Menu Role and Security

How do you enable menu roles and enforce security in forms?
For example in an complex application if we want to have a control of access of menus based on user login
I know it can be done thru the front-end itself by using an if then condition.
but can it be integrated with the database user logins itself
kindly reply
Thanx in advance

Hi,
first RUN frm60sec.sql under system/manager
create different roles
GRANT roles to users
Grant select access to the view created by frm60sec as follows:
SQL > Grant select on frm50_enabled_roles to public;
Note it is NOT frm60_enabled_roles.
To verify that your roles and grants are correct, log on as a user and run the following:
SQL>Select * from frm50_enabled_roles;
You should be able to see the users roles.
then come to MMB file contibue assiging the roles in each menu Item. U ll see get the result.
regards

Similar Messages

  • Security-role and security-role-assignment not working in WL7.0

    Hello all..
    Some EJB components that worked fine in WebLogic 6.1 no longer work in
    WL7.0. It has to do with the security-role and security-role-assignment
    descriptor elements no longer allowing anonymous users to be included in the
    authorization for a bean.
    For example, in WL6.1 placing these items in ejb-jar.xml:
    <assembly-descriptor>
    <security-role>
    <role-name>Employees</role-name>
    </security-role>
    <method-permission>
    <role-name>Employees</role-name>
    <method>
    <ejb-name>CustomerEJB</ejb-name>
    <method-name>*</method-name>
    </method>
    </method-permission>
    and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
    <security-role-assignment>
    <role-name>Employees</role-name>
    <principal-name>guest</principal-name>
    <principal-name>system</principal-name>
    </security-role-assignment>
    worked fine for clients creating their context using a simple
    InitialContext() constructor without specifying SECURITY_PRINCIPAL or
    SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
    the security-role-assignment element above told WebLogic that "guest" was in
    the Employees role for purposes of this EJB archive.
    Worked in WL6.1, no longer works in WL7.0. Client receives typical
    permission exception:
    java.rmi.AccessException: Security violation: insufficient permission to
    access method 'create'
    If I explicity connect as "system" things are fine, or I can create a new
    user in the default realm in WebLogic, put a matching <principal-name>
    element in the section above, and connect as that user. Note that if I leave
    off the <security-role> section completely, or set the required role name to
    "everyone", the anonymous access works fine. Apparently the anonymous user
    is a member of "everyone" behind the scenes even though "everyone" does not
    appear in the realm list of groups or roles.
    So, my question boils down to this: Is there a "magic" username in WL7 like
    "guest" was in WL6.1 that can be mapped to the required role name, or must
    every client connection use a true weblogic-created user with appropriate
    role assignments used to map it to the required role name.
    -Greg
    P.S. Note that none of the EJB examples provided with WL used
    <security-role>..
    Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
    www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.com

    Below are the screen shots for PFCG:

  • Roles and Security

    I have setup a 11g Oracle database.
    Can I please have some help to create some user accounts (3 levels, eg. Administrator, Power User, and Guest style users) as well as setting up appropriate levels of security implemented via ROLES and PRIVILEGES for Roles.
    Thanks in advance

    996403 wrote:
    I am wanting the Administrator to have control over everything, the Power User to be a User who also has the ability to create tables, triiggers etc, and the Guest to just be able to view data in the database without changing anything.
    Can you correct me if I am wrong with the following suitable roles for the users:
    Administrator
    - All roles
    Power User
    - Connect
    - Resource
    Guest
    - ConnectYou have to get out of this Administrator/Power User/Guest Windows security group paradigm. Windows security groups cannot be directly correlated to Oracle security groups, and that is why you are having so much trouble doing so. I recommend that you:
    -stop comparing Oracle to Windows
    -learn what security rights your database users need
    -fully understand the predefined roles, and then assign users to those roles only if they require every right that those roles grant
    -create your own application roles for any users that have requirements that do not align exactly with the predefined groups
    We are only encouraging you to do things in a manner that follows best practices, and doing so will keep your headaches to a minimum later on down the road.

  • Role and security

    i have problem with role in my database
    i have 2 table
    t1 and t2
    owner = ERP
    i create user HAMID with grant connect,resource
    then
    create role xx and grant all on t1 and t2 to xx
    then grant xx to HAMID
    when hamid connect to database and select from t2 get error table dosnt exist
    whyyyyyyyyyyyyyyyyy?

    plz help me
    see this:
    i have 2 table
    t1 and t2
    owner = ERP
    conn sys
    create role r1;
    create role r2;
    grant all on erp.t1 to r1
    grant all on erp.t2 to r2
    create user HAMID identified by hamid;
    grant resource,connect to hamid;
    alter user hamid default role connect;
    grant r1 to hamid;
    conn hamid
    SELECT * FROM SESSION_ROLES;
    see this
    CONNECT
    RESOURCE
    R1
    conn sys
    grant r2 to hamid;
    conn hamid
    SELECT * FROM SESSION_ROLES;
    see this
    CONNECT
    RESOURCE
    R1
    where is R2 ??????????????????????????????????????????

