Grant Access at Portlet Level

Similar Messages

• Granting Access in custom portlets

  Hi,
  I'm deploing some portlets using PLSQL. Those portlets work's fine. Now i want to grant restricted access to this portlets. The best i can do is function is_runnable return false to users that i don't want to show my portlet.
  Example:
  if wwctx_api.get_userid!= 'PORTAL30' then return false;
  else return true;
  end if;
  Can i use portal funcionality of grant access to, by example applications components or pages or content areas to restric access to my portlets ?
  Thanks
  Pedro Ribeiro

  I realize that this is an old thread, but on the chance there are others like me looking into how to restrict access to custom porlets, I thought I would venture a reply.
  I looked at the current online docs for for Portal Security Services. If you have a need to get down in the weeds these docs will show you what you need to know. But there is a very SIMPLE way to restrict access to your new portlet.
  After you have your new PL/SQL or JAVA porlet in place, just create a new Portal Page using the wizard. Make it a plain page, no banner. Add your custom portlet to the new page. Then PUBLISH THIS NEW PAGE AS A PORTLET. Instead of adding your original portlet to other pages, add this "wrapper page" instead. You can use the grant access tab for the wrapper page to restrict access of the portlet to specific users and groups.
  pmw

• A very simple question on granting access.

  Hi All,
  I created a very low-level user in portal. I have added the Oracle built-in Favorites portlet to the user?s page. But when the user logs in, she still can't see the Favorites portlet. I usually go to the Navigator, Applications, and the Application and would grant the user access to the Application to the portlet I want to add. This works fine except you can't do for the Oracle built-in Favorites portlet. My question is how do I grant access to the Favorites portlet for a user. I'm sure it is something very easy that I'm missing.
  Many Thanks,
  Tom

  Never mind this question, because I'm an idiot. I had a different page defaulting then I thought. Please disregard this question, and sorry for wasting the forum's space.

• Grant access to individual content

  Hello,
  I'm currently implementing a UCM solution and I came upon a customer requirement that I don't even know if it is possible to implement with UCM.
  I will try to explain by giving an example:
  The company has 2 Departments: Department 1 and Department 2 and for each department it was created a Security Group.
  SG_DEP_1 for Department 1 and SG_DEP_2 for Department 2.
  The company also has 2 users, one for each department, with full accesses:
  BOB_1 has RWDA to SG_DEP_1 and EDDIE_2 has RWDA to SG_DEP_2.
  Each user can manage its own Security_group, but what happens if BOB_1 needs to show a document to EDDIE_2 (example: for asking EDDIE_2 for an legal advice on a given document). Could BOB_1 grant read access to EDDIE_2 on that specific document ? (I'm not talking about granting access to SG_DEP_1, just the document).
  Note: in my specific projects, there are at least a dozen Departments, each tightly secured, but with needs to show 'some' content on a daily basis. What the customer really needs it the hability to specify access permissions individually on each content item (groups or specific users).
  How would you implement such a use case? I'm starting to consider the possibility on having to implement a BPM, or something like that to provide this level of control.
  Thanks
  Luís Duarte
  Edited by: user10359998 on Sep 25, 2008 4:19 AM

  Hi!
  In the HowtoComponents, there is a component named "SecurityFilter" :
  "This component demonstrates how to use the 'alterUserCredentials' filter to temporarilly boost a user's security privileges for one request. This filter is useful for dynamicly granting accounts and roles for specific service requests, or for specific users." quoting the readme of the component.
  You can download it there : http://www.oracle.com/technology/products/content-management/ucm/samples/index.html
  Hope it helps!
  romain.

