How can i restrict user to access database object (procedure) or JSP
Hi
I have 9ias infrastructure 902, on win2k box with 9i DB.
and I have one PL/SQL web application and another J2EE application both are hosted by 9ias 902.
Now we are looking forward to couple both with SSO.
I have deloyed samples of both and works fine.
Each application have different set of users, i mean there is no common user.
How can i restrict user not to view the web page which is not authorised to them.
as far as i understand from the Grocery demo is pick the role (which is a string only) from OID and programaticall apply security via if else endif construct.
can any one through light upto my concern.
regards
[email protected]
Hey Mary
No i haven't try to do that via pl/sql....
as the our application is j2ee app... deployed in oc4j.. with sso and ldap....
still finding to do so....
what i have realized that LDAP is just to store user information in inverted tree... and one have to build separated access security mechnisum that will be applicable to j2ee system....
thanx...
samir....
Similar Messages
-
CRM PCUI how can I restrict Users
hi all,
We are having 5 Portal Users for each User I assigned role in Portal called sales representative which is a part of standard CRM 5.0 Business package.
Each user use to create Account, lead and opportunity.
My requirement is, whenever User created account, lead and opportunity, the other Users should not see those details.
So how can I restrict them?
In CRM GUI we have created new role and changed,its working fine, But in CRM-Portal (PCUI) its showing all other users details.
There is any other way without using Access Control Engine (CRM-ACE), I can restrict the User.
regards,
NareshHi Naresh,
While working on one project we had faced same problem for this we had used diffrent approch.
for achiving this u can do below things:
1) Create diffrent iview for each user. (Assign it for each user for PCUI Portal)
2) In each iview in Show Advance Search window u have to make "Belonging To " field Freeeze with Value "Me"
3) Using MAC(CRMC_BLUEPRINT_C) u can achive above steps.
After doing above step u'll come to know that the respective user can only search and access only their Transaction and not others.
Hope it'll help u, let me know if u want further help.
Thanks,
Dipesh.
Edited by: Dipesh Date on Oct 8, 2008 1:21 PM -
How can i restrict user through material group
Dear Guru's
We have two business process CDMA and GSM
Two purchase organisations, different document types and different material groups
our user is procuring a materials for CDMA using GSM materials codes.
How can i restrict him.if he selects GSM purchase organisation he should procure only for GSM using GSM materials codes.
IS it possible to restrict through material groups
Regards
subhashHi Ha Tran,
Thanks for your suggestion.
But the problem is that we have two business CDMA and GSM business.
The enitity and reporting will be in the same company code.
So we came up with two purchasing organisation because the first purchase organisation was already assigned to company code.
and the business want different material groups for difeerent business.
Ex: one material 100000000 DESC : Switching with material group NWTR
the same material with different number 1000000001 Desc: Switching material group : GNWTR
Now the user while creating purchase order for GSM ,he is using CDMA material.
I want to restict the users that if he selects document type and purchasing organisation of GSM. System should allow only GSM materials.
Regards
Subhash -
How can I get users who accessed the database during last one month
Hi All,
How can get the list of users who logged on to the database DBProd and made changes to the tables of particular schema during say last month and current month.
Thanks & Regards.DBA_PRIV_AUDIT_OPTS :-Describes current system privileges being audited across the system and by user and who has updated what can be done through trigger which would send the information to a history table. If you have it ready ask your team..
SQL> select PRIVILEGE,SUCCESS,FAILURE from DBA_PRIV_AUDIT_OPTS where user_name='SCOTT';
no rows selected
SQL> audit ALTER SYSTEM by scott by access whenever not successful;
Audit succeeded.
SQL> audit session by scott by access;
Audit succeeded.
