How to restrict access in 2008?

Similar Messages

• How to restrict access to views for some users in the app?

  Hi SDN!
  I have an WD application wich embedded in the portal. Appication has 2 iViews (and 2  pages respectively). These iViews consist several views connected with each other (e.g. one view provide list data, second view is add/edit form for this data). I need to restrict access for some users for view with add/edit form. I can't make separate page for this view.
  What I've done:
  1) create yet another UIContainer for this view in main window and embed view to this container. It was be done for create separate iView for form.
  2) in the portal I create iView for this form but don't embedd in any page.
  When I try to call my form from list data (that is one iView from another) I get exception:
  <b>com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: duplicate usage of view .MyCarRentalAddCity</b>
  Is there a way to get needed functional?
  Thanks,
  Lev

  Hi,
  do you need to remove the IView from the portal menu or do you just want to make a View container in your WD application invisible if the user doesn't have the rights to see it.
  If so, you could create your own roles on the app server:
  You need to create a new class that extends NamePermission like:
  import com.sap.security.api.permissions.NamePermission;
  public class ApplicationAccessPermission extends NamePermission {
             * @param name
            public ApplicationAccessPermission(String name) {
                 super(name);
             * @param name
             * @param action
            public ApplicationAccessPermission(String name, String action) {
                 super(name, action);
  Also, you have to create an Action.XML file that looks like this:
  <BUSINESSSERVICE
       NAME="com.vendor.administration">
       <DESCRIPTION
            LOCALE="en"
            VALUE="actions view usage"/>
       <ACTION
            NAME="View Permission">
            <DESCRIPTION
                 LOCALE="en"
                 VALUE="Show view"
                 />
            <PERMISSION
                 CLASS="com.vendor.utilities.ApplicationAccessPermission"
                 NAME="ShowView"
                 />
       </ACTION>
  </BUSINESSSERVICE>
  If you have created these to files in your packages, you can access this function like:
  IUser user ;
  try {
            user = WDClientUser.getCurrentUser().getSAPUser();
            if(user.hasPermission(new ApplicationAccessPermission("Show view"))){
                 wdContext.currentV_UIElement().setViewVisibility(WDVisibility.VISIBLE);
            }else{
                 wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
       }catch (WDUMException e1) {
            wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
                  e1.printStacktrace();
  You have to bind the ViewVisibility attribute of the context to the View Container you want to hide.
  The applicationAccessPermission you defined in the XML File will be visible in the UME Manager of you J2EE engine. With this action you can create a new role and group that you can map to the users that should see you view.
  But, the exception you get is because you have embedded one view twice, which is not possible.
  Hope this helps.
  Regards,
  Dennis

• How to restrict access to portal based on entitlements.

  Hi,
  I am working on weblogic 8.1 portal project. i want to restrict the user to access
  the portal based on the entitlements. However when user try to login he is seeing
  Weblogic Error 403 forbidden page. How to display custom error page, instead of
  weblogic default error page.
  How to programatically check whether user has access to portal or not based on
  entitlements.
  Please give me code.
  regards,
  -chada-

  Chada,
  The 403 is by design. If you want to place a page in front of one or more
  portal desktops and only show links to desktops the current user is entitled
  to, review the attachment.
  -Phil
  "Chada" <[email protected]> wrote in message
  news:3fcd6969$[email protected]..
  >
  Hi,
  I am working on weblogic 8.1 portal project. i want to restrict the userto access
  the portal based on the entitlements. However when user try to login he isseeing
  Weblogic Error 403 forbidden page. How to display custom error page,instead of
  weblogic default error page.
  How to programatically check whether user has access to portal or notbased on
  entitlements.
  Please give me code.
  regards,
  -chada-[login.zip]

• How to restrict access to sub folders (apart from Manual settings)?

  Hi,
  Is there any method to stop the  group traverse from main Folder to sub folder when user group has access to main folder?
  So that no need to give no access to sub folders manually for given group.
  Manual access settings have become tedious due to large number of sub folder and user groups.
  Scenario:-
  There is a main Folder F1 and it has 100 Sub Folder SF1 to SF100. And these sub folders has child folders.
  Group G1 should have access only  F1, and should not have the access its child folders.
  How can we eliminate manual work to remove access for each group at each sub-folder level?
  Thanks,
  Anu

  Access restrictons by default are inherited from parent folders downward.
  You can break the inheritance, but you'll still need to manualy setup initial security.
  Details are in the Admin guide.

