Implementing Authorization based on roles

Similar Messages

• Implementing authorization based on database roles

  Hi,
  I am trying to implement authorization in my sample jdeveloper application.
  I have the list of users stored in LDAP and my database table contains the roles for those users.
  Now how can I get the roles from the database table and implement authorization based on the roles?
  I am using jdev 11 and weblogic 10.3
  Thanks

  Hi,
  Checkout [this post|http://forums.oracle.com/forums/thread.jspa?threadID=928304]
  Sireesha

• Transaction based security vs. Authorization based security

  Hi All just a general question does any one know any pro's and con's about implementing transaction based security vs. authorization object based
  Thanks Mike

  Well, the Tcode goes into an authoruization object as well, namely S_TCODE, so it always boils down to authorization objects. When properly configured, PFCG will propose all necessary authorization objects once you put a transaction in the role menu. On a new system, have a look at SU25 and it's documentation to setup PFCG.
  In my opinion putting the relevant transactions in the roles first and fine tuning the authorization values afterwards is the right way to go. Tracing may help but is no substitute for testing.

• Credit management Authorization Based on Value.

  Hi All,
  Can help me out to find whether we can implement Credit management based on different level of Values or not.As i know we can do authorization based on % like 100%, 110% etc.
  But i want to activate release authorization based on the Amount like
  level 1              Rs 1 lakh( Can release upto 1 lakh) when it reaches to above of 1 lakh
  level2               Rs  2 lakh ( it will release upto 2 lakh)
  like wise.As what i understand whatever the standard roles are given relevant to % basis only.

  hello, friend.
  yes, you can do this in a few ways...
  1.  try 'Document Class' - a document class is assigned a certain value, which is assigned to a user (the link to credit management is indirect)
  2.  the traditional way is to use 'Risk Category', and you can set specific values (e.g. maximum document values) when doing OVA8. 
  i seem to recall there may also be a way to assign values to risk category, but i will check on this.
  regards.

• Authorization based on STD Cost Centre Hierarchy - different hier levels

  Hello,
  I need to create an Authorization scenario where the same user, which have autorization based on Cost Centre Standard Hierarchy, would have access to Cost Centre Hier "NODE A" for "CUBE 1" and Cost Centre Hier "NODE AB" for "CUBE 2". The challange is that he cannot access "NODE A" on "CUBE 2".
  How can I have this? Would it work if I create 2 different authorization objects based on cost centre, each one for a different cube?
  Current authorizations are set up for CUBE 1 based on roles assigned to users and this affects more than 300 User ID. So I need a solution with few impact on what is already set up...
  BW version 3.1
  Thanks in advance

  Just for the forum information, I have made further progress on this.
  I have created different Authorization Objects (both based on cost cecntre) and assigned each one o a different cube. I will then have 2 roles assigned to the user: one role with Auth Object X will provide access to cube A only; the other role with Auth Object Y will provide access to cube B only.
  Regarding the hiearchy level, as this does not depend of the Authorization Object but on the Cost Centre Object itself, I dont need to create (Tcode: RSSM) duplicated hierachy technical names for the same node of the hiearchy depending on the auth. Object.
  Hope this helps who's browing on the forum and have a similar issue. Otherwise, please contact me.
  Regards

• How to check the authorization based on webdynpro application

  Hi Experts,
  I was asked to develop a webdynpro component with two webdynpro applications, one each for internal party and external party to be used.
  So how to restrict or check the authorization based on webdynpro application used?
  Do we have any authorization object like S_TCODE for webdynpro application in roles and authorizations?
  Please enlighten me.
  Regards,
  Ajay Matam

  You can assign an authorization object to the Web Dynpro Application within SICF -
  http://help.sap.com/saphelp_nw70ehp1/helpdata/en/61/d93822a88e15489a9391f309767366/frameset.htm
  Of course you could also programatically check which web dynpro application is being used from within the component and then call a custom auth-check. However maintain at the SICF is probably better for visibilty and long term maintenance costs.

