Incorrect functionality in edit access level

We are assigning the Instructor credential with the Edit Access Level permissions. However when an Instructor authenticates, they do not have the EDIT ACCESS permission in their course.
In the iTunes U admin guide, it state:
Users with Edit access to a Course page can also use the Access pop-up menu in the Access area within a Course page to define group-level access for the page. The user can assign group-level access for other users of the Course page, but cannot change his or her own access. iTunes U displays the current user’s credential and Edit access as read-only in the Access pop-up menu
within the Course page.
Any ideas?

I haven't looked at the admin documentation but having Edit permissions on the album doesn't let you have the Edit Access option. What we do for instructors is create the course album for them and set Group Access Labels, as described, up for them for each other credential that has access (student credentials only in our case but I suppose you could do it for instructors, TAs, etc.). Folks with Edit level access to the album (Instructors in this case) can then Edit Page, edit the tabs and use the GALs to change permissions for other users to the tabs in the album.

Similar Messages

Restrict certain function based on access level

I'm working through an approval process with Office 365 SharePoint Lists and Infopath, and I want certain people to be able to submit items in a Sharepoint list on behalf of someone else. So, the boss might have her assistant post news for her,
but her name will be on it. I only want certain people with a higher access level to be able to do this. Most people will just be able to submit news on their own behalf. I'm not sure how to do this other than to actually have a separate list that only certain
people can access to support this one function.
Currently I have lists for...
Draft Items
Submitted Items
Published Items
and I might create a fourth one for "Drafts Items on behalf of." Can you think of a better way than to actually create a fourth list?

Hi ,
According to your description, my understanding is that you want to three permission level for a list: unable submit and unable approval, able submit and unable approval, able submit and able approval.
If you just want to restrict for a list, you can try to stop inheriting permissions for the list.
For the above permission level, it can be reflected to the SharePoint default permission level: read, edit, approve. So for achieving your demand, you can add the users into suitable permission
group (Site Visitors, Site Members, Approvers).
Then you can go to the list ->List Settings ->Versioning Settings, select “Yes” for Require content approval for submitted items.
Best Regards,
Eric
Eric Tao
TechNet Community Support

Field-level Edit Access

Hello everyone,
I have 4 questions, all pertaining to what you can do with a field in APEX:
First, how to enable field-level Edit access in APEX? I understand I can apply authorization scheme on each page. So when a user has only View access, he/she can't edit the page. This is nice but what if out of a page, I want only one field being editable by an Administrator and not by the other groups, how do I do this?
Second, if I want an Administrator to be able to add a row to a pop-up LOV and he's a mere administrative user of the system and not the APEX administator, how best it is to do this?
Third, when a user logs in, how to ensure his login name and perhaps today's date already appear in a field?
Finally, when a field is filled in, how to disable that field from future modification by shading it for example?
Thanks for enlightening me on this.
Best regards,
Daniel

Sagar has the point. You should check the OES and OAM certification for all versions you want to use. AFAIK OAM 11g and OES 10.3.4 run on WLS 10.3.3 only.
See the certifications for details: http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
--olaf

Schedule Access Level as Edit Objects granted

Hi,
I am currently working on implementing and testing XI3.1 Security. While testing, I have noticed that the Schedule Access Level has General --> Edit Objects as explicitly granted and this should not be the case. Has anyone come across this before?
Thanks
NT

Srinivas Ganapathi wrote:
As the earlier poster mentioned, the only relevant right name I see is 'Edit objects that the user own'. Is this the right you mean?This right is explicitly granted. We're however on SP1 (so there's no LCM).
>
> Best,
>
> Srinivas
No, its definetely General --> Edit Objects that is Explicitly Granted.

