Granting Access in custom portlets

Similar Messages

• Grant Access at Portlet Level

  I've read in some documentation (afair) that access can be granted at a lower level that the page level i.e. it's possible to grant access to a portlet to certain users/groups.
  I cant seem to find any docs that show me how to change the permissions/access on each portlet though (I'm assuming that this should be possible for all types of portlets including HTML Portlets). I'd be grateful if someone could point me in the right direction.
  Thanks,
  WG

  You cannot do that directly.
  A possible workaround: add the portlet(s) to a dummy page, specify the access privileges for the dummy page, and add the dummy page to your real page as a portlet.

• How do you restrict access to custom applications?

  When I create portlets, there is usually an associated "admin" functionality that needs to be created for each custom application. An example is a shopping cart that we just created, we needed admins to be able to go in and upload photos.
  The way that I do this is I create a new portlet "Shopping Cart Admin" and restrict access to it that way. However, because I usually add everything in the /remoteserver/shoppingcart/. folder to the gateway space (its too painful to add one by one), this means that I can't put admin.aspx in that folder. So I usually end up creating a NEW folder /remoteserver/shoppingcartadmin/ for the admin portlet.
  Long story short, its a lot of work. I know that I could try to use activity rights, but those seem very global. How do you control edit access to your custom portlets?

  Well, there are a few different ways to go about it. You could add a preferences page with the admin functionality, and then an admin would just have to click the little pencil in the portlet titlebar. No admin/edit access, no little pencil.
  I have often set the visibility of an ASPX control directly from activity rights, in OnPageLoad, if it isn't postback time. The activity rights should be inherited by the user, through the user's group. Best practise is to create empty groups called Roles, add activity rights to the Roles, and then have the actual groups (that contain users) inherit from one or more Roles.
  You already knew that part, I added it for the others. My personal definition of a portlet is 'polymorphous instance of a web service'.
  So:
  Role: Store Manager (has Edit Shopping Cart activity right)
  ^
  Group: Store Managers (has Store Manager parent group)
  User: Vladimir (inherits Edit Shopping Cart activity right)

• Grant access to individual content

  Hello,
  I'm currently implementing a UCM solution and I came upon a customer requirement that I don't even know if it is possible to implement with UCM.
  I will try to explain by giving an example:
  The company has 2 Departments: Department 1 and Department 2 and for each department it was created a Security Group.
  SG_DEP_1 for Department 1 and SG_DEP_2 for Department 2.
  The company also has 2 users, one for each department, with full accesses:
  BOB_1 has RWDA to SG_DEP_1 and EDDIE_2 has RWDA to SG_DEP_2.
  Each user can manage its own Security_group, but what happens if BOB_1 needs to show a document to EDDIE_2 (example: for asking EDDIE_2 for an legal advice on a given document). Could BOB_1 grant read access to EDDIE_2 on that specific document ? (I'm not talking about granting access to SG_DEP_1, just the document).
  Note: in my specific projects, there are at least a dozen Departments, each tightly secured, but with needs to show 'some' content on a daily basis. What the customer really needs it the hability to specify access permissions individually on each content item (groups or specific users).
  How would you implement such a use case? I'm starting to consider the possibility on having to implement a BPM, or something like that to provide this level of control.
  Thanks
  Luís Duarte
  Edited by: user10359998 on Sep 25, 2008 4:19 AM

  Hi!
  In the HowtoComponents, there is a component named "SecurityFilter" :
  "This component demonstrates how to use the 'alterUserCredentials' filter to temporarilly boost a user's security privileges for one request. This filter is useful for dynamicly granting accounts and roles for specific service requests, or for specific users." quoting the readme of the component.
  You can download it there : http://www.oracle.com/technology/products/content-management/ucm/samples/index.html
  Hope it helps!
  romain.

