Interaction of BW Roles and BWA Explorer Security

Similar Messages

• Configuring roles and users (adf security) application context wise.

  Dear All,
  I referred this tutorial (http://biemond.blogspot.com/2008/12/using-database-tables-as-authentication.html) which shows how to hook up adf security with database schema but at domain level which will be common to all applications in that domain. I want to make it different to each application. (i.e each application will use differene database schema for storing user credientials i.e enterprise roles,application roles and users.)
  Can any one please point me to proper way..
  Regards,
  Santosh
  jdev 11.1.1.2.0

  Dear Frank,
  <i>
  Instead you have a single identity management system and have the application policies being different for the applications.Using ADF Security, users and groups can have different privileges in different applications
  </i>
  suppose i have 3 applications that use adf security, the users will be common to all applications. right..?Roles and group can be different for applications.
  application polices means roles and group..?
  So how it(application polices) can be made different for applications? is it inbuilt or some configurations needed ?. Can you point me to some blogs or tutorials for more reference.
  Bet: Incase i hook up adf security with database schema.
  Regards,
  Santosh.

• Security-role and security-role-assignment not working in WL7.0

  Hello all..
  Some EJB components that worked fine in WebLogic 6.1 no longer work in
  WL7.0. It has to do with the security-role and security-role-assignment
  descriptor elements no longer allowing anonymous users to be included in the
  authorization for a bean.
  For example, in WL6.1 placing these items in ejb-jar.xml:
  <assembly-descriptor>
  <security-role>
  <role-name>Employees</role-name>
  </security-role>
  <method-permission>
  <role-name>Employees</role-name>
  <method>
  <ejb-name>CustomerEJB</ejb-name>
  <method-name>*</method-name>
  </method>
  </method-permission>
  and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
  <security-role-assignment>
  <role-name>Employees</role-name>
  <principal-name>guest</principal-name>
  <principal-name>system</principal-name>
  </security-role-assignment>
  worked fine for clients creating their context using a simple
  InitialContext() constructor without specifying SECURITY_PRINCIPAL or
  SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
  the security-role-assignment element above told WebLogic that "guest" was in
  the Employees role for purposes of this EJB archive.
  Worked in WL6.1, no longer works in WL7.0. Client receives typical
  permission exception:
  java.rmi.AccessException: Security violation: insufficient permission to
  access method 'create'
  If I explicity connect as "system" things are fine, or I can create a new
  user in the default realm in WebLogic, put a matching <principal-name>
  element in the section above, and connect as that user. Note that if I leave
  off the <security-role> section completely, or set the required role name to
  "everyone", the anonymous access works fine. Apparently the anonymous user
  is a member of "everyone" behind the scenes even though "everyone" does not
  appear in the realm list of groups or roles.
  So, my question boils down to this: Is there a "magic" username in WL7 like
  "guest" was in WL6.1 that can be mapped to the required role name, or must
  every client connection use a true weblogic-created user with appropriate
  role assignments used to map it to the required role name.
  -Greg
  P.S. Note that none of the EJB examples provided with WL used
  <security-role>..
  Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
  www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.com

  Below are the screen shots for PFCG:

• Issues with test-all role and browser security

  WLS 10.3.5
  I have a deployed application on Linux using a SQLAuthentication and Authorization - all is well here.
  I have setup all the security (without the test-all role) and I cannot access any of the system.
  If I put the test-all role in - I can access the system.
  I have verified the user has all the roles (I used the example bean to display the user and roles on the menu page) and the test-all role is not in the list.
  I have the menu setup to not display items unless the user has the role (this is working fine - SecurityContext.inRole(rolelist).
  So the context is fine.
  I used jazn-data to set the same roles in the taskflows - this is not working at all unless the test-all role is set - I get authorization errors - not authorized).
  Have I missed something in this?
  I have also noticed that if I close the browser (X) without logging out and come back into the system the authentication is totally bypassed and I go back in as the same user as before.
  Is there some way to destroy the previous context every time the welcome screen is executed.

  Add the following parameters to the Run options for the ViewController project:
  -Djps.auth.debug=true -Djps.auth.debug.verbose=true
  Then restart WebLogic, run the app and watch the console - you'll see all the security evaluations take place which should help you to identify the problem.

• Role based oracle adf security and filtering data

  while oracle adf security looks great its only role based... does anyone know of any resources describing an architecture where this is used in addition to filtering of data based on say, organization?
  it seems that oracle adf security is not really geared towards a self service app where administrative users have a security interface as part of the application where they can assign roles and associate users to entities for the further filtering of data...

