Grant access based on application type?

Hi,
Is there a way to grant access to just some of the application types attached to a DIR? I would like to limit the users to open the CAD files but they should be able to open the PDF files attached. The idea is to create the PDF file automatically out of the CAD file so I canu2019t put them in different DIRs because that would involve manual work.
Kind regards,
Kristoffer Pehrson

Hi Kristoffer,
from my point of view maybe the authorization trace could help to find a suitable authorization object for creating your checks. More information on this authorization trace could be found under http://wiki.sdn.sap.com/wiki/display/PLM/AuthorizationTraceintransactionST01
Useful information on each DMS authorization object can be found under http://wiki.sdn.sap.com/wiki/display/PLM/AuthorizationObjectsin+DMS.
If no standard authorization object could be useful maybe you can use a BADI like DOCUMENT_AUTH01 or DOCUMENT_MAIN01 to implement an individual check for the application type and so restrict some users to view special applications.
Best regards,
Christoph

Similar Messages

  • Control Authorisation Access based on Planning type in Flexible SOP

    hi,
    How can we control MC93  and MC94 access based on Planning type for different users?i.e only certain Planning types allowed for one user.

    Hello
    I would like to do the same...
    So far the only thing I can find is enhancement MCP20005 which allows you to extend authorization check for planning.  The planning type is available in this function module and if you return subrc ne 0 authorization is denied.
    Hope you find this helpful.
    Thanks,
    Heidi

  • WLC and preventing access based upon device type

    Hello,
    I know this may be slightly offbase, and may be more of a Microsoft question, but I'll ask anyway.
    Here is my problem.  We have a WPA secured wireless network.   Users are now connecting there Iphones & Droids to this network.  We want to prevent this.  In researching, it looked like MS NPS server could authenticate not only on username/password, but also based on wether the computer was associated with the Domain.  I could then inject the associated VLAN to put the devices on.  While the injection is working perfectly, it doesnt look like this variable of "Domain Computer" is being met.  
    Basicly, we have Windows and Mac's that need to gain access to our secure wireless area, and anyone else can be put on a non-secure area.
    Has anyone else used this feature successfully?
    Or does anyone else have any alternatives?
    Thank you,

    Hi Drew,
    I think you're talking about machine authentication. Windows radius server easily checks the machine account on the domain so there is no added burden for the user.
    This is a setting to enable on the client side and also on the radius server side. For example, you can grant access only if machine authentication happened.
    However, WLC has nothing to do in this story actually ...
    Nicolas.
    ===
    Don't forget to rate answers that you find useful

  • Reduced Access Based on Account Type

    Hello,
    I have a client who would like to allow full access to the entire team for their accounts execpt for 2 types. How can I limit the accounts to the owner/manager for the 2 types verses allowing the team to have visibility?
    For instance, account types = to Platinum, Gold, Silver, Bronze are ok for the entire sales team (with the same role) to see. The account types = to Elite and Premier are only visiible to owner and manager.
    Thank you in advance for your assistance,
    Shawnda

    Thanks for your quick reply.
    Will do!
    Thanks,
    Shawnda

  • Restrict WLAN access based upon device type

    hi,
    i have a requirement to allow only certain device types (Apple Ipad only) on WLAN. Dont want to use individual MAC filters due to administrative overheads. Any suggestions?

    The only way you can just allow one type of device is the use of a profiler. Cisco ISE has a profiler, but you will need to get the advanced license also. I don't know how you would be able to do it any other way unless you manually configure each iPad to allow that device on your network.
    Sent from Cisco Technical Support iPhone App

  • Grant access to application

    Hi All,
    I am working with Olite 10gR2;
    I created and deployed my application with data subsetting parameter using wtgpack; I published the application successfully.
    I then created a group and granted access to my application to the group.
    I created user's and added the users to the group. This worked fine last week in dev and I was able to add all 90 users to the group.
    Problem: I was able to add two users now; when I tried adding a third user I got this error message -
    "Error in executing " Save application ":oracle.lite.web.resource.ResourceException: CONS-10049: Consolidator Exception: Closed Statement "
    When I tried granting access to my application, to individual users as an alternative to adding users to group with access to the application, I get this error;
    Error Message: "Virtual Path Is Null"
    I will appreciate any solution on this error message. I need to be able to add more users to the group.
    Thanks for your time.

