How to prevent a portal user from using the BEx Analyzer ?

Hi,
we have different type of users : most users may use the portal as well
as the analyzer ;
we have one special user with extended authorizations : this user
should use the portal , where he has a limited set of queries to run
with hardcoded filters ==> this user should not be able to use the
analyzer however, since he then would be able to call all other queries
by using the find function ;
how can we make sure this user cannot use the analyzer , using SAP
authorizations ?
best regards,
Erwin Van Giel.

Hi,
if I remove the complete S_RFC authorization for the user then the BEx Analyzer cannot connect anymore to the BW system, but neither can the user run reports from the portal : it needs the S_RFC with 'SYST'.
If I only remove the RRMX from the S_TCODE and from the S_RFC, it does not prevent the user from starting the BEx Analyzer and connecting to the BW system. It only stops the user if he would start the RRMX transaction from within an SAPGUI session.
Perhaps there should be a value in the S_RFC that allows connections from the portal but not from the BEx Analyzer .... ?
so not solved yet ....
best regards,
Erwin.

Similar Messages

  • Is it possible to prevent users from using the ''Purge'' option from the ''Recover deleted items'' in Office 365?

    Hi,
    After speaking with a Microsoft engineer over the phone, I've been told that there is no way to prevent users to go to their OWA and manually Purge specific items from the ''Recover deleted items''. The Microsoft tech told us to place the desired mailboxes
    on a litigation-hold and that all data will be recoverable... but only from the time you place the mailbox onto Litigation-Hold and previous items, which doesn't take effect for new-coming emails. 
    1- From what I understand, any new items coming in the mailbox after the Litigation-Hold is put in place will still be ''purgeable'', right?
    2- Is there a way (PowerShell, Security group, etc.) that can prevent a user from using the Purge option?
    We are very surprised that there is absolutely no thread that talks about this issue, which in our opinion, is a major legal and security flaw from Office 365. This is a main concern for us to actually go with Office365. For instance, this means that at
    any given time, if a user exchanges emails with a competitor, they can manually purge emails sent and receive as soon as it is sent/received, even after Litigation-Hold is in place.
    Thank you for your reply and let us know if you have more questions.
    Normand Bessette, IT support technician, Newad Media

    Thank you for the reply.
    Is there still a way to prevent users from using the Purge option, like with a Powershell script to disable Purge?

  • Digital audio input via mini jack/toslink from ADA, monitored via USB audio output... is this do-able? I know digital audio input should be okay but how do I monitor it, apart from using the internal speakers?

    Digital audio input via mini jack/toslink from ADA converter, monitored via USB audio output to amplifier... is this do-able? I know digital audio input should be okay but how do I monitor it, apart from using the internal speakers?

    You can output audio thru HDMI, with appropriate adapter.
    You can use additional cheap external usb audio for monitoring.

  • How to Restrict same portal user from other node

    Hi
    In my application, we charge customers for each portal user logins. But, i found that, they can share same user logins amongs number of people.
    I don't want to allow the same portal user login into the application if that user is already logged in and it's session is still active.
    Here is the Scenario :
    User A is logged in to the portal from terminal AA. Now, User A agin tries to logg in to the portal from terminal BB. I don't wnat to allow user A to log in from terminal BB bcuz user A has active session from terminal AA.
    Can anyone know how to implement this??
    thanks in advance.
    Srini

    Hi Srini!
    We have solved this problem with our own login portlet. Before the final login we've got to check (from the certain table) how many logins there are currently with that username.
    But there is a problem. If the user closes the browser without logoff, the session remains active. There is a cleanup job, which removes those session in some hours. Still it is not very elegant.
    Regards,
    Jari

  • Is there a way to prevent a user from using the graph cursor legend to delete a cursor?

    I would like to have 2 cursors on a graph that can't be deleted by the user.

    Hi Dennis,
    I'm having this problem as well, and found your post. Are you referring to the Enabled State of the entire graph?  If so, this prevents the user from moving the cursor at all while the VI is running, which, of course, defeats the purpose of having a cursor at all.  Ideally, I would like to show the cursor palette and disable it's run-time shortcut menu.  This doesn't appear to be possible.   One workaround would be to hide the palle and instead include some indicators that show the cursors' values.  I'd prefer to show the palette to keep the program simpler.
    Any other solutions?
    Thanks,
    Alan
    Alan Blankman, Technical Product Marketing Manager and LabVIEW Developer
    LeCroy Corporation
    800-553-2769 x 4412
    http://www.lecroy.com
    [email protected]

  • Is there any way to prevent non-root users from rebooting the system?