  Hi,
  it seems that oracle adf security is not really geared towards a self service app where administrative users have a security interface as part of the application where they can assign roles and associate users to entities for the further filtering of data...
  ADF Security is a JAAS based security implementation to protect resources (like entities). It is nota security provider like OPSS or OID which you can use for user provisioning and self service (if you code against the IDM APIs). ADF Security only checks for whether a user is authenticated and if the user has the permission to perform a task.
  However, you can use groovy to access the security context from Groovy, which allows you to add the authenticated username to a query - for example to filter recrds out that match the username in one of its attributes.
  For example, you could create a ViewCriteria that for example filters the query by a specific attribute. Say that managers can see data starting from department 10 whereas employees can see data starting from department 100. The ViewCriteria would reference a bind variable with the following default setting
  adf.context.securityContext.isUserInRole('manager')? 10 : 100
  Frank

• Security roles and profiles

  Hello,
  Could you please provide information on "security roles and profiles "
  I would appreciate.
  Regards,
  Alex

  Roles give you authorization to specific area of the system. Use TC pfcg and you will see different setting for a role.
  In specific Role -> Authorization -> click on Display Authorization Data.
  Here all specific InfoArea, Cube, ODS, Reporting componets: display, execute and other security rules are defined.
  User Section: defines who has access to this role.
  Multiple authorization are combined to create an Authorization Profile. You defined a profile at TC su01 and under profile section.
  Hope that helps.
  thanks.
  Wond

• Configure security-role and method permission for EJB 3.0 using Jdev 11g

  The EJB 3.0 session bean created by Jdev 11g EJB wizard does not have ejb-jar.xml. Where and how can security-role and method permission for the EJB be configured?
  For example,
  <assembly-descriptor>
  <security-role>
  <role-name>managers</role-name>
  </security-role>
  <method-permission>
  <role-name>managers</role-name>
  <method>
  <ejb-name>Employees</ejb-name>
  <method-name>setSalary</method-name>
  <method-params>
  <method-param>java.lang.Long</method-param>
  </method-params>
  </method>
  </method-permission>
  </assembly-descriptor>

  user516954,
  By default annotations are used. However, you can create a new descriptor and that will take presidence over any declared annotation.
  --Ric                                                                                                                                                                                                                                                                                                                               

• Business Explorer Roles and Authorizations

  Hi,
  I am using Business Explorer Query Designer and Analyzer ( Excel Work book add on) with BI 7.0.
  I need to create roles and authorizations for the end users to create queries and view queries in excel by using Business Explorer Query Analyzer.
  Kindly suggest me what are the standard transactions, roles and authorizations to be given to the end users.
  Thanks and regards
  Murugesan

  I dont have idea about Bi 7.0 ..
  If its bw 3.X i jusz used rrmx --->>excel ->addins-->>queries --->pop up window --->here we need rfs object S_RFC
  Finally rrmx tcode and general roles which has S_RFC  autorisation object and the query .
  Regards,
  Naveen

• Security report with native roles and the roles they have access to.

  We need a security report that shows the Native/Custom Roles and the roles that they have access to.
  So, an example would be the role US_Acct, and the report would show what roles that has access to (Post Journals, Consolidate, etc).Can this be done?

  Export the Provision report from Shared Services.
  Upload report to Excel or Access.
  Build Tables to show what tasks each Role has access to.
  Build a report that links the provision report and the xref tables.
  You should also do this with Security Classes.

• SP324081: Check that your Internet Explorer security settings will allow JavaScript and cookies. If enabled, please contact support.

  Hi,
  I have VS2013 update 4 and IE11 installed. When I try to sign in through VS I get the following error.
  SP324081: Check that your Internet Explorer security settings will allow JavaScript and cookies. If enabled, please contact support.
  I have checked and JAVASCRIPT and cookies are enabled.
  Any help is appreciated.

  Hi Sath12,
  If possible, I suggest you reset IE settings.
  Please lower the security level. Then I added the site like https://*.visualstudio.com/ to the trusted zones. Test it again.
  I have met this issue before which was related to the IE settings or the account issue.
  https://social.msdn.microsoft.com/Forums/sqlserver/en-US/290948f6-b4ca-41e3-9888-91fbbc71cdeb/cannot-register-sign-in-from-vs-express-2013?forum=visualstudiogeneral
  A connect report still shared some information about it:
  https://connect.microsoft.com/VisualStudio/feedback/details/811860/vs-express-2013-for-web-browser-is-security-restricted-or-javascript-is-disabled
  Best Regards,
  Jack
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Menu Role and Security

  How do you enable menu roles and enforce security in forms?
  For example in an complex application if we want to have a control of access of menus based on user login
  I know it can be done thru the front-end itself by using an if then condition.
  but can it be integrated with the database user logins itself
  kindly reply
  Thanx in advance

  Hi,
  first RUN frm60sec.sql under system/manager
  create different roles
  GRANT roles to users
  Grant select access to the view created by frm60sec as follows:
  SQL > Grant select on frm50_enabled_roles to public;
  Note it is NOT frm60_enabled_roles.
  To verify that your roles and grants are correct, log on as a user and run the following:
  SQL>Select * from frm50_enabled_roles;
  You should be able to see the users roles.
  then come to MMB file contibue assiging the roles in each menu Item. U ll see get the result.
  regards

