Group restrictions at log in

Similar Messages

• How to restrict multiple log-ins by same user in SAP BO 4.0

  Hi ,
  Facing licence issue Due to subjected  error  .
  How to restrict multiple log-ins by same user in SAP BO 4.0
  Thanks in advance .

  Then I would say it is not possible:  Restrict multiple login in SAP Business Objects 4.0 SP6 for single user
  multiple login disable in BO | SCN

• Status groups in incompletion log

  can anybody explain what is the use of status group in incompletion log?

  In this “incompleteness procedure”, important fields are assigned and by using <b>“status group”</b>, documents can be blocked at each level of processing, if values have not been maintained in those fields.
  Incompleteness procedure does not concern whether correct values have been maintained or not. It only concerned whether value has been maintained or not.
  General (Generally Incomplete):
  This control, records certain information about the fields at header level. Ex.: PO number is not maintained.
  Delivery (Incomplete for Delivery):
  This control, records certain information about the fields. Ex.: Shipping points at item level and issues appropriate message on the status bar.
  Billing document (Incomplete for Billing):
  This control records appropriate status message if certain billing information is missing. Ex.: payment terms.
  Price (Incomplete with reference to pricing):
  This control records appropriate information if data at item level has been missed. Ex.: price.
  and so on
  Regards
  AK

• AAA - Restrict Group access from logging onto all NDG excpet one

  I've recently created a group of users to only be able to shut and unshut interfaces using the aaa authorize config-commands and have all the relevant groups etc.. in place and working. My problem now is that the new users can now log into any device on the network (cant do anything other than show ver and show logg) i need to stop them from accessing anything other than the group i specified under group settings.

  I'm assuming your using CiscoSecure ACS? Why not create some NARs (network access restrictions) that limit the devices or device groups (NDG) that users in a particular group can access?
  http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/c.htm#wp697095

• Sharepoint 2013 delivers documents through IIS too good! Need to restrict by logged in user

  I have a Sharepoint 2013 app that lets external users (https://) pull data from SQL to create links on the page that the user can click on to get documents to pop-up in the browser so they can view/save them.  The page sends the user's ID as a parameter
  and the stored proc uses that to return only the documents that user is allowed to see.  Took forever to figure out... looks great... my employer is going to be impressed and save money... yada, yada yada!  Problem is:  If you knew the name
  of a directory on the mapped location and knew the filename (somehow), and you had a login that got you to the site, you could successfully put that address in your address bar and the document would come up!  That's a bad thing!  I need to only
  let users see documents they have access to.
  I have been playing with the app pool settings and advanced settings for the sub-site, but it still lets me pull items that the logged-in user doesn't have permissions on the server to get to.  I haven't been able to prove it, but I suspect that IIS
  is sending another login credential to the directory to retrieve the file... something like "admin" or something that can have wider access.
  Here is my setup:  I have a directory on another server that is mapped to the Sharepoint Server box.  I have a Virtual Directory that points to that mapped drive.  My Sharepoint Page is on a site of its own and is called with the URL "https://reportcenter.<company
  name>.com".  There is only one page on the site.  When the page opens it provides links to documents on the Virtual Directory.  When you click on any of them the files appear in the browser just fine.  Sharepoint is running on a
  Windows 2012 R2 Standard OS.  The test user I am using is "Client1" and they are a member of the "SP_Clients" group which is not a member of anything else in Active Directory.  In the file directory I went to the Share list and
  made sure my test user and the SP_Clients group is not in the list... if the system tried to use Client1 there is no way they should get access.
  Any thoughts on what I can do to stop Clients from getting to files they shouldn't be?

  Thank you for your question and reply.
  No, the identity is not passed as a URL property.  The way it works is that SP verifies the user and sends them to the default page after they sign-in.  Once there, the page evaluates the UserID value and that values is passed to a stored procedure
  as a parameter.  The user can't get to the page unless they are verified by SP, they can't somehow go around this. 
  Now, once the page loads they click on one of files they wish to see (a link on the page that was created from the results of the stored procedure call).  The link points to a virtual directory setup in IIS that points to a mapped drive where the files
  are located.  The security on the files is set on the directories in their actual location.  I just need SP to pass the user's ID to the file directory and check the sharing rights on the file to see if this user has rights to get it.  It seems
  like SP is passing some other credential (probably SP_Admin, or Admin or something) which has the ability to read the file and therefore pass it back to the screen.
  I can't put the documents in SharePoint... they have to be in a file directory. The reason is that we have an elaborate program that runs every month to create these files and places them in the correct directories.  Somehow changing that application
  to create the files and place them programmatically in a SharePoint directory is beyond the scope of the project.  Under the circumstances, it would be much simpler to just provide the user a list of the documents they have access to and have them click
  on a link on a page and have the document appear in their browser.  Everything actually works, but I just have this last piece where SP is not 'telling' the file directory the UserID of the logged in user and therefore all the documents are available.
  All that needs to be done, is to make sure the userID is passed to the file directory so it can be checked against the security there to see if the user can have the file or not.
  I hope that makes sense.  I look forward to hearing back from you with your thoughts on this and how this can be accomplished.
  Thanks,
  Scott

