How to restrict access to portal when LDAP is used ?

Hello,
We implemented an XSS portal using Active Directory as user source. However we are facing a worry : all declared users in LDAP are allowed to connect to portal, even they are not declared within our ECC6 backend.
I have been told that in an normal situation, unauthorized users should be stopped after authentication by a white screen informing that they are not allowed to access the application.
Can anyone tell me what miss in the configuration that I set ?
Regards,
Sabrina CARK

So all the users who fall within the group everyone will have the default role and will be able to logon to the portal. However since they dont have access within the R3 they wont be able to execute any transaction if you have enbled SSO with logon tickets (AND NOT User Mapping).
If I were to configure a scenario like you, I would put in all the users who have access to XSS into a common group and do role mapping for XSS roles only with that group. This would ensure that the XSS tabs are visible only to members from that group. While all other users will have access just to the Home tab post logon
Thanks,
GLM

Similar Messages

  • How to restrict access to portal based on entitlements.

    Hi,
    I am working on weblogic 8.1 portal project. i want to restrict the user to access
    the portal based on the entitlements. However when user try to login he is seeing
    Weblogic Error 403 forbidden page. How to display custom error page, instead of
    weblogic default error page.
    How to programatically check whether user has access to portal or not based on
    entitlements.
    Please give me code.
    regards,
    -chada-

    Chada,
    The 403 is by design. If you want to place a page in front of one or more
    portal desktops and only show links to desktops the current user is entitled
    to, review the attachment.
    -Phil
    "Chada" <[email protected]> wrote in message
    news:3fcd6969$[email protected]..
    >
    Hi,
    I am working on weblogic 8.1 portal project. i want to restrict the userto access
    the portal based on the entitlements. However when user try to login he isseeing
    Weblogic Error 403 forbidden page. How to display custom error page,instead of
    weblogic default error page.
    How to programatically check whether user has access to portal or notbased on
    entitlements.
    Please give me code.
    regards,
    -chada-[login.zip]

  • How to restrict access in 2008?

    How to restrict access in 2008?
    So, I would like to do the 2 following things:
    1. Grant developers access to read all Active Form Comonents
    2. Create new Form Groups
    3. Not be able to change nS Resticted AFC
    and
    1. Grant developers rights to Create Ous
    2. Add/Rmeove Members to OUs
    3. Remove rights to add/remove to/from Site Admin OU
    Any suggestions on how to do that?
    So far I tried the out of the box Capabilities and Permissions, created custome ones, but still no luck in accomplishing all 3 items.

    Your request #1 is not possible. In paticular, you can't create new form groups and still not be able to change all form groups. Please submit an enhancement request, asking that newScale support your desired role configuration.
    Similar problem with #2.

  • How can I access an iPhone when I receive a message saying iPhone disabled connect to iTunes?

    How can I access an iPhone when I receive a message saying iPhone disabled connect to iTunes?
    Tried connecting to itunes and hitting restore and get a error message 3194.
    Any help would be greatly appreciated.

    odds are entering password too many times

  • HT1595 how do i access apple tv when screen is stuck at setting date and time

    how do i access apple tv when screen is stuck at setting date and time, have unplugged system,restarted router....

    Welcome to the Apple community.
    Assuming this is not the first time you have used your Apple TV
    You might try restarting the Apple TV by removing ALL the cables for 30 seconds.
    Also try restarting the router.
    If the problem persists, try a restore, you may want to try the previous procedures several times before doing this.
    If this is a new Apple TV, it may also be that your network router is not allowing access to the timeserver, check that your router allows access over port 123.

  • How to get UTF-8 encoding when create XML using DBMS_XMLGEN and UTL_FILE ?