    I created a servlet filter for faces-servlet
    Don't map filter to servlet.
    Use URL mapping, something like:
      <filter-mapping>
        <filter-name>YourFilter</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>
    Also have a question about ReadOnlySQLAuthenticator. Mentioning sensitive queries like query to get the password of the user from the table etc, is it secure? will it lead to any type of security threat like if a user get access to console and get the query etc?
    Your sql queries shouldn't be 'sensitive'
    Best practice is to store secure hash(for example: SHA1 or better) instead of encrypted password.
    (ReadOnly)SQLAuthenticator can use encrypted passwords or secure hash(check Provider Specific Configuration). To make this to work, you will need to create secure hash and append {ALGORITHM_TYPE} to begin of hash.
    For example: {SHA1}asdsijifndfbj=
    And of course, you need to protect your WLS admin console(and enterprise manager, if deployed).
    Use strong admin password and restrict access to console url (if possible).
    Dario

  • Possible to grant PUBLIC access to an application component?

    I would like to grant access to a application component similar
    to the way a PUBLIC (non-authorized) user can access Oracle's
    supplied PEOPLE application.
    The link for the component is located in a content area within a
    tabbed region of our main page. I have looked at the access
    settings for everything that I know of (page, content area,
    apllication and component) and access privileges seem to be
    correct. I must have something wrong, as it still asks for the
    user to login.
    Any suggestions on where I have slipped up?

    Check the logs.

  • Authorization based on Material Type.

    Hello Expert,
    We have different material type but we want give access based on Material Type to User.
    For Eg. In Transaction Code :- ME39 Display Scheduling agreement Schedule
    I wants to restrict user from access/Component Overview of particular material type.
    how to do this, This is the client requirement.
    thanks,

    Hi Julius,
    of course it is not possible. the multitude of application transactions cares nothing about authorisation objects bound to the material master like M_MATE_MAR or the other one with authorisation groups (which has the additional disadvantage that you would have to group all materials ...)
    This subject has been stated in this forum various times, I put a small link farm here (only the most recent/relevant from the search function ):
    So, here goes ... one more time: ME39 does not care about material master related authorisation objects unless you make it do so by coding something or other ...
    Edited by: Mylène Dorias on Jan 18, 2010 8:29 AM

  • Restrict application access based on IP address

    Hi!
    I am a newbie to Oracle Application Server, and I want to know if there is any way to restrict access to particular applications such as 'ascontrol' based on IP address.
    I am using Oracle Application Server 10g.
    Regards
    Drini

    You can see dms.conf file for something like that.
    Order deny, allow
    deny from all
    allow from 10.0.0.1
    This only allow 10.0.0.1 to see something.
    Greetings

  • Database design for Role/User based access to the application..

    We want to implement Role/User based access to the application.
    Can anyone tell me whats the optimized way of storing the data {User, Role, Access_Type etc} in the database.. The Roles might get added in the future so i dont want to maintain a single table to map User-Access_Type..
    Access_Type -->
    AT_1 | AT_2 |AT_N |
    ------- |------- |------- -|------|
    User_1 | | | |
    ------- |------- |--------|------ |
    User_2 | | | |
    ------- |------ -|--------|------ |
    I want to maintain a table which will map user with the Access_Type, which should be mainatained in a different table..
    Any help would be highly appreciated..
    Thanks in Advacnce,
    Shridhar..

    You find your answer here:
    http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html

