Implementing object security in BO XI 3

Similar Messages

• Issue with implementing Object Security in RPD (OBIEE 11g)

  Hello All,
  I am following these steps to implement Object Security, but it doesn't work. Please let me know what am I doing wrong here:
  1. I want to block a few presentation tables for the user 'weblogic'.
  2. I open the RPD in online mode and in the Identity Manager, for the application role 'BIAdministrator', I setup permissions 'no access' to these presentation tables. It asks me to 'Check Out' which I do.
  3. I check in the changes, save the RPD and deploy in back in EM.
  4. I login into OBIEE Answers using 'weblogic' user but alas these presentation tables are still available for me to use.
  I have tried looking for a solution on the internet before posting the solution here. Please don't ask me to read through the security setup guide because I have done that. Any specific answers are most welcome.
  Thanks in advance.

  Try this:
  Double click on the presentation table.
  Go to permissions and then revoke the access to BI Administrators.

• How to implement a security sub-system?

  Hi Everyone,
  I got the following task below from my team leader. I don't know where to start to get the following task done. If you have any idea on how to get the following task done, please give me the steps on how to complete the following task. Or give me some links (websites) which can get me start on getting the following task done. Thanks for your time and help in advance!
  Your next task is depicted in the case scenario as follows:
  Some remote process is able to view a directory listing of the files on the directory and then selects a JSP file to execute. It runs without any enforced permission on the server and the remote process is able to view the output or that the JSP file is executed without the proper caller - a DocIt system process (JSP, Javabean). How can we solve this problem?
  For one thing the directory listing permissions should only be permitted explicitly by the server "system security/permission objects" (configured by the administrator/root) on win32/Linux. Second, all JSP files must include a security module as part of it's code base before even a single line of code is written by the programmer. This ensures that at least the caller is allowed certain permissions to execute the code residing in the JSP file. The granularity of the permissions depend directly on the type of caller. Is it a "user", a "power user", a "system admin", a "pre-defined DocIt system object" (forms subsystem), and so on. We need a powerful yet flexible security system as it is important to register the permitted objects to execute only the rightful code determined by the DocIt system security policy.
  This task is less specific and thus you have more flexibility to provide a solution. Please describe and analyze a security policy to prevent any executable code from running without its proper caller for the case scenario above. Be creative in determining the requirements for identifying the calling object and the code that checks for the proper credentials before permitting execution of the code. Say you have an hierarchy of inheritable permission objects. The code must be able to check that the caller belongs to the set of permission objects. Please use diagrams, cases scenarios, and other designs to provide a basis for implementation. After the designs are reviewed along side any other requirements we will implement this security sub-system in the near future

  You may also want to look at JAAS. http://java.sun.com/developer/technicalArticles/Security/jaasv2/
  It's probably a tad overkill for some JSP applications, but it would give you an additional layer of protection for documents, i.e., you can control access to actual files based on roles. I say it's a bit of overkill because Tomcat incorporates most of the ideas into their realms.

• What are the different options for implementing web security?

  Hi,
  Right now I am working on an internet website. We are using JSP for presentation and running Weblogic Application Server. I want to know different options for implementing website security. One of the options that I am aware of is to use LDAP. But we donot want to go and buy a LDAP Directory Server now. So I would really appreciate if somebody could let me know my choices here.
  Thanks in advance.

  Hi,
  If you are working on a Windows 2000 platform, the most obvious choice would be Active Directory Server as this is shipped free with Server 2000. It is LDAP compliant, although does have a few differences that set it apart from the other X500 standard based solutions which I will mention in a moment. Details on these differences can be found at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/html/msdn_activedirvsnds.asp
  Other options are openldap, an open source implementation of an ldap server or iPlanet's Directory Server. If you are initially doing an evaluation, a trial version is available of the iPlanet software and can be downloaded from their site. I found this particularly easy to get to grips with and their is excellent documentation available. There is also an offering from Novell, but I have no experience of this.
  Hope this helps.
  Jon

• Implementing Function Security in Oracle apps.

  I wanted to restrict certain menus in Payables manager for a particular user. How should i implement it? Is there any live example of implementing function security in oracle apps? Please Help.

  Hi,
  One approach is to create a custom menu and attach to it all the menus and functions you want and the add this menu to a new responsibility. But this is not the best way to solve the issue because you have to define different menus + responsibilities for each different user. Other way is to create roles which can be assigned to users.
  Thanks,
  Bahchevanov.

• Has the Global Object Security changed

  We have a form that uses a global object to work. Since Acrobat 9 and the introduction of the GOSP we have had to remind users to uncheck the "enable global object security policy" in the Javascript section of preferences.
  Recently this has stopped working, the code still fails with a "InvalidSetError: Set not possible, invalid or unknown."
  what;s going on?
  can I re-enable the global objects maybe with a registry hack?