  • Roles and responsiblities of oracle dba in development team

    What should be the roles and responsiblities of oracle dba in development team?
    Does Application dba should have oracle user credentials on db box?

    Hi, Application DBA work as like production DBA, while resolving issue SLA would not apply for them . Apart from this developement team pressure will be there.
    These are points remembered.
    Creating test Db for testing environment,
    Schema Replication of POC
    replication the DB for interface setup .
    User , Space management.
    Roles and Security management
    Space Forecasting -this will be useful when you are estimating for storage
    need to give application set up to Production DBA with proper specification.
    maintaining the schema changes
    Ensure that right script shas to provide the Production DBA team .
    Deployment of the application.
    performance tuning..
    All environment memory /CPU statistisc need to check by regular interval.If any issues need to escalte to INFRASTRUCTURE team
    HTC
    tippu

  • How to generic menu roles functionality dynamically

    right now i am using oracle built in menu roles, as we are not systematic the roles, every day we are adding - removing different screens form the diff users etc, it became difficult with menu roles. and Programmer presence is needed to change Menu roles very oftenly. already im having 50+ menu roles in my application, as i read in tech docs it is not advisable to increase menu roles toomany.
    But i would like to wants that things as programatically.. by keeping all the menu names,usernames in tables and assign to users when ever we need manually, as it is replicating Oracle Menu roles default functionality.
    is there any body can help/ advise on this issue. any work around please...
    thx regads subbarao..

    right now i am using oracle built in menu roles, as we are not systematic the roles, every day we are adding - removing different screens form the diff users etc, it became difficult with menu roles. and Programmer presence is needed to change Menu roles very oftenly. already im having 50+ menu roles in my application, as i read in tech docs it is not advisable to increase menu roles toomany.
    But i would like to wants that things as programatically.. by keeping all the menu names,usernames in tables and assign to users when ever we need manually, as it is replicating Oracle Menu roles default functionality.
    is there any body can help/ advise on this issue. any work around please...
    thx regads subbarao..

  • Issues with test-all role and browser security

    WLS 10.3.5
    I have a deployed application on Linux using a SQLAuthentication and Authorization - all is well here.
    I have setup all the security (without the test-all role) and I cannot access any of the system.
    If I put the test-all role in - I can access the system.
    I have verified the user has all the roles (I used the example bean to display the user and roles on the menu page) and the test-all role is not in the list.
    I have the menu setup to not display items unless the user has the role (this is working fine - SecurityContext.inRole(rolelist).
    So the context is fine.
    I used jazn-data to set the same roles in the taskflows - this is not working at all unless the test-all role is set - I get authorization errors - not authorized).
    Have I missed something in this?
    I have also noticed that if I close the browser (X) without logging out and come back into the system the authentication is totally bypassed and I go back in as the same user as before.
    Is there some way to destroy the previous context every time the welcome screen is executed.

    Add the following parameters to the Run options for the ViewController project:
    -Djps.auth.debug=true -Djps.auth.debug.verbose=true
    Then restart WebLogic, run the app and watch the console - you'll see all the security evaluations take place which should help you to identify the problem.

  • Menu Role Security

    I have a menu with role security enabled. If I grant one of
    these roles to a pre-existing user, everything works fine.
    However, if I grant it to a brand new user I get "FRM-10256 User
    is not authorized to Run Form Builder Menu". (Note that all of
    the forms, menus etc are held in the file system).
    I have definitely granted the right role. What is going on
    here?
    Thanks
    Chris
    null

    Thanks.
    Chris Rimmer (guest) wrote:
    : John,
    : Don't worry, I already answered my own question! To use menu
    : role security:
    : 1) Ensure that the view SYSTEM.FRM50_ENABLED_ROLES exists. If
    : not, you will need to run a script (FRM50SEC.SQL I think) to
    : create it. I also advise that you grant SELECT on this view
    to
    : PUBLIC, to avoid the problem that I encountered.
    : 2) Create the roles to be used, if they don't yet exist.
    : 3) In the menu module, set the "Use Security" property to TRUE
    : and add the roles to the "Module Roles" list.
    : 4) For every item in the menu, you must now make a selection
    in
    : the "Item Roles" property to decide which roles can access the
    : item.
    : 5) Make sure you compile the Menu Module. Done.
    : Chris
    : john (guest) wrote:
    : : Hello Chris,
    : : I don't have the answer, sorry. I would like to ask you for
    : : your help on creating menu role. How can I create a menu
    role
    : : then grant it to users specificly? Thanks for you time.
    : : john
    null