    This question seems to be addressed many times on the web, but the problem is that none of the wannabe-howtos work on my system. In particular, this doesn't work and this doesn't work either, because (1) I need to keep policykit installed for udisks and other dependencies to function and (2) renaming (or removing) the file /usr/share/polkit-1/actions/org.freedesktop.login1.policy has (again) no effect on the users' ability to reboot and shut down the system. Even more surprisingly, adding the following to /etc/polkit-1/rules.d/20-disable-shutdown.rules has no effect at all:
    polkit.addRule(function(action, subject) {
    if (
    action.id == "org.freedesktop.login1.power-off" ||
    action.id == "org.freedesktop.login1.reboot" ||
    action.id == "org.freedesktop.login1.suspend" ||
    action.id == "org.freedesktop.upower.suspend" ||
    action.id == "org.freedesktop.login1.hibernate" ||
    action.id == "org.freedesktop.upower.hibernate"
    return polkit.Result.NO;
    As a result, ordinary users (not in the wheel group and with no special permissions) can simply reboot the machine by typing reboot. I remember that a simple polkit rule (as proposed on the Fedora forum) worked fine just a few months ago, but this doesn't work nowadays. The action IDs mentioned there are no longer listed in pkaction, so it's quite obvious that some changes (and bugs) have been introduced since then. I just need to prevent the users from rebooting the machine and to keep policykit installed. Is there any way to do this?

    karol wrote:Do said users have the ability to push the Power or Reset buttons?
    No, they don't.
    But come on, access permissions are a matter of principle rather than a matter of what you can possibly do with a hammer in your hand. That makes your question somewhat irrelevant to this issue. Imagine someone asking: "How can I protect my home directory from access by other users?" You would then probably ask: "Do said users have the ability to pull out the hard drive and mount it on their computer?"
    Even if the users had physical access to the ACPI buttons, rebooting the computer by mistake (via software) would still be much more likely than pressing (or even holding) the ACPI buttons by mistake.
    If I call rm -Rf / as a normal user, nothing should happen to the system in terms of availability to other users. Only my home directory and temporary files would vanish, but that's all. This is what permissions are there for. Similarly, when I type reboot as a normal user (no matter if I'm on SSH, on a local terminal or logged into KDE), it should be possible to simply disallow rebooting.
    The idea that users logged in locally can restart the computer may be fine for laptops under certain conditions, but it is a bad idea in almost all other cases. In a "kiosk" type environment, for example, the ability to reboot and get to the bootloader can be a huge security hole, unless all your disks are encrypted, and a huge "reliability hole" in any case. Suppose you use a desktop as a home server. You want everyone to be able to log in and to connect a USB flash drive (using polkit and udisks). But you simply don't want the machine to be rebooted. Why is such a simple thing so hard to do?
    Last edited by andrej.podzimek (2014-03-10 02:15:35)

  • How to prevent a rdp user from mapping drives on the server ?

    Hi,
    User A from Domain A (using Win7 pro) is able to rdp to Server Z (Windows Server 2008) which is in Domain Z and is able to map drive.
    My question is : How do I prevent User A from mapping any drive in Server Z ?
    Please advise. TIA !

    Hi,
    if a user has access to the other share there is no way to prevent that user from mapping a drive.
    However, you can remove the "map Network drive" functionality via policy, please see
    http://msdn.microsoft.com/en-us/library/ms812045.aspx
    That does not prevent users from mapping  their drive manually using the "net use ..." command from a shell. While it is possible to restrict running of the net command, I do not recommend that (see
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/b5012142-cfe9-4b24-99b9-d7ff3b84f0f4/what-security-policy-blocks-use-of-the-net-command-for-nonadmin-users?forum=winserverGP).
    ( What you may consider when having Shares cross-forest, you can remove that authorized users permission from the share replacing it by DOMAIN\Domain users groups, etc. So access to the share is limited instead of using a share that a user has access to.
    Please Keep in mind that even when you remove the Network drives a user can still Access the resource via UNC. )
    Regards,
    Martin

  • Preventing mac osx users from using cisco vpn

    Hi,
    I have setup ASA to act as our vpn server with radius as my authentication server. Users use the cisco vpn client utility to vpn in which has the .pcf file. This .pcf file has the group password, name and so on. Some users went online and found websites to decrypt the group password and have used that on their local macs to vpn in.
    That irritates me and i want to know how i can prevent them from logging on. Are there any ways to block by os type within ASA?
    Please help!!
    thanks

    thanks i set it up to get 2 syslog messages: 713120 and 713904.
    <165>Feb 09 2012 06:48:56: %ASA-5-713120: Group = vpnaccess-xyz123, Username = xyzcompany\jdoe, IP = 10.10.10.10, PHASE 2 COMPLETED (msgid=xxxxxx).
    Which is good, now i know who is connected to my vpn and i get an alert, but i also want to know they type of OS they are using. When i do a lookup of syslog message id: 713904, that is suppose to give me the OS type (ex: winnt mac ox and so on), but i am not getting that.
    Any reason why i dont get an alert from message id 713904, but i get one from 713120.
    thanks

