Item division level security for VB01,VB11,VBN1 and VK11

Hi,
I have a security requirement to have division level security for tcode VB01. Need some help here.....
Scenario is that we have two users belonging to two different divisions. Both have authorisation for VB01 but we need to restrict access such that user from one division should not be able to update record for material to which division he dosent belong to....hope this is clear....
vibhas

Hi Vibhas,
You can restrict the division with object V_KONH_VKO
in PFCG
hope this helps
thanks
kishore

Similar Messages

Row level Security for BI Author Role

Hi All,
We are using OBIEE 11.1.1.5 in our project. We have a requirement where we need to configure row level security on certain column.
We are currently using external table and session variable approach to configure this. This security works fine for the users with BI Consumer
roles. But we are facing issue with configuring row level security for BI Author role.
BI Author can create any analysis in BI Answers and suppose he/she creates a report which does not contain the column on which row level
security is applied than he can see all the data. For eg.
We have one dimension Products having two levels Product Division and Brand. I want to configure security based on Product Division column.
But if BI Author create a report with only Brand and Measures than row level security is not working.
Does anyone has face this issue before.
Please let me know if you want any other information from my side.
Regards,
Vikas

If you are using a multidimensional cube you can use the "permit" command to control access to dimension members or provide cell level security within the cube. The OLAP database documentation provides on how to use the PERMIT command.
If you are using relational tables and/or views with additional CWM metadata mapped using OEM then you need to refer to the database documentation relating to Virtual Private Databases and Label Security
Business Intelligence Beans Product Management Team
Oracle Corporation

Data level security for Dashboard pages.

Hi all,
I have a question.I want to apply data level security to the data in Dashboard pages .
Any Answers.
Thanks Sunny.

Thanks Srikanth and Aravind .
I have studied abt the data level security for dashboard.
My question is : Is there any way to apply dataleve security to dashboard pages . like id dashboard D1 has pages p1,p2,p3
and if we want to implement datalevel security to page is that possible.
Thanks
Sunny.

Data level security for 30000 profir centers

Hello Gurus
I have a requirement to implement data level security for 30000 profit center . Now I can think of creating the groups and applying security filters ( both on Dimesion & Fact) on the top of that.
But I cannot do so as I will have to create some 30,000 groups/roles which is not possible. because there are some users who have access to only one or two profit center and it forms a heirarchy.
As a workaround what I did is created a user-profit center table and joined it with the profit center table which is actually a snowflaked with two more dimensions - gl_account & gl_segment.
In the BMM layer , in the Content section of teh profit center dimension , I applied a where filter like below :
"Oracle Data Warehouse"."Catalog"."dbo"."Dim_W_GL_SEGMENT_D_Segment11"."SEGMENT_LOV_ID" in (1000163) and "Oracle Data Warehouse"."Catalog"."dbo"."Dim_W_GL_SEGMENT_D_Segment11"."SEGMENT_LOV_NAME"='Profit_Centre' AND ( "Oracle Data Warehouse"."Catalog"."dbo"."PF_USER_MAPPING"."USER" = VALUEOF(NQ_SESSION.USER) OR 'UNMATCHED'=VALUEOF(NQ_SESSION.USER) )
All is well if I create a report having Profit center as one of the dimension/component in the analysis (answers) .
But when I don't take Profit center the roll up is happening with all the Profit center . Reason being I have not applied "security filter " in the fact table and I cannot do so because USER tabel is not directly joined with the fact table.
Is there any workaround for this.
Pls. advise.

Hi,
Yes, any dimension filters are applied only when you include that dimension in your analysis.
As a workaround, you could create a filter as "Profit Centre" is not equal to 'Dummy Profit Centre' with "Protect Filter as ON" and add this filter to all of your analysis.
So what it does is, even though you do not refer to profit centre dimension in your analysis, the filter in each analysis makes sure that the profit centre dimension is always mapped and the data restriction is applied.
Hope this helps.
Thank you,
Dhar

Data Level security for specific Users

Hi,
Can you please suggest some ideas on by-passing the Data Level security for specific users or specific group?
Currently, we have data level security defined on a group permissions for one group and for people belonging to another group, the security should not apply and they should see entire data.
But, key thing here is that, the user belongs to both the groups.
Any ideas helps.
Thanks,
Chandu.

So you are saying you want a user to belong to a group with data-level security filters, but you don't want the filters to apply to that user?
Why are they in the group then?
Are the data filter defined with variables or are the hard-coded?
If variables, you may be able to put logic in initialization block to set the variable appropriately for specific users.
I'd rethink the security model - when I define data level security filters, I tend to force users to only belong to a single group/role.

