Landscape for Access Control (all components)

Similar Messages

• Mass creation of Oracle HR Self Service Users (for access to all employees)

  Mass creation of Oracle HR Self Service Users (for access to all employees)
  Hi all,
  We have Oracle Human Resources 11.5.7 and recently implement Oracle HRMS (Self Service) for the purpose of Online Appraisal System.
  Is there any fast way to create all employees as users of the Self Service instead of creating the users manually one by one in HR?
  I would appreciate any feedback.
  Thanking you in advance.
  Best regards,
  Elena Demetriou
  Hellenic Bank

  Check pages 2-23 and following of the Deploying SSHR Capability V5.2 guide on Metalink. It describes the methods for Batch Creation of User Accounts.

• Importing a pkg with rely on server storage and roles for access control

  Hi we run std 2008 r2.  I'm reading documentation on prot levels during pkg import to catalog at
  https://msdn.microsoft.com/en-us/library/ms141747(v=sql.105).aspx but unfortunately the definition of prot level "rely on server storage and roles for access control"
  isn't clear.  They used the prot level name to define it which didn't help me.
  This option looks appealing but it isn't clear why I need to enter a pswd when choosing this option.  Will my peers need to know that pswd when they export?  Will the sql agent job need to present that pswd when running?  If I just keep current
  prot level "encrypt with user" will the agent job be able to run it?  I'm sure it (agent) isn't running with my creds now.  Also, how can I tell what prot level it was deployed with last?  I rt clicked on the pkg in the catalog
  and don't see anything obvious about that.  I already understand that on export prot level is changed to encrypt with user. 
  I'm going to look at the sql agen job right now to see what creds it runs with.

  First thing to understand is that protection level is used for determining how package (dtsx) file have to be protected. Once package is deployed in server and executed from agent, the conventional way is to use method of configurations or parameters if
  2012 to get required connection etc values and execute using it. It never uses the values that were set during the design time. So it doesnt matter what protection level was so far as its based on config
  However if you're planning to export existing package to your system and do modification thats where protection level comes to play. If its set to any of ENcryptSensitive... type value then you'll to provide the value (either a passowrd or your userkey which
  it takes automatically from login info) to see the sensitive info (connection info,passwords etc) The package will still open and so far as you manually type in missing values you will be able to execute the package. If protection level is set to one of ENcrptAll
  then you will have no way to open package itself unless you provide password/ have correct userkey.
  The rely on server storage option uses sql server security context itself ie it doesnt do any encryption within package by itself but will assume values based on sqlserver security. This is used when you store package itself in SQLServer itself (MSDB)
  Please Mark This As Answer if it solved your issue
  Please Vote This As Helpful if it helps to solve your issue
  Visakh
  My Wiki User Page
  My MSDN Page
  My Personal Blog
  My Facebook Page

• Where can I find iPhone "Apple ID" # for Access Control on Airport Express?

  I'm running Apple Express (NOT Extreme) base station v5.5.1, & require Access Control on 802.11g network. I have "Apple IDs" for all our computers using network, but I can't figure how to get ID #s for iPhone. As workaround, I temporarily opened my network to standard 128-WEP encrypt w/ password, disabling Access Control. But some hash-chart wizard in my apt complex keeps beating WEP & bogging down network, no matter how many times I change passwords. Note: I can't set up WPA w/o Airport Extreme, so that's not an option.
  Thanks in advance for any suggestions...

  Yeah, this kinda had me going as well...at first I couldn't figure out where in the world was the MAC address for this iPhone! I check the iPhone, the box, online everything everywhere! I just happened to be in the Settings and went to About this iPhone...and Blam! there it was!!! Be sure and use the ID for WiFi. MAC Access Control is a great safeguard, though many say people can "spoof" MAC IDs. I haven't seen it and am not sure how it would be done.

• BI content for access control

  Hello everyone,
  is there any guide for activation of the BI content, especially for source system / data source ?
  Any help is appreciated - thank you !
  Regards,
  Max

  Hi Max,
  I guess you are talking about AC 5.3, for that I wrote an how-to guide.
  Find it here:
  http://www.sdn.sap.com/irj/bpx/go/portal/prtroot/docs/library/uuid/e05a9879-d204-2c10-54a9-ebc94eaddc4e
  Best,
  Frank

• Default Keychain Access Control for Safari

  For the Keychain item Safari Forms Autofill, what are the default settings for Access Control? Mine are set to Confirm Before Access, and Ask For Keychain Password and no applications are listed. How it is out of the box?

