from Calendar');
  Message(' ');
  ELSE
  NULL;
  END IF;
  END;
  END;
  Thanks,
  Bhujendra

• Restricting Users access to BW Query based on Criteria

  Hello  ,
  Haven't found much help with the security implementation documents , i have been given a objective to create Profiles/roles and which would be used only for reporting on 1 single Cube by users from multiple departments. 
  Create profile/Roles and provide access to users for Query ZREP_C0_1 .
  User belonging to comp_code1 & region4 & plant6 should be able to view only his data and none other  even if the user wishes to see Compcode2 & region3 & plant4. 
  ( Reporting with restrictions over the User authorizations  on Region/Compcode )
  Creating the Role has been the easy as it was just to provide access to the infoarea , cubes, infobjects , query and authorization objects to execute query.   However i am stuck on how to proceed further on the above scenario  regarding restricting the users.
  Your help is much appreciated .
  Regards
  Raja

  Hi Pratheesh,
  If you are going to use client authentication in SSL and if client authentication fails since not all users will have client cert provided by you, SSL handshake will not complete and hence no access. But this is a performance impacting option. Restricting access on FW would be a good option.
  During the flow of a normal SSL handshake, the server sends its certificate to the client. The client verifies the identity of the server through the certificate. However, the client does not send any identification of its own to the server. When you enable the client authentication feature on the ACE, the ACE requires that the client sends a certificate to the server. The server then verifies the following information on the certificate:
  The CA has not revoked the certificate.The certificate signature is valid. The valid period of the certificate is still in effect. A recognized CA issued the certificate.
  You can specify the certificate authentication group that the ACE uses during the SSL handshake and enable client authentication on this SSL proxy service by using the  authgroup command in SSL proxy configuration mode. The ACE includes the certificates configured in the group with the certificate that you specified for the SSL proxy service
  Regards,
  Kanwal

• CANNOT GRANT A USER ACCESS TO VIEW A SCHEMA USING PORTAL API'S

  Hi, we are using portal 3.0.9.8.3(UNIX middle tier) on a 8.1.7.3 database (UNIX backend).
  We would like to be able to grant a group of users the rights to view only a specific table or view using the functionality of the wwexp_api_engine package. However the only way to do this seems to be to give the users "view data" privilege to "all schemas" within the portal admin. This presents a large security hole since users can could potentionaly pass in different table names (to a url) and get access to undesired tables.
  Granting executable privileges on the package(and sub packages) to the application database schema(whether public or explicit) still yields the above
  message: Error: Insufficient privileges. (WWV-10600)
  So does anyone know of a way to use the wwexp_api_engine package and restrict it to only a certain table or view of a schema? Or possibly what grants may be needed to allow the package to access the table without giving "view data" portal access to "all schemas".
  Any help would be appreciated.

  Hi,
  Try to grant "Create" global privilege to user and grant explicit privileges on the tables to the user. This way the user can create objects, but can view only those tables on which he has a privilege.
  Thanks,
  Sharmila

• Restricted User Access

  Hi All!
  Is it possible to restrict the access of a user in that way that he can only edit a part of the columns, but he can see the whole table even the columns he isn't permitted to change! How can i solve this problem?

  Hi user552848,
  please provide your first name...
  I would see 2 possible solutions here:
  1) Create or own access roles
  a) create an application item where you store which "access role" the user has and
  b) use the "Read only" property of the page item, where you specify a condition of type "Value of Item in Expression 1 != Expression 2". Write the name of your application item into Expression 1 and eg UPDATE_ALLOWED (=>name of your access role) into Expression 2
  2) You use the APEX authorization.
  a) Create one at Shared Components\Authorization Schemes).
  b) Use the "Read only" property of the page item, where you specify a condition of type "PL/SQL Expression" with the following code in Expression 1
  NOT WWV_Flow.public_security_check('Name of the Authorization you created');Note 1: "Name of the Authorization you created" is case sensitive
  Note 2: WWV_Flow.public_security_check isn't a documented function, so use it at your own risk, Oracle may change it/remove in the next release.
  Hope that helps
  Patrick
  Check out my APEX-blog: http://inside-apex.blogspot.com

• Can I switch the user IDs (or names) of two administrator accounts?

  I have an iMac and a MacBook Air both running Lion. Both have the same two administrator accounts, but the UserIDs of the two are switched around, like this:
  iMac Admin1 (UID 501), Admin2 (UID 502)
  MacBook Air Admin1 (UID 502), Admin2 (UID 501)
  It has been like that for a month or so and never bothered me. This morning I was copying files across to the MacBook Air, which went fine until I force quit the Finder on the MacBook. After that event, copying was no longer possible. I apparently ran into the problem described here: Problems transferring Powerpoint files in Lion
  I don't understand why I didn't have this problem before. (I don't complain, don't get me wrong, I just don't understand). I'm trying to reset the MacBook Air by restoring yesterday's Time Machine copy. Can't tell if this helps yet; have to wait 12 more hours... But even if it does, the situation appears to be unstable.
  Hence my question. Is there an easy way to get the UID numbering of the Admin accounts the same on both machines?
  By the way, I read the solution referred to in he quoted article, which involves assigning a new, unused UID to an existing account. That seems like a cumbersome and error-prone method. And I would have to go through it twice. So: is ther an easier way to solve my particular problem?