• Grant access to data cubes

  Hi all,
  I've got an SCSM 2012 R2 CU5 instance with a healthy Data Warehouse registered.  I'm attempting to configure user roles so that I can grant non-administrative users the ability to open data cubes via the SCSM console.
  By default, Authenticated Users are added to the Data Warehouse Report Users user role.  Unfortunately, this role does not grant visibility of the Data Warehouse workspace, and the Cubes view contained within.
  The Data Warehouse also does not allow for the creation of custom user roles (in the way that the SM Administration workspace does), so creation of a cut-down Report Administrator appears to be off the table too.
  Is it possible to grant a non-administrative user access to only the Data Warehouse | Cubes view (and also the tasks contained within)?
  Cheers,
  Adrian

  Hi,
  You may need to grant permissions from SQL level.
  Analysis Services security consists of two major aspects:
  1.Administrative permissions to Analysis Services database objects.
  2.User permissions for viewing cube data.
  You may check below article for more details:
  http://www.mssqltips.com/sqlservertip/2776/configuring-permissions-for-sql-server-analysis-services/
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• ERROR: policy does not allow granting permissions at this level outlook

  Hi All,
  Our users are attempting to send sharing requests to each other via Right Click Calendar | Share | Share Calendar
  Availabilty only works fine but Limited and Full Access fails with the error: policy does not allow granting permissions at this level.
  I can see that the default sharing policy is set for availabilty only so I assume I need to add our internal SMTP addresses to the sharing policy with increased right's.
  But... From our testing in our LAB we found that if the exchange org does not have a connection to the federation setup it works fine straigh out of the box.
  Does this sound right or is my LAB just messing with me?
  Cheers
  Josh

  Hi VK, looks like these threads should resolve your problem:
  Assembly does not allow partially trusted
  callers                        
  "That assembly
  does not allow partially trusted callers."                        
  That assembly does not allow
  partially trusted callers                        
  Assembly does not allow partially
  trusted callers.                        
  WPF Assembly does not allow
  partially trusted callers
  cameron rautmann

• Granting privs on RECORD level ....?

  Hi there.
  I'm working on an Oracle Spatial database solution and want to GRANT privs on specific records, not columns but records, for a period of time and then revoke the grants.
  In other words I wish to be able to LOCK specific records from being altered for short period of time (from minutes to several hours).
  Can that be done with GRANTS?
  If so - what is the syntax! And under what subject in the DOC can I read about it.
  Thanks very much.
  Regard
  chr

  You can control access at row level using FGAC (Fine Grained Access Control). Simplistically, it allows you to create a function that alters (add) to the WHERE clause of all SQL statements for a specified table (or set of tables).
  Let's say you have 10 customers and a single invoice table. Such a function will modify any SQL against the invoice table by adding a predicate 'WHERE CUSTOMER_ID = <current customer'. This will restrict the complete SQL CRUD interface for a customer to his data only. The current customer is determined (usually) via an Oracle Context (also called a Workspace).
  Unsure which manuals cover this - suggest that you look first at the Application Developer Fundementals and Oracle Concepts guides. The basics are sure to be described there with more technical references to other manuals.

• Sql server grants access to specific login to database.

  i have created website for intranet and hosted it on server. for that i needed to create login "IIS APPPOOL\hi" in sql server 2008 for my application
  to access my "reportdb" database. "IIS APPPOOL\hi" has sysadmin and public server roles in sql server 2008. And i have default login"sa" same
  as "IIS APPPOOL\hi". these are working correctly. Now I want these two logins to access"reportdb" for all
  operations in database and remaining all logins should be denied to access"reportdb". My Sql Server 2008 is having mixed mode (windows authentication and Sql authentication). plz help me

  I think what Tauseef is requesting is to keep access for the 2 sysadmins & deny access to everyone else, correct?
  As Uri mentioned, by being part of sysadmin role, “IIS APPPOOL\hi” & “sa” would have access to everything in the server, and nobody else should have access to the DB unless explicitly being granted access.
  If you would really deny anyone else access to the database, you can potentially deny connect to public, and only sysadmins (who override permissions) would be able to connect; although I would strongly recommend against such practice.
  Something else I would like to recommend against is the usage of sysadmin for what may not be a DBA role (IIS appPool). Following the least-privilege principle, I would recommend having a non-administrator user for applications that has enough capabilities
  to perform the tasks needed.
  The main risk is that a SQL injection (SQLi) bug in your application would lead to a complete compromise of your SQL server.
  If there are app tasks that would require elevated permissions, I would recommend encapsulating the logic in a stored procedure and either use impersonation or digital signatures to accomplish a controlled elevation of privileges instead. If you have any
  question on this topic I will be glad to assist.
  I hope this information helps,
  -Raul Garcia
   SQL Server Security
  This posting is provided "AS IS" with no warranties, and confers no rights.