  • Error when accessing a struts based JSP application

    Hello
    I have a JSP based web application, based on the struts framework. When I deploy this on a Sun ONe application server 7 , on s SunOS 5.8 machine, I get the following errors when I try to access the starting page. Is there something special which needs to be done for struts to work with the application server. ANy help is appreciated
    Regards
    - Aniruddha
    [07/Jan/2003:14:53:48] SEVERE ( 54): ApplicationDispatcher[acweb1] Servlet.se
    rvice() for servlet jsp threw exception
    javax.servlet.ServletException: Cannot find bean under name com.actuate.locales
    at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContext
    Impl.java:471)
    at jasper.private._login_jsp._jspService(_login_jsp.java:1187)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.j
    ava:552)
    at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:368)
    at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:287)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatch
    er.java:723)
    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispa
    tcher.java:444)
    at org.apache.catalina.core.ApplicationDispatcher.access$000(ApplicationDisp
    atcher.java:123)
    at org.apache.catalina.core.ApplicationDispatcher$PrivilegedForward.run(Appl
    icationDispatcher.java:138)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatc
    her.java:355)
    at org.apache.struts.action.ActionServlet.processActionForward(ActionServlet
    .java:1759)
    at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1596)
    at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:492)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at org.apache.catalina.core.StandardWrapperValve.invokeServletService(Standa
    rdWrapperValve.java:720)
    at org.apache.catalina.core.StandardWrapperValve.access$000(StandardWrapperV
    alve.java:118)
    at org.apache.catalina.core.StandardWrapperValve$1.run(StandardWrapperValve.
    java:278)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve
    .java:274)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:50
    5)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve
    .java:212)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:50
    5)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve
    .java:212)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:50
    5)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
    203)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:50
    5)
    at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor
    .java:157)
    at com.iplanet.ias.web.WebContainer.service(WebContainer.java:598)
    ----- Root Cause -----
    ----- Root Cause -----
    javax.servlet.jsp.JspException: Cannot find bean under name com.actuate.locales
    at org.apache.struts.taglib.html.OptionsTag.getIterator(OptionsTag.java:383)
    at org.apache.struts.taglib.html.OptionsTag.doEndTag(OptionsTag.java:222)
    at jasper.private._login_jsp._jspService(_login_jsp.java:942)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.j
    ava:552)
    at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:368)
    at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:287)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatch
    er.java:723)
    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispa
    tcher.java:444)
    at org.apache.catalina.core.ApplicationDispatcher.access$000(ApplicationDisp
    atcher.java:123)
    at org.apache.catalina.core.ApplicationDispatcher$PrivilegedForward.run(Appl
    icationDispatcher.java:138)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatc
    her.java:355)
    at org.apache.struts.action.ActionServlet.processActionForward(ActionServlet
    .java:1759)
    at org.apache.struts.act

    Hi Experts,
    Please give me a solution for this.
    I am accessing the function like this in Webdynpro java
    wdComponentAPI.getMessageManager().reportSuccess("Inside MAT Search");
    Zmm_Bapi_Ptip_Search_Input input = new Zmm_Bapi_Ptip_Search_Input();
    wdContext.nodeZmm_Bapi_Ptip_Search_Input().bind(input);
    Zptip_Mat inputMat = new Zptip_Mat();
    inputMat.setMaktx(wdContext.currentVn_InputElementsElement().getVa_MatDesc());
    inputMat.setMatnr(wdContext.currentVn_InputElementsElement().getVa_MatNo());
    inputMat.setWerks(wdContext.currentVn_InputElementsElement().getVa_Plant());
    inputMat.setSearch("MCRS");
    wdComponentAPI.getMessageManager().reportSuccess("B4 Execution");
    wdContext.currentZmm_Bapi_Ptip_Search_InputElement().modelObject().execute();
    wdComponentAPI.getMessageManager().reportSuccess("After Execution");
    } catch (Exception e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
    wdComponentAPI.getMessageManager().reportSuccess("Error in Material Search"+e.getMessage());
    wdComponentAPI.getMessageManager().reportException(e.getLocalizedMessage(),true);
    Please leet em know, if anywhere i am going wrong.
    Thanks & Regards,
    Palani

  • How to find the application type fora Script based on Form name?

    Hi Guys,
                can anybody tell me how to find the Application Type and output type based on Form name and print program name?
    I am having form name as: ZINVENT (INVENT is the actual) and program name as RM07IDRU.How can i find the Appliction ntype and OutType for entering into the NACE tr code.
                    i tried thru TNAPR table but i was not able to find the Entry in the TNAPR with form Name and printprogram name
                   Th Script is about Phsical inventory Documents.
    Thanks,
    Gopi.