SQL> select PRIVILEGE,SUCCESS,FAILURE from DBA_PRIV_AUDIT_OPTS where user_name='SCOTT';
PRIVILEGE SUCCESS FAILURE
CREATE SESSION BY ACCESS BY ACCESS
ALTER SYSTEM NOT SET BY ACCESS
Regards
Karan
Edited by: Karan on Aug 2, 2012 7:15 PM -
How can we restrict users from changing the data in HFM.
Hi All,
We have requirement from users where, They don't want the base data being loaded from SAP to HFM via FDM through ERPi to get changed in HFM at <Entity Currency>. They want data to be read only and no body should be able to change neither Grid nor Forms and neither Smart View. If we restrict by Shared services access then again they can't change ownership management value.
Regards,
SushilHi Thanos, Thanks for your reply.
Yes i am aware of the security class, so your suggestion is to use security classes to restrict users? And how can i use the phased submission for the same? I am new to HFM so please bear with me.
I have one more question that my Application is HFM EPMA application. So is it necessary to have Application Administrator to change hierarchy and Deploy the Application from EPMA?
Thanks,
Sushil -
How can i restrict users for entering manual expenditure batch for inventor
Hi,
Can someone explain me how to restrict users to enter manual pre approve batch for inventory expenditure class in projects??
Regards,Forms Personalization.
Regards
Dharam -
How can we restrict users from marking service orders as deleted
Hi,
Please guide me :
Is it possible to restrict users (who are having authorization of marking service orders as deleted) from marking some service orders as deleted, if they have not created these service orders?
In other words, requirement is : only the person creating the Service Order should be authorized to delete.
Please guide.
Thanks and RegardsThere are many BADI and EXITS available, you have find the appropriate place to put your code.
USER - EXITS
CNEX0013 Order: Cust. enhancement: Default item category comp. assgmt
CNEX0026 Customer enhancement for general inspection of material
CNEX0027 Customer enhancement: Plant, storage loc. finding for comp.
IWO10004 Maintenance order: Customer check for order completion
IWO10005 Maintenance order: Cust.-specif. determination of profit ctr
IWO10006 Maint. order: Fcode exclusion through cust. enhancement
IWO10007 Maint.order: Customer enhancement - permits in the order
IWO10008 Cust. enhancement: Determination of tax jurisdiction code
IWO10009 PM Order: Customer Check for 'Save' Event
IWO10010 Maint. order: Cust. enhancement for determining WBS element
IWO10011 Maint. order: Customer enhancement for component selection
IWO10015 Maintenance order: F4 Help for user fields on operation
IWO10016 PM Order: Cust. enhancement to check operation user fields
IWO10017 Determine external order number by customer logic
IWO10018 Maintenance order: User fields on order header
IWO10020 Maintenance order: Automatically include task list
IWO10021 Automatic task list transfer when creating order from notif.
IWO10022 Determine calendar from user exit
IWO10023 Service order: Change header data for advance shipment doc.
IWO10024 Service order: Changes to items for advance shipment
IWO10025 PM/SM order: Finding responsible cost center
IWO10029 Inclusion of bill of material in PM/SM order
IWO10030 Preset Fields for Event Object
IWO10031 Hide personnel number in PM/SM order
BADI
Name of a BAdI Definition
ARC_PM_ORDER_CHECK
ARC_PM_ORDER_DELETE
ARC_PM_ORDER_PREPROCESSING
ARC_PM_ORDER_WRITE
ARC_PM_QMEL_CHECK
ARC_PM_QMEL_DELETE
ARC_PM_QMEL_PREPROCESS
ARC_PM_QMEL_WRITE
IWO1_ORDER_BADI
IWO1_PREQ_BADI
IWO1_SCREEN_MODIFY
IWO1_TL_INTEGRATION
IWO1_TL_INTEGRATION2
Edited by: Manish Bisht on Jul 11, 2009 9:27 AM
Edited by: Manish Bisht on Jul 11, 2009 9:28 AM -
How to determine which user uses which database-object
Hi,
currently we are in the process of consolidating our databases. One of the neccessary steps is to figure out which user connects to the database at all. That's easy, we implemented a logon-trigger and log the collected information into a separate table.
