FMS Limit Domain Access??

Similar Messages

• How to  limit the access of a transaction

  please provide hw to create an authorization object... like hw to limit the access of a particular userdefined trasaction to a particular user

  hi
  good
  Element of the authorization concept.
  Authorization objects allow you to define complex authorizations.
  An authorization object groups together up to 10 authorization fields in an AND relationship in order to check whether a user is allowed to perform a certain action.
  To pass an authorization test for an object, the user must satisfy the authorization check for each field in the object.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/671285439b11d1896f0000e8322d00/content.htm
  Basic form->
  AUTHORITY-CHECK OBJECT object
  ID name1 FIELD f1
  ID name2 FIELD f2
  ID name10 FIELD f10.
  Example
  Check whether the user is authorized for a particular plant. In this case, the following authorization object applies:
  Table OBJ : Definition of authorization object
  M_EINF_WRK
  ACTVT
  WERKS
  Here, M_EINF_WRK is the object name, whilst ACTVT and WERKS are authorization fields. For example, a user with the authorizations
  M_EINF_WRK_BERECH1
  ACTVT 01-03
  WERKS 0001-0003 .
  can display and change plants within the Purchasing and Materials Management areas.
  Such a user would thus pass the checks
  AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
      ID 'WERKS' FIELD '0002'
      ID 'ACTVT' FIELD '02'.
  AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
      ID 'WERKS' DUMMY
      ID 'ACTVT' FIELD '01':
  but would fail the check
  AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
      ID 'WERKS' FIELD '0005'
      ID 'ACTVT' FIELD '04'.
  To suppress unnecessary authorization checks or to carry out checks before the user has entered all the values, use DUMMY - as in this example. You can confirm the authorization later with another AUTHORITY-CHECK .
  thanks
  mrutyun

• I would like to limit the access to my Macbook Pro to 15 minutes a day for my kids.

  Hello
  I would like to limit the access to my computer for my daughter to 15 minutes a day. It seems that parental control cannot have anything lower than 30 minutes.
  Any idea how we can bring that down to 15 min?
  Thanks

  Oh, and get out the whip while you're at it!
  Just kidding - I've no children so I don't use parental controls - but 15 minutes? That's just cruel!
  Clinton

• How can I do to limit the access to modify the materials texts?

  Hello,
  I need to limit the access to modify the texts of the materials from the transaction MM02.  How can I do?
  These texts (Basic Data Text) are on "Basic Data 1" view.
  Thanks a lot, and best regards.
  Carmen

  Hello Carmen,
  This can be achieved with limted authorization. Work with basis team.
  Regards,
  Arif Mansuri

• My high school aged child is spending too much time on Facebook, Tumblr to the detriment of home work.  Is there any way I can limit the access to these sites to between 8pm and 10pm?

  My high school aged child is spending too much time on Facebook and Tumblr is there any way I can limit the access time  on these sites to  from 8pm to 10pm?

  System Preferences>Parental Controls has time limits - check out this intro to Parental Controls from Cult of Mac on YouTube.
  Clinton

• Limit infoset access in SQ01

  Hi experts,
  We created an infoset and assigned it to a user group.  Then we assigned one user to this user group and yet other users can create queries using the user group and infoset.
  How can we limit the access of other users not assigned on the user group?
  Thank you.

  Don't really understand your problem.
  Do you mean that the infoset is assigned, say, to User group 1.
  User A is asigned to User group1. User B is not.
  User B can also make use of the infoset
  Is that your problem?

• Limit Administrator Access to only OS Level functions on a Windows 2003 (and up) Domain Controller Server

  <p>I have read several articles such as:</p><p>1.&nbsp; <a href="http://social.technet.microsoft.com/Forums/windowsserver/en-US/9c723f4a-51a7-4844-9dc6-0017355d694c/limited-administrative-on-domain-controller?forum=winserverDS">http://social.technet.microsoft.com/Forums/windowsserver/en-US/9c723f4a-51a7-4844-9dc6-0017355d694c/limited-administrative-on-domain-controller?forum=winserverDS</a></p><p>2.&nbsp;
  Active_Directory_Delegation.doc</p><p>Consider that a domain controller, doing no other functions than domain based functions (ie no file server, printer or app server) - is managed in two parts:&nbsp; The OS-only level, to read log files,
  server health monitoring, install OS-level Micrsoft security patching and the second part being Domain management level - Users and Computers, Domains and Trusts, etc).</p><p>For a given domain controller server, an outsourced support&nbsp;group&nbsp;needs
  to be responsible for the OS-only level access - they need no access to the Domain management level functions so they can fufill contractual obligations (SLAs) for server uptime, patching etc.&nbsp; </p><p>For the same given domain controller
  server above, there is an internal (non-outsourced) support group that will perform all Domain management level functions only.&nbsp; They want to manage the Domain on the Domain Controller servers, want the Outsourcer to manage the VM and OS-related tasks,
  but DO NOT want them to be able to access and change information in Users and Computers, Domains and Trusts etc.&nbsp; </p><p>With that explaination, would putting the Outsourcer's AD-based account IDs in the Server Operators group alone be
  sufficient to allow OS-level management, like patching, reboots, etc but disallow access to Domain Management functionality (Users and Computers etc) - or does it need to be a combination of built in groups and delgated rights?</p><p>Please consider
  that I am seeking a technical solution here&nbsp;- do not respond with "either trust your Domain Administrators or keep your junior admins from the server" as that is not a viable solution.&nbsp; </p>
  Jason B. Allen