  Thanks for getting back to me, I have sorted the issue (hopefully)
  there are three sets of fields that form a date selector they all end in the same two digit number to identify them (which set on which page) this two digit ident is saved to a global variable so that the scripts that then make the day, month and year selector fields un-hide etc
  anyway, it turned out that the first set was the one that failed, the other two on the page worked fine. So I deleted set 1 and copied set 2 and placed them where set 1 was, it all worked fine so I just renamed the fields back to set 1 and all was still ok.
  The odd thing is that this issue has been there since the first version of the form in 2010 but has only now chosen to surface.
  this is the code that the button uses
  var fieldExtension = event.target.name.substring(event.target.name.length -2, event.target.name.length)
  global.dateField = "date" + fieldExtension
  if (this.getField("day" + fieldExtension).display == display.hidden){
    showDate()
  }else{
    hideDate()
  Anyway, all sorted

• How to implement the security notes in Java System.

  Hi All,
  For the ABAP systems we use RSECNOTE to implement the security notes, but how do we do that in Java systems?
  Any reference or guidance will be of great help.
  Thanks,
  Akash.

  RSECNOTE is for ABAP only, and I dont think there is any equivalent for Java.
  For Java , security note will guide you on how to implement.
  It could be manual changes or via SDM or JSPM.
  Regards,
  Pinkle

• Implementing Objects in Oracle Forms

  Am preparing for my Forms exam and would really appreciate it if anybody knew where i could get online info/resource with examples on how to implement and manage objects in Oracle forms. Have downloaded 10g and the associated documentation about 200Mb which has got everything except detailed info on Oracle Forms and implementing objects.
  Thanks
  Gus

  Thank you Rosario, not exactly what i was looking for at this moment but certainly something i will use as i will want to use PJCs, a very valuable link, thank you again :)
  What i want to find out is there a similar type of guide to implementing object tables with relational tables in a simple form, as i have given it a try and haven't really got anywhere, so a step wise guide would be great.
  Cheers
  Gus

• How to resolve Issues while implement gateway security by using reginfo,secinfo?

  Hi,
  I want to implement gateway security using  gw/reg_info,  gw/sec_info,  gw/reg_no_conn_info.
  so far I have created reginfo and secinfo files to allow all internal traffic and I kept gw/reg_no_conn_info=11, gw/acl_mode=1
  reginfo
  ======
  #VERSION=2
  P TP=*,HOST=local
  P TP=*,HOST=internal
  P TP=*,HOST=*.abc.com
  with the above setting I believe all the programs with in sap systems(including app servers), also system from domain abc.com can register programs with out having any issues.
  secinfo:
  ======
  #VERSION=2
  P TP=* USER=* USER-HOST=local HOST=local
  P TP=* USER=* USER-HOST=internal HOST=internal
  similarly  as per secinfo content I believe that all the internal traffic can go with out any issue with in sap system.
  beside that I have activated gateway logging to find the rejecting connections if any.
  I have following questions:
  ===================
  1)As the reginfo,secinfo files maintained can I remove gw/acl_mode=1 parameter ?
  2)if I want to add a specific programs to register from 3rd party system, suppose a program called "zram" from system "172.198.10.1" where I suppose to add it. Do I need to add that IP to secinfo along with reginfo?
  3)when I set parameter gw/reg_no_conn_info=11 when convert to binary it equals to 00001011
  what exactly this means from the following definitions from note 1444282
  1 1298433 Bypassing security in reginfo & secinfo
  2 1434 117 Bypassing sec_info without reg_info
  4 1465129 CANCEL registered programs
  8 1473017 Uppercase/lowercase in the files reg_info and sec_info
  will that means 8+2+1 means satisfying the above 3 lines except condition 4 ?
  4) I enabled  gateway logging, how could I catch rejecting connections from third party systems?
  5)From simulation mode I got to know that It will satisfy reginfo,secinfo restrictions and it will allow all other traffic.so what is the added advantage with this when activate?
  6)is there any sap native tools which help while preparing reginfo, secinfo files?
  Regards,
  Koteswararao.Davuluri(Koti).

  Hi,
  Here is answers for questions 4 and 5.
  4) I enabled  gateway logging, how could I catch rejecting connections from third party systems?
  SMGW->Goto->Expert functions->logging
  In the above path if you select security->(under that)->Rejected access only
  when you select that it should show you the connections getting rejected.
  5)For simulation mode you have 2 options. you can activate directly from the above path.Other option  if you maintain gw/sim_mode = 1  that will make the permanent simulation mode. But once after all the entries set in reginfo you have to disable simulation mode. with secinfo you will not have much problems.
  After doing steps 4, 5 you can see rejected entries in Gateway log.

• Implementing port security

  i have about a dozen2960 that i wish to implement port security. Some users tend to bring their own router and cause mayhem to the network. I've tried DHCP snooping, dont seem to work and port security testing on a few ports work well.
  What are the recommended steps? All are connected with users and all ports are already in use.
  - Some ports already have a few mac address in the tables thus i cant say do a across the board implement say "switchport port-security maximum 3".
  - It's tedious to go switch by switch, port by port
  - Any mechnism that can convert sticky to static with "switchport port-security mac-address sticky" first then convert them to static since the network is ok now.