PO Line Item wise gross value for combination of WBS and Material Group

Hello,
Our requirement is to get report for PO Line Item wise gross value for combination of WBS and Material Group. Standard report ME2J gives net price but not gross value for Material Line items. Please let me know if any standard report( or ME2J) will suffice this requirement.
Regards,
Milind Dumbre

Dear Milind
No standard report available to get the PO Line Item wise gross value for combination of WBS and Material Group. Please go for development by taking reference ME2J.
Warm regards
Ramakrishna

[svn:fx-trunk] 15810: * Package and class level javadoc for the antTasks module and some

Revision: 15810
Revision: 15810
Author:   [email protected]
Date:     2010-04-29 02:47:22 -0700 (Thu, 29 Apr 2010)
Log Message:
Package and class level javadoc for the antTasks module and some
other stragglers.
QE notes:
Doc notes:
Bugs:
Reviewer: Corey (post commit)
Tests run: checkintests
Is noteworthy for integration: NO
Modified Paths:
    flex/sdk/trunk/modules/antTasks/src/flex/ant/AsDocTask.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/AscTask.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/CompcTask.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/FlexTask.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/HtmlWrapperTask.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/MxmlcTask.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/config/ConfigAppendString.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/config/ConfigBoolean.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/config/ConfigInt.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/config/ConfigString.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/config/ConfigVariable.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/config/NestedAttributeElement.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/config/OptionSpec.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/config/RepeatableConfigString.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/types/DefaultScriptLimits.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/types/DefaultSize.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/types/FlexFileSet.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/types/Fonts.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/types/Metadata.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/types/RuntimeSharedLibraryPath.java
    flex/sdk/trunk/modules/antTasks/src/flex/ant/types/URLElement.java
    flex/sdk/trunk/modules/compiler/src/java/flash/css/LocalSource.java
    flex/sdk/trunk/modules/compiler/src/java/flash/css/URLSource.java
    flex/sdk/trunk/modules/compiler/src/java/flex2/linker/DependencyWalker.java
Added Paths:
    flex/sdk/trunk/modules/antTasks/src/flex/ant/config/package.html
    flex/sdk/trunk/modules/antTasks/src/flex/ant/package.html
    flex/sdk/trunk/modules/antTasks/src/flex/ant/types/package.html

Thank you very much!
I cant believe this little comment has been so helpful!
But yes it is:
I explain, despite my efforts to find, googled it, forums, faqs, etc...
no where it mentionned the manifest.fm file is... INSIDE the .jar!
Your comment "a zip" made me attempt to open it with winrar, and I found a manifest.fm file inside!
So far I was editing the one at the "source" of my project and rebuilding it with netbeans.
I am going to try that now.
Actually.... :( no its mentionning my main class!
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.7.0
Created-By: 10.0-b19 (Sun Microsystems Inc.)
Main-class: courseworkjava3d.Simple3D
Class-Path:
X-COMMENT: Main-Class will be added automatically by buildWell I have no problems uploading you the .jar, it is for a coursework it is not a private project or whatever:
http://www.uploading.com/files/CM2LKWYU/BetaCourseworkJava3d_Final.jar.html
Oh and I felt on your comment "dont ask us" as if I was suppose to know... i'm a beginner, I did not know that! And I tried to give you so many infos so you dont lose your time if you want to help, especially as after my own research I found many, many results for this "main class" and I tried a few solutions!
Edited by: CupofTea on Apr 13, 2008 3:28 AM

ACL - ILS (Item Level Security) for Content Server & WebCenter Spaces

We're trying to implement Item Level Security (ILS / ACL) for Webcenter spaces. We're following the instructions from the Oracle® Fusion Middleware Administrator's Guide for Oracle WebCenter 11g Release 1 (11.1.1.5.0) http://docs.oracle.com/cd/E15586_01/webcenter.1111/e12405.pdf
After making the configuration changes, we're unable to see the "Security" option from the "File" menu in the Document explorer. Has anyone else implemented this feature and ran into similar issues?
I made the following configuration changes:
UseEntitySecurity=1
SpecialAuthGroups=SecurityGroups (comma separated list with no spaces and the application name is included)
CS: Version:11gR1-11.1.1.5.0
DB: 11.2.0.2.0 ---Oracle Database 11g Enterprise Edition
WebCenter: 11.1.1.4.0 (in a clustered environment)
Also, we're looking at the document properties in webcenter spaces via document explorer and do not see the "security group" or "accounts" metadata fields. We can see the "Content ID" and a whole bunch of fields and do not see "security groups" and "accounts". However, when we log into the content server and look at the folder or file "info" we can clearly see the security group and account values...not sure what is required to make these two fields show up in webcenter spaces.