If a user with objects (e.g. tables, views, procedures) exists - but this user never connects to the database - does that automatically mean that these objects are not used at all? No need to say that this is not true. But how can we figure out if a connected user has selected an object of this user?
Our porblem is that we have alot of schemas in our database - but the developers don't know if this schema is not used by an application or not (sad but true).
To enable auditing would be one choice to figure out if an object was ever used or not.
Are there any other possibilities?
Any help will be appricated
Rgds
JanVivaLaVida wrote:
Hi,
currently we are in the process of consolidating our databases. One of the neccessary steps is to figure out which user connects to the database at all. That's easy, we implemented a logon-trigger and log the collected information into a separate table.It could have been even easier by turning on the built-in audit feature.
If a user with objects (e.g. tables, views, procedures) exists - but this user never connects to the database - does that automatically mean that these objects are not used at all? No need to say that this is not true. But how can we figure out if a connected user has selected an object of this user?audit would be a good choice.
Our porblem is that we have alot of schemas in our database - but the developers don't know if this schema is not used by an application or not (sad but true).Not sure what developer will do with used/not used application.
To enable auditing would be one choice to figure out if an object was ever used or not. What's wrong in auditing ?
Even though audit may have a footprint on performance, that would probably be less costly than any custom solution.
Nicolas. -
How can I restrict KF with Char info Object
Hi All,
I need one help,
I have char infoobject (Say A) in my cube,
the length of that infoobject is 10.
Now I want to restrict one KF (say B ) by taking 1st three char of value A.
How can I handel that in Bex,
Exam
Value of A = 'encourages'
I want to restrict
B with
A= 'enc'Hi,
You can try to restrict using a range with the first value in that range to last, like enc0000000 to enc9999999. Create these values in the master data if reqd.
Hope this helps... -
How can I allow users to access SQLPLUS?
Hi everyone,
I have been charged with the task of creating an Oracle server on a CentOS VM. Installation and configuration is complete and SQL is working fine for the database admin user "oracle." I copied the environment variables to the .bashrc file for "oracle" and SQLPLUS starts without a hitch.
Here is where I need a little guidance...
I need to create basic Linux user accounts that will have access to the database, so they can then in turn log into their SQLPLUS accounts. The problem is, all of the database files and software are in located in the user "oracle's" directory. This means that no one but "oracle" and root have access to these files because they are the only ones with proper permissions.
Before I put a ton of time into this, I thought I would pose these questions to the Oracle Linux community:
1) Could I enable a specific Linux group (ex. "Oracle Users") to have access to the main database folder or possibly all folders along the path? I am hoping this would allow any users I put in the group access to the folders, and essentially the SQLPLUS application. (here is ORACLE_HOME=/home/oracle/app/oracle/product/11.2.0/dbhome_1)
2) If that is not an option, will I need to make a completely new database and locate it in a location that all users can access?
I understand that my first idea may not be the SAFEST method, but this is only for a small class of students learning how to use SQL and writing queries. There will be no sensitive information at risk. This would be a quick fix until I learned more about Oracle and how to use it.
Thank you everyone.It certainly is rather a question for the General Database forum, though I doubt you will get a lot of happy replies for such a basic question.
You can use / as sysdba OS authentication through SSH or using the server console, provided the user's account belongs to the "dba" user group. For remote connection through sqlnet you need create a $ORACLE_HOME/dbs/orapw$SID password file.
If you would like to know more about this:
Connecting / as sysdba is used for OS authentication. It ignores password credentials stored in the database and allows any user belonging to the OSDBA system group to connect to the database. Connections as sysdba will always connect to the SYS schema of the database, regardless of any username or password specified. Using OS authentication relies on the BEQ protocol, which connects to the database directly, without using the Oracle Listener process.