  Hmmm... if I open Keychain Access, I do not see separate keychains for each browser - just one for "System", "Login", "scott" and "X509Anchors" - and all of my internet passwords are stored in "scott". Also, if I open an internet item, I get a window that shows a tab for "Access Control" - where I can give access to all applications, or I can specify any specific application to have access to that info.
  So, from that I had assumed that when I add Camino to the list of applications under "Always allow access to these applications" for an internet password item, that it would automatically be pulled from there by Camino when needed (and I was pretty sure that's what had happened when I was dealing with this yesterday).
  However, after testing a couple more by adding Camino to that list, and changing another to allow access by any application, the username and passwords did not automatically come up in Camino. I must have been dreaming it. :?
  Are the "Internet Password" and "Web form password" items in Keychain Access not what the browsers draw from? Do they maintain their own "keychains" as part of their "Application Support" files?

• Reporting on Access Control 5.3 with SAP BO 4.0

  Hello All,
  I have to develop WebI reports on Access Control 5.3 data. Are there any direct connectivity options available in IDT for Access Control 5.3 or Do I have to go through Oracle database connectivity as Access control 5.3 backend database is Oracle? And also for authorization data I have to connect to ERP system.
  Any help that you can provide will be greatly appreciated.
  Thanks and Regards,
  Aashutosh

  Hi,
  Generally speaking,  i believe GRC 10  is more closely aligned to BI4.0 in terms of product releases.
  However, to the best of my knowledge, there's no direct connector from BI semantic layer (IDT/UDT) specifically for GRC.
  I believe there is a web-based UI (dynpro) for dashboard-like analysis of the compliance topology, but that's it:
  http://help.sap.com/saphelp_grcac10/helpdata/en/16/7a5f2e29744e078f9305017fee2fc2/frameset.htm
  You may want to contact the GRC forum to confirm.
  Regards
  H

• Can i parental control all computers through time capsule

  can i set parental control on time capsule to filter all the internet in my house?

  First, you need to define how you want to restrict this boarder's access.
  Do you want to enter a list of websites to prevent him from reaching?
  Do you want to stop internet access at certain times of day?
  Do you want to limit the amount of data they use?
  Something else?
  You might not need to buy anything more. How do you get your Internet? Is your cable or DSL modem also a router? Because if it is, you may be able to accomplish your restriction through your modem, instead of your Time Capsule.
  My DSL router is very well equipped, so I use it for my router and I put my Time Capsule in bridge mode. When I look at the admininstrative page for my router, I see numerous options for access controls, many more than in Time Capsule. There are blocking lists based on MAC (Media Access Control) address, IP address, time of day, domain name, etc. And if you're lucky, your modem may allow you to apply specific restrictions to individual computers (by MAC or IP address).
  So check your cable/DSL modem, study its configuration pages and its manual, to see if it is also a router with extensive blocking capabilities. Unfortunately, as a novice, you might not have a good handle on what to set, where, and how. That's why the first sentence of this post is important: First define exactly what type of restriction you have in mind, then see if you can locate an option in your wireless modem/router that will handle that for you. Then you might have to study the manual and do a little reading on the Web to understand how to do what you're trying to do. You can also ask on the forum for your cable/DSL modem, at dslreports.com.

• Custom GRC  access control reports

  Hi,
  Is it possible to have custom reports for access control?  Specifically we are looking at developing reports based on roles and users for compliance calibrator (risk analysis and remidiation). 
  Thanks.