  • How do I stop users from using the standard inbuilt VPN connection in Windows

    We have a UAG Portal setup to check the security of users computers etc then if it is all correct they are presented with the log in and once logged in the are connected to the corpirate network via a SSTP connection.  The all works fine but the issue
    I have is users can bypass all the checking but just going into network connections on their local computer and creating a SSTP VPN connection, like on this webpage http://blogs.technet.com/b/tugait/archive/2011/10/12/how-to-publish-a-vpn-sstp-using-your-uag-in-a-https-trunk.aspx
    Any idea how to stop users being able to do this and forcing them to use Internet Explorer?

    Found my answer on this page  http://technet.microsoft.com/en-us/library/ee809077.aspx 
    "To enforce Forefront UAG portal authentication, do not set users dial-in properties to Allow
    access."

  • How to find out portal user from sso cookie ?

    Hi,
    I want to find out the portal user id from Portal30_sso cookie. It is required for security in my java servlet.
    Thanks
    Vikas

    First of all, you can't get anything from the portal30_sso cookie or the portal30 cookie or the SSO_ID cookie. These are cookies established for (1) The login server session; (2) The Portal session; (3) The login server single sign-on cookie - visible only to the login server.
    When you want to know who the current user is, you need to establish the context. If your servlet is standalone and not a partner application to the login server and it's not a portlet, etc., then what context does it have? What concept of users does it have? If you are really asking what Portal is currently logged on, that is still a loaded question. The user's browser could be accessing several portal's at the same time, each with a different identity. What I am getting at is that your servlet needs to somehow be associated with a particular portal before it can even think of asking this question.
    The ways to associate your servlet with a portal would be
    [list=1]
    [*]Make it a partner application
    [*]Make it a portlet
    [*]Make it an external application
    [list]
    Hope that helps.

  • How to link a Portal User ID in the Html code

    Hi,
    I have requirement where in I need to create a HTML page with a Input Parameter as Portal user ID.
    This HTML Page is included in a webpage created by Web Page Composer.
    Please guide me how i can catch Portal UserID PArameter in this HTML code ?
    OR
    Can I use EPCM Portal Eventing for the same ?
    Awaiting Reply !
    Thanks,
    Smita Thorat
    Edited by: smita thorat on Feb 8, 2010 5:09 PM

    Hi!
    The way you suggest should not be used.
    A CS user will be created as a normal OID user and will receive the CS attributes in a different subtree later during the provisioning.
    For creating CS users use oesuser and uniuser. Files provisioning will work in a different manner anyway.
    cu
    Andreas

  • How to prevent OS X update from updating the HP printer drivers?

    Dear all,
    I am using a HP Photosmart C6180 All-In-One printer and scanner system together with my Mac (OS X 10.5.7). Well - after repeated problems with this products I realized that the automatic updates of the HP driver by OS X is the problem - since I finally realized that the scanner always refused to work after updating the software to the so-called current version. Well, of course I know that I can switch the updates to "manually approve" and uncheck the box next to the HP driver in order to prevent the problem - however, it has also happened several times that I forgot to uncheck - and then I had to go through the long uninstall-reinstall older version-process (the HP driver has approx. 200 MB...!).
    So I began wondering whether it might be possible to prevent OS X auto-update from updating this one driver only - is it possible to create an exception list for OS X auto update???
    Thanks in advance for considering my question!
    With kind regards,
    Björn

    Hey!
    I see, I see! Well, after all, for 40 years after school - not bad! I had, among other languages, Russian in school for 3 years (I thought it was cool...) - that's ten years ago, but I wouldn't even dare to try to speak that nowadays (my group leader at the institute was Russian - she wanted me to try and say something in Russian - with a smile of expectation in her face... I didn't dare...).
    Well, the German in Bavaria (Munich and around) may be a bit softer or less formal - for me it is hard to appreciate that... I considered Russian much more formal than German (and the other languages I learnt - English, French - probably with the exception of Latin...) - many more cases, complicated so-called "aspects" in the verbs (I never completely understood that...) and so on. Well, after all, I learnt German as my first language - and that made it much easier for me than any other language I tried to learn later :-D
    But it is funny - when I began to learn English in school (which was when I was ten years old), I found it quite easy at the beginning, since much of the structure of sentences etc. has some relation to German, and especially to the dialect from the area where my grandmother comes from (which is the area from where the anglo-saxonians moved to England in the early middle-ages) - the area is still today called "Angeln" in German (probably sth. like "Anglia"); I heard my grandmother and my great-grandmother talk in that dialect. Although it is said that only approx. 10 % of the English language stems from that origin, and many more words came to the language from French and other origins - it appears to me that the basis of sentences (such as pronouns, articles, important auxiliaries and verbs etc. - and the structure) stems from the anglo-saxonian origin - and the other 90 % then make up the wealth of vocabulary (English is known for its wealth of synonyms and words that differ only by a nuance).
    Well... :-D We're getting off-topic, I'm afraid. But the good thing is, I have never seen any board moderator or other guest here in the Apple forum complain
    Kind regards!
    Björn