  • Developing security Roles and profiles

    Hi Team,
    Can you guys let me know how to develop security roles and profiles. We are rolling out for a company in Japan, and the congif is completed. We are in the process of developing test cases ans also security roles and profiles for users? Can somebody guide and help me on this?
    Regards,

    Hi,
    Use Tcode = PFCG -->then create any customized roles and profiles for any users on module based.
    user masters: USR01 to 09, UST04,
    profiles: USR10, USR11, UST10S, UST10C,
    authorisations: USR12, USR13, UST12.
    password exceptions USR40.
    History tables(may not be applicable but FYI): users: USH02, USH04,
    profiles: USH10, auths USH12.
    R/3 Security Tcodes
    End User Transaction Code  Menu Path   Purpose
    SU3  System > User Profile> Own Data  Set address/defaults/parameters
    SU53  System > Utilities > Display Authorization Check  Display last authority check that failed
    SU56  Tools --> Administration --> Monitor --> User Buffer  Display user buffer
    Role Administration Transaction Code  Menu Path   Purpose
    PFCG
    Tools --> Administration --> User Maintenance --> Roles  Maintain roles using the Profile Generator
    PFUD   Work on SAP check indicators and field values
    Select: Copy SAP check IDu2019s and field values
    Installation
    1. Initial Customer Tables Fill
    Upgrade
    2a. Preparation: Compare with SAP values
    2b. Reconcile affected transactions
    2c. Roles to be checked
    2d. Display changed transaction codes
    SU24
    Same as for SU25:
    Select: Change Check Indicators > Maintain Check Indicators>Maintain 
    Regards,
    Srini Nookala

  • Interaction of BW Roles and BWA Explorer Security

    We secure all our BW users via roles these roles have Analysis
    authorizations embedded in them which restrict access to specific
    infoproviders and values in these based on authorization relevant
    infobjects.
    When we try to create a BWA Explorer object in RSDDTPS we are forced to
    assign a userid and an analysis authorization directly in
    the "Authorizations" tab. Our security group only wants to have too
    assign roles to users either via SU01 or CUA.
    Configuration
    BO 2008 Enterprise Server (connected to BW system)
    BW system (Netweaver 7.01 EHP1)
    BWA 7.2
    1) How can we create BWA Explorer objects on a infoprovider without
    directly assigning users in Authorization Tab and how can we make the
    system ignore whatever is on this tab and base access to a BWA explorer
    object on the roles assigned to the user via SU01/CUA.
    2) If a User has roles assigned in BW that give them access to a
    specific infoprovider will this automatically also give them access to
    a BO Server published BWA explorer object built on that infoprovider.
    Related to this do we also need import the same roles and assign to the
    user in CMS server with link to BWA Explorer Server or does the user
    automatically get access to BWA Explorer as long as BWA Explorer is
    published on BO Server.
    3) If the user in BW is assigned roles that limit values based on an
    authorization relevant object is this restriction enforced in the
    values returned in published BWA Explorer for the user. Example
    Authorization Relevant object is Profit Ctr and the user has two value
    roles one contains access to all profit center that role up to a
    hierarchy node limited to the USA and the other contains hierarchy
    analysis authorization limiting access to all profit centers rolling up
    to hierarchy node representing Europe. When a user access's the BWA
    Explorer object which contain profit ctr will the values be limited
    only to USA AND Europe Profit centers or will the BW value based
    security be ignored.
    Please provide advice on above questions and document resources on how
    BW role based security interacts with BWA Explorer.

    Hi Expert,
    I need a solution for same scenario, anyone can give inputs.
    Regards,
    Ganesh

  • Role based security and ACLs

    Hello,
    I have a question regarding Roles and ACLs. I understand that I can use one or more security realms to host users, groups, and ACLs. (In fact I am implementing a custom realm for users and groups like RDBMSRealm, and wanted WLPropertyRealm to handle ACL/permission based duties.)
    Reading the "Writing a Web Application" it is apparent that ACLs are not supposed to be used for Servlets/JSP anymore, but rather to map roles to security principals via the deployment descriptor files for the web application.
    So:
    1. I assume that Weblogic will determine, once I have authenticated the user in my realm, whether or not the user is in a certain role, and therefore, whether or not they have access to a particular resource?
    2. What happened to the concept of permissions? Is it assumed that if the user is in the required role that they have permission to execute the servlet/JSP?
    3. Does it make sense to talk about ACLs anymore? A checkPermissions() method on an Acl object doesn't make sense now. Instead am I to use isUserInRole() ? (This doesn't seem the same to me - asking if User A has execute permission on this resource is different than asking if User A is in the CSR role.)
    Your response is appreciated.