    How to get UTF-8 encoding when create XML using DBMS_XMLGEN and UTL_FILE ?
    Hi,
    I do generate XML-Files by using DBMS_XMLGEN with output by UTL_FILE
    but it seems, the xml-Datafile I get on end is not really UTF-8 encoding
    ( f.ex. cannot verifying it correct in xmlspy )
    my dbms is
    NLS_CHARACTERSET          = WE8MSWIN1252
    NLS_NCHAR_CHARACTERSET     = AL16UTF16
    NLS_RDBMS_VERSION     = 10.2.0.1.0
    I do generate it in this matter :
    declare
    xmldoc CLOB;
    ctx number ;
    utl_file.file_type;
    begin
    -- generate fom xml-view :
    ctx := DBMS_XMLGEN.newContext('select xml from xml_View');
    DBMS_XMLGEN.setRowSetTag(ctx, null);
    DBMS_XMLGEN.setRowTag(ctx, null );
    DBMS_XMLGEN.SETCONVERTSPECIALCHARS(ctx,TRUE);
    -- create xml-file:
    xmldoc := DBMS_XMLGEN.getXML(ctx);
    -- put data to host-file:
    vblob_len := DBMS_LOB.getlength(xmldoc);
    DBMS_LOB.READ (xmldoc, vblob_len, 1, vBuffer);
    bHandle := utl_file.fopen(vPATH,vFileName,'W',32767);
    UTL_FILE.put_line(bHandle, vbuffer, FALSE);
    UTL_FILE.fclose(bHandle);
    end ;
    maybe while work UTL_FILE there is a change the encoding ?
    How can this solved ?
    Thank you
    Norbert
    Edited by: astramare on Feb 11, 2009 12:39 PM with database charsets

    Marco,
    I tryed to work with dbms_xslprocessor.clob2file,
    that works good,
    but what is in this matter with encoding UTF-8 ?
    in my understandig, the xmltyp created should be UTF8 (16),
    but when open the xml-file in xmlSpy as UTF-8,
    it is not well ( german caracter like Ä, Ö .. ):
    my dbms is
    NLS_CHARACTERSET = WE8MSWIN1252
    NLS_NCHAR_CHARACTERSET = AL16UTF16
    NLS_RDBMS_VERSION = 10.2.0.1.0
    -- test:
    create table nh_test ( s0 number, s1 varchar2(20) ) ;
    insert into nh_test (select 1,'hallo' from dual );
    insert into nh_test (select 2,'straße' from dual );
    insert into nh_test (select 3,'mäckie' from dual );
    insert into nh_test (select 4,'euro_€' from dual );
    commit;
    select * from nh_test ;
    S0     S1
    1     hallo
    1     hallo
    2     straße
    3     mäckie
    4     euro_€
    declare
    rc sys_refcursor;
    begin
    open rc FOR SELECT * FROM ( SELECT s0,s1 from nh_test );
    dbms_xslprocessor.clob2file( xmltype( rc ).getclobval( ) , 'XML_EXPORT_DIR','my_xml_file.xml');
    end;
    ( its the same when using output with DBMS_XMLDOM.WRITETOFILE )
    open in xmlSpy is:
    <?xml version="1.0"?>
    <ROWSET>
    <ROW>
    <S0>1</S0>
    <S1>hallo</S1>
    </ROW>
    <ROW>
    <S0>2</S0>
    <S1>straޥ</S1>
    </ROW>
    <ROW>
    <S0>3</S0>
    <S1>m㢫ie</S1>
    </ROW>
    <ROW>
    <S0>4</S0>
    <S1>euro_€</S1>
    </ROW>
    </ROWSET>
    regards
    Norbert

  • How AP behaves for withholding tax when vertax is used for tax calculation

    Hi,
    I am currently working on R12 implementation, I have requirement where business has to calculate the USE tax and withhold it from being paid to the supplier in case if use tax is not mentioned on the Invoice and pay it to tax authorities directly by business. Our client has Vertax third party tax engine. now the question is does it works same as it is in oracle payables in cases if client want to use vertax to calculate tax. How oracle behaves for withholding tax when vertax is used for tax calculations.
    Regards,
    Shashi.

    Hi
    Cheque Go to Menubar of  which document you have to  post for getting the WHT value  Menubar Settings - editing options -  remove the tick calculate tax on net amount.
    Rgds
    Vani

  • How to restrict access to views for some users in the app?

    Hi SDN!
    I have an WD application wich embedded in the portal. Appication has 2 iViews (and 2  pages respectively). These iViews consist several views connected with each other (e.g. one view provide list data, second view is add/edit form for this data). I need to restrict access for some users for view with add/edit form. I can't make separate page for this view.
    What I've done:
    1) create yet another UIContainer for this view in main window and embed view to this container. It was be done for create separate iView for form.
    2) in the portal I create iView for this form but don't embedd in any page.
    When I try to call my form from list data (that is one iView from another) I get exception:
    <b>com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: duplicate usage of view .MyCarRentalAddCity</b>
    Is there a way to get needed functional?
    Thanks,
    Lev