  Peter_Philologos wrote:
  Both have the same two administrator accounts, but the UserIDs of the two are switched around, like this:
  iMac Admin1 (UID 501), Admin2 (UID 502)
  MacBook Air Admin1 (UID 502), Admin2 (UID 501)
  Unfortunately with what you want to do and using just your MacBook Air as an example:
  May have to create 503 first.
  Change Admin2 - UID 501 to 503.
  Change Admin1 - UID 502 to 501.
  Change new Admin2 - UID 503 to UID 502.
  End result would be Admin1 - UID 501 and Admin2 - UID 502 which would match your iMac accounts.

• How do you restrict web browsing to view only specified sites for business use?

  Hello, I need to restrict the use of Firefox and Internet Explorer to only specified websites that we use for business use.
  I have a problem with a number of employees using unauthorized and dangerous websites that have put my business computers at risk.
  Since it is impossible to police the employees viewing habits in real time, I need to restrict the viewing. How do I set up a list of only allowed sites that can only be overridden by admin privileges despite user accounts?

  You will have to block such unwanted sites in a firewall or router or proxy and only allow access via that proxy.<br />
  All other ways can easily circumvented, by starting Firefox in [[Safe mode]] if it is an extension or by using a portable Firefox version.
  Your above posted system details show outdated plugin(s) with known security and stability risks.
  # Shockwave Flash 10.0 r45
  Update the [[Managing the Flash plugin|Flash]] plugin to the latest version.
  *http://www.adobe.com/software/flash/about/

• Restrict User Access to Planning Books- Creation of Roles

  Hi All
  I want to restrict the users to access/see only limited number of planning books in SDP94
  menu
  For this, I tried creating a role and assigned authorization C_APO_PB with required planning book values
  However I am not sure how to create the role properly. In the change role screen, the "Menu" and the "Workflow" tabs are red, while authorization tab is green
  Do I need to do any activity in Menu and Workflow tabs
  Please guide
  Any help on this is highly appreciated
  Thanks
  Vijay

  Moderator message - Cross post locked
  Rob

• Generic Object Services restrict user access

  Hi
  I have the following scenario, could anyone offer any pointers as to how to achieve a solution.
  I have two groups of people, A and B, my requirement is to only allow group A to access/delete documents that have been created by users in group A, and for Group B to only have access to attachments created by users in group B.
  An in addition to Ideally have two content repositories one for A and one for B
  Thanks
  John

  Hi John,
              Please adjust role with S_OC_ROLE and S_GOS_ATT.
            1) If a user has a role with S_OC_ROLE with *, then he will be able to delete the attachements made by any othe user, then in this case S_GOS_ATT will not be checked.
             2) If a user has a role with S_OC_ROLE with " ", then he will be NOT able to delete the attachements made by any othe user, unless S_GOS_ATT is assigned.
  Thanks,
  CB

• Restricting user access through single machine without entering password

  Dear All,
  We would like to provide access to temporary user and he should be able to access our Production R/3 using SAP GUI from the machine which is allocated to him and not from any other machines in the same network.He should be able to login when he click on the login pad without entering password.
  Please let me know is there a way to achieve this by changing the SAP gui settings in that machine alone/suggest me if you have an alternate solution?
  Appreciate your response.
  Thanks,
  Vadi

  Hello Vadivambal,
  Actually the second thing might be possible with logon pad. In the logon pad there is an option for short cuts. You can create a short cut for a system in launch pad which gives you the option for specifying user id and password also. However this is relevant for SAP GUI 640 or higher only. The GUI launch pad has two tabs: Shortcuts and systems. Check the short cut part.
  Regards.
  Ruchit,

• HT201304 Is there a way to restrict user access to find my ipad with out restricting the mail app?

  I am working on setting up multiple Ipad 2 tablets with iOS 5.1.1 and I need to restrict access to turn off find my ipad. The only way I see to do this is to turn on restrictions and dont allow changes on accounts. The issue I have then is it also restricts the Mail app setup. Is there a way to restrict one and not the other? We use microsoft exchange mail and I would be willing to use another mail app if anyone can suggest one that works as an alternative?
  Thank you.

  I don't know of any reliable tracking app, but perhaps someone else here can suggest one I'm not aware of. Any could be defeated by just restoring the iPad, though, so about all you could hope to do would be make things a bit more difficult to turn off. For a third-party app, you'd have to restrict the user's ability to uninstall apps, something which might be equally problematic for you.
  Regards.

• Restrict user access to sales order

  Hi all...
  We have the following situation:
  A user xxxxx creates a sales order with va01 ... how can be limited the access to this sales order??..another user  yyyyyy is not allowed to modify this sales order but user yyyyyy can create orders/modiffy ordes with va01/va02.(something like limit access to o sales order created by another user).
  Regards,

  Hello Viadi,
  Your basis person can help you out in providing this restrictions.
  I would like to tell you that you can restrict a particular user from accessing a t-code entirely for eg: you can restrict a user to only VA01 & VA03 i.e., creation and display  and another user should be given access to VA02 i.e, change SO.
  This way you can maintain security measures for SAP usage.
  If you give authorization for creation and change there might not be sanctity of usage. But this again depends upon the client requirement.
  Hope this helps.
  SAP gurus any additions or corrections to this are welcome.
  Thanks
  Swami