  • How do you prevent a user from using the playback bar to skip questions?

    Hi,
    I am fairly new to Captivate and I had a question regarding the quiz feature in Cap4. I have some users testing the module for me and they are able to skip questions. I have done the following: 1. Made the quiz required 2. removed the review buttons.
    Is there something I am doing wrong?
    Shal

    Hello,
    You could hide the playbar, since it is not really needed for Question slides: on entering the first question slide you assign the value 0 to the system variable cpCmndShowPlaybar, and when you want to show it again, assign the value 1.
    Lilybiri

  • How to restrict a user from using the transaction code SU01?

    How can I grant a profile to a user with the profile SAP_ALL except running the transaction code SU01?
    I know how to lock the transaction code using SM01 but is there any other way to do it.

    Go to S_TCODE
    Double click on it and give the combinations like        A*  -   X*
                                                                                 SU00
                                                                                 SU02 - Z*
                         Try this one definately it will work.

  • Is there a configuration option to prevent an unprivileged user from accessing the firefox profile manager and/or firefox safe mode?

    I'm designing a locked-down Firefox user profile for use on public computers (common room in an apartment building). I can use existing plugins and add-ons to prevent access to about:config and to lock down the various firefox preferences but this is moot if a user can still access the firefox profile manager or can start firefox in safe mode. Is there any configuration setting that could prevent this?

    Hi...
    Reinstalled 10.7.3 from the Combo Updater from apples website.
    The only way to reinstall the Mac OS X or repair the startup disk running v10.7.3 Lion, is to use Lion Recovery The combo update does not do that.
    How much free space on the startup disk? Not enough free space can account for the problems with your apps.
    Right or control click the MacintoshHD icon. Click Get Info. In the Get Info window you will see Capacity and Available. Make sure there's a minimum of 15% free disk space.
    and no web-pages will load.
    Try using OpenDNS as suggested here >  Safari 5.0.1 or later: Slow or partial webpage loading, or webpage cannot be found
    Use OpenDNS for better speed, more security, includes anti phishing filters, prevents browser redirects, and it's free.
    Open System Preferences / Preferences then select the Network tab. Click the Advanced tab then click the DNS tab.
    Click +
    Enter these addresses exactly as you see them here.
    208.67.222.222
    Click +
    208.67.220.220
    Then click OK.
    edited by:  cs

Maybe you are looking for

  • G5 needs a new OS arrrgh

    Processor Memory Processor speed: - 2 x 1.8 GHz Processor Type: - PPC, G5 Number of Cores: - 1 Bus Speed: - 900 MHz Cache: - 512K per processor 64-bit Support: - No Turbo Boost: - No Installed RAM: - 512 MB Max. Amount: - 4.0 GB Amount of Slots: - 4

  • Withholding Taxes - NON CREATION OF REMITTANCE CHALLAN

    Hi, TDS remittance challan is not getting created. The following error is thrown:- No unpaid tax lines exist for the given selection criteria. Message no. 8I702 Diagnosis The corresponding withholding tax line  &1& is not present in WITH_ITEM table.

  • How to get report for deleted line items from sales orders

    Dear FRIENDS, please infirm the t.code or report for viewing the deleted line items from sales ordrers. Kindly do the neeedful. regards, N.M.PAWAR

  • Add a new field on SRS (SAP Retail Store)

    Hi Experts, We have a requirement to add a new field on the SRS(SAP Retail Store) screen for Purchase Order. We identified the template - zwspo_entry/90/saplwspo_docdlg_2000. We included a new field in the Internet Services => ZWSPO_DOCDLG under TOPI

  • TM  backup takes too much space

    I restored the boot disk (Macintosh HD) from TM's last backup. The first new backup takes too much space on your external drive! Is it true? Macintosh HD: Capacity: 250.66 GB Available: 130.01 GB Message was edited by: tamias