  Hi Clark,
  Just go through with the following document......
  http://www.sdn.sap.com/irj/bpx/index?rid=/library/uuid/706f48c6-9694-2c10-319f-c379570dc988&overridelayout=true
  You will come to know all the new features about custom reports.
  Regards,
  Mohit

• How to allow multiple domains under Access-Control-Allow-Origin

  Hi,
  We have a domain where will get CORS request from another domain hosted on seperate DC. We can't set
  Access-Control-Allow-Origin as * due to security concerns & IIS can't take more than 1 value at a time. Kindly suggest how to pass multiple httpheader  for
  Access-Control-Allow-Origin.
  Regards,
  Dhiraj

  Hello Dhiraj,
  This is not the suitable forum for your question, you may post in
  IIS forums for more help.
  Thanks for your understanding.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Appropriate addressing (subnet separation) for Unified Wireless Infrastructure components.

  Good day all,
  I am looking for some advice on appropriate IP subnet separation of the various Cisco Unified Wireless Infrastructure components.  For example, would all components go on their own firewall secured IP subnets?  Can some of the components be grouped together, would there be a performance advantage to that vs a security risk? Just so I am clear, the components I am referring to are WLC, ISE, MSE, and PRIME Infrastructure.
  The environment for context is Unified environment, all components are centralized in a single DC (datacenter) but soon to be two DCs. 5508 controllers, 2504 controllers, 3495 security appliances, and 3300 series MSEs.  The deployment model for now is (from the BYOD CVD) Basic Guest with two SSIDs (corporate and guest) and using a guest anchor in a internet DMZ.

  It really varies, but it comes down to the basic.... security policy for the devices.  I usually keep the AP's in it own subnet, the WLC in the same subnet as the switches and the MSE and PI in the server subnet.  Wireless will always be on its own subnet and guest, like you have, will be tunneled into its own subnet in the DMZ.  Internal wireless should be separate subnet from your wired side.
  Scott

• EA4500 - poor parental access controls.

  What's great about it: Easy to setup. Fast. Good range.
  What's not so great: Parental controls are limited to the point of being useless for my needs.
  I love this router but it's going back. The parental access controls are extremely limited. Limited to the point of being useless IMO. For instance, I can't restrict access to Tues - Friday 3:00PM - 8:00PM. The router also predefines weekends and school days and you are limited to a time limit that begins in PM and ends in AM. Your defined end time must be after midnight because you are limited to an AM ending time. The router defines weekends as Saturday - Sunday. What about holiday weekends? No way to account for that in the access controls. It's very limiting and frustrating for a high dollar router. If you don't have use for access controls, it's a great router.
  This product has...
  Fast connection
  Secure connection
  Easy to set up
  Reliable connection
  No, I would not recommend this to a friend.
  I use it in...:Small home

  I have to agree. I set this up on Friday, gave it the weekend to run and see how it works. Tonight I read pages upon pages about how to get the parental controls to work -the number one reason I bought this one. I watched my son using skype, minecraft, facebook and youtube right under my nose while I reset and reset and reset the parental controls to block those sites on his PC.
  The cloud is not there.  Apps? What apps? Misleading. There is a Droid app that is almost useless as it has no parental control. And the setting for limiting access? Give me a break. Who designed that data set, a kid?
  It was presented as if this device would have apps to be able to customize the operation. That would be good. Where are the apps?
  Its going back by Wednesday just because I have already sold my old DGL-4300 and now I have to get another router. NetGear here I come again.  Oh, please please please spare me the posting of  two links to how to set up the parental controls with the web interface or Cisco Connect. The issue is NOT that I don't know how to use the feature. The issue is the feature is sufficiently lacking in scope and options. It sucks.

• Looking for documentation of Access Control Batch Jobs-all four components

  Hi,
  We are implementing all (4) components of Access Control. We are at a point in our project, where we are documenting, inventorying and testing all of or Batch Jobs. I'm trying to find One Single, or Four individual documents that provide direction, sequencing, etc..... I've found vague bits and pieces, but am hoping the is some detailed documents out there, that someone can direct me to.
  Any assistance would be greatly appreciated.

