Limitations at user level

Similar Messages

• Information Regarding Essbase Security Except Filter Level and User Level

  I have an requirement to implement data level security in Essbase. For ex: A user can only see those data which are from Asia region or an user will be able to see those data which are from America.
  Asia and America are defined in my location dimension.
  can any one explain about it without using user Level Security and Filter level security.
  Please tell me how to do it?
  Thanks in advance.

  Sandeep's reference the DBAG and the section on filters is the right direction. The filter is created in EAS.
  Let's use an example.
  You create a METAREAD filter (that is, it filters both data and dimensionality) that gives a user limited access to the Location dimension (I think I have that right), e.g., the British Isles, the UK and Ireland. You can also create a READ filter but it only limits data and, in my opinion at least, causes confusion because users can see metadata (the whole world) but only see data for the British Isles.
  NB -- filters can be assigned to individual usernames or to groups that users are members of. For a POC, I'd keep it simple and just assign it to a username, but it's your choice.
  Assign the filter to the user in Shared Services.
  Try connecting to the database in Excel through the Classic Add-In or SmartView to test what the user sees -- it should be: Total Location, British Isles, the UK, and Ireland. You will see Total Location (top of the dimension) because that's how Essbase navigates down -- it has to have the dimension name to find the limited children. You won't see any data there. But you will see data at the Location members that the METAREAD filter allows.
  That's it -- it's been around since the year dot, and is the way access is restricted. You shouldn't need to reinvent the wheel to get this to work in OBIEE. Essbase should do the work.
  Regards,
  Cameron Lackpour

• Make all the forms at a user level or responsibility level to be read only

  Hi,
  Please suggest me to make all the forms at a user level or responsibility level to be read only. So that when a particular user logs in, he gets all the form in read only mode or at a particular responsibility all the forms are read only so that we can attach this responsibility to the user for the same purpose.
  Any ideas will be highly appreciated.

  check this blog,
  http://www.oracleappshub.com/11i/oracleapps-responsibility-vs-sap-functions/
  Re: How to change OM responsibility as read-only in oracle applications 11i
  read only responsibility-user

• How to create a profile value at user level programatically

  Dear all,
  I want to create a profile value at user level programatically, I refer to the developer guide and try to use fnd_profile.put() to create a new value.
  But I find out the value is just created in session level, not be inserted into base table.
  So is there anyone know how to realize this function in PL/SQL?
  Any idea is appreciated.
  Best Regards,
  Kenny

  Check Note: 364503.1 - How to Set a System Profile Value Without Logging in to the Applications
  https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=364503.1

• Error while performing Risk Analysis at user level for a cross system user

  Dear All,
  I am getting the below error, while performing the risk analysis at user level for a cross system (Oracle) user.
  The error is as follows:
  "ResourceException in method ConnectionFactoryImpl.getConnection(): com.sap.engine.services.connector.exceptions.BaseResourceException: Cannot get connection for 120 seconds. Possible reasons: 1) Connections are cached within SystemThread(can be any server service or any code invoked within SystemThread in the SAP J2EE Engine), 2) The pool size of adapter "SAPJ2EDB" is not enough according to the current load of the system or 3) The specified time to wait for connection is not enough according to the pool size and current load of the system. In case 1) the solution is to check for cached connections using the Connector Service list-conns command, in case 2) to increase the size of the pool and in case 3) to increase the time to wait for connection property. In case of application thread, there is an automatic mechanism which detects unclosed connections and unfinished transactions.RC:1
  Can anyone please help.
  Regards,
  Gurugobinda

  Hi..
  Check the note # SAP Note 1121978
  SAP Note 1121978 - Recommended settings to improve peformance risk analysis.
  Check for the following...
  CONFIGTOOL>SERVER>MANAGERS>THREADMANAGER
  ChangeThreadCountStep =50
  InitialThreadCount= 100
  MaxThreadCount =200
  MinThreadCount =50
  Regards
  Gangadhar

• LaserJet P1505n printing slow just for user-level accounts in Win7

  I have several workstations running Win7 Pro 64-bit that have been installed as replacements for XP machines.  All of them print to one of several P1505n printers, and are using the latest drivers from HP.  Under XP there were no problems printing to these printers, but the Win7 machines have significant delays when trying to print.  The Windows test page prints instantaneously, but printing from any other application has a delay of up to a full minute before the job begins to print.  Once the job prints, it prints without issue.
  One thing that I have noticed during my testing seems to point to permissions.  If I am logged in using my admin-level account, everything prints as it should, with no delays at all.  Once I log in with a user-level account, however, the delays begin.  I found the driver files at C:\Windows\System32\spool\drivers\x64\3, but giving "everyone" full control over those files does not help.
  Is there anything else that I should be looking at?
  Thanks in advance!
  Donny

  In the end, I was able to resolve the problem by installing the Vista x64 drivers.  No playing with permissions necessary.