• Restrict multiple log in with same user ID

  I have a JSF Project where I use Oracle JAAS for Login.
  The login works perfectly and also the components on the JSF page shows as per User Role. I am using OAS 10.1.3.3.
  I want to now implement the code so as to restrict simultaneous logins with the same user id. That is a user id cannot be looged in at once to the server from more than one machine.
  The login.html is:
  <form  name="loginFrm" method="post" action="j_security_check">
        <p>Log in to access restricted zone.</p>
        <table>
         <tr>
          <td>User name</td>
          <td>
           <input id="j_username" type="text" name="j_username"/>
          </td>
         </tr>
         <tr>
          <td>Password</td>
          <td>
           <input type="password" name="j_password"/>
          </td>
         </tr>
         <tr>
          <td> </td>
          <td>
           <input type="submit" value="Login" onclick="document.body.style.cursor='wait';"/>
          </td>
         </tr>
        </table>
       </form>The securityconfig int he web.xml file is:
  <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>jazn.com</realm-name>
        <form-login-config>
           <form-login-page>/login.html</form-login-page>
           <form-error-page>/loginError.html</form-error-page>
        </form-login-config>
      </login-config>
      <security-role>
        <role-name>ADMINISTRATOR</role-name>
      </security-role>   
      <security-role>
        <role-name>MANAGER</role-name>
      </security-role>
      <security-role>
        <role-name>INSURER</role-name>
      </security-role>
      <security-role>
        <role-name>TRACKER</role-name>
      </security-role>
      <security-role>
        <role-name>INSURER_MANAGER</role-name>
      </security-role>

  Then I would say it is not possible:  Restrict multiple login in SAP Business Objects 4.0 SP6 for single user
  multiple login disable in BO | SCN

• Currency vs Account group restriction for vendor master

  Dear All,
  Is it possible to restrict the user from using inr for Import vendors account group and other currencies for domestic vendor account group in standard????

  Hi,
              Through authorization object F_LFA1_GRP (Vendor: Account Group Authorization ) field - KTOKK (Vendor account group) you can restrict user to create particular type vendor i.e Import Vendor or Domestic Vendor etc. Pls refer below screenshot...
  As k your Basis user to restrict as per account group ....Through PFCG transaction..
  Regards
  Abhishek Tiwari

• Authorization group restriction

  Hi ,
  I would like to know how to restrict authorization group FCAR and FCAP.We could see it is related to F_BKPF_BES object .It seems the same authorization object should be given the following access
  --display access for documents asigned to authorization group FCAP
  --should not allow display for documents assigned to authorization group FCAR
  If we restrict using FCAP (displays access)the second condition works fine but the first one it displays line items only for G/L accounts.Vendor line items does not get displayed.
  Please let me know your thoughts on this.

  Hi Mekha,
  You can add another object F_BKPF_BES manually and in the first one give
  display access for documents asigned to authorization group FCAP  and in another no display for documents assigned to Auth group FCAR
  **Reward points accordingly
  Junaid

• Purchase group restrict with doc type

  scenario is this like i want to restrict purchase grp with doc type wise, suppose i want purchase group <b>"abc"</b> should not be used in doc type "<b>FO"</b>
  then what setting should i do?

  this you can only do with the basis person who has authorisation to make changes in user t.codes.
  in t.code PFCG, give the user role for which you want to restrict this and then choose display, goto authorisation tab and click n the display authorisation data button, here at the top you can find the organiztional levels button, you can restrict the purchasing group here itself by not specifying it in the list, thus for all t.codes he will not have authorisation for this purchasing group.
  then choose the MAterials Management : Purchasing node, here choose the Document Type in Purchase Order to give the doc. types allowed to user and Purchasing Group in Purchase Order to limit the pur. groups.
  reward if helpul

• Authorization Group restrictions

  Hi Experts,
  I want to restrict user to access documents with help of Authorization Group field in DIR.
  But, problem is client required this Auth. Group field as selection field and not as an entry field available in standard DMS.
  How to provide selection list to user for Auth. Group field. With BADI & SAP Access Key possible but not useful in my case because of some client side restrictions.
  Can SAP Moderator guide me, why SAP chose not to offer a drop down on Authorization Group field with a user selectable list option? Also not even gave chance to consultant to do configuration for such a critical field.
  Thx in advance..

