Monitor Role and access to b2bconsole & wlai console

Similar Messages

• Defining roles and access for OWB Designer

  Hi,
  Can i Define roles and access rights to different on 1 OWB Designer repository?
  I want to send my mappings for code review but i dont want them to log into the OWB designer with write access.
  How can i achieve this in the same OWB designer repository as the one i am using?
  I am using OWB 10.1.
  I found some table - WMP_USER_ROLES,WMP_GROUP_ROLES,WMP_GROUP_REPOSITORIES
  when i logged into the designer schema through sqlplus
  Thanks
  Sagar

  Hi Sagar,
  Yes you can do that. Basically you can create a db user, and then register the user with a repository. By default that user has all privileges, however it now is audited per user as to what he/she did. How to do this look at the doc (find SecurityHelper)
  To enable you to protect metadata there are a couple of strategies (implemented via a simple PL/SQL API). For an example (this one works with policies on the module level) take a look here (http://www.oracle.com/technology/sample_code/products/warehouse/files/Dev_Status_Policy.SQL)
  This would work as follows:
  - Create user REVIEW
  - Register user REVIEW to repos QA
  - For a module you want review for, set the status to QA
  Now the REVIEW user logs in and he can look at QA but cannot touch.
  Hope this helps,
  Jean-Pierre
  In your situation

• Query user roles and access

  hi,
  How can query user roles and access in whole database? I want to list username, status, rights, and role
  thanks
  P

  Hi,
  The data dictionary view dba_users has one row per user.
  The data dictionary view dab_role_privs has one row for every distinct combination of user and role that actually occurs ion your database,
  Are you interested in system privileges? See dba_sys_privs.
  Are you interested in individual grants, like the privilege to UPDATE a given table, or the privilege to execute a given stored procedure? See dba_tab_privs. (Don't be fooled by the name; it's not just for tables.)
  I hope this answers your question.
  If not, post some CREATE statements, that create tables, roles, and whatever else you want, and some GRANT statmeents that grant privileges on those objects. Pos the results that you would want to get from those objects and grants.

• SAP Roles and Access for SAP Implementation team members

  Hi,
  Is it correct practice to give SAP_ALL role access for all SAP Implementation team members in Dev and QA?
  If not, what is the correct practice?
  Kindly let me know

  Madhu,
  It is NOT correct practice to give anyone SAP_ALL in any of the systems; not DEV, not QAS, and certainly not PRD. However, many implementation teams (and particularly consultants from SIs) insist that they cannot possibly do their jobs without it. This is completely incorrect as there are specific roles for them to use for that purpose. The only circumstance where it could be justified is if you require a special "firefighter" role - and even then, I would still be a bit doubtful.
  You should also consider that once you have given someone SAP_ALL, they will fight tooth and nail to keep it. It also means that they probably are not testing the user roles correctly. Most of those that insist they need it simply do not understand the security issues and probably don't care.
  Just think; if they have access to do soemthing that they shouldn't and then cause a big problem, are they the ones that will have to fix it or are they going to expect you to do it? If they expect you to clear up after them, then you have the right to insist on restricting their access to cause issues in the first place.
  But I know just how demanding they can be....
  Best of luck
  Tony

• OIM 11g R2 - AD provisioning based on Role and Access Policy

  Hi, for Active Direcotry integration i used some prepopulation plugin for populationg resource form (based on http://fusionsecurity.blogspot.sk/2013/01/populating-request-attributes-in-oim.html).
  It's work fine - requested account was fully provisioned.
  Can i use this plugins for Role based provisioning?
  I try to create access policy and associated role but when attached the role to the user and run Evaluate User Policies Job, account can't be provisioned.
  In diagnostic.log i found.....
  [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Immediate consequences are returned with event - InitiatePolicyEvaluationAndProvisioning
  [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Next Waiting child process is ..........6380 sync = false
  [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] First Waiting child process is ..........6380
  [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Kernel executing default validation with process id, event id, entity and operation 6,380.0.Resource.ACCESS_POLICY_BASED_PROVISION
  [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Kernel completed the child orchestration - 6380.6379
  [oracle.iam.platform.kernel.dao] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Inserting records for orchestration cleanup
  [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Completed orchestration with action result - 113

  Hi, all
  I try to fill Access policy Process Form. Account request was created and provisioned when field AD Server and Organization Name was filled in, but pre-population plugin doesn't fired
  The question is.... How can i use pre-population plugin for populating request dataset used with request generated by access policy....
  Is it possible to use plugins for requests generated based on access policy?
  a.

