How to implement a single user in mutiple AD groups?

Hi all,
I need your help in achieving the following requirement.
1. Security should be applied based on a DeptName from DeptTable For example Department Name= A , Department Name =B, Department Name =C.
2. Also security should be based on Officer Indicator from EmployeeTable= Yes or No.
3. Employee Salary information is grouped into EmpFacts in presentation folder. Only a few users who belong to the group which has access to the folder, should be able to see this folder when they login.
(DeptAOfficerYesEmpFactYesSuper. All the groups which has EmpFactYes are given permissions to EmpFact Folder in presentation Folder)
4. On top of these all the users are classified into Mega and Super users. Mega users should have read only access to dashboards and Super users should be able to edit the dashboards. ( All the groups which are classified as Super are given access to "Edit Dashboard" in Presentation Catalog )
NOTE: As we are deploying our rpd in the shared environment we are not supposed to use SESSION VARIABLES.
TO achieve the above requirement we have created AD groups such that DeptAOfficerYesEmpFactYesSuper , DeptAOfficerNoEmpFactNoSuper and so on. By this method all the permutation and combinations will result in AD groups.
We know that this approach will lead to severe maintenance issues and hence looking for other alternatives.
We are now planning to have only DeptA, DeptB, DeptC groups and use them in conjunction with three other groups ( Officer, EmpFact, Super).
Can we add a single user in all these user groups ?
Kindly let me know if you need any clairty on this.
Your help is highly appreciated.
Edited by: user10682075 on May 11, 2011 7:24 PM

Yes and no..meaning a user with just 1 group assigned will retrieve less data then a user with multiple groups assigned, so yes, more data to select will affecct your performace (a bit), but no, the use of multiple security groups by itself won't affect performance..
The use of multiple security groups will reflect in the use of an IN or a subquery in your logical query, OBI will determine the best way in each case and your database (and statistics) will determine the best physical query and therefore query performance.
M.

Similar Messages

  • How to Implement a Single Folder - Multiple Authors Scenario für NW 7.3?

    Hello,
    is a version "How to Implement a Single Folder - Multiple Authors Scenario" for NetWeaver 7.3 planned?
    Best regards,
    Arnold Gallemann

    Hi Detlev,
    thanks a lot for sharing your work!
    Due to the reason we need a different configuration in KM, I changed e.g. some values in the .cc.xml and .co.xml files. I rebuild the project and checked the created EAR file. I noticed that the ConfigArchive file in EAR file still has the old values. It seems that SAP NetWeaver Developer Studio 7.3 is not recognizing in a portal application project the configuration of the src.config folder anymore. To test this, I removed the initial provided ConfigArchive in the folder dist\PORTAL-INF\config\ from your project. I rebuild it and the ConfigArchive in the EAR file wasnu2019t included.
    I found in the documentation (http://help.sap.com/saphelp_nw73/helpdata/de/42/60aec0032c1422e10000000a114cbd/frameset.htm) the SAP Note 1572813, which would describe how to use KMC wizards in SAP NetWeaver Developer Studio 7.3. But the article is currently not released to public.
    In addition I have discovered, that it is possible to include the src.config folder in the build process if the project is set up as a development component (see for details bullet point Optionally of http://help.sap.com/saphelp_nw73/helpdata/de/42/60aec0032c1422e10000000a114cbd/frameset.htm). This works. But later on I am facing another problem: I am missing the entry KMC-CM to add it as a dependency for the development component.
    Best regards
    Mario

  • How to implement a single sign on  feature using java.

    Hi,
    I have a question like , How to implement **single sign on** feature in java without using any third party framework or tool like LDAP or any other which is available in the market.
    Actually the situation is i have all security information into the table and those information is used for single sign on . If a user logged in from a jsp loging page all the security role should be assigned to that particular user.
    We can do this using LDAP but i am not supposed to use the LDAP or any third party tool . I have to write a java class for that .
    please suggest me the method , how to implement this in a web application.
    Edited by: Rakesh_Singh on Mar 19, 2008 11:55 AM

    you could setup a token that specifies a user is authenticated. other applications that u want SSO can check for existance of this token
    if it is HTTP - you can save the token as a cookie and downstream apps look for this token
    yr code needs to validate that the token/cookie was indeed a valid one and not subject to man-in-the middle attack.

  • How to get to single user mode

    I aquired an old power mac G4 with an old account with 10.3.9 and an old administrator account.  It seems that procedures to remove the account start in Single user mode.  The computer won't start when holding down system - s.  The drive clicks a few times but the display goes to sleep from no video signal.  So How can I get to single user mode when the usual way don't work?