Hi ,
Do you upload the documents from spaces or from UCM side ?
When you say the security and account field are not displayed , is that when viewing the content or during update ?
When the ACL features are turned off do you see the above fields ?
Thanks
Srinath

ACL - ILS (Item Level Security) for Webcenter Spaces

We're trying to implement Item Level Security (ILS / ACL) for Webcenter spaces. We're following the instructions from the Oracle® Fusion Middleware Administrator's Guide for Oracle WebCenter 11g Release 1 (11.1.1.5.0) http://docs.oracle.com/cd/E15586_01/webcenter.1111/e12405.pdf
After making the configuration changes, we're unable to see the "Security" option from the "File" menu in the Document explorer. Has anyone else implemented this feature and ran into similar issues?
Also, we're looking at the document properties in webcenter spaces via document explorer and do not see the "security group" or "accounts" metadata fields. We can see the "Content ID" and a whole bunch of fields and do not see "security groups" and "accounts". However, when we log into the content server and look at the folder or file "info" we can clearly see the security group and account values...not sure what is required to make these two fields show up in webcenter spaces.

Hi ,
Do you upload the documents from spaces or from UCM side ?
When you say the security and account field are not displayed , is that when viewing the content or during update ?
When the ACL features are turned off do you see the above fields ?
Thanks
Srinath

Item level security for custom items in 902

I've created several custom item types and created some items in a page
that enables Item Level Security.
Enabling item level security on any of these items cause
Error 30694: Error in API - update item failed
Steps:
1. Create custom item type
Extended simple text type
added image attribute
2. Create custom item
3. Edit custom item just created
Select Access / Item Level Security
Select Define Item Level Access Privileges
Hit Apply or OK
-> Error 30694: Error in API - update item failed
Same error is using a "Image" item type.
The above steps do not cause an error if using the default types; e.g. Simple Text and Simple URL
Also tried promoting the item type so its shared. No effect.
Is item-level security only for base "simple" item types??? If so then this is a MAJOR restriction.
Any help would be greatly appreciated.
--jason mathews

Hi Jason
I filed a bug on this. See 2529787
I narrowed the problem down to custom item types that have a file or image attribute and only when the item is edited by someone other than the orginial publisher.

Data level Security for Oracle Apps as Source

Hi all
I need to implement Data level Security on Apps Users in OBIA
We are using Apps as source with Single sign On. I need to apply Data level security on Business Group Field.
We dont have users in OBI, we need to register apps users in OBI.
Could anybody tell me how to register Apps users in OBI???
OR tell me if you know some other way to implement D L Sec on Single sing On and Apps as source.
Thanks in avd
V P

You need to be creating your "business groups" as a group in the RPD, init blocks to retrieve the user business group at login. Filters in the Logical table sources to restrict data to relevant business groups only.
Presentation 'Web Cat' groups with the same name as the RPD groups so a user inherits membership automatically.
I'd suggest sourcing a vanilla OBIA rpd to see how it is implemented out of the box.

Screen Level Security for the Material Master

We need to create security for the material master by screen views. The Purchasing group needs to be able to change the Purchasing and MRP screens but none of the other screens. How would we accomplish this with SAP security?
Thanks!