• Windows Server 2012 Group Policy Block USB Storage devices @ User Level Not getting applied on a Domain Client machine with Windows Server 2008 R2. Why?

  Hello,
  I have a Windows Server 2012 R2.
  I have configured the Group Policy on it to block the usage of USB - Storage Devices @ user level on the client machines. It works properly for my Windows 7 client machines but it's not working on one of the machine having Windows Server 2008 R2 installed
  on it (this machine is also a domain client in the same domain).
  I will really be thankful if anyone can suggest some solution to this issue.
  Please feel free to write back in-case I have missed anything obvious to be shared.
  Thanks!
  -Vinay Pugalia
  If a post answers your question, please click "Mark As Answer" on that post or
  "Vote as Helpful".
  Web : Inkey Solutions
  Blog : My Blog
  Email : Vinay Pugalia

  Hi,
  Any update?
  Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
  Best Regards,
  Andy Qi
  TechNet
  Subscriber Support
  If you are TechNet
  Subscription user and have any feedback on our support quality, please send your feedbackhere.
  Andy Qi
  TechNet Community Support

• Issue in User Level Simulation in GRC 10.0

  Hello Every one,
  Before i Jump into the question, please find below the screen shot which tells about the B.P(Business process),Functions created in test system(GRC 10.0), where as the roles and corresponding users which have been created in back end system connecting to GRC 10.0.
  Now when i am trying to run a risk analysis on user TEST_RISK(TEST_ROLE_RISK role is assigned and pfa the authorizations in the role), i will be shown the Risk R001.
  Now i am trying to run user Level Simulation on the above user TEST_RISK and i am trying to simulate by adding a new role TEST_ROLE_RISK3 as shown in the below screenshot at Action level,Permission Level,Critical Action level ,Critical permission level.
  Even though i select the option, Risk from Simulation only, when i try to execute at action level , it is also showing me the risk which coming from the actual role assigned but not from the simulating one.
  Thanks and Regards,
  Naga.

  Hi Naga,
  there are some notes which might help to fix the problem. Especially the first might fix your problem.
  http://service.sap.com/sap/support/notes/1895502
  http://service.sap.com/sap/support/notes/1953347
  Please let us know if it helped.
  Regards,
  Alessandro

• Permissions set at USER level

  Can I just confirm, that if I open a User within Server settings and I see any of the Global permission tickboxes ticked then these have at some point been set at the User Level. If however, best practice has been observed and users have only ever been
  selected against groups then I should NOT see any boxes in any of the Users permissions ticked at all?  Is that correct?
  Thanks in advance,
  Steve

  Steve --
  You are absolutely right, my friend.  If you see ANY checkboxes selected in the Categories or Global Permissions sections of a User page, then these selections represent an override to the permissions specified by the Groups to which the user belongs.
   Best practice dictates that permissions for each user be controlled by adding the user to Groups, which makes for a simpler and easier to understand security model.  This is a GREAT question, my friend, and I applaud you for asking it.  :)
  Dale A. Howard [MVP]

• How to forbid command field at user level?

  Does anyone know how can i forbid at user level the command field?
  Thanks
  M.

  Hi marco,
  1. In normal SAPGUI,
     there is some REGISTRY Value, (when gui installation is done)
  2. If that setting/value in registry is changed,
     then the command field won't come.
  3. For PORTALS,
      the setting is done in the ICF/Service parameter
     ~NOHEADEROKCODE=1
    (By doing this, it will come in SAP GUI,
    but won't come if we access r/3 from portal/internet explorer)
  regards,
  amit m.

• How to hide the columns at the end user level thru personalization

  Hi all
  how I can hide the columns that are displayed on the portal. Any personalize option for the end user? Any righ click or some thing?
  I am looking at hiding columns not while developing the iViews / Pages, But in the browsers as the end user.
  i can hide the columns what ever i want while creating the iViews for MDM data. but we cant provide the content administrator role to the end user for hiding the columns what ever they want. they want to hide the columns thru pesonalization option at the end user level.
  Can you please let me know whether we can able to hide the columns at the end user level thru personalization ?? is it posible with standard iViews??
  Regards
  Sunil

  Hi Sunil,
  I understood your requirement properly and seems valid and I tried this at my end but i didnt get the solution. Field list is not visible in Personalize option. I dont think it is possible with MDM standard iViews.
  I was thinking an alternative is if some how we manage to give the permissions to end user only on Result Set iView but if it would be possible it will not be a good design.
  Lets wait for some inputs from others.
  Regards,
  Jitesh Talreja

• What is Execution Count in User Level Analysis?