    The hard drive's directory may be dead, or it may have last been booted into Mac OS 9.  IF you are lucky, they did install Mac OS X on it, and that can be determined either through an Option key boot, or through an X key boot on a wired (not wireless) USB Apple compatible keyboard.   X key booting will only work if the X operating system is on the same partition, whereas Option key boot will reveal the Startup Manager, where you select the drive and hit the right pointing arrow for the drive partition that has Mac OS X.   Note this will not work on an original PCI PowerMac G4.   You may also need to replace the PRAM battery, a 1/2 AA 3.6V battery from Radio Shack before any boot sequence will work.  Once it boots into Mac OS X, Single User Mode should work.

  • How to kill a single user in BO XI 3.0

    Hello,
    I thought there was a SDK for killing single users on a system. Can someone help me out again on where to find this procedure.
    thanks
    Thierry

    [Recent news this method is supported in XI 3.x |http://johnnyye.com/blog/2008/08/12/business-objects-xi-session-removal-tool]
    to note if you have business objects enterprise you should have a CPU or named user license (if not contact your account rep), if you have edge or crystal reports server then those are your options
    Regards,
    Tim

  • How to implements the single thread modal?

    how to implement the singlethread modal in servler/jsp?

    Do you mean 'model?' and 'servlet?' and are you referring to the interface with that name? which your servlet class just has to declare that it implements?

  • How can I secure single user mode

    I have a macbook pro, I would like to disable single user mode.
    thanks,
    Lal.

    To boot from the DVD, insert it, then restart and hold down the C key until the Apple logo appears on screen. If your MBP came with Snow Leopard installed, you must use the gray DVD that was in the box. If it came with an earlier version of the OS, you can use either the gray DVD or the retail disc you used to upgrade. In either case, don't run the Installer; follow the directions in the link above.

  • Upgraded to Leopard and lost disks...forgot the admin password. anyone know how to reset in single-user mode?

    I received some instructions but they did not work. Does anyone know how to reset this?

    1 - Does it boot into Leopard?
    2 - Does it have any important data on it that is not backed up elsewhere?
    It it boots into Leopard you could continue using it and hope that you find your Leopard install disks later or discover some other way to overcome the lost password.
    If it is fully backed up or has no important data on it you could install Tiger.

  • Currently using ESR firefox. How to change to single user version

    XP pro and numerous firefox add ons. will I have to remove the current version of firefox esr to install the latest firefox "public" version? and the add ons too?

    You can just update Firefox, via <code>Help > About</code>

  • How to create a single action listener for a group of buttons

    hi there.. i am new at java and i have a problem with my applet..
    i am doing a virtual ticket programme..
    i have a tab that says books seats.. in the tab, i am suppose to create 50 buttons.
    i have done that already by using for (int i=1; i<=10;i++) 5 times for 50 buttons.
    but i do not know how to set an actionlistener in the for loop for each of these buttons..
    For example, if the user were to chose seat "no3" , a text area(already created) below will show something like "no3" and so on..
    how do i bind these buttons into one single action listener so i do not have to create 50 actionlisteners and buttons individually..
    appreciate the help..

    You're killing me.
    class MyFrame extends JFrame implements ActionListener
         JTextArea myTextArea = new JTextArea();
         JButton myButton = new JButton("My Button");
         JButton otherButton = new JButton("Other Button");
         MyFrame()
              super();
              myButton.addActionListener(this);
              otherButton.addActionListener(this);
              setLayout(new FlowLayout());
              add(myButton);
              add(otherButton);
              add(myTextArea);
         public void actionPerformed(ActionEvent e)
              Object source = e.getSource();
              if(source == myButton)
                   myTextArea.append("My Button Pressed\n");
              else if(source == otherButton)
                   myTextArea.append("Other Button Pressed\n");
    }

  • How to check logged in user belongs to particular group using workflow

    HI All,
    I have a list  and I want o implement row level security based on the list filed called Relevant group.
    I have a list filed called RelevantGroup , this filed is a choice filed and it has  couple of SharePoint site's groups that I have created. Now what I want to do is give current logged in user to edit the record based on his/her security group. For example
    if I logged in and if I m a member of  the current record RelevantGroup I can edit the record, if I m not a member of the RelevantGroup then the system shouldn't allow to edit the record. 
    I want to do this SharePoint designer workflow. Can someone please help me. Using SPD2013. 
    Thanks. 
    d.n weerasinghe

    Is the form being served up from livecycle? If not how is the form being served up to the user?

  • How to get list of Users under an Auth Group (for executable Programs)?