    Hello,
    I have a question regarding Roles and ACLs. I understand that I can use one or more security realms to host users, groups, and ACLs. (In fact I am implementing a custom realm for users and groups like RDBMSRealm, and wanted WLPropertyRealm to handle ACL/permission based duties.)
    Reading the "Writing a Web Application" it is apparent that ACLs are not supposed to be used for Servlets/JSP anymore, but rather to map roles to security principals via the deployment descriptor files for the web application.
    So:
    1. I assume that Weblogic will determine, once I have authenticated the user in my realm, whether or not the user is in a certain role, and therefore, whether or not they have access to a particular resource?
    2. What happened to the concept of permissions? Is it assumed that if the user is in the required role that they have permission to execute the servlet/JSP?
    3. Does it make sense to talk about ACLs anymore? A checkPermissions() method on an Acl object doesn't make sense now. Instead am I to use isUserInRole() ? (This doesn't seem the same to me - asking if User A has execute permission on this resource is different than asking if User A is in the CSR role.)
    Your response is appreciated.

  • Security roles and profiles

    Hello,
    Could you please provide information on "security roles and profiles "
    I would appreciate.
    Regards,
    Alex

    Roles give you authorization to specific area of the system. Use TC pfcg and you will see different setting for a role.
    In specific Role -> Authorization -> click on Display Authorization Data.
    Here all specific InfoArea, Cube, ODS, Reporting componets: display, execute and other security rules are defined.
    User Section: defines who has access to this role.
    Multiple authorization are combined to create an Authorization Profile. You defined a profile at TC su01 and under profile section.
    Hope that helps.
    thanks.
    Wond

  • Configure security-role and method permission for EJB 3.0 using Jdev 11g

    The EJB 3.0 session bean created by Jdev 11g EJB wizard does not have ejb-jar.xml. Where and how can security-role and method permission for the EJB be configured?
    For example,
    <assembly-descriptor>
    <security-role>
    <role-name>managers</role-name>
    </security-role>
    <method-permission>
    <role-name>managers</role-name>
    <method>
    <ejb-name>Employees</ejb-name>
    <method-name>setSalary</method-name>
    <method-params>
    <method-param>java.lang.Long</method-param>
    </method-params>
    </method>
    </method-permission>
    </assembly-descriptor>

    user516954,
    By default annotations are used. However, you can create a new descriptor and that will take presidence over any declared annotation.
    --Ric                                                                                                                                                                                                                                                                                                                               

  • Portal Design - Best Practices for Role and Workset Tab Menu

    We are looking to identify and promote best practices in SAP Portal Design. 
    First, is there a maximum number of tabs which should exist on the highest level tab menu, commonly called the role menu?  Do a large number of tabs on this menu cause performance issues?  Are there any other issues associated with a large number of tabs on this menu?
    Second, can the workset tab menu be customized to be 2 lines of tabs?  Our goal is to prevent tab scrolling.
    Thanks

    Debra,
    Not aware of any performance issues with the number of tabs in the Level 1 or 2 menus, particularly if you have portal navigation caching enabled.
    From an end user perspective I guess "best practice" would be to avoid scrolling in the top level navigation areas completely if possible.
    You can do a number of things to avoid this, including:
    - Keep the role/folder/workset names as short as possible.
    - If necessary break the role down into multiple level 1 entry points to reduce the number of tabs in level 2.
    An example of the second point would be MSS.  Instead of creating a role with a single workset (i.e. level 1 tab), we usually split it into two folders called something like "My Staff" and My Finance" and define these folders as entry points.  We therefore end up with two tabs in level 1 for the MSS role, and consequently a smaller number of tabs in level 2.
    Hope that helps......
    Regards,
    John

  • Security report with native roles and the roles they have access to.

    We need a security report that shows the Native/Custom Roles and the roles that they have access to.
    So, an example would be the role US_Acct, and the report would show what roles that has access to (Post Journals, Consolidate, etc).Can this be done?

    Export the Provision report from Shared Services.
    Upload report to Excel or Access.
    Build Tables to show what tasks each Role has access to.
    Build a report that links the provision report and the xref tables.
    You should also do this with Security Classes.

Maybe you are looking for