    You can use this...
    REPORT  Z_DUMMY_ATG NO STANDARD PAGE HEADING.
    *======================================================================
    * Tablas
    *======================================================================
    TABLES: TTXFP.
    *======================================================================
    * Tablas Internas
    *======================================================================
    DATA: T_TTXFP TYPE STANDARD TABLE OF TTXFP WITH HEADER LINE.
    *======================================================================
    * Selection-Screen
    *======================================================================
    SELECTION-SCREEN BEGIN OF BLOCK SCRIPT WITH FRAME.
    SELECT-OPTIONS:
                  PRINTNAM FOR TTXFP-PRINT_NAME,
                  TDFORM   FOR TTXFP-TDFORM.
    SELECTION-SCREEN END OF BLOCK SCRIPT.
    *======================================================================
    * Start-of-selection
    *======================================================================
    START-OF-SELECTION.
      PERFORM SELECT_DATA.
      PERFORM PRINT_DATA.
    *&      Form  SELECT_DATA
    *       Seleccionamos los datos del reporte.
    FORM SELECT_DATA.
      SELECT TDFORM PRINT_NAME LAST_PROG
      INTO TABLE T_TTXFP
      FROM TTXFP
      WHERE PRINT_NAME IN PRINTNAM
        AND TDFORM IN TDFORM
      ORDER BY TDFORM.
    ENDFORM.                    "SELECT_DATA
    *&      Form  PRINT_DATA
    *       Imprimimos el resultado del reporte.
    FORM PRINT_DATA.
      FORMAT COLOR 3.
      WRITE: 'Programa', 18 'Formulario', 50 'Flag de Ultimo programa'.
      FORMAT COLOR OFF.
      SKIP 1.
      IF NOT T_TTXFP[] IS INITIAL.
      SORT T_TTXFP BY PRINT_NAME.
        LOOP AT T_TTXFP.
          IF T_TTXFP-LAST_PROG EQ 'X'.
          FORMAT COLOR 4.
          WRITE:/ T_TTXFP-PRINT_NAME, 18 T_TTXFP-TDFORM, 60 T_TTXFP-LAST_PROG.
          FORMAT COLOR OFF.
          ELSE.
          WRITE:/ T_TTXFP-PRINT_NAME, 18 T_TTXFP-TDFORM, 60 T_TTXFP-LAST_PROG.
          ENDIF.
        ENDLOOP.
      ENDIF.
    ENDFORM.                    "PRINT_DATA
    Greetings,
    Blag.

  • Query about granting access from another PC to my application (PC)

    Hi everyone,
    I have developed an application on APEX using the following background.
    1. Windows XP
    2. Oracle Database 11g
    3. Application Express 3.0.1.00.08.
    4. The architecture I installed was the embedded PL/SQL gateway one, which "provides the Oracle database with a Web server and also the necessary infrastructure to create dynamic applications. The embedded PL/SQL gateway runs in the XML DB HTTP server in the Oracle database and includes the core features of mod_plsql, but does not require the Oracle HTTP Server powered by Apache. Inclusion of the embedded PL/SQL gateway simplifies the architecture and eliminates the middle tier entirely"
    I have already configured or at least think so reviewing the post installation tasks:
    http://download.oracle.com/docs/cd/B28359_01/install.111/b32006/postcfg.htm#CHDEIGGI
    I do mention this because of the: Configuring the Embedded PL/SQL Gateway in New Installation and Enabling the Oracle XML DB HTTP Server
    Well the big picture about my app is this; I want to grant my mates the access to my machine throughout this URL:
    I have done several try outs on my own machine and detected that if I put localhost, 127.0.0.1 works out very well, but when I put my own IP cant access to it…
    http://localhost:8081/apex/f?p=129 works well
    http://127.0.0.1:8081/apex/f?p=129 works well
    http://10.179.15.39:8081/apex/f?p=129 doesn’t work.
    The weirdest thing of it, is that I can access the database
    https://localhost:1158/em/console/logon/logon works well
    https:// 10.179.15.39:1158/em/console/logon/logon works well
    So I thought about a port conflicts at first I had the 8888 port assigned to my application, but afterwards I decided to change it to 8081, but a message appeared…
    Network Error (tcp_error)
    A communication error occurred: "No route to host" The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
    For assistance, contact your network support team.
    I will appreciate if anyone can give me some advice… I went to OTN forums and haven’t found a proper answer to my needs….
    Best regards.
    Jaison González.