    Hi,
    do you need to remove the IView from the portal menu or do you just want to make a View container in your WD application invisible if the user doesn't have the rights to see it.
    If so, you could create your own roles on the app server:
    You need to create a new class that extends NamePermission like:
    import com.sap.security.api.permissions.NamePermission;
    public class ApplicationAccessPermission extends NamePermission {
               * @param name
              public ApplicationAccessPermission(String name) {
                   super(name);
               * @param name
               * @param action
              public ApplicationAccessPermission(String name, String action) {
                   super(name, action);
    Also, you have to create an Action.XML file that looks like this:
    <BUSINESSSERVICE
         NAME="com.vendor.administration">
         <DESCRIPTION
              LOCALE="en"
              VALUE="actions view usage"/>
         <ACTION
              NAME="View Permission">
              <DESCRIPTION
                   LOCALE="en"
                   VALUE="Show view"
                   />
              <PERMISSION
                   CLASS="com.vendor.utilities.ApplicationAccessPermission"
                   NAME="ShowView"
                   />
         </ACTION>
    </BUSINESSSERVICE>
    If you have created these to files in your packages, you can access this function like:
    IUser user ;
    try {
              user = WDClientUser.getCurrentUser().getSAPUser();
              if(user.hasPermission(new ApplicationAccessPermission("Show view"))){
                   wdContext.currentV_UIElement().setViewVisibility(WDVisibility.VISIBLE);
              }else{
                   wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
         }catch (WDUMException e1) {
              wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
                    e1.printStacktrace();
    You have to bind the ViewVisibility attribute of the context to the View Container you want to hide.
    The applicationAccessPermission you defined in the XML File will be visible in the UME Manager of you J2EE engine. With this action you can create a new role and group that you can map to the users that should see you view.
    But, the exception you get is because you have embedded one view twice, which is not possible.
    Hope this helps.
    Regards,
    Dennis

  • How do I access the portal "builder"?

    It seems like I am successfully logging in as the orcladmin user via the Login link off of the portal home page (/pls/portal/portal.home), because there is no error upon logging in and I can access the OID admin pages. However, I can't seem to figure out how I get to the pages that will allow me to build portal pages, etc. All I see is the "Home", "Community" , "Refresh","Login" and "Help" buttons on the top navigator. Is there a url that I can type in to access the portal builder pages?
    I am quite certain that I am logging in properly because after my initial login, when I click the Login link, it does not take me to the login page, just leaves me where I am at.
    Upon my initial login, should'nt I be forwarded to the portal admin page or something??
    Any help would be appreciated.

    once you login, click on the "corporate documents" tab.
    a link to the "builder" should show up in the top right.
    clicking on that gets you what you want. (there is then a link to navigator on the top right of that page...if you want to work on pages).

  • How to restrict logging on portal (Performance issue)

    Hi guys,
    does anyone know how to restrict logging of the portal? Even though I made a change on Visual Administrator -> Services -> Log Configurator setting ALL categories to severity = 'Error', I keep getting 'Info' severity traces logged in defaultTrace.trc (viewed by Logg Viewer). Which in practise means tons of logged trace information! I think this might be one of the reasons we have been experiencing performance issues lately.
    Does anyone know how to restrict this logging?
    Any help greatly appreciated!
    Cheers,
    Frank

    Hi,
    I would not only set the severity of categories to 'Error' but also locations to 'Error'.
    A log controller - can be a "category" or a "location".     Categories are used for "logging" and represent problem areas such as network, database, security, user interface, etc. Identified by a slash-separated ('/') path of names, prefixed with an additional slash.     Locations are used for "tracing" and correspond to places in the development components. Identified by a dot-separated ('.') path of names, which is often the name of the respective java package.
    Greetings,
    Praveen Gudapati

  • How do I access word documents when I load Lion?

    How do I access my Word and Excel documents when I download Lion?
    Bob

    There shouldn't be any problem accessing them, unless you have an older version of Office such as 2004 and earlier. In that case, you'd need to update them, or switch to iWork (Pages and Numbers) which can read those files.
    Matt

  • How can i access my PowerMac when i am away from home?