• PBC 10 user users/teams/roles and access data profiles

  Hello experts,
  couples of questions with regards to BPC 10 security
  1) In PBC 10, version SAP NetWeaver , if a team or a user was created in BPC not in BW, can the created user/team has access to SAP BW? Can the created team/user be imported and assigned assigned rights in BW?  Or , if I need a user who will have acces to both SAP BW and BPC , do I HAVE to create the user in SAP NetWeaver (BW) and assign rights?? or
  2)
  If the defined attributes are Currency=Euro: Read and Country=France: Write, then Entity102 is writable.
  Assuming that a write access to Currency = Euro : Write produce the same output as in the above, How can ensure that I can give a write access on a dimension without having allowing the write access to the whole entity as in the above case?
  Thanks
  Jh

  Hi John,
  For your 1st question, to add a BPC user, you need to create BW user first on BW. Then add this BW user as BPC user. When you create a BW user, you need to assign two roles
  /POA/BUI_FLEX_CLIENT, /POA/BUI_UM_USER.
  Actually, once you created the BW user, you can use this BW user to log on to BW now, but this user has few rights, such as no rights to execute some t-code RSA1, etc. To make this BW user more powerful, you need to assign the corresponding rights directly on BW, not from BPC. The rights(Data Access profile or task profiles) added from BPC only works on BPC object, such as members, cube, etc.
  Best Regards,
  Charlie

• Console throws errors when check servers as user in Monitor role

  Hi ,
  I am getting the following error when trying to Login to console as a user with monitor role and This is working normal if logged in as Administrator, i am using WebLogic Server 9.2 MP3 -
  ####<May 5, 2010 5:14:06 AM EDT> <Error> <netuix> <isdwlprdx07> <prod-prr_admin> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <readonly> <> <> <1273050846842> <BEA-423405> <An exception [weblogic.utils.AssertionError: ***** ASSERTION FAILED *****] was thrown while rendering the content at [null].
  com.bea.portlet.adapter.scopedcontent.ActionLookupFailedException: weblogic.utils.AssertionError: ***** ASSERTION FAILED *****
  at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:699)
  at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:268)
  at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
  at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:288)
  at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:427)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:709)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:721)
  thanks in advance ,

  Hi
  There is one more error i have noticed :
  java.lang.SecurityException: Method 'getState' cannot be invoked without administrator access
       at weblogic.rmi.internal.AdminAccessOnlyServerRef.getWorkManager(AdminAccessOnlyServerRef.java:29)
       at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:307)
       at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:885)
       at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1084)
       at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:1001)
       at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:240)
       at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:893)
       at weblogic.rjvm.MsgAbbrevJVMConnection.dispatch(MsgAbbrevJVMConnection.java:446)
  can any body help ??

• How to create a report of users in ucm about their roles and permission

  Hi All ,
  I need to create a report and it should contain all the users in ucm as well as their roles and permissions. Basically the report would be for the admin who can see all the users in a single report and can know about the roles and access of each and every users.
  How to create such report ?? I have tried from web layuot editor but the default report template i.e stdUserReport in user datasource does not contain more than three fields..Is there any method to get such kind of report???
  Please suggest!!

  There was an example component to demonstrate this kind of function. Under Stellent in version 7.5
  I do not know if they hand it out anymore but it is not on the standard samples page for Oracle. You may want to open a Support SR to ask for it. It should still be around in their servers if they can get permission to hand it out as a sample again.
  Sample CustomReports component to demonstrate how to create customized reports
  CustomReportsBundle.zip
  Date:     October 30, 2006
  Sample Version:     version=2006_10_20 (build 1)
  Product and Version:     Content Server
  Sample Status:     This is a Stellent Sample. Stellent Samples are free and include non-supported add-ons, utilities, tutorials or programming examples. It may require additional configuration or security auditing for maximum effect. It is not supported by Stellent without a consulting engagement.