• Adding a change password link in a custom portlet

  Hi,
  Does anyone know how to add a change password link in a custom portlet? the custom nav UI we have does not show the my account link, we want to hide this complexity for external users, but we still want them to be able to change their password.
  I am expirimenting with using the following link, which seems to work fine, but was wondering if there was a more elegant way to do it using pt: tags?
  <pt:transformer pt:fixurl="off" xmlns:pt='http://www.plumtree.com/xmlschemas/ptui/'/>Change]http://servername/portal/server.pt?space=ChangePassword&&control=EditorStart&editorType=10">ChangePassword</a><pt:transformer pt:fixurl="on" xmlns:pt='http://www.plumtree.com/xmlschemas/ptui/'/>
  Thanks

  Hrm... this does get ugly... This has come up a few times w/ our users as well, so I am definitely interested in seeing what can be done.
  I don't see any sort of pre-built tag to let you access this directly. To your point, I only found the general account editing / access link - not one directly to password reset.
  Couple of questions / notes
  I tried your option and while it works, I'm concerned by the redirect back to the account page. That seems to violate your requirements on hiding the account options info. When the user hits finish / cancel they're taken to the main "My Account" page.Have you considered securing the other activity spaces so they're not visible from the "My Account" page? Then you could use the built-in tags. Not ideal, I know, but if you're going to be routed back to that screen anyway once you finish/cancel your password change...Have you considered just writing the password reset funtionality into your app? I did this a while back and it was actually pretty simple. Then you can have complete control over the behavior.How I wrote password reset...
  You know the userid in this case, so things are MUCH easier (no need to search to find the specific user)Assumption: users are stored in the plumtree database auth sourceUse the native API (com.plumtree.server). I don't know if you need to impersonate a full admin or not... my code doesGet a handle on the userReset the password with the "SetPassword" methodStore the changeSemi-functional code below - note how you'd never want to store your admin userid / password in here like this (or have it blank...)
  '//create an admin connection Dim ptAdminSession As IPTSession = New Session ptAdminSession.Connect("administrator", "", Nothing)
  Dim sNewPassword As String = ""
  '//start user impersonation Dim ptUserSessionTemp As IPTSession = ptAdminSession.ImpersonateUser(iUserID)
  '//open the user for editing Dim oUser As IPTUser = ptAdminSession.GetUsers().Open(iUserID, True)
  '//reset the password oUser.SetPassword(sNewPassword)
  '//mungle with server context Dim mySC As IPTServerContext = oUser.GetInterfaces("IPTServerContext") mySC.Store() mySC.UnlockObject()

• App Role Not Granting Access

  Hello,
  We are currently using OBIEE 11.1.1.6.2 BP1, I had to create a new dashboard and created a custom app    with open access (read and execute).  After setting this up I added it to catalog permissions however this app role grants access to everything but the dashboard.  The end user can open the catalog and navigate to folder location where the reports are stored but is unable to see the dashboard.  I have veried the app role is properly created in the Enterprise Manager.  The custom app role granting full control for my power users works as expected.
  Has anyone seen this type of issue?  Any help would be greatly appreciated.

  Yes everything is good in this regard and did not need to change anything.  I am unsure of what was happening but this group all of a sudden started working.  It have never taken that long for permissions to take effect before.

• A very simple question on granting access.

  Hi All,
  I created a very low-level user in portal. I have added the Oracle built-in Favorites portlet to the user?s page. But when the user logs in, she still can't see the Favorites portlet. I usually go to the Navigator, Applications, and the Application and would grant the user access to the Application to the portlet I want to add. This works fine except you can't do for the Oracle built-in Favorites portlet. My question is how do I grant access to the Favorites portlet for a user. I'm sure it is something very easy that I'm missing.
  Many Thanks,
  Tom

  Never mind this question, because I'm an idiot. I had a different page defaulting then I thought. Please disregard this question, and sorry for wasting the forum's space.