    Hi, everyone…
    As I mentioned before I have been having some issues in granting remote access to my application, and right now I am kind of lost.
    What I have done is this:
    I can acces to my application with my IP address
    Now I have installed on muy PC Oracle Databasee 10g R2 (10.2) EE
    Companion (http server)
    APEX 3.0
    I moved form 11g to 10g, because apparently there wasn’t that much of info about it… bhut when I first installed I at least cand access remotly to my 11g database, but now I can not even do that….
    I will appreciate if anyone can help me out with this…

  • Looking for Suggestions on granting all users access to an application *except a subset of users*

    This might not be the right forum for this question, but since it is related to an App-V application I figured I would try since this may have come up for some of you.  I am looking for the best way to grant all Domain Users access to an application
    except for Domain Admins.  Using the Full App-V infrastructure, I want to grant access to the App-V UI via User Targeting, but I don't want to allow Domain Admins access.  The reason for this is because when we make updates to provisioned
    server cores (stateless), we login with our Admin accounts to make modifications to the cores, and I would like to reduce the steps that need to be taken at the end to ensure that all AppV applications are removed before sealing up the core. 
    Currently, Domain Admins do not have access to any App-V applications, so this process is fairly clean.  All applications are User Targeted. 
    Packages are cached on a persistent D drive on each server, so the issue is that the registry, programdata, and packageinstallationroot become out of sync if packages are pulled down during core modifications after the core is attached to other servers (hence
    other D drives).  Because of this, Machine Targeting is not an option for this either.
     

    This would be so much easier with a "Configuration Manager" like feature where you could create a collection query to accomplish the same thing.  Are there other tools out there that will do the same thing?

  • Grant access to all the views created in user schema to another schema

    How to grant access for all the views created in own HAGGIS schema to comqdhb schema on the HAGGIS database.
    Oracle Grant Privileges
    ===============
    Object privileges assign the right to perform a particular operation on a specific object
    I read that we can use select 'grant select on' ||view_name||'HAGGIS' user_views where owner='COMQDHB'
    Is this right
    Oracle System Privileges
    ===============
    System privileges should be used in only cases where security isnt important,because a single grant statement could remove all security from the table
    Role based security
    ============
    Role security allows you to gather related grants into a collection-since the role is a predefined collection of privileges that are grouped together.privileges are easier to assign to users.
    [http://www.dba-oracle.com/art_builder_grant_sec.htm]
    can we grant select update to all the views at a time to the other schema.
    Are there any other ways to secure the data other than creating users and assigning roles.
    Thank you
    Edited by: Trooper on Dec 23, 2008 9:24 AM

    I think what was suggested was that you use SQL to generate the grants on each and every view, that is, you use SQL to generate SQL where the SQL being generated is "grant select on view_name to role'"
    If you users to connect to Oracle you have to create usernames for them though if the users only connect via an application the application might run just as one user and access to the application is controled via application security. The control on the application can be via Directory Services such as OID or MS Active Directory. User access to Oracle can also be controlled via OID.
    To connect to Oracle you can use OS authenication (not recommended), usernames with passwords, or via Advanced Security Option which supports single sign-on products like Kebros or Oracle Internet Directory etc....
    Example using SQL to generate SQL
    How do I find out which users have the rights, or privileges, to access a given object ?
    http://www.jlcomp.demon.co.uk/faq/privileges.html
    HTH -- Mark D Powell --

Maybe you are looking for

  • Digital Publishing and Interactivity with digital magazine on my own server

    Hello... I am researching what would be the best plan of action for my project... need to design a digital magazine for the web that is interactive and has rich media like video, animations, etc. I am thinking of doing the following... design my anim

  • 2 devices, 1 iCloud login

    My daughter accidentally used my iCloud login on her new iPhone.  How do we change the iCloud login in she used to a different one without deleting all of the contacts/calendar/photos from my iPhone?  I'm sure it's a simple solution but I'm confused.

  • Problem Display JQuery Script

    Hi Gang, Been wrestling with a JQuery script, getting it to display on this page for the main images: http://72.29.76.51/~organica/index.html Any insight to what I'm doing wrong is appreciated. Here's the page code: <!DOCTYPE html PUBLIC "-//W3C//DTD

  • I am going insane,guys. Help me out please. Also, this has multiple questions.

    I'll try to stay on topic. BACKSTORY, and Q1: here we go. skip to the BOLD if you dont want to read my sob story. I think it rather helps though. My iPod Touch(4gen, 32 gigs, etc) was previously jailbroken(by a friend, no idea how it was done), but a

  • Fail to register valid number Adobe creative suite 4

    We/ve had a computercrash, so now I've installed creative suite 4 design premium on the new harddisq. I tried to register the product, but the (valid) number is refused. (oh, its on Windows 7)  I chatted with a adobegirl, but she could not help me fu