The "oinstall" group will give access to the database software repository. There could be different oracle home installations, each with a different oracle user/owner like "oracle_prod1" and "oracle_prod2", but both users must be able to read/write the shared oraInventory, in which case both users must have read and write access to the oraInventory directory, hence the oinstall group. -
Can't Restrict users form accessing folders
I have just installed my Mac osx server and i have created my users and shared my folders but it looks like all the users are able to access my folders even though i set permissions for them.even if i Deny in Acl the user still has access to the folder.i want to give specific users access to certain folders.what am i doing wrong? your help will be greatly appreciated.
If this is a production server, I'd suggest acquiring some IT coverage or an escalation path for issues, or both. As nice as Mac OS X Server is, you're still running a Unix server, and a month and a half of problems is going to be something that the users will take issue with.
Your /Users folder looks somewhat problematic by what's not present there; I'd expect to find (more) users' home directories there, and I'd expect the users' directories to be owned by the specific user and by "staff"
Here's what the home directory for user zork2 looks like in /Users directory, for a configuration with the users's homes in /Users.
drwxr-xr-x+ 12 zork2 staff 408 Aug 31 2009 zork2
0: user:_spotlight inherited allow list,search,fileinherit,directoryinherit
This would be a common case for OD users created under the /Users directory on the server.
The user edem parallels this and looks OK, but (if that's the entire contents of your /Users directory) it looks like the users are created elsewhere.
You'll need to use Workgroup Manager (WGM) to locate that elsewhere, and then go check that area for its protections and ACLs. The commands involved in listing protections over in that path are similar (albeit adjusted for the different directory path), and the outputs should match what was posted for zork2 or edam in the existing /Users directory.
Apparently I was insufficiently clear with the +ls -ale /users/somefolder+ command reference and had intended to look at the settings within one of the problematic user's directory, but it does appear that the first command showed enough to indicate that the users' homes are elsewhere.
I'd also suggest getting an IT escalation path, first and foremost. Another good option (albeit from personal experience with following this path, one that can occasionally lead to frustration and outages) is going to be the school of hard knocks and whatever classes and books you can get your hands on or can attend; the proverbial crash-course in Mac and Unix server IT management. I've not viewed the tutorial videos available at Lynda.com, though various folks posting around the forum do indicate those can be a good resource. -
In our company there are some folks that require often new fonts that they take from the internet. Unfortunately, some of them have offices on in a diferrent country, so going there to insert my admin paswoord is not a solution.
If you copy the ttf file into the C:/Windows/Font folder is enough, you don't have to also add the registry.
One way to bypass the window that asks for admin credentials is to insert my crdentials into the bat file (runas). But this is very unsecure, as I am an administrator.
Is there a way to create a shared folder that can also store fonts that can be used by windows? Can I give them the right to modify files in this folder without making them administrators? Or do you see any solution to this issue? Any help would
be greatly appreciated.
Thank you in advance.Another solution which will not compromise your security is to create a share folder and have the users to download fonts to the folder. After that a simple schedule task GPO on clients to copy the
*.ttf files from the folder to the C:\Windows\Fonts folder. Since tha task can be run by administrative privileges I guess there will be no problem.
Regards.
Mahdi Tehrani Loves Powershell
Please kindly click on Propose As Answer
or to mark this post as
and helpful to other people. -
Hi guys
I am newbie in vb net and I want your help to solve a problem.
I have this datagridview with two columns and all days of a month in custom columns.
[IMG]http://i59.tinypic.com/2qwpj15.png[/IMG]
I also have one combobox to change Year and a combobox to change Month.