  Hi Jason,
  According to your description, you want to assign the OS-level management and Domain management rights to two groups separately, right?
  Based on my research, members of Server Operators group don’t have sufficient rights to install updates for Domain Controllers, you can refer to this article below:
  Default groups
  http://technet.microsoft.com/en-us/library/cc756898(v=WS.10).aspx
  You can configure Allow non-administrators to receive update notifications group policy so that non-administrative users will be able to install all optional, recommended, and important updates content for which
  they received a notification, except some updates which contain User Interface, End User License Agreement and so on, which still require domain admin credentials.
  To enable non-administrator users the ability of logging onto and shutting down DCs,
  Allow logon locally and Shut down the System rights should be granted.
  In addition, reading logs and monitoring server performance rights are included on Performance Log Users and Performance Monitor Users groups.
  More information for you:
  Step 5: Configure Group Policy Settings for Automatic Updates
  http://technet.microsoft.com/en-us/library/dn595129.aspx
  User Rights Assignment
  http://technet.microsoft.com/en-us/library/cc780182(v=WS.10).aspx
  I hope this helps.
  Amy Wang

• Can I make a wireless Windows domain? And does Group Policy work to limit domain accounts' capabilities?

  The first, most important question of this thread is if I can form a wireless domain or if I have to do it wired.
  If it matters, I have a Linksys E1200 router that does wireless and wired.
  My second question refers to Group Policy. Is this the way domains limit their user account's capabilities? Because I was planning on making a domain, so that I could have unified user accounts that I could control from the server, limiting what those accounts
  can access for further security. Is this what Group Policy does, and how would I move with starting that?

  Hi Adrian,
  >>The first, most important question of this thread is if I can form a wireless domain or if I have to do it wired.
  Just as Alan suggested, Active Directory domains support both wired and wireless connections.
  >>My second question refers to Group Policy. Is this the way domains limit their user account's capabilities?
  Group Policy is an infrastructure that allows you to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects
  (GPOs), which are linked to the following Active Directory directory service containers: sites, domains, or organizational units (OUs). The settings within GPOs are then evaluated by the affected targets, using the hierarchical nature of Active Directory.
  Consequently, Group Policy is one of the top reasons to deploy Active Directory because it allows you to manage user and computer objects.
  Regarding group policy, the following link and articles can be referred to for more information.
  Group Policy for Beginners
  http://technet.microsoft.com/en-us/library/hh147307(v=WS.10).aspx
  Group Policy Planning and Deployment Guide
  http://technet.microsoft.com/en-us/library/cc754948(v=WS.10).aspx
  Group Policy
  http://technet.microsoft.com/en-us/windowsserver/bb310732.aspx
  Best regards,
  Frank Shen

• Control/Limit web access

  I am curious if I can use our 10.5 Server (currently serving afp and ftp) to also control the users web surfing. Ideally down to 1 hour a day minus the approved websites we maintain.

  You can't limit web browsing to a time limit using 10.5 server, but you can limit the websites that users can visit. There is the capability to create white-lists and black-lists. I'm currently in the process of working with Apple in order to import our current 'hosts' file into workgroup manager's black-list preferences. Apparently the preferences are accessed using dscl from terminal...which really is not fun to tinker with. If I find a way to import sites into the black-list and/or white-list, I will post it. If anyone needs a really good hosts file that goes in the /etc/ folder to block most **** sites/proxies/crap, let me know and I can e-mail it to them.

• How to limit file access for different users in 10.7.4 Server

  We had everything working perfectly with an earlier version of Lion Server. The update to 10.7.3, or 4, seems to have opened access to all files for all users. Much to our surprise, this wide-open access started without warning.
  - We have an external drive that contains all of the company's archives
  - We had set access for one employee to get to the files he needs, and different access for another employee. Neither saw sharepoints outside of their access settings.
  After an update, each employee can see and log in to all sharepoints. There doesn't seem to be a way to limit access for each employee now. I can set 'read' access for one employee, but it doesn't stop the other employee from accessing that sharepoint/folder.
  Is there some new way to go about this? Or is something simply broken with the current release?