Janet,
It is hard for us to know how your authorization profiles or roles are constructed. You really should consult your local authorization expert.
The Authorization object you are looking for is M_MATE_STA. It is probably contained in at least one of your Roles or Profiles that are currently assigned to your MM maintenance people. At a minimum, it should exist in standard SAP profile M_MATE_ALL in your system. You can review all of these types of authorization info in the User Information System (transaction SUIM).
You would have to create roles or profiles that narrowly define the "User department" fields for M_MATE_STA object. You would also have to search for existing roles/profiles that contain "*" in this field, and determine if these entries are still appropriate in your new authorization business process you want to begin.
Below is the SAP help about this authorization object
M_MATE_STA
Definition
Maintenance status authorization for material master records
The data contained in a material master record is divided into user departments or views (Purchasing, MRP, and so on). The maintenance status is a single-character key for the relevant user department or view.
This object determines which user departments or views a user is authorized to process; that is, which data he or she may process from this view.
                                                                                Note
To use material master functions, a user needs the authorization for at least one user department.
Defined Fields
Fields               Possible values      Meaning
ACTVT                01                   User may create data.
                     02                   User may change data.
                     03                   User may display data.
                     06                   User may flag data for deletion.
                     08                   User may display change documents.
STATM                                     Here, you specify the maintenance status for which the user is authorized.
The maintenance statuses possible are as follows:
User department                Maintenance status
Work scheduling                   A
Accounting                        B
Classification                    C
MRP                               D
Purchasing                        E
Production resources/tools        F
Costing                           G
Basic data                        K
Storage                           L
Forecasting                       P
Quality management                Q
Warehouse management              S
Sales                             V
Plant stocks                      X
Storage location stocks           Z
Notes
This authorization object also determines:
o   Whether a user may flag a material master record for deletion. In this case, 06 must be entered in field ACTVT; the maintenance status is irrelevant here.
o   Whether a user may change the material type. In this case, 02 must be entered in field ACTVT; the maintenance status is irrelevant here.
o   Whether a user may process an MRP profile or forecast profile. In this case, the following values must be entered in field ACTVT:
-   01 to create
-   02 to change or delete
-   03 to display
The maintenance status must be D for the MRP profile or P for the forecast profile.
o   Whether a user may create an overview of all extendable materials. In this case, 01 must be entered in field ACTVT; the maintenance status is irrelevant here.
o   Whether a user may call up the materials list. In this case, 03 must be entered in field ACTVT; the maintenance status is irrelevant here.
o   Whether a user may create or change production versions from task lists. In this case, 02 must be entered in field ACTVT, and A in field STATM.
Rgds,
DB49

Page level security for JSPs

How can i give my users limited access to my JSPs, i.e i should be able to give access to different JSPs based on user.Can i do it?


Look at the security section of the spec. Simplest implementation uses
          resource-level security, where resource could be a dir, extension or a
          specific JSP.
          Peace,
          Cameron Purdy
          Tangosol Inc.
          << Tangosol Server: How Weblogic applications are customized >>
          << Download now from http://www.tangosol.com/download.jsp >>
          "nandu" <[email protected]> wrote in message
          news:3b696405$[email protected]..
          > How can i give my users limited access to my JSPs, i.e i should be able
          to give access to different JSPs based on user.Can i do it?

Row-level Security Filters applied to Columns and Tables only? no Areas?

Good day all,
Just quick question (obiee 10.3.3.2) - Is there a way to edit row-level security using Whole subject areas (instead of bringing in the individual Fact tables and applying filters by copying/pasting them).
Follow up question - if I have nested facts in presentation layer (ones preceding with "-" - do I specifically add them to conditions, or would they be inherited by only including parent fact)?
Thanks!
Message was edited by:
wildmight

I'm not sure how that would help; by using the Faculty_ID Session Variable I can identify the CRN and Term of all courses a faculty member is teaching. But I don't think that has to do with the problem I am having?

Row Level Security for INSERT's

Hello there,
I implemented security-policies for the actions SELECT, UPDATE, DELETE and INSERT. All policies work well with exemption to the INSERT-policy. My question is:
How does the dynamic predicate work for INSERT-actions?
As far as I learned, a command like "SELECT ... FROM ..." is extended by a "WHERE " + predicate (from policy). But does this work with INSERT? I mean does something like "INSERT INTO Testtable VALUES(....)" + "WHERE " + predicate work? Am I constructing my predicate wrong or does RLS not work in this case?
Regards
Philipp Pott

Ok, I found the answer myself:
for INSERT's and UPDATE's the "update_check"-option of the DBMS_RLS.ADD_POLICY procedure (see PL/SQL Supplied Packages Reference, 61-5) is applicable. Setting this value to TRUE will let the server run the policy also after the insert.
With running the policy after the insert suddenly my routine worked and now rejects (prohibited) inserts with error ORA-28115 "Policy with check option violation".
Unfortunately this is not mentioned or shown by an example in the Oracle documentation. I found an example in the security-corner (http://otn.oracle.com/sample_code/deploy/security/9i_security.html) and some text in a technical white-paper (http://otn.oracle.com/deploy/security/oracle9iR2/pdf/VPD9ir2twp.pdf).
Huhh, on to the next steps / problems ..
Regards
Philipp

Item division level security for VB01,VB11,VBN1 and VK11

Similar Messages

Maybe you are looking for