• How to restrict access to portal when LDAP is used ?

  Hello,
  We implemented an XSS portal using Active Directory as user source. However we are facing a worry : all declared users in LDAP are allowed to connect to portal, even they are not declared within our ECC6 backend.
  I have been told that in an normal situation, unauthorized users should be stopped after authentication by a white screen informing that they are not allowed to access the application.
  Can anyone tell me what miss in the configuration that I set ?
  Regards,
  Sabrina CARK

  So all the users who fall within the group everyone will have the default role and will be able to logon to the portal. However since they dont have access within the R3 they wont be able to execute any transaction if you have enbled SSO with logon tickets (AND NOT User Mapping).
  If I were to configure a scenario like you, I would put in all the users who have access to XSS into a common group and do role mapping for XSS roles only with that group. This would ensure that the XSS tabs are visible only to members from that group. While all other users will have access just to the Home tab post logon
  Thanks,
  GLM

• How to restrict access to a deployed web application

  I have a web application (ear-file) and i want to configure NetWeaver so that only certain users can use the web application.
  How/where to configure the Application server to reach that goal?

  Hi Ludger,
  You can create J2EE Security Roles:
  http://help.sap.com/saphelp_nw04/helpdata/en/c2/e13e4045796913e10000000a1550b0/frameset.htm
  Regards,
  Siddhesh

• How to restrict access of data in Infocube

  Hi BW Experts,
  We got HR project and we loaded the Data from Flat File. We developed reports as per their requirement.
  As per some condtions, we should not see the HR Data in Infocube as well as in Report.
  We are having only one role which has all authorizations (SAP_ALL and BI_ALL)
  I know one solution i.e, we have to restrict all Infocubes except HR cube, then only we cant see the data. But we dont want to disturb our existing Role.
  Please can any one tell me other solution.
  Regards,
  Anjali

  Hi Anjali,
              Please check here......
  Authorization issue to view cube contents
  Re: Authorization Object issue
  Thanks,
  Vijay.

• How does SSHR EmployeeSS restrict access to just the user?

  Hello
  I am trying to establish how EmployeeSS restricts access to just the user account.
  Does it use securing attributes ICX_HR_PERSON_ID or TO_PERSON_ID at all?
  Thanking you in advance for any replies which will be posted to this thread.
  Vicky

  Hi,
  yeah the system uses the securing attributes to decide on what security permissions to attach from a responsibility perpective. But one can also enfore the HR Security profiles to add further more constraints.

• Restricting access to GL accounts. How to

  Hi all,
  How to restrict access to GL accounts.
  Access should be limited to operational accounts in the range "YYYYY000" to "YYYYYY799" and restrictio to "YYYYYY800" to "YYYYYY875"
  please suggest

  Hi priyanka
  It should be possible.  Try restricting with the folloiwng auth object
  F_SKA1_AEN FI         G/L Account: Change Authorization for Certain Fields
  F_SKA1_BES FI         G/L Account: Account Authorization
  F_SKA1_BUK FI         G/L Account: Authorization for Company Codes
  F_SKA1_KTP FI         G/L Account: Authorization for Charts of Accounts
  Thanks
  Ashok

• How to control accessing Oracle Application Server URLs

  Hey all;
  I wish you are all doing okay.
  I am facing a problem with OAS Oracle Application Server; Since we switched form using forms 6i to OAS 10g running on the web browser of course using a URL for each application
  The question is if I give a user a single URL for the application he is using and he just change his application name for example hr by payroll he will be able to open the payroll and run reports or even editing values!
  How to restrict accessing the apps to only the authorized users on Oracle Application Server 10g?!
  Thank you all in advance

  Hi Mohamed,
  Please follow the below note:Preventing Access to URI's Via IP Address Using Mod_Rewrite (Doc ID 1306292.1)
  Regards,
  Prakash.