  That is good to know. If the file share is seeing the drive and ignoring its permissions, that is why everyone can see everything. I have found, in Lion Server, that it is best to get the permissions set before turning on File Sharing. I don't know if you have the luxury of turning the file share off for a little while, but I would unshare the drive and see if the issue persists if you plug the external drive into another machine. The settings for permissions are set on the file or folder itself, so the issue should follow you to the other machine.
  Again, if you can, I would unshare the drive and reshare it with the permissions that you want and turn file sharing back on. However, if you can get the drive to respect permissions rather than ignoring them, I think it will save you a lot of work.

• Size limit of access database with image files stored outside database

  I have read 2GB limit on size of Access database.  We are using Access 2013 database with fields that are data type attachment and storing attached images outside the database.  Does the size of the folder that is holding these images count
  in any way toward 2GB size limit?

  Hi,
  As far as I know, Access database limit size 2GB based on itself, not related to the folder size.  Attachment data
  type is similar to attaching files to e-mail messages. We need to control the Access database size is smaller then 2GB.
  When a field is defined with the attachment data type, you can store one or more files for each record in it.
  Attachments can dramatically increase the size of the database, but since the attached file is stored as a part of the dabatbase, you are not dependent on network drives being available as you would be if you inculded a hyperlink to the file. As a matter of
  fact, feel free to backup the origainal file to other disk after you attach it to the database.
  Regards,
  George Zhao
  TechNet Community Support

• Social network / domain access problems

  I have had a problem loggin on to my yahoo messenger and other social networking application ever since my upgrade to leopard v.10.6.8. It was reported to me on other discussion sites that some networks have had issues with several newer versions of Mac OS...
  To explain my problems further... when I try logging onto Yahoo for instance.. It goes on to log and the waiting icon just keeps rolling forever.
  Some sites I try to view thrue either Chrome or Safari, I get this error message : Safari can't open the page "http//.whateverthedomainname.com, because the server unexpectedly dropped the connection. This sometimes occurs when the server is busy. Wait for a few minutes and try again.
  Now this message has been coming in from several internet pages and has been going on for several days. So its obviously not a domain problem.
  I have tried re-installing my applications, emptied cache, resetted safari, and so far nothing.
  Thank you for your input.

  ok ... I was hoping to edit my post..couldn't find how...
  This is the stragest thing...
  One of the networking application I can not use is Secondlife...using either Phoenix or V2. And the strangest thing...if I enter any sort of search onto google that includes "secondlife" in it...I can not access it!!!!!
  Now this is out of my league...help please...

• Using Profile to limit resource access

  Hello,
  I'm trying to use the profile feature to limit access for specific users the featue I want to limit is:
  CPU_PER_CALL defined as follow: Limits the amount of CPU time that can be consumed by any single database call in any session established by a user with this profile. The specified value is in hundredths of a second and applies to a parse, an execute, or a fetch call. These calls are implicitly performed by the database for any SQL statement executed in SQL*Plus and can be explicitly called from OCI, Java, or PL/SQL programs. When this limit is breached, the statement fails and is automatically rolled back, and an exception is raised.
  My question is:
  How can I from a SQL stmt, measure the number of cpu per call ? I cannot guess this value otherwise if wrong the SQL stmt will fail evry time!
  I'm on 10g, windows server 2003
  Thank for your help

  You can see that information at sql_trace files.
  Turn on traces in session using
  SQL> alter session set sql_trace=true; --to current session
  SQL> exec dbms_system.set_sql_trace_in_session(SID, SERIAL#, TRUE) -- to another session
  After stmt executes make a plain text by tkprof tool
  # tkprof xxx.trc xxx.txt explain=user/pass aggregate=no
  The file xxx.txt mensures the CPU per call for stmts ... the option aggregate=no it's mandatory if you execute more than 1 binded sql statement
  Regargs.
  Marcio Paiva

• Limit change access to all useres exept the one that created the document

  Hi,
  I wonder if it's possible to limit the change access only to the user that has created the document when it's in a specific status.
  This is what the customer wants:
  When a document is set to status K the document should be locked and no other users should be able to create a new version.
  There should be a admin group that can create new versions and change the document. - This is solved
  Best regards Kristoffer

  Hi Krip,
  generally I would recommend you to maintain one status of type 'O' for a document type in your system. This kind of status will allow a second user to display an already checked out original. If user A checks out the original and there is such a status maintained for this document type the system will change the status automatically to this status of type 'O'. Then a second user is able to display the last checked in version of this original in CV03N too. Without such status type the second user is not able to display the checked out file. This was implemented to avoid that two users may be able to change the same original at the same time. I hope this information could be useful for you.
  Best regards,
  Christoph

• Limit IMAP access to specified IP range

  Hi,
  I want to enable IMAP on my Exchange 2010 server, but to restrict the access to that service so that only users from within my domain could use it, and not from outside the organization. Can this be done? Cause I see that I can only restrict the IP address
  of the NIC that listens to it.
  Thanks!
  Lena.

  Hi Lena,
  If the suggestion from ExchangeITPro is helpful, would you like to mark the reply as an answer?
  Have a nice day : )
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support