  Hi Smith,
  Check "Operations Guide - SAP GRC Access Control 5.3" at Service Marketplace-->Installations and upgrade->Access Control 5.3 It contains the list of jobs.
  For firfighter, there are background jobs in Config Guide.
  Regards,
  Sabita

• Impliment GRC Access control in difffrent landscape

  Hi Friends,
  In our company we have different landscapes in SAP and now we are planning to implement Access control in all landscape.
  R/3 landscapes with out  any Java stack( both ECC6 and 4.7 EE)
  Solution manager landscape
  XI landscape.
  BW
  and EP.
  Our first target is R/3 Landscape. Can you please guide me. what will be the best approach to implement  AC in R/3 systems as they don't have any Java stack.
  I  will appreciate if you can guide me with other landscape also.
  Thanks,
  Satyabrat

  Satyabrat
  The GRC landscape is technically separate from the different SAP Application components you mention so technically, you can connect the GRC system to any of the other components but creating the appropriate JCOs and SLD entries.
  You will need to instal the RTAs in each of the required source systems (ERP, ECC, BW, XI, SM, CRM, SRM etc!) but they can all link to the sepearate GRC systems.
  The exact landscape setup is dependant on what you wish to use GRC for. For example, you may wish to only link production GRC to production backend systems for Risk analysis and SoD. However, if you wish to use ERM or use Role bases analysis, you may find it useful to connect your production GRC system to your development backend systems where the roles are actually defined!
  The architecture is deliverately flexible to allow you to do this.
  For the initial use cases, it may make sense to keep Production segregated away from Pre-production systems but in the future, you may find that you wish to re-assess this as your useage grows.
  Regards, Simon

• Change in Access Control components on the Service Marketplace

  Hello GRC community:
  We would like to inform you that as of yesterday (5/30) the Access Control components for support messages/SAP Notes have been changed (they have actually been replaced so all messages/notes logged under the old component will be moved/replaced to the new).
  The main 4 components are now:
  New: GRC-SAC-ARA     Access Risk Management
  Old: GRC-SAC-SCC          Risk Analysis & Remediation (formerly Compliance Calibrator) 
  New: GRC-SAC-ARQ     Access Request
  Old: GRC-SAC-SAE          Compliant User Provisoning (formerly  Virsa Access Enforcer) 
  New: GRC-SAC-EAM     Emergency Access Management
  Old: GRC-SAC-SFF          Superuser Privilege Management (formerly Virsa Firefighter) 
  New: GRC-SAC-BRM     Business Role Management
  Old: GRC-SAC-SRE          Enterprise Role Management (formerly Virsa Role Expert)
  There are also NEW components specific to areas of functionality. If you are not sure of what component to log your message under, please use the main components above.
  GRC-SAC-ADS          Directory Services
  GRC-SAC-BI             Access Control BW
  GRC-SAC-CONF       Configuration
  GRC-SAC-DAS          Dashboard
  GRC-SAC-REP          Repository
  GRC-SAC-RPT          Reporting
  GRC-SAC-UAR          User Access Review
  GRC-SAC-UPG          Installation & Upgrade
  GRC-SAC-WF           Workflow
  Ramelyn Paredes
  AGS Primary Support

  Hello COmmunity,
  To Summarise in Short: New features introduced to V10.0 : GRC 10.0 is ABAP based, so extraction of data from users is fast & analysis as well.
  As usual, the names for the Access control tool has been changed
  A. Access Risk Analysis (RAR)
  1. USOBT & object information will be automatically updated with GRC rather than manual upload (earlier version)
  2. Mass Users can be imported from .CSV file for risk analysis, Role analysis etc.,
  3. Variant creation / reuse for any report analysis
  4. Option of having multiple rule sets & simulating users across multiple rule sets at same time
  5. Risk analysis for CUA, Composite roles
  6. Mitigation by system, risk id, mass mitigation for users, audit trail etc.,
  7. Risk analysis for HR objects
  B. Emergency Access Management (SPM)
  1. Mass reporting for all FF users, Ids, Executions
  2. Centrally maintained for all systems rather than individual ERPs.
  C. User Access Management (CUP)
  1. Customizable Access request forms
  2. HR based role assignment for position, org unit
  3. IDM integration using GRC Web services
  D. Business Role Management (ERM)
  1. Concept of Business role mapping for Technical roles.
  2. Audit Trails & PFCG Change history.
  Finally, the look, reporting format has been changed to provide additional information for analysis.
  More important - GRC V5.3 support is till 2015 & SAP has planned to push the customers to upgrade to 10.0. Eventually SAP is also planning to release GRC 11.0 by mid next year. So we have to wait & watch the show