• Update to IOS 6 has been a nightmare. Facebook would allow me to save pictures unless I granted access to my foto album. Does this mean my pictures are going be planted all over the web? The safari keeps crashing and loading is slow.

  update to IOS 6 has been a nightmare. Facebook would allow me to save pictures unless I granted access to my foto album. Does this mean my pictures are going be planted all over the web? The safari keeps crashing and loading is slow. Most infuriating is that YouTube was deleted from my entertainment apps and I now have to pay for it if I want it back!! This is a bloody disgrace.

  Back up all data.
  Boot into Recovery by holding down the key combination command-R at the startup chime. Release the keys when you see a gray screen with a spinning dial.
  Note: You need an always-on Ethernet or Wi-Fi connection to the Internet to use Recovery. It won’t work with USB or PPPoE modems, or with proxy servers, or with networks that require a certificate for authentication.
  When the OS X Utilities screen appears, follow the prompts to reinstall the OS. You don't need to erase the boot volume, and you won't need your backup unless something goes wrong. If your Mac was upgraded from an older version of OS X, you’ll need the Apple ID and password you used to upgrade, so make a note of those before you begin.

• Grant access to all the views created in user schema to another schema

  How to grant access for all the views created in own HAGGIS schema to comqdhb schema on the HAGGIS database.
  Oracle Grant Privileges
  ===============
  Object privileges assign the right to perform a particular operation on a specific object
  I read that we can use select 'grant select on' ||view_name||'HAGGIS' user_views where owner='COMQDHB'
  Is this right
  Oracle System Privileges
  ===============
  System privileges should be used in only cases where security isnt important,because a single grant statement could remove all security from the table
  Role based security
  ============
  Role security allows you to gather related grants into a collection-since the role is a predefined collection of privileges that are grouped together.privileges are easier to assign to users.
  [http://www.dba-oracle.com/art_builder_grant_sec.htm]
  can we grant select update to all the views at a time to the other schema.
  Are there any other ways to secure the data other than creating users and assigning roles.
  Thank you
  Edited by: Trooper on Dec 23, 2008 9:24 AM

  I think what was suggested was that you use SQL to generate the grants on each and every view, that is, you use SQL to generate SQL where the SQL being generated is "grant select on view_name to role'"
  If you users to connect to Oracle you have to create usernames for them though if the users only connect via an application the application might run just as one user and access to the application is controled via application security. The control on the application can be via Directory Services such as OID or MS Active Directory. User access to Oracle can also be controlled via OID.
  To connect to Oracle you can use OS authenication (not recommended), usernames with passwords, or via Advanced Security Option which supports single sign-on products like Kebros or Oracle Internet Directory etc....
  Example using SQL to generate SQL
  How do I find out which users have the rights, or privileges, to access a given object ?
  http://www.jlcomp.demon.co.uk/faq/privileges.html
  HTH -- Mark D Powell --

• Non-admin user cannot access Essbase server level variables

  Version 11.1.1.3
  Essbase Substitution variables are created at server level. Users are getting error in FR report that uses the Subsitution Variable -- Essbase Error(1051085): You do not have sufficient access to get this substitution variable. Also, users cannot access Substitution variable in SmartView. However, users can access variables created at database level. Users are provisioned as "Server Access" to Essbase and filter access to ASO application "MGTRPTG", where MGTRPTG is an ASO essbase application for reporting. We tried the same provisioning in two other environments and it seems to be working fine.
  User is type "Essbase and Planning" provisioned with essbase "server access", application mgtrptg "filter", Reporting and Analysis "analyst", "dynamic viewer" and "Explorer". In addition, it is given a filter "REP_DME_GALB" which restricts 2 dimensions (Division and Geography).
  Steps taken to resolve:
  1. Existing users were deprovisioned and reprovisioned with no effect.
  2. Created brand new identically provisioned users in Prod and QA. QA user can access the server level var and Prod user cannot
  3. Created a brand new server level variable in Prod and this cannot be accessed.
  4. All services have already been restarted several times.
  5. SR has been opened.
  Temporary workaround:
  By creating a duplicate of the same set of variables at the database level, the reports work. This can only be a temporary workaround as the client cannot be expected to maintain two sets of substitution variables since there are 3 applications using these server level variables.
  Thank you for any ideas!
  Jennifer