Here is the code to load data
Private Sub fill_plan()
dgMonth.Rows.Clear()
Try
Dim i As Integer = 0
Dim query As String = "SELECT MonID,Unitname,Personel,Udate FROM tblMonth ORDER BY Unitname"
con.Open()
cmd = New OleDbCommand(query, con)
myDR = cmd.ExecuteReader
If myDR.HasRows Then
While myDR.Read
dgMonth.Rows.Add()
dgMonth.Rows(i).Cells(0).Value = myDR.GetInt32(myDR.GetOrdinal("MonID"))
dgMonth.Rows(i).Cells(1).Value = myDR.GetString(myDR.GetOrdinal("Unitname"))
dgMonth.Rows(i).Cells(2).Value = myDR.GetInt32(myDR.GetOrdinal("Personel"))
i = i + 1
End While
End If
myDR.Close() : con.Close()
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Critical, "Error")
End Try
End Sub
With
this code the
personel column
loads the first
day of the month.
I want to load
the column the date that is
in the database.Hello,
This can be done with less code
Private Sub fill_plan()
dgMonth.DataSource = Nothing
Dim dt As New DataTable
Try
Dim query As String = "SELECT MonID,Unitname,Personel,Udate FROM tblMonth ORDER BY Unitname"
con.Open()
cmd = New OleDbCommand(query, con)
dt.Load(cmd.ExecuteReader)
dgMonth.DataSource = dt
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Critical, "Error")
End Try
End Sub
The above loads all rows, if you want to limit the rows placed in the DataGridView this is best done in the SQL via WHERE conditions and/or with SELECT TOP x.
Formatting of the data is best done via the property window for the DataGridView on whatever column you want too. Using the above you now need to set the data property for each column and set dgMonth.AutoGenerateColumns = False, in the end we end up with
less code
edit is there a reason for returning the primary key? If so then using my method we can hide that field but I see no reason for having it in this case
Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. -
How can a Windows user remotely access their Home folder on a MacOSX Server
I have a staff member who would like to remotely access (ourside of our LAN) their Home folder on our Mac OSX server. Anyone know and willing to share the process?
ThanksHi Brad!
Generally, a VPN solution is best to allow someone access to your company network. VPN provides security and access to some or all of your company's network resources.
If AFP is allowed to pass through the VPN tunnel, then your user would connect via VPN first and then connect to the server with a connect string such as "afp://servername".
Or if your user's home folder is also shared as a Windows share, your user could connect via VPN first and then connect to the server with a connect string such as "smb://servername".
Hope this helps! bill
1 GHz Powerbook G4 Mac OS X (10.4.6) -
How can I Restrict/enable wifi access on Home Fusion?
Recently (a couple months ago) I changed a setting to prevent my son's Iphone from accessing our Home Fusion WiFi since we kept going over our allotted 10 Gigs, I cannot find where within my account management functions to re-enable his access. Can anyone point me in the right direction? I have looked everywhere and can't seem to find where that option is.
I figured it out after I downloaded the manual regarding the GUI
Maybe you are looking for
-
We restored her new iphone 5s from a backup on icloud from her previous iphone 5. it was restoring for two weeks! we called apple and eventually reset and started over. verizon had us do this again a week and a half later. still, now, its been over t
-
What are the different types of blocking in vendor / customer MD?
Hi, in my firm we noticed that several customers were marked for deletion but this mark only provides a warning message once sales order is set up. We'd like to know how to perform actual blocking of sales order / delivery / billing for customers - w
-
How to get new iTunes install to recognize library stored on External drive
iTunes was installed on Computer Alpha. Library was kept in external hard drive (External). The library on External was not a backup; it was the primary, one and only library used by iTunes on Alpha. All music purchased from iTunes Store downloaded d
-
My itunes told me there was a update to do so i did it now it wont work or sync with my phone!
i logged into my itunes a few days ago and it told me there was a update so i did it and now it wont open up itunes or sync with my phone! I've uninstalled itunes and reinstalled it but it's still not working and asks me to reinstall it everytime!
-
Anone care to explain the following. From the Home Page, Click on > Get Support & Software then under > Make your choice > Phones and devices, Click on the arrow for the drop-down choice of phones, and choose the Nokia N95 (not the 8GB) Choose the N9