Problem with user access level

David,
I have so far succesfully implementend your tutorial on users registering and having to validate their emailaddress (both part I and II).
Part I: http://cookbooks.adobe.com/post_Registration_system_that_requires_the_user_to_vali-16646.h tml
Part II: http://cookbooks.adobe.com/post_Registration_system_that_requires_the_user_to_vali-16649.h tml
When creating a login form however, I don't get it to work based on the access level verified = y. The database is set up exactly as you described in the above tutorials.
This is the HTML for the log in form (index.php):
<form ACTION="<?php echo $loginFormAction; ?>" method="POST" id="logon">
<label for="user">Username</label>
<input type="text" id="user" name="username" />
<br />
<label for="pass">Password</label>
<input type="password" id="pass" name="password" />
<br />
<label for="done"> </label>
<input type="submit" value="Log On" />
</form>
Below the code that is found above the <html> tag in the index.php file:
<?php require_once('../Connections/conn.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
return $theValue;
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "verified";
$MM_redirectLoginSuccess = "overview.php";
$MM_redirectLoginFailed = "index.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_conn, $conn);
$LoginRS__query=sprintf("SELECT username, password, verified FROM users WHERE username=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $conn) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
    $loginStrGroup = mysql_result($LoginRS,0,'verified');
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    header("Location: " . $MM_redirectLoginSuccess );
else {
    header("Location: ". $MM_redirectLoginFailed );
?>
On the overview.php page, I applied the restrict access to page behaviour, which results in the following code:
<?php require_once('../Connections/conn.php'); ?>
<?php
if (!isset($_SESSION)) {
session_start();
$MM_authorizedUsers = "y";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
      $isValid = true;
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
    if (($strUsers == "") && false) {
      $isValid = true;
return $isValid;
$MM_restrictGoTo = "index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
?>
Any idea/thoughts on what I'm not adding to the page in order to work?

David,
Thank you for that insight, I figured it would be something like that and when I woke up this morning, it all made sense. I changed somthing from the tutorial (part I) you wrote and now it works fine.
I had trouble with the validation link in the email that is sent automatically. In your tutorial, section "generating and sending the validation email", you write:
$message .= urlencode($_POST['username']);
$message .= '&t=';
$message .= urlencode($token);
When using the code like this, it wouldn't set the verified column to y. However, when I changed the middle $message to
$message .= '&t=';
it updated the verified column to y. The URL that displayed from the original code displayed the & sign as & in the URL itself.
Next to that, whenever I try to add something to the e-mail, the validation link becomes not clickable anymore.
As the login problem concerns, encrypting indeed did the trick.
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=sha1($_POST['password']);
Putting the $_POST['password'] between brackets, adding sha1 in front of it. It works just fine now.
Hopefully no further problems on this anymore! Thanks a lot for your insights!
EDIT: I can't mark this thread as answered anymore?

Access Level for Nutrient Profile

I have a question for Nutrient Profile. According to the User Manual, in the Summary Tab in the Summary Information section there is a field called ‘Access Level’. What is this used for?
Our users have concerns over using the Nutrient Profile and LIO because it can be changed in so many places and there is no versioning/revision info associated with that. So, if there was some access security built around it that could control who could change this data where it might make it a more attractive feature to the users.

I believe that the Access Level field is used as part of the Object Level Security functionality.
If you are wanting to lock down Edit permissions for certain sections of the Nutrient Profile, you can look at the Section Level Editing feature. This is documented, along with reference examples, in the Extensibility Pack, in the ReferenceImplementations\SectionLevelEditing folder.

Restrict read/edit access for a Manager, when Manager Visibility is enabled

Customer wants to restrict read/edit access for a Manager on his/her subordinates' owned record, if manager Visibility is enabled at the company level.
For example: If SM1 is a manager of SR1 and SM1 owner profile says that he has Edit Access on his owned records then, he will get Edit Access
on the records owned by his sales rep.
Current requirement here is Manager should not be able to edit the records of his sales rep but should able to only View. And manager also
need the Edit/Read access on the records which they owned.
Is there a possible workaround ?

I have devised this to our customer:
First, create a custom text field named "Reports To" on the object, say, Accounts.
Second, user JoinFieldValue to set a default value for the "Reports To" field: equal to the "Reports To" User field value for the current owner.
Third, add a new value named "Manager Read-Only" to 'Account Type' picklist. make sure that this picklist value is active.
Fourthly, add a new page layout marking all Account Fields as 'read-only' and name it "Account Read-Only layout".
Fifthly, create a new Account Dynamic Layout and set "Account Read-Only layout"
for Field Type = "Manager Read-Only".
Sixthly, create a new workflow rule condition for Account object ( before modified record saved ). Use the workflow rule condition similar to UserValue('<Alias>') = [<ReportsTo>] and set the workflow action to update 'Account Type' picklist value to
"Manager Read-Only".
This is just an example. Customer needs to improvise on this.
Any more suggestions please ?