• Role Based Access Control in Java

  Hi,
  we are designing a software solution that makes use of the Role Based Access Control pattern to control access of functions, EJBs, Servlets to certain users based on their "role".
  I have not been able to understand clearly how that pattern can be implemented in Java. In addition, I stumbled on the java.security.acl and I wondering how will the package work together with RBAC pattern (Or is the pattern already implemented in some package)?
  Does any1 have any comments on this? Thnx
  Dave

  Hi David,
  Permissions based on GUI components is a simple & neat idea. But is it rugged? Really secure? It might fall short of Grady Booch's idea of Responsibilities of objects. Also that your Roles and Access components are coupled well with Views!!!!!!!
  My suggestion regarding the Management Beans is only to do with the dynamic modification which our discussion was giong forward.
  If we go back to our fundamental objective of implementing a Role based access control,let me put some basic questions.
  We have taken the roles data from a static XML file during the start up of the container. The Roles or Access are wanted to be changed dynamically during the running of the container. You would scrutinize the changes of Roles and access before permission during the case of dynamic modification.
  Do you want this change to happen only for that particular session? Don't you want these changes to persist??? When the container is restarted, don't you want the changes to stay back?
  If the answer to the above is YES(yes I want to persist changes), how about doing a write operation(update role/access) of the XML file and continue your operation? After all, you can get the request to a web or session bean and keep going.
  If the answer to the above is NO(no, i don't want to persist), you can still get the change role request to a web or session bean and keep going.
  Either way, there is going to be an intense scrutiny of the operator before giving her permissions!!!
  One hurdle could be that how to get all neighbouring servers know about the changes in roles and access??? An MBean or App Server API could help you in this.
  May I request all who see this direction to pour in more comments/ideas ? I would like to hear from David, duffymo, komone and jschell.
  Rajesh

• Customised Oracle Application and access to roles - Discoverer 10.1.2.0.2

  Hi Gurus!
  We are developing a customised Oracle application where we have users and roles...user - role mapping is done in the system administration module of the application.
  Now, we are also developing Oracle discoverer reports based on this. Using 10g (10.1.2.0.2) for that.
  When I am creating an EUL, I select 'New EUL for Oracle Applications users only' option, but, I do not have any 'FND schema' to specify. That's where I'm stuck up!
  I want to give access to the 'roles' in tha same manner as I would give to the 'responsibilities' in Oracle Apps. But, I don't know how to do it here.
  Can someone guide me on this?
  Thanks and regards,
  Aparna

  Hi Aparna
  If your application is not E-Business Suite you cannot install Discoverer into Apps mode. This mode is reserved for applications which are E-Business Suite, which basically tells Discoverer to use authenticate users using the FND tables owned by the APPLSYS user.
  In your case, even though you appear to be using Oracle applications, because you want to take advantage of your roles you will have to install Discoverer into standard mode. As you are creating your EUL you need to uncheck the box which says grant access to PUBLIC and make this a private EUL. Then you will not have the headache of worrying about setting up new users. You simply manage what a role can do (Tools | Privileges) and what a role has access to (Tools | Security).
  Now, when any any user connects to Discoverer their role will be evaluated and access will be restricted.
  You can do the same thing using a PUBLIC EUL, except you need to reduce what that user can do (Tools | Privileges) to an absolute minimum, and then take control of this using roles. For example, you could have a set of functional roles, one each for say AP, AR, GL and so on, but you could further break this down by privilege, thus you could have roles called AP Viewer, AP User, AR Viewer, AR User and so on. The User roles would have full access while the Viewer roles would have a much reduced set of privileges.
  You are basically setting up the Library approach that I discuss in my Discoverer 10g Handbook and in my white paper which you will find on my downloads page here: http://learndiscoverer.com/downloads/downloads.htm.
  I hope this helps
  Best wishes
  Michael Armstrong-Smith
  URL: http://learndiscoverer.com
  Blog: http://learndiscoverer.blogspot.com

• Customised Oracle application and access to roles and users...please advise

  Hi Gurus!
  We are developing a customised Oracle application where we have users and roles...user - role mapping is done in the system administration module of the application.
  Now, we are also developing Oracle discoverer reports based on this. Using 10g (10.1.2.0.2) for that.
  When I am creating an EUL, I select 'New EUL for Oracle Applications users only' option, but, I do not have any 'FND schema' to specify. That's where I'm stuck up!
  I want to give access to the 'roles' in tha same manner as I would give to the 'responsibilities' in Oracle Apps. But, I don't know how to do it here.
  Can someone guide me on this?
  Thanks and regards,
  Aparna