    Hi, I have a powermac G5 at home and have just bought a mac book pro. is there any way to set them up so i can access the powermac when i am out traveling with my mac book? I guess i would need to leave the powermac on all the time, but how do i get the two connected? i have far to many files to use iDisc and i have a lot of extra drives attached to the powermac at home.
    Any chance the answers could be simple!!! I'm relatively new to macs and know almost nothing about accessing computes over the internet.
    thanks for your help.
    martin

    Hi Martin,
    I am just implementing something which may be of interest to you.
    I have a home network of a G5 Quad and several PCs which I wanted to be able to access, securely while I was away from home. (Using a XP laptop).
    I have just purchased a LinkSys RVL200 VPN router and ASDL modem and after a fair amount of trial and error managed to get it working to my ISP, British Telecom.
    Effectively I can now connect my laptop from anywhere on the internet and it is as if I am sat on home with it connected to my local network. Most importantly it runs via an https: tunnel (may not be the correct phrase) so it is secure.
    To connect all I have to do is go to my IP address via the browser using https://, logon on and it creates a connection through which I can access my Mac and PCs. Once the connection is in place then I can run any application on my laptop and it connects fine. (Last night I tested it running ftp to my G5 which is hidden behind the firewall.)
    The only thing I am not sure about is how it would connect using a Mac rather than an XP machine (the secure connect icon appears in the tray) but if it fits what you are looking for I'm sure LinkSys could advise on whether it would work.
    G5 Quad   Mac OS X (10.4.3)  

  • HT1212 How can I access my iPod when I don't have the passcode?

    My daughter changed her passcode on her iPod and didn't write it down. How can I access it? Please help!

    For how to place in recivery mode:
    Recovery Mode
    If recovery mode does not work try DFU mode.
    How to put iPod touch / iPhone into DFU mode « Karthik's scribblings

  • How do i access my iphone when it is disabled and not connecting to itunes

    my iphone has been disabled and not registered with iTunes how do I access my phone I have a passcode

    You need to put the device into restore mode and restore it
      http://support.apple.com/kb/HT1808
    Then Restore the device.
      http://support.apple.com/kb/HT1212

  • How the columns retrive from datebase when u r using joins

    Hi,
    I am Seetharamaiah.c working in Xansa India Limited. I got a doubt . Pls clarify my doubt when we r retriving the data from database, how the colums retrieve when we r using self join. What exactly internally happen.
    Thanking u,
    Seetharamaiah.C

    use set autotrace on
    SQL> set autotrace on
    SQL> select dname,ename
    from dept d,emp e
    where d.deptno = e.deptno;
    Execution Plan
    0 SELECT STATEMENT Optimizer=CHOOSE
    1 0 NESTED LOOPS
    2 1 TABLE ACCESS (FULL) OF 'EMP'
    3 1 TABLE ACCESS (BY INDEX ROWID) OF 'DEPT'
    4 3 INDEX (UNIQUE SCAN) OF 'SYS_C0063851' (UNIQUE)
    Each row of the emp table is returned and the corresponding dept row is found using the index.
    Introduce an outer join:
    select dname,ename
    from dept d,emp e
    where d.deptno = e.deptno(+)
    Execution Plan
    0 SELECT STATEMENT Optimizer=CHOOSE
    1 0 MERGE JOIN (OUTER)
    2 1 SORT (JOIN)
    3 2 TABLE ACCESS (FULL) OF 'DEPT'
    4 1 SORT (JOIN)
    5 4 TABLE ACCESS (FULL) OF 'EMP'
    and you get two full table scans with the results merged to populate the dept with no emp records

Maybe you are looking for

  • What to Look For when Buying a Used Storm to activate on Verizon Pre-Pay

    Hi, I am looking to buy a Storm 9550 refurbished for use on Verizon Pre-Pay and am just wondering what all I need to look for. Would something like this work: http://www.ebay.com/itm/Great-BlackBerry-Storm2-9550-2GB-Black-Verizon-Smartphone-WIFI-GSM-

  • HP Laser Jet 1020 printing again the last job

    Hello there! I have a printer HPLaser Jet 1020 which, after reboot, of the computer when switching ON the printer, it immediately begins printing the last job that was sent to the printer before the computer had been switched OFF. I have checked the

  • Bug in Nokia 3110c firmware

    Theses a bug in the Nokia 3110c version 7.21, related to log. My phone's log showed 'Data recieved in last session' is 114256785kb, and 'All recieved data' is just 5865427kb, how can that be possible? All recieved data is always greater or equal to d

  • XMP "Copyright status" not accessible?

    Just noticed that for files processed by LR, the "Copyright Status" xmp field, as shown in CS2 "File Info..." Description section (ACR 3.7), is always showing as "Unknown" (the 2 other choices are "Copyrighted" and "Public Domain") This happens for a

  • ITunes store error code 1202

    I haven't been able to get iTunes store to work on my older (2008) Macbook.  When I go to the store, half of it looks like basic HTML with some pictures of new albums coming out, but when I go to try and download any music it gives me an error of "We