How to include group access level in a ws call

I want to include a Group Access Label in a Permission for a Course using an iTunes web service call.
I don't see how to do this in the docs.
(The example in iTunesUAdministratorsGuide.pdf at page 111 doesn't include the Group Access Label.
And it's not in the schema for the ws xml document at http://deimos.apple.com/iTunesURequest-1.0.xsd)
Is this an obvious omission or am I missing something? Anyone know how to do this?
Background:
We're creating most Courses programmatically.
Obviously, we'd strongly prefer not to require an administrator to go into every Course and manually add a common Group Access Label to the Permission. (This manual piece is essentially what's now missing from the ws call or at least from my understanding of it.)
Either way -- manually by an administrator or programmatically -- our instructors would then be able to set Permissions themselves on any Group they create -- doing this themselves and without the help of an administrator.

To resume with a little progress made:
I have a Section
* with Access Level == Edit for Credential == Instructor@...${IDENTIFIER} with no Group Access Label, and also
* with Access Level == Download for Credential == Student@...${IDENTIFIER} with Group Access Label == Student.
I'm doing ws calls to add a Course including an identifier. This is successful, and I can then go into the iTunes client as Instructor@...${IDENTIFIER} (substitution made) and manually add Groups and change Access to each individually. (I'm adding Groups "Download", "Shared Uploads", and "Drop Box", changing the Access Level accordingly for Group Access Label "Student".
But naturally I want to do the manual part programmatically, to save n instructors from having to learn how to do this same thing and then to do it.
So I'm trying to change my ws call to add the Groups, including Permissions. Schema http://deimos.apple.com/rsrc/xsd/iTunesURequest-1.1.xsd doesn't include Group Access Label for Permission. What does this mean?
I've tried the actual Credential == Student@...${IDENTIFIER} (with IDENTIFIER substitution made before the call) and also Credential == Student (to see if I'm supposed to match the Group Access Label, instead).
For either of these trials, the ws call successfully adds the Groups and a ShowTree includes the Permissions for the Groups. But in the iTunes client user interface, it's as if I gave no Permissions in adding the Groups.
Am I approaching this wrong or is there a bug here?
(I haven't tried yet a separate call to add the Group Permissions, not wanting to suffer the processing wait of getting handles for the three Groups.)
Anyone else doing this? (successfully or not ) Thanks.

Help creating apple script to create folder and set access levels

I'm trying to create folders in FileMaker Pro using apple script and need some help in setting the access level for the folders. I want to set both Staff and everyone to Read and Write access. Secondly I would like to have a function key set on the desktop to create new folders and set that same access level. The default access is Read and I can not find a way to change that.
Thanks

I'm trying to create folders in FileMaker Pro using apple script and need some help in setting the access level for the folders. I want to set both Staff and everyone to Read and Write access. Secondly I would like to have a function key set on the desktop to create new folders and set that same access level. The default access is Read and I can not find a way to change that.
Thanks

Security and access levels

I have created 4 users access levels, however, when I try to implement, when I keep inheritence, default security keeps coming up, e.g. try changing everyone to my new access level and I get the new access level, but I also get view (inherited) - how can I "clean out" the old security settings??

Sorry for the delay!
OK, here's our situation - it's pretty straight forward;
1500 users
1500 (all) users in Everyone
Of the 1500 users in Everyone;
1200 in subgroup A
200 in subgroup B
90 in subgroup C
10 users in Administrators
4 universes
1 connection
Goal:
Everyone and subgroups, same as admin, exception: can't delete or save to "corp" doc's. My thought is to use same access level, then use the advanced configuration on the folders to prevent everyone from deleting any "corp docs"
I have applied this access level to everyone and admin at;
application > infoview, webi. cmc, deski, discussions, search
universes > all 4
connections > the 1
folders > root folder, level 1, denied access to everyone accordingly on level 2
I have also added this access level to the top level security for users and groups
Issues;
1. When I check the access level for everyone on folders, level 1 and below, I get the custom access level as inherited, but also view aslo as inherited.
2. The users added to the admin group do not have same rights as the "administrator - for example, administrator can delete objects in the folders, but other users (within admin group) can not? if I manually add the users to the folders, I can get this to work, but doesn;t make sense, why would a user within a group have different rights, than any other user within the same group, with the same rights???
Hope this helps!
Edited by: Michael Bujarski on Jun 5, 2009 3:56 PM