• Sql server grants access to specific login to database.

  i have created website for intranet and hosted it on server. for that i needed to create login "IIS APPPOOL\hi" in sql server 2008 for my application
  to access my "reportdb" database. "IIS APPPOOL\hi" has sysadmin and public server roles in sql server 2008. And i have default login"sa" same
  as "IIS APPPOOL\hi". these are working correctly. Now I want these two logins to access"reportdb" for all
  operations in database and remaining all logins should be denied to access"reportdb". My Sql Server 2008 is having mixed mode (windows authentication and Sql authentication). plz help me

  I think what Tauseef is requesting is to keep access for the 2 sysadmins & deny access to everyone else, correct?
  As Uri mentioned, by being part of sysadmin role, “IIS APPPOOL\hi” & “sa” would have access to everything in the server, and nobody else should have access to the DB unless explicitly being granted access.
  If you would really deny anyone else access to the database, you can potentially deny connect to public, and only sysadmins (who override permissions) would be able to connect; although I would strongly recommend against such practice.
  Something else I would like to recommend against is the usage of sysadmin for what may not be a DBA role (IIS appPool). Following the least-privilege principle, I would recommend having a non-administrator user for applications that has enough capabilities
  to perform the tasks needed.
  The main risk is that a SQL injection (SQLi) bug in your application would lead to a complete compromise of your SQL server.
  If there are app tasks that would require elevated permissions, I would recommend encapsulating the logic in a stored procedure and either use impersonation or digital signatures to accomplish a controlled elevation of privileges instead. If you have any
  question on this topic I will be glad to assist.
  I hope this information helps,
  -Raul Garcia
   SQL Server Security
  This posting is provided "AS IS" with no warranties, and confers no rights.

• Update to IOS 6 has been a nightmare. Facebook would allow me to save pictures unless I granted access to my foto album. Does this mean my pictures are going be planted all over the web? The safari keeps crashing and loading is slow.

  update to IOS 6 has been a nightmare. Facebook would allow me to save pictures unless I granted access to my foto album. Does this mean my pictures are going be planted all over the web? The safari keeps crashing and loading is slow. Most infuriating is that YouTube was deleted from my entertainment apps and I now have to pay for it if I want it back!! This is a bloody disgrace.

  Back up all data.
  Boot into Recovery by holding down the key combination command-R at the startup chime. Release the keys when you see a gray screen with a spinning dial.
  Note: You need an always-on Ethernet or Wi-Fi connection to the Internet to use Recovery. It won’t work with USB or PPPoE modems, or with proxy servers, or with networks that require a certificate for authentication.
  When the OS X Utilities screen appears, follow the prompts to reinstall the OS. You don't need to erase the boot volume, and you won't need your backup unless something goes wrong. If your Mac was upgraded from an older version of OS X, you’ll need the Apple ID and password you used to upgrade, so make a note of those before you begin.

• Grant access to all the views created in user schema to another schema

  How to grant access for all the views created in own HAGGIS schema to comqdhb schema on the HAGGIS database.
  Oracle Grant Privileges
  ===============
  Object privileges assign the right to perform a particular operation on a specific object
  I read that we can use select 'grant select on' ||view_name||'HAGGIS' user_views where owner='COMQDHB'
  Is this right
  Oracle System Privileges
  ===============
  System privileges should be used in only cases where security isnt important,because a single grant statement could remove all security from the table
  Role based security
  ============
  Role security allows you to gather related grants into a collection-since the role is a predefined collection of privileges that are grouped together.privileges are easier to assign to users.
  [http://www.dba-oracle.com/art_builder_grant_sec.htm]
  can we grant select update to all the views at a time to the other schema.
  Are there any other ways to secure the data other than creating users and assigning roles.
  Thank you
  Edited by: Trooper on Dec 23, 2008 9:24 AM

  I think what was suggested was that you use SQL to generate the grants on each and every view, that is, you use SQL to generate SQL where the SQL being generated is "grant select on view_name to role'"
  If you users to connect to Oracle you have to create usernames for them though if the users only connect via an application the application might run just as one user and access to the application is controled via application security. The control on the application can be via Directory Services such as OID or MS Active Directory. User access to Oracle can also be controlled via OID.
  To connect to Oracle you can use OS authenication (not recommended), usernames with passwords, or via Advanced Security Option which supports single sign-on products like Kebros or Oracle Internet Directory etc....
  Example using SQL to generate SQL
  How do I find out which users have the rights, or privileges, to access a given object ?
  http://www.jlcomp.demon.co.uk/faq/privileges.html
  HTH -- Mark D Powell --

• How to access the Custom Data type variable given in Expression edit control To and From LabVIEW