  The poster above raised some excellent points about an "IT Acceptable Policy". I wouldn't want people allowed to bring in random network eqiupment just plugging it in all willy nilly.
  With DHCP Snooping, you need to understand, that all ports will be untrusted by default. So you need to make sure the only ports that are trusted are trunk ports, that lead to a DHCP server, and the port connected to the DHCP server. Also, you may or may not have to deal with Option 82, which you have two options. You can either turn if off from being checked at the router, or instruct the switch to not install the option to being with in DHCP Discover packets.
  When you enable DHCP Snooping, this will create teh DHCP Snooping database, which will keep track of the DHCP assigned IP address, and the MAC address assigned to each port.
  If you have users who bring in their own switches, find out who they are, and just watch the MAC addresses associated with the port, and then you can adjust port security appropraitely.
  It sounds like you may have a hard time, since they don't seem to really care about security at this place.
  Personally, if it were me, all ports would have BPDU Guard that should, at a minimum. You can always setup 'errdisable recovery' to deal with the recovering of ports that have been disabled automatically.

• Three part blog about Reducing the Cost to Implement a Security Plan

  Part 3 of a great blog done by in AlienVault Support who has "heard it all" about the problems SMBs have in implementing a security plan with small budgets. Kenneth offers lots of practical and helpful advice for IT and security practitioners.
  https://www.alienvault.com/blogs/security-essentials/third-step-in-reducing-the-cost-to-implement-a-...
  This topic first appeared in the Spiceworks Community

  hi Elistariel -
  With no texting plan, it is 25 cents per picture message. The LG VX5500 (same phone my daughter has) does not use a memory card, so you can try two different programs on your computer (both free) and see if either one will get the pics off and saved on your computer; from there you can upload to your online album without a per picture charge.
  You can try Verizon's VCast media manager - download and install it on your computer, then use the USB cable to link the phone to the computer and transfer the pics with VCast.
  Here's a link
  A third party program called BitPim will also work, but it's more technical and does a lot more than just transfer your media. It can also brick your phone if you don't know what you are doing, so it's "use at your own risk", as Verizon won't cover any losses due to using BitPim. It does work though--I have used it, very cautiously!

• Implementing a secure servlet

  Hi all,
  I am stuck about implementing this! My web site is implemented using static HTML pages and hosted on Apache server. I have a separate application server that runs my dynamic applications. In my web site, I have a contact us form with action as a simple servlet. Everything works fine and servlet does its purpose. But there is security issue with this. Anybody can access my servlet using the URL. Anybody can view source my page, get the servlet URL and can spam! I need to make this secure.
  Any thoughts on this issue would be great.
  Thanks and Regards,
  Abdel Olakara
  [http://technopaper.blogspot.com|http://technopaper.blogspot.com]

  Olakara wrote:
  Yawmark, your thinking correct with my context. I am more concerned with the user side and not the bots. I am having a look at spring but is there any simple way (with out using any frameworks?).Personally, I think using Spring Security is the simple way, rather than trying to think through and design an effective security model on one's own, only to come up with a poor imitation of an existing framework. :o)
  Security is not a simple subject, and "implementing a secure servlet" is not a simple matter. At least, not to my reckoning.
  ~

• This is what I get when I try to download my college text: This document requires global security policy to be disabled.  Please go to Edit Preferences JavaScript and uncheck the "Enable global object security policy" checkbox. NOTE: In some versions

  My college text is on my college website. When I try to download it this is what I get:
  "This document requires global security policy to be disabled.
  Please go to Edit > Preferences > JavaScript and uncheck the "Enable global object security policy" checkbox. NOTE: In some versions of Adobe Reader you may need to enable JavaScript first.
  Message code: 005"
  Help

  matermax wrote:
  Please go to Edit > Preferences > JavaScript and uncheck the "Enable global object security policy" checkbox. NOTE: In some versions of Adobe Reader you may need to enable JavaScript first.
  And - did you?

• How to implement Object based navigation

  Hi all,
  Can any one guide me the steps for Implementing Object based Navigation.
  Thanks in advance,
  Satish J

  Hi Sathish,
  sorry for the delay. hope it is not too late
  I have updated wiki with the content. i am just building it up..not yet completed.
  i think you can go thru the example which i have completed to have a detailed view of how to implement obn.
  please refer the link.
  https://wiki.sdn.sap.com/wiki/x/SZ
  You can send your comments regarding the page so tat i can incorporate the same in the content which i am preparing now.
  Regards,
  Sharadha

• Restrict to View AD objects security tab in ADUC (Dsa.msc)

  Restrict to View AD objects security tab in ADUC (Dsa.msc) ?

  In the Group Policy window
  please navigate to User Configuration -> Administrative
  Templates -> 
  Windows Components -> Windows
  Explorer  and open Remove Security tab
  The Default state
  is Not Configured and Security
  tab is Enable
  To Enable Security tab select Disable
  To Disable Security tab select Enable 
  MD Disclaimer: The opinion expressed herein are my own knowledge. Deploy this at your own risk. Whenever you see a helpful reply, just click on “Propose As Answer” / “Marked As Answer” and please do "VOTE".