• Implementing Authorization in Provider hosted Apps

  Hi
  I am developing App for SharePoint Online using Chrome control and Apps is hosted at Amzon Cloud(using Windows server 2012 and SQL server 2014).
  I want to Implement Authorization in this App based on logged in user  in SharePoint Online.
  Can any body Help me on same? Thanks in advance
  Kaps

  Hi Kaps,
  Please check if the links below could help:
  OAuth authentication and authorization flow for cloud-hosted apps in SharePoint 2013
  http://msdn.microsoft.com/en-us/library/office/fp142382(v=office.15).aspx
  How to: Create apps for SharePoint that can be used by anonymous users
  http://msdn.microsoft.com/en-us/library/office/dn579415(v=office.15).aspx
  SharePoint Online Enterprises App Model Management Policies and Process
  http://technet.microsoft.com/en-us/library/dn198209.aspx
  Since the forum is specific for SharePoint on-premise, I'd recommend you could also ask the question in our SharePoint online forum for more sufficient resource and professional assistance. Thanks for the understanding.
  http://social.technet.microsoft.com/Forums/msonline/en-US/home?forum=onlineservicessharepoint
  Regards,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected] .
  Rebecca Tu
  TechNet Community Support

• Authorization in CO Roles

  Hello experts,
  Scenarion:  i have only one controlling area, many company codes are assigned to this controlling area into different countries.
  Now we have a requirement to segregate the user roles and authorizations based on the countries or company codes.
  for example if i have a user in country x therfore he can view and do transactions only to his related company codes.
  would please give an idea how i can restrict user from the CO Perspective.
  Regards,
  Bilal

  Hello experts,
  Scenarion: i have only one controlling area, many company codes are assigned to this controlling area into different countries.
  Now we have a requirement to segregate the user roles and authorizations based on the countries or company codes.
  for example if i have a user in country x therfore he can view and do transactions only to his related company codes.
  would please give an idea how i can restrict user from the CO Perspective.
  Regards,
  Bilal

• Authorization Object And Roles For  Functional Consultant

  Dear Expert,
  What kind of respective Authorization Object And Roles would be provided to  Functional Consultant (FI,MM, SD, PM, PS, CO, HR )at the time of implementation ?
  Thanx in advance
  Pavel

  Thanks Juan,
  We now already have it here and in the NW IDM forum a few times as well...
  Cheers,
  Julius

• Implementing Authorization Programatically - Best practise

  Hi,
  Where is the best place (AppModule, Entity Object, View Object) for implementing authorization programatically?
  Of course, we use JAAS (more specially JAZN) for Authentication.
  Thanks,
  Trung

  Trung,
  if you are on JDeveloper 10g then Entity Objects are supporting permission based authentication.
  For all other releases see
  http://www.oracle.com/technology/products/jdev/howtos/bc4j/bc4jvpdjaas.html
  Frank

• Analysis Authorization based on Hier node with multiple display hierarchies

  Hi guys - I've got a problem where s.o. might have an idea of how to switch on the light at the end of the tunnel, I am currently standing in:
  Requirement:
  Cost Center Authorization should be given through RSECADMIN, reporting should be possible for any hierarchy that exists for the authorization relevant info object.
  Preferred solution:
  The Cost Center Analysis Authorization should be given through RSECADMIN - Hierarchy node assignment.
  u2022     A dedicated Authorization Cost Center Hierarchy will be maintained in ECC6 as an alternative cost center hierarchy and extracted into BW.
  u2022     The RSECADMIN Hierarchy node assignment should be based on a particular node (Type 2).
  u2022     The display level will be specified as required (here: Level 7)
  u2022     The Authorization granted should be independent of hierarchy name and version (validity 3).
  Reporting Scenario and technical impact:
  As mentioned above, when designing and running a query the user should be able to freely select other (i.e. than the authorization) display hierarchies for the authorization relevant reporting object 'Cost Center' as well. The technical names of the semantically relevant hierarchy nodes could therefore vary. E.g. cost centers 1, 2 and 3, being assigned under hierarchy node u2018Au2019 of the RSECADMIN relevant authorization hierarchy, could be subsumed by hierarchy node u2018Bu2019 in another display hierarchy, which the user may want to display in accordance to his reporting needs. Ideally, the alternative display hierarchy should therefore display node u2018Bu2019.
  My findings so far (based on prototyping) turn out that this is not possible as long u2018Bu2019 (and its hierarchy) is not authorized in RSECADMIN. Can these findings be confirmed? And if not, would anyone have an idea of how to facilitate the reporting scenario?
  Would there be any other way to grant access, possibly based on RSECADMIN single values, and also enable the user to flexibly display hierarchies with only those hierarchy nodes whose single cost center values the user has been given access to?
  Thanks everyone for your input...
  Claus
  Edited by: Claus64 on Jul 13, 2009 4:10 AM