  Hello, I would like to know how to access the custom data type variable given in the Espression Edit Control from LabVIEW and vice-versa
  Say, the FileGlobals.Reference_Handle (Custom Data Type Variable) contains the
  VISA I/O session (Which in turn contains VISA_DeviceName: String, Session: Number),
  Channel1: Number and
  Channel2: Number
  I am expecting the user to give FileGlobals.Reference_Handle as the input at the ExpressionEdit Control in the edit screen of the VI Call.
  I would like to know how to get the values of this custom data type to LabVIEW?
  Say, if I have the Cluster in LabVIEW like VISA I/O session (Deive Name and Session Number), Channel1 and Channel2
  how do i need to set this cluster to the Custom Data type variable in TestStand?
  Thanks and Regards
  Prakash 

  Hi,
  TestStand to LabVIEW: i didnt understand what you r trying to achieve. But if you are using references, Use Property nodes and Invoke nodes to achieve what you want in LabVIEW.
   LabVIEW to TestStand: check the image below: You need to click the button next to 'container'. I have used a cluster output in the VI.
  Hope this helps
  .......^___________________^
  ....../ '---_BOT ____________ ]
  ...../_==O;;;;;;;;_______.:/
  Attachments:
  1.JPG ‏187 KB

• Why doesn't Photoshop touch ask for access to local photos on my iPad so I can grant access and edit?

  Why doesn't Photoshop touch ask for access to local photos on my iPad so I can grant access and edit?

  That's odd. Does this mean that you want to have the request or that you can't see the photos even though you enabled it over the privacy/photos?
  If you enable it - it's not necessary to get the request. If you want the request the safest way to get it back is to reset the privacy settings by going to iPad settings/General/Reset/Reset Location & Privacy
  thanks,
  Ignacio

• Problem Granting access on Business Area to Role

  Hello everybody,
  I am trying to grant access on a Business Area to a role but when I try to do so, the role does not appear in role list. It only shows role connect and resource.
  The version of Discoverer I am using is 10.1.2.
  Anyone has the same issue?
  Phil
  Message was edited by:
  [email protected]
  Message was edited by:
  [email protected]

  Hello everybody,
  I am trying to grant access on a Business Area to a role but when I try to do so, the role does not appear in role list. It only shows role connect and resource.
  The version of Discoverer I am using is 10.1.2.
  Anyone has the same issue?
  Phil
  Message was edited by:
  [email protected]
  Message was edited by:
  [email protected]

• How to grant access to sharepoint for the user from different Domain

  Hi All
      I need to grant access to user from different domain. 
      Where I can able to view the users in people picker (different domain).
  Thanks in Advance.
  Raj

   Hi
  Trevor Seward
  Sorry to disturb
  you again.
    I am trying to restrict user from search from other domain, say we have domain A and Domain B, where I am trying to restrict all the user from domain B (Search users)for a site collection. I have found couple of stsadmin command to do so. but none
  of them works. Below are the commands I have tried
  STSADM.exe -o setproperty -pn peoplepicker-searchadforests -pv "domain:<Name>.domain" -url "http://Site URL"
  stsadm -o setproperty -pn peoplepicker-searchadcustomquery -pv “(canonicalName=<Name>.domain*)” -url "Site URL"
  we have two way trust.
  Can you suggest any solution.
  Thanks 
  Raj

• Grant access to DBlink

  We are facing a small issue . the problem is as follows.
  =========================================================
  1. I have two databases
       Namely
            Database1
            Database2
  2.Database2 has a table say EMP
  3.I want to select , insert update EMP from Database1
  4.Hence I have created a db link in Database1 named Dblink1
  5. I don't want to user the @ symbol (alias -- EMP@Dblink1) in my query. I just want to access directly.
  6. When I tried to give grant access from Database1 , It gives me an error.
  Please suggest how to acheive this

  5. I don't want to user the @ symbol (alias -- EMP@Dblink1) in my query. I just want to access directly.This is simply not possible to access the table which is in another database without using dblink. i..e you have to have the dblink to access the other database tables.
  >> 6. When I tried to give grant access from Database1 , It gives me an error.
  What's error you got??
  Regards,
  Sabdar Syed.