  Hi
  Check my Wiki on the same.
  If you need any more info, get back
  Link: [Authorization group|https://wiki.sdn.sap.com/wiki/display/PLM/UsingAuthorizationGroupfieldin+DMS]
  And if you want to activate dropdown F4 then check this wiki:
  Link: [F4 for auth group|https://wiki.sdn.sap.com/wiki/display/PLM/F4forAuthorization+group]
  Niranjan
  points welcome for useful info
  Edited by: Niranjan Dandekar on Dec 12, 2008 2:08 PM

• Status group in Incompletion Log

  Dear Friends,
  In the status grp which we maintain in Incompletion procedure what does the "X" mark suggests?.....for example in status grp 02 both general and delivery are marked as X so it means without filling those particular fields both sales and delivery documents cannot b processed......this is what I interpret..correct me if am wrong.....Thanks in advance

  Dear S Kumar,
  Answer to your query is already given by SAP, in to Help-file, maintained with the functionality.
  SPRO --> IMG --> SD --> Basic Functions --> Log of Incomplete Items --> Define Status Group
  Here, instead of executing the function, click on to File-icon. The same description is pasted here:
  Define Status Groups
       In this IMG activity, you use status groups to define the status of
       incomplete sales and distribution documents. Then assign the status
       group to the fields in an incompleteness procedure.
       In the status group, you define which functions may be carried out for
       an incomplete sales and distribution document, or for the items where a
       field entry is missing. You use this function to block a document for
       delivery, billing, or pricing. In addition, you can check at header*
       level whether the general data is complete.
       Example
       Fields that are defined for deliveries do not also have to apply to the
       billing document. If you allocate the relevant status group to these
       fields in the incompleteness procedure, you can create a billing
       document for the incomplete sales order but not a delivery.
       Activities
       1.  Check to what extent you can use the defaults for status groups that
           are defined in the standard system.
       2.  Change the existing status groups according to your requirements.
           Create new groups, if necessary.
       3.  Afterwards specify status groups for fields in the incompleteness
           procedures (see section Define Incompleteness Procedures).
  I hope, this would answer your query. If not, Please explain.
  Best Regards,
  Amit

• SQ01 - User Group Restrictions

  Using transcation SQ01-Sap Query in the HR module is it possible to restrict users to specific queries. I have assigned users to user groups, but this does not appear to prevent users outside of the group running the query.
  All users concerned have access to the transaction with authorisation value '23'.
  Thanks
  Simon

  Hi,
  Did you check what are the restriction given while creating a Query.
  For more info
  http://help.sap.com/saphelp_nw04/helpdata/en/d2/cb42cb455611d189710000e8322d00/frameset.htm
  Cheers
  Soma
  Message was edited by:
          soma pradeep

• ACS 4.2 (Trial) User Group Restrictions?

  I'm currently in the process of migrating from Microsoft IAS to Cisco ACS 4.2. I'm running an Eval of CSACS v4.2 for Windows in a Lab so I can work out the issues.
  So far I've been fairly successful getting user accounts authenticated with active directory credentials using the "Windows Database" as my external user database. The only problem I've run into is that I can't seem to figure out how to restrict access to Active Directory group membership.
  For instance, in the lab I have a Cisco 3750 switch that is using ACS to control login access. But given my current ACS configuration everyone in the windows domain can login to the switch. How can I restrict that down to just the Network Operations group in Active Directory?

  Yogesh:
  To move existing users from one group to another you can:
  - go manually to each user and change its group membership. OR:
  - Use RDBMS synchronization where you can fill a CSV file with the actions that you want (change group membership in your case) and import that to the ACS.
  For RDBMS sync you can read the user guide:
  http://tiny.cc/n13b1w
  This config example may also be useful about how to import the csv file:
  http://tiny.cc/533b1w
  I suggest that you read the guide and come back to ask here if you have any concern.
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Only receive distribution group- mails when logged on.

  Hi,
  Is there a way to automatically disable mail-receiving for users when they are not logged on to the AD?
  We use distribution groups to deliver mails to platform-agents.
  Most of them only need to receive mails when they are at work.
  Thanks for your ideas,

  Hi Tester, sorry about the delay in response. I would like to understand your issue more and what you are trying to achieve.
  Does the users need to receive emails sent to a distribution group (that they are part of) only during  8am to 5 pm? something like that?
  The answer really depends on the setup that you have but for the most part, emails sent to Exchange and immediately processed and delivered to the respective mailboxes. Perhaps you can schedule email delivery from the outlook client - when someone is sending
  the original email to the distribution.
  Regards.
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Regards, Siva

• How to access the websites that are restricted or logged in firefox , which once i had accessed in a public network and got blocked

  i am using mozilla , through my office wi fi , hence when i accessed a blocked website accidentally, a message "warning , you are accessing a restricted site , this has been logged" came . after that i cant open that website forever , even through other networks (including my personal network) , so how to unlog it??
  #help please

  Check the connection settings.
  *Tools > Options > Advanced > Network : Connection > Settings
  *https://support.mozilla.org/kb/Options+window+-+Advanced+panel
  See "Firefox connection settings":
  *https://support.mozilla.org/kb/Firefox+cannot+load+websites+but+other+programs+can