  Hi,
  Can anyone through a light on that what is Execution Count Column means in User Level Analysis Report ,If it is the number of counts of the users execte the action then how we can discover or from when it counts the number of count ....??
  is it count from the starting of the user using that tcode or action?

  Hi Pranjal,
  Yes, Prashant is correct it counts from the first job run, but as it takes data from STAD, so the counting is actually as per the STAD data store setting.
  So if STAD store data for 4 days and if you run job in today it will count from 17.05.2014, make sure you have this job running regularly, if you miss this job run for more days than the retention period of STAD data, you may miss execution count for those days.
  Hope this clears your query.
  BR,
  Mangesh

• Limited-access user permission lockdown mode and allowing anon users to view list items

  I'm working on setting up a public-facing SharePoint website that will need to support anonymous user access. I'm using the Enterprise Publishing Portal site collection template, so the Limited-access user permission lockdown mode feature is turned on.
  Everything is working great, except allowing users to view a list item. One of the key features I was hoping to leverage was the ability to display custom lists on a web page using a List View web part. Then they could click on an item and see the DispForm.aspx
  so the item's content was accessible, including any file attachments.
  A real-world example is adding an RSS viewer web part to the home page and allowing anon users to click on one of the events to see the details of it. Currently, in lockdown mode, the users gets an authentication prompt. 
  I toyed with the idea of turning the lockdown feature off. However, I'm uncertain of the full impact that would have on security. For example, I know it will allow anonymous users to see who created and modified an item, which we don't want exposed to the
  public (i.e. our employee names). Seems like opening a can of worms by disabling the lockdown mode... 
  Any ideas on how to tackle this would be greatly appreciated.

  So far, this is the most promising solution I've come across:
  http://soerennielsen.wordpress.com/2012/05/29/how-to-make-list-items-visible-to-anonymous-users-in-search

• Can we create wallet at User Level to implement TDE in Oracle 10g

  Hi
  I am going to use a Oracle 10g TDE security feature for data security.I have gone through with lots document.Everywhere there is mention to open or close a Wallet at system level.I mean ALTER SYSTEM..that means except DBA no one can see the encrypted column.
  But my requirement is bit different,I want to encrypt the column based on user.
  lets take example- Suppose we have one table TEST with C1,C2,C3,C4,C5,C6 column and there is U1,U2,U3 user.I want to encrypt C1 and C3 for U1 , C2 and C5 for U2 , C4 and C6 for U3 and U1,U2 and U3 can see only all columns except encrypted column.
  My question is Can we apply TDE at User level rather than system level.
  Any ideas or thought would be appreciable.
  Thanks in advance.
  ANwar

  The idea of TDE is to provide data protection on storage media, so when your backup tapes drop from the truck or the hard disk of a stolen laptop is sold online, encrypted data remains encrypted and can't be read by anyone.
  It seems to me as if you try to achieve access control by encryption, which you don't need: If users have sufficient privileges or the business need to see data, then they should be granted access and see the data de-crypted. Otherwise, access control mechanisms (roles, views, VPD, OLS) should kick in and hide the rows from them.
  So, for day-to-day business of your database, the wallet needs to be open, so that the database can de-crypt data for users who have been granted to see credit card numbers etc., but then limit access to credit card numbers they are not allowed to see with other measures. There is a little hands-on for TDE and VPD here:
  http://www.oracle.com/technology/obe/10gr2_db_vmware/security/tde/tde.htm
  Hope this helps,
  Peter

• 8.8 Limited Financial User - missing functionality .... COPY TO

  Similar to the referenced issue below, a limited financial user cannot use the 'copy to' feature from a AP Purchase Order to an AP Invoice; it is simply grayed out.  We are on version 8.8 (8.80.230) SP:00 PL:12.
  Unfortunately, there are no 'price list' authorization issues, as suggested by this question and answer:
  [Copy To issue with 8.8]
  I hope someone can help; thank you,
  Russell Clayton
  Sweet Leaf Tea Co

  Dear Veronique,
  We are also facing the same problem even after using the 'Copy From' functionality. But ita seems work for the intial stage for some 10 days, soon after not able to create A/P Invoice based on 'GRPO'.
  Any valid comments are valuable even to us.
  Regards,
  Bala