Problem with Restrict Access to Page with access level using ASP

I'm using Dreamweaver CS3 with ASP-VBScript and an Access
database. The pages were created from scratch for this project,
using those tools all the way through.
I've created a login page, an admin homepage, and add, edit,
and list records pages for three tables. The login page uses the
Server Behavior "Log in User", all other pages use the Server
Behavior "Restrict Access to Page". All of these are based on an
Access Level.
Login seems to work correctly, and redirects to the admin
homepage. From the admin homepage, I can open any other page as
expected, and they initially display correctly. On the add and edit
pages, however,
submitting the form often results in getting logged out, but
not always.
Once this happens, I can log back in, but other problems will
sometimes occur during that second login session. Sometimes,
logouts will occur on pages that worked fine during the first login
session. Sometimes, another session variable that I've setup
manually will change when it shouldn't...as if there were two
values stored for my session variable, and reloading the page
changes to the other value.
This
post seems closest to my experience, but it doesn't look like
there was really an answer beyond "I had to fight with it for a bit
to get it to work":
I suspected that there is some problem with session settings
on the server. We have an almost identical tool on the same server
that was developed with an older version of DW that works more
reliably; it sometimes has problems with the initial login, but
never has a problem after that.
Has anyone experienced problems like this? Any suggestions
for what to check? I'm really pulling my hair out since it's so
unreliable...the kind of problem that goes away when you try to
show someone and comes back when they leave.

Hello,
I was thinking that all I would need would be the username, although username and paswsword would be more secure. There are about 50 users and no groups or levels. They are all equal ... same level.
The website is private and there is a general content area for all users and then there will be private areas for each user where proprietary documents will be held. I need to be able to ensure that user 'A' can only see the user 'A' pages, user 'B' can only see user 'B', etc.
I don't really understand what the Dreamweaver script is doing, but the overview sounded like it was the right tool to accomplish what I'm trying to do.
Any assistance greatly appreciated.
thanks.

Problems with Serv.Behav. Restrict Access Level

Hi,
I hope you can help - can't find an answer to this one. Been
going nuts on this! Thank you very much for anything help you can
provide.
1) Using DW 8.0, PHP 4.4.7, MySQL 4.1.22
2) Set up log in page, everything works if the LogIn Server
Behavior is set to "Restrict Access" to only Username &
Password. If set to Username, Password & Access Level get a
MySQL error page:
"You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to
use near 'Privileges FROM tbl_users WHERE Username=%s AND
Password=%s' at line 1"
3) Here's the code:
<?php require_once('Connections/conn_MemberList.php');
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType,
$theDefinedValue = "", $theNotDefinedValue = "")
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue)
: $theValue;
$theValue = function_exists("mysql_real_escape_string") ?
mysql_real_escape_string($theValue) :
mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" :
"NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) .
"'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" :
"NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue :
$theNotDefinedValue;
break;
return $theValue;
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
if (isset($_POST['textfield'])) {
$loginUsername=$_POST['textfield'];
$password=$_POST['textfield2'];
$MM_fldUserAuthorization = "Privileges";
$MM_redirectLoginSuccess = "MemberList.php";
$MM_redirectLoginFailed = "MemberDeny.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_conn_MemberList, $conn_MemberList);
$LoginRS__query=sprintf("SELECT Username, Password,
Privileges FROM tbl_users WHERE Username=%s AND Password=%s",
GetSQLValueString($loginUsername, "text"),
GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $conn_MemberList) or
die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = mysql_result($LoginRS,0,'Privileges');
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
header("Location: " . $MM_redirectLoginSuccess );
else {
header("Location: ". $MM_redirectLoginFailed );
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Transitional//EN" "
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="
http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">

</style>
</head>
<body>
<p> </p>
<form id="LogOn" name="LogOn" method="POST"
action="<?php echo $loginFormAction; ?>">
<table width="100%" border="0" cellspacing="2"
cellpadding="2">
<tr>
<th scope="col"><div align="right"><span
class="style3">User:</span></div></th>
<th scope="col"><label>
<div align="left">
<input type="text" name="textfield" />
</div>
</label></th>
</tr>
<tr>
<td><div align="right"><span
class="style3">Password:</span></div></td>
<td><label>
<div align="left">
<input type="text" name="textfield2" />
</div>
</label></td>
</tr>
<tr>
<td> </td>
<td><label>
<input type="submit" name="Submit" value="Submit" />
</label></td>
</tr>
</table>
</form>
<p> </p>
</body>
</html>
Thank you