• FERC Code of Conduct - Restricting access for employees

  hello - I am project lead for an effort to separate market and transmission data from certain employees in our company. I'm finding this to be a monumental task, since we have a large SAP implementation. FI/CO, MM, HR (postion-based security), Customer (IS-U-CCS), PM, PS, xRPM. We have implemented SOD for SOx compliance, but this is an entirely different effort. Unlike SOx, we need to totally restrict transactions that could contain non-public market and transmission data, so we need to separate the data behind the transactions. Does anyone have experience with this? Would love to hear what approach you took and swap ideas.
  Annette M Alboreo, FirstEnergy Corp.

  Hi Annette,
  First of all, good luck! Data segregation is always a tricky one to manage and needs to be carefully thought out.  This sort of activity has a large security and functional overhead and you need to make sure you have access to them.
  When I've worked on this sort of thing in the past, there are a few things that you need to identify
  - What data is sensitive?  The business should ID <b>all</b> sensitive data and the functional team translate that into fields etc.  What data needs to be legally segregated, what data is nice to have segregated.  A set of rules should be drawn up to say who get's what in which circumstances.
  - How are people accessing data? What transactions give access to sensitive data? Standard SAP tx, custom tx (which may need auth checks changing), access to SE38/SA38, SQ01, SQVI etc.  All of the routes to the data need to be identified.
  Once it is known what data needs to be restricted then it is possible to address how to restrict access to it.  A reasonable amount of it should be able to be catered for in the standard auth concept.  It's also likely that there will be the requirement for additional config & customising (e.g hide fields, change screens, user exits) to meet these new control needs.  I think it goes without saying that the more that you can fix with the standard auth concept, the easier it tends to be.  If this means removing some transactions from users then in some cases it may be less costly than knocking up a whole load of custom code to solve the problem - of course this is dependent on the situation.
  Hope that is of some use
  Cheers
  Alex

• Restricting access via MAC address?

  Hello,
  Could someone please tell me how to restrict access to my wireless network (and internet sharing) by only allowing computers with a certain MAC address to join?
  I'm kinda stumbling around here
  Thanks,
  Jonny

  Sorry if I wasn't being specific enough...
  I have my eMac set up as a Software Base Station, which streams internet & Airtunes to an Airport Express. I have it set up this way, because my ADSL modem is connected via USB (so it's a bit of a workaround). As a result, I have Internet Sharing switched on, so I can access it from all my other macs.
  What I want to do is to stop other people from accessing my eMac's internet connection. If I set up a WEP password for Internet Sharing, I lose my Airtunes facility... so I was thinking another way might be to restrict access to the connection via MAC address. I only want my other airport card-equipped macs to access the internet connection and network generally.
  Surely it's possible?

• Restricting  Access for SQ01 User Group

  Hi ,
  Please let me how to Restrict  Access for a   User Group  to only some of  the specific users?
  Thank you
  Edited by: Vibhor Arora on Apr 12, 2010 7:29 AM

  Hi,
  Can you please clarify what exactly you want to know, your request can be interpreted in a few different ways.
  If you are concerned that people have access to all user groups, then you need to remove access to S_QUERY activity 02 and I think activity 23.  They will lose access to all user groups that they are not assigned to via SQ03.

• How to restrict profile manager to SSL?

  I have just setup Profile Manager 3.0.2 on OS X 10.9.1 (Mavericks). The setup works fine, but I noticed that I can access profile manager over SSL and regular HTTP. I would like to restrict access to using SSL, but I don't know. Can someone please direct me to how I restrict access to profile manager to only allowing secure connection. Please be clear as I am new to OS X. Thanks.

  Authentication and everything after the login page should be SSL (https://).
  If you login via the page at http:// does it not redirect to https:// ?

• How to restrict users working on Windows 7 clients from accessing Windows Explorer and other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2

  Dear All,
  We are having an infrastructure setup of around 500 client computers managed through group policy.
  Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
  Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
  It would be great if you can assist me with the following query.
  How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
  Can we disable Network Tab on the left hand pane ?
  explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.

  >   * explorer.exe is blocked already, but users are able to enter the
  >     Windows Explorer by clicking on the name which is visible on the
  >     Start Menu.
  You cannot block explorer.exe when you do not replace the shell - the
  desktop you see effectively IS explorer.exe...
  Your requirement sounds like you need a custom shell:
  http://gpsearch.azurewebsites.net/#2812
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))