  Hi Aparna
  It would appear that you posted the same question on the Discoverer forum. Here is the answer that I posted there:
  If your application is not E-Business Suite you cannot install Discoverer into Apps mode. This mode is reserved for applications which are E-Business Suite, which basically tells Discoverer to use authenticate users using the FND tables owned by the APPLSYS user.
  In your case, even though you appear to be using Oracle applications, because you want to take advantage of your roles you will have to install Discoverer into standard mode. As you are creating your EUL you need to uncheck the box which says grant access to PUBLIC and make this a private EUL. Then you will not have the headache of worrying about setting up new users. You simply manage what a role can do (Tools | Privileges) and what a role has access to (Tools | Security).
  Now, when any any user connects to Discoverer their role will be evaluated and access will be restricted.
  You can do the same thing using a PUBLIC EUL, except you need to reduce what that user can do (Tools | Privileges) to an absolute minimum, and then take control of this using roles. For example, you could have a set of functional roles, one each for say AP, AR, GL and so on, but you could further break this down by privilege, thus you could have roles called AP Viewer, AP User, AR Viewer, AR User and so on. The User roles would have full access while the Viewer roles would have a much reduced set of privileges.
  You are basically setting up the Library approach that I discuss in my Discoverer 10g Handbook and in my white paper which you will find on my downloads page here: http://learndiscoverer.com/downloads/downloads.htm.
  I hope this helps
  Best wishes
  Michael Armstrong-Smith
  URL: http://learndiscoverer.com
  Blog: http://learndiscoverer.blogspot.com

• ABAP User Roles and Query for accessing particular T- codes and Reports

  dear Gurus
  I have one problem, i want to know about ABAP User Query ,i have one requirement my user wants to Lock all the HR Std versus Customized reports in T- code SQ01,other department peoples also see the Payslips and Hr personal reports which is harmfull to the dept so i want to Lock all the reports in Std T- code in SQ01 and i have created one Customized User Roles or Query in which the T-codes and Reports are assigned only those particular user can access the T-codes and Std reports .how can it be possible i dont have any idea about user roles and Queries .
  kindly help me out or send me some documents related to user roles and queries
  regards ritesh sharma

  Hi Ritesh,
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/103cafc2-7a64-2b10-14b3-eddb7d324561
  Regards,
  Flavya

• What are message tables and their role?How to create and access them ?

  hi,
  Can any body clarify me about What are messaging tables and their role(use) in DataBase?How to create and access them ?
  Thanks in advance
  Gopi

  If you have doubt that's you have an idea. So, explain your idea please, because I don't see what are "messaging tables".
  Did you say about Oracle database ? Apps ?...
  Nicolas.

• Security report with native roles and the roles they have access to.

  We need a security report that shows the Native/Custom Roles and the roles that they have access to.
  So, an example would be the role US_Acct, and the report would show what roles that has access to (Post Journals, Consolidate, etc).Can this be done?

  Export the Provision report from Shared Services.
  Upload report to Excel or Access.
  Build Tables to show what tasks each Role has access to.
  Build a report that links the provision report and the xref tables.
  You should also do this with Security Classes.

• Trying to restrict access to Business Partners Roles and Relationships

  In CRM 7.0 I am trying to restict access to creating and maintaining certain Business Partner Roles and Relationships.  Some roles and relationships are brought over from our primary R/3 system and users are not allowed to change these.  However, certain Roles and Relationships exist only in CRM and should be allowed.  I am working with the authorization objects B_BUPA_RLT and B_BUPA_BZT.  The only field that seems to be checked is the Activity.  Even when I put limited BP Roles it seems that this field is not being verified.  My security trace returns the following:  B_BUPA_RLT  ACTVT=02;RLTYP= ;

  Authorization object B_BUPA_RLT as used in SAP GUI can't be used in CRM WebClientUI. In SAPGUI business partners always need to be maintained in a bp role regardless of the update-characteristic of this bp role. As there's no authorization-object to control maintenance of bp in general, auth. object B_BUPA_RLT also was used to restrict visibility of bp (data). The creation of a bp is controlled by assigning authorizations for the maintenance of bp roles. If i.e. no authorization for any bp role is available, the user can't create a bp at all. Authorization object CRM_BPROLE is in CRM WebClient UI used instead of authorization object B_BUPA_RLT.
  For more info about this see the following notes:
  1129682 - Authorization for BP roles in CRM5.2 WebClient UI.
  1259940 - Authority check for accounts depending on roles
  regards.