I tried this and get the same error message.
ERROR at line 1:
ORA-28545: error diagnosed by Net8 when connecting to an agent
NCRO: Failed to make RSLV connection
ORA-02063: preceding 2 lines from ALPACWOBF
listener.ora:
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = spruce)(PORT = 1521))
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = alpacwobf)
(ORACLE_HOME = C:\oracle\ora92)
(PROGRAM = hsodbc)
tnsnames.ora
alpacwobf.3LOG.COM =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = SPRUCE)(PORT = 1521))
(CONNECT_DATA =
(SID_NAME = alpacwobf)
(HS=ok)
initalpacwobf.ora:
HS_FDS_CONNECT_INFO = AlpacWOBF
HS_FDS_TRACE_LEVEL = 4
HS_FDS_TRACE_FILE_NAME = alpacwobf.log
ODBC setting is ok. odbc name is alpacwobf, db is access 2000.
restart the listener.
tnsping alpacwobf is ok.
database link creating is ok.
but when query,I got error.
alpac > create database link alpacwobf using 'alpacwobf';
Database link created.
alpac > select count(*) from test@alpacwobf;
select count(*) from test@alpacwobf
ERROR at line 1:
ORA-28545: error diagnosed by Net8 when connecting to an agent
NCRO: Failed to make RSLV connection
ORA-02063: preceding 2 lines from ALPACWOBF
Any help will be appreciated.
Thanks a lot.
Richard

Custom Access Level issue in XI 3.1

Hi,
I am using BOXI 3.1 with fp 1.5, this configuration is migrated from XI3.0.
Earlier we have access level such that user can modify the webi report in folders but they can't overwrite the report, they can save the report in their personal folder but not in same folder or any folder under public folder.
After migration users can't see the modify option at all, and if i gave then edit object rights then they can see the modify option but they can overwrite at the same time.
Is there any other rights which i need to provide.
Thanks for the help/suggestion.

Hi Marianne,
I have given the same rights in general rights section, i have denied to add objects to folder but i have give the copy objects rights due to which they can copy the report to their personal folder due to that they got overwritting the report rights.
Thanks.

Multiple Access Levels per User

In a site I'm building, I need the ability to allow an administrator to intuitively assign different access levels to different users. There may ultimately be roughly 25 different pages to which a user may be granted access. One user may have access to section/page levels 1, 4, 5, 7 and 21. Another user may get access to 2, 3, 4, 17, 19 and 24, etc. While this is possible under the existing ADDT user login system by creating a separate access value that includes only the permissible pages (access level 1 could get to page 1, 4, 5, 7 and 21; access level 2 could only get to pages 2, 3, 4, 17, 19 and 24) it becomes impractical for the administrator since the developer (me) would have to come up with an access value and corresponding permissible pages for every possible combination. Every time a new combination was needed, my client would have to contact me to add that access integer and modify all the corresponding sections/pages that the user could access.
The ideal solution IMHO in this scenario would be for the administrator to simply be able to select or deselect a checkbox at will for each page to which the user is granted access (this is actually the scenario to which another of my feature request post refers:
http://www.adobeforums.com/webx/.59b75119
In searching the old InterAKT forums, I came across a post in which this exact scenario was requested. The user and Ionut came up with a solution which I was able to modify to enable the system I describe above. Rather than repeating the solution, here is a link to that post:
http://www.interaktonline.com/Products/Dreamweaver-Extensions/MXUserLogin/Product-Forum/De tails/110205/Access+level+based+on+pages.html
While it appears this solution will work for me, it took me quite a while to find it, and even longer to understand it.
So, that's my feature request: The ability for an administrator to easily assign any combination of pages to which a user is granted access, preferably with a set of checkboxes.
Thanks!

This is functioning now. With 9.0 you simply use a forward slash between device IDs.
[device ID #1]/[device ID #2]
Put this information in the "Mobile Device ID" field on the user form.
It also has been verified with 8.82 PL15-16, but I don't know how far back it goes.

Custom Access Level/User groups in BOBJ XI

Experts,
We are currently implementing BOBJ XI 3.1. Up on go-live, it will be handled by the Operations team from BOBJ CMC. We do not want to give administrator group for the operations users in CMC. Instead, we want to create custom groups with custom access levels.
Ex. one for basis who will set up authentication, licenses etc
one for the functional folks to maintain universes, export universes and set up security.
Is there a way to set up user groups like this. We were able to successfully restrrict access just to folders, universes by creating a custom access level. But we were not able to do it on other items listed in CMC. Has anyone done this level of access before for the operations or even with in the development team instead of using administrator group>
Appreciate your response
Thanks
Kee

Hi,
We can assign different rights to a group by creating custom access levels.
Create a new group ,and also create custom access level and assign it to the new group.
you can provide access to different objects to the group by adding rights to the access level.
Under the access level > click Included Rights > Add and Remove Rights > Under the Rights Collection > click on System.
You could find all the CMC object access rights can be assigned.
Regards,
Rameez

Incorrect functionality in edit access level

Similar Messages

Maybe you are looking for