    Hi experts.  I have a requirement to get a list of all users under a particular Auth Group for Program Objects.
    Goal of this requirement is to identify the users allowed to use/access a program - we're doing some sort of Program Inventory and we'd like to identify the users per program, via the Auth Group. 
    So question is:  Which tables hold data about Program <-> Auth Group <-> Users, and how are they linked?
    I know this is Basis/Security stuff, but I was thinking of developing a report program to output the information needed.
    Thanks in advance.
    Edited by: George Esquerra on Nov 17, 2011 10:24 AM

    This is available in the standard via tx SUIM - user - users by complex selection criteria - by authorization values.
    If you enter auth object = S_PROGRAM and value = auth group, you will get the list of users.
    You can analyse how this program finds the information and incorporate it into your own logic.
    Thomas

  • How to Implement User Area in Oracle Forms 6i

    Hi,
    Could anyone please let me know how to implement Item Type *"User Area"* ?
    How to add User Area in layout Editor?,
    Thanks and Regards,
    Manasa

    Hi,
    Please post your question in the appropriate forum.
    Forms
    Forms
    Thanks,
    Hussein

  • How to implement User Area Item in Oracle 6i

    Hi,
    Could anyone please let me know how to implement Item Type "User Area" ?
    How to add User Area in layout Editor?,
    Thanks and Regards,
    Manasa

    Hi,
    Please post your question in the appropriate forum.
    Forms
    Forms
    Thanks,
    Hussein

  • How to use negation in user defined rules?

    Hi,
    Can you please show me an example to use negation in user defined rule? I created a rule like below (the rule says if a patient has a fever problem and not have penicillin hypersensitivity, then recommend medication1):
    INSERT INTO mdsys.semr_myMedicineRB VALUES('rule1',
    '(?p rdf:type :Patient) (?p :present ?c1) (?c1 rdf:type :Fever) (?c2 rdf:type :Penicillin_Hypersensitivity)',
    '(NOT_EXISTS(p :present c2))',
    '(?p :recommendation :medication1)',
    SEM_ALIASES(SEM_ALIAS('','http://www.example/medicine#')));
    The rule successfully inserted into the rulebase. However, I cannot pass the entailment creation phase and got the errors:
    ORA-29532: Java call terminated by uncaught Java exception: java.sql.SQLException: Missing IN or OUT parameter at index:: 1
    ORA-06512: at "MDSYS.SDO_SEM_INF_INTERNAL", line 16453
    ORA-06512: at "MDSYS.SDO_SEM_INFERENCE", line 302
    ORA-06512: at "MDSYS.SDO_SEM_INFERENCE", line 352
    ORA-06512: at "MDSYS.RDF_APIS", line 118
    ORA-06512: at line 2
    29532. 00000 -  "Java call terminated by uncaught Java exception: %s"
    *Cause:    A Java exception or error was signaled and could not be
               resolved by the Java code.
    *Action:   Modify Java code, if this behavior is not intended.
    According to the post built-in primitives(noValue,remove) for user defined rules, it seems negation is not supported in user defined rules. Can you please advice how to implement negation in user defined rules?  Thanks a lot in advance.
    Hong

    Hi Hong,
    Let's look at this similar but simplified problem:
      if (?p  rdf:type  :Patient) and (NOT_EXISTS(?p  :present  :c2)) ==> (?p :recommendation :medication1)
    You can use something like this in the user defined inferencing:
    -- First get the numeric IDs for the relevant URIs
    recomID := sdo_sem_inference.oracle_orardf_add_res('http://..../recommendation');
    medID := sdo_sem_inference.oracle_orardf_add_res('http://..../medication1')
    rdfTypeID := sdo_sem_inference.oracle_orardf_res2vid('... full URI for rdf:type');
    patientID := ...
    presentID := ...
    c2ID := ...
    -- Now this query will find out ?p that satisfy (?p  rdf:type  :Patient) but not
    -- (?p  :present  :c2)
    sqlStmt := '
      select ids1.sid  sub
         from ' || src_tab_view || ' ids1
        where ids1.pid= ' || to_char(rdfTypeID,'TM9') || '
          and not exists (
             select 1
               from ' || src_tab_view || '
              where sid = ids1.sid
                and pid = ' || to_char(presentID, 'TM9') || '
                and oid = '|| to_char(c2ID,'TM9') || '
    insertStmt := '
      insert /*+ parallel append */
       into ' || output_tab || '(sid, pid, oid)
      select sub, '||to_char(recomID,'TM9') || ',' || to_char(medID,'TM9') || '
       from (' || sqlStmt || ')'
    More details can be found in
    http://docs.oracle.com/cd/E16655_01/appdev.121/e17895/inference_extension.htm#CHDDBGEC
    Hope it helps,
    Zhe Wu

Maybe you are looking for