  You have stumbled on a defect which is resolved in the Hyperion Planning 9.3.1 patch 6 and above. If you have your planning preferences set to indent members it will cause forms which have page selections to show as invalid in SmartView.
  You can either patch Planning or turn off the preference. The patches are available from http://metalink3.oracle.com and require account which has been associated with your client ID.
  P.S. Usually it's not a good practice to use the admin id.
  Regards,
  -John
  Edited by: Jbooth on Nov 3, 2008 2:12 PM

• Why doesn't Photoshop touch ask for access to local photos on my iPad so I can grant access and edit?

  Why doesn't Photoshop touch ask for access to local photos on my iPad so I can grant access and edit?

  That's odd. Does this mean that you want to have the request or that you can't see the photos even though you enabled it over the privacy/photos?
  If you enable it - it's not necessary to get the request. If you want the request the safest way to get it back is to reset the privacy settings by going to iPad settings/General/Reset/Reset Location & Privacy
  thanks,
  Ignacio

• Problem Granting access on Business Area to Role

  Hello everybody,
  I am trying to grant access on a Business Area to a role but when I try to do so, the role does not appear in role list. It only shows role connect and resource.
  The version of Discoverer I am using is 10.1.2.
  Anyone has the same issue?
  Phil
  Message was edited by:
  [email protected]
  Message was edited by:
  [email protected]

  Hello everybody,
  I am trying to grant access on a Business Area to a role but when I try to do so, the role does not appear in role list. It only shows role connect and resource.
  The version of Discoverer I am using is 10.1.2.
  Anyone has the same issue?
  Phil
  Message was edited by:
  [email protected]
  Message was edited by:
  [email protected]

• How to grant access to sharepoint for the user from different Domain

  Hi All
      I need to grant access to user from different domain. 
      Where I can able to view the users in people picker (different domain).
  Thanks in Advance.
  Raj

   Hi
  Trevor Seward
  Sorry to disturb
  you again.
    I am trying to restrict user from search from other domain, say we have domain A and Domain B, where I am trying to restrict all the user from domain B (Search users)for a site collection. I have found couple of stsadmin command to do so. but none
  of them works. Below are the commands I have tried
  STSADM.exe -o setproperty -pn peoplepicker-searchadforests -pv "domain:<Name>.domain" -url "http://Site URL"
  stsadm -o setproperty -pn peoplepicker-searchadcustomquery -pv “(canonicalName=<Name>.domain*)” -url "Site URL"
  we have two way trust.
  Can you suggest any solution.
  Thanks 
  Raj

• Grant access to DBlink

  We are facing a small issue . the problem is as follows.
  =========================================================
  1. I have two databases
       Namely
            Database1
            Database2
  2.Database2 has a table say EMP
  3.I want to select , insert update EMP from Database1
  4.Hence I have created a db link in Database1 named Dblink1
  5. I don't want to user the @ symbol (alias -- EMP@Dblink1) in my query. I just want to access directly.
  6. When I tried to give grant access from Database1 , It gives me an error.
  Please suggest how to acheive this

  5. I don't want to user the @ symbol (alias -- EMP@Dblink1) in my query. I just want to access directly.This is simply not possible to access the table which is in another database without using dblink. i..e you have to have the dblink to access the other database tables.
  >> 6. When I tried to give grant access from Database1 , It gives me an error.
  What's error you got??
  Regards,
  Sabdar Syed.