  HI CLause,
  On Jul 14 2009, you wrote in SDN and said:
  FYI: Found a solution...
  The hierarchy analysis authorization will be based on a navigational attribute of cost center.
  With analysis authorizations it is possible to declare the Auth object (e.g. 0COSTCENTER__RACCAUT0) as authorization relevant and leave the superior object 0COSTCENTER auth irrelevant.
  The auth will be given for 0COSTCENTER__RACCAUT0. This object will be placed as a filter of the query, being restricted by an Authorization variable for hierarchy nodes.
  Due to the concept of Analysis Authorizations, this variable will automatically pick up the nodes granted as part of RSECADMIN Hierarchy based Authorization.
  As mentioned above, 0COSTCENTER as the regular reporting characteristic remains auth irrelevant and can therefore take any hierarchy thatu2019s available. Reporting on single values will be possible, too. Only those nodes show up that hold the authorized cost centers in accordance to the authorization.
  If the auth relevant 0COSTCENTER__RACCAUT0 is not used in the query definition by either not taking it in as a filter or skipping the Auth variable, the query will launch the message that the authorization is missing. No data show up at all.
  Claus
  See this thread:
  Analysis Authorization based on Hier node with multiple display hierarchies
  I am also in the same situation as you and need to understadn your solution. I understand that you created a Nav Attr on 0COSTCENTER and made this auth relevant whilst ensuring that 0COSTCENTER is NOT auth relevant. This is all fine. The issue was you have multiple hierachies for 0COSTCENTER, how did the new Nav Attr help you solve your issue. When loading 0COSTCENTER what values did you load ino the new Nav Attribute and how did that link to the hierachies? Also, in RSECADMIN you created hiearchy nodes based on the Nav Attribute but I am confused as to what values you have in the Nav Attr.
  I appreciate if you can share your solution from the past in more details.
  many thanks

• How to setup the security based on roles in Organization.

  Hi,
  How to setup the security based on roles in Organization.
  For example:Few users are Manager and a few user are Non Manager .Manager should have access to all work data including Non Manager and Non Manager should access based role.How to setup this? How OBI server identify the user role?
  kindly let me know.
  Regards.,
  CHR

  Hi,
  You need to have Back End support to achieve this. In Back End you need to create two groups . You need to know what joins has to be made for which group (which is more important) and also make session variable for the userrole (with SQL supporting it). In the BMM layer, we need to put the security join conditions in the 'where clause'.
  And make a common report. User loggin in with the respective userid will have userrole and joins assigned in the Back end. And they will be viewing the report according to their access.
  Hope this will solve your problem.
  Regards
  MuRam

• How to restrict authorization based on profit center in ke80 report

  hi friends
  we have a situation where we need to maintain the authorization based on profit center in ke80 report. The authorzation object K_PCA is not working. whenever we assign a particular profit center and then generate the profile, we still get the message no autjorization and when we check su53 it shows it needs '' asterisk. but we cant assign the asterisk as we have 5 subsidaries and there are using 5 different set of profit centers so assigning asterisk () would be comprimising on our security.
  does anybody came across this situation and if yes how did they resolve this?
  I need your suggestions on how to maintain this restriction.
  Regards,
  Imran

  Hi Friends
  The problem has beend solved. It turns out that this is a report writer issue. We raised the issue with SAP and they informed that 'For Report Painter/Writer every item is checked if you have the authori-zation or not. Only the items with authorization fullfilled will be displayed afterwards'.
  Based on SAP answer we created different reports for each profit center/company code.
  I would like to thank you all for your time and inputs.
  Regards,

• Regarding Authorization policy and Roles in OIM 11g

  Hi,
  In OIM 11g Admin interface, is there a way to find out what all authorization polices, a role has been assigned to ?.
  I am asking this because, if you search for a user, you will know what all roles he is a member of, and similarly if you search for a role, you will know who all users are members of that role.
  Similarly, if you search for a Authorization policy, you will know what are roles are assigned to this policy. But if I search for a role, I am not able to find what all authorization policies has been assigned to this role.
  Looking forward to hearing from you,
  Many thanks in advance

  I understand your concern. But, this feature has not been available
  --nayan                                                                                                                                                                                   

• Authorization based on t.code and screenvariant

  All,
  Suppose I have created screenvariant in particular transaction .
  For eg MB52 , I have created one variant , ZVAR1
  Is it possile to give authorization based on t.code MB52 and screen variant  ZVAR1?
  Or t. code and layout of report.
  For eg I have changed the layout and save the report as Z111.
  Now is it possible to give authorization ,MB52 and Z111?
  Please advise.
  regards

  Thanks Alex.
  Suppose I am creating new t.code for MB52 program .
  Now in SE93 which object I should I select :
  - program and screen
  - program and selection screen
  - Method of a class
  - transaction with variant
  - transaction with parameters
  Pls advice.
  regards