• Roles and Security

  I have setup a 11g Oracle database.
  Can I please have some help to create some user accounts (3 levels, eg. Administrator, Power User, and Guest style users) as well as setting up appropriate levels of security implemented via ROLES and PRIVILEGES for Roles.
  Thanks in advance

  996403 wrote:
  I am wanting the Administrator to have control over everything, the Power User to be a User who also has the ability to create tables, triiggers etc, and the Guest to just be able to view data in the database without changing anything.
  Can you correct me if I am wrong with the following suitable roles for the users:
  Administrator
  - All roles
  Power User
  - Connect
  - Resource
  Guest
  - ConnectYou have to get out of this Administrator/Power User/Guest Windows security group paradigm. Windows security groups cannot be directly correlated to Oracle security groups, and that is why you are having so much trouble doing so. I recommend that you:
  -stop comparing Oracle to Windows
  -learn what security rights your database users need
  -fully understand the predefined roles, and then assign users to those roles only if they require every right that those roles grant
  -create your own application roles for any users that have requirements that do not align exactly with the predefined groups
  We are only encouraging you to do things in a manner that follows best practices, and doing so will keep your headaches to a minimum later on down the road.

• What's the latest best security/program (McAfee/Symantec/Norton/other) for PCs with Windows XP. Prefer Mozilla Firefox as browser, AND Internet Explorer.

  What is the best security/protection program (McAfee/Symantec/Norton/other) for my Dell PC which has Windows XP. I prefer Mozilla Firefox as my browser, but also use Internet Explorer. I just want to know if Mozilla Firefox has identified an ideal product to detect and destroy spam, worms, add-ons -- eliminate security threats of all kinds... AND is tolerated by BOTH Mozilla Firefox AND Internet Explorer.

  Best Antivirus for 2013
  **http://download.cnet.com/2701-19409_4-1444-2.html
  *http://www.pcmag.com/article2/0,2817,2372364,00.asp
  *http://freebies.about.com/od/computerfreebies/tp/best-free-antivirus.htm

• Developing security Roles and profiles

  Hi Team,
  Can you guys let me know how to develop security roles and profiles. We are rolling out for a company in Japan, and the congif is completed. We are in the process of developing test cases ans also security roles and profiles for users? Can somebody guide and help me on this?
  Regards,

  Hi,
  Use Tcode = PFCG -->then create any customized roles and profiles for any users on module based.
  user masters: USR01 to 09, UST04,
  profiles: USR10, USR11, UST10S, UST10C,
  authorisations: USR12, USR13, UST12.
  password exceptions USR40.
  History tables(may not be applicable but FYI): users: USH02, USH04,
  profiles: USH10, auths USH12.
  R/3 Security Tcodes
  End User Transaction Code  Menu Path   Purpose
  SU3  System > User Profile> Own Data  Set address/defaults/parameters
  SU53  System > Utilities > Display Authorization Check  Display last authority check that failed
  SU56  Tools --> Administration --> Monitor --> User Buffer  Display user buffer
  Role Administration Transaction Code  Menu Path   Purpose
  PFCG
  Tools --> Administration --> User Maintenance --> Roles  Maintain roles using the Profile Generator
  PFUD   Work on SAP check indicators and field values
  Select: Copy SAP check IDu2019s and field values
  Installation
  1. Initial Customer Tables Fill
  Upgrade
  2a. Preparation: Compare with SAP values
  2b. Reconcile affected transactions
  2c. Roles to be checked
  2d. Display changed transaction codes
  SU24
  Same as for SU25:
  Select: Change Check Indicators > Maintain Check Indicators>Maintain 
  Regards,
  Srini Nookala

• Internet Explorer security message blocks my vrml from playing

  I created a simple flash interactive saved as an exe file. I
  created a button with a “get url” script to launch a
  quicktime vrml, it launches internet explorer and a security
  message about active content appears, which blocks the vrml from
  playing. Is there anyway the vrml can open without getting the
  internet explorer security message?

  Hi,
  My immediate reaction is don't panic! If you are testing your
  own page from your own local server then there is nothing to worry
  about. The whole issue of Active X controls is another sore point
  when having to deal with Microsoft's handling of interactive
  content.
  Triggering of the warning can be caused by various things
  other than the obvious contact with dynamic content. Here is an old
  thread from a discussion on why Active X warning appear on your own
  pages.
  http://www.dreamincode.net/forums/showtopic16624.htm
  Googling will find more evidence for you to trace. Your code
  looks fine to me and is not a threat to your system if it came off
  of your own local server.
  Active X is a pain in the butt.
  regards
  Nick Barling
  www.barkingweb.com