MS DSC Base Config Vs Role Based Config
Hello -
I have been working on a project with the following goal:
(1) automated deployment of windows servers ( Physical and Virts on Hyper-V) [This is achieved from custom code]
(2) once the server has been deployed and joined to the domain, I would like DSC to :
(2.1) apply a base config which is a standard for all windows servers regardless of its role
(2.2) apply role specific config - example if its a DHCP/File/Domain controller
Now if you use the Pull server method, every client has a LCM which has a config ID to download from the Pull server. I can automate the process to create base config for each GUID ( client) but that's a nightmare to manage.
Is there a way I can just have two config files on my Push server ? say one called base and another for DHCP? Instead of having the same DHCP/Base config file for each client. We have 10,000 + servers which would mean my MOF files will be 10,000.
Let me know if my question makes sense.
-A
Is it doable? Yes. Is this something that you can do literally right now out of the box? No.
Microsoft always said the DSC is a platform, not a solution. Jeffrey Snover (the father of PowerShell) himself said that this is what he would expect a custom solution to do (to be created most likely by someone outside of Microsoft, maybe integrated into
the next version of SCCM?), but not something that DSC as a platform does.
So in short it's not doable now, but if you have enough time on your hands, want to create a solution for it and feel like sharing I'm sure the community would really appreciate it :D
Similar Messages
-
Role-based view commands missing from config
Hi All,
I set up a 2960G with IOS 12.2(44)SE6 and created a role-based view to be used by our helpdesk. One of the things they need to do is add rules to a MAC ACL on the switch. I've successfully created a view for them and can include and exclude most commands, however, when I try to include the "commands mac-enacle include all permit" command, I get no syntax error, and there is no line in my configuration reflecting the change. As it stands, from the helpdesk view (named smco) I can get into mac acl configuration mode, but I can't issue any of the sub commands.
Any advice would be greatly appreciated. I tried upgraded to 12.2(55)SE and had the same result.
The current configuration for the parser view is as follows:
parser view smco
secret 5 hashed_pw
commands configure include mac access-list extended
commands configure include all mac access-list
commands configure include mac
commands exec include configure terminal
commands exec include configureAfter I issue the command "commands mac-enacl include all permit" there is no line in my startup or running configuration that says: "commands mac-enacl include all permit" or anything that closely resembles that.
I've tested with multiple local accounts. After authenticating, I issue the "enable view smco". -
RE: (forte-users) URL-based Config Info
You can use xml over http to pass information between Forte and Java. You
can use httpdc/httpsupport(Forte3.5) library to send and receive using http
in Forte and use servlets in java.
ka
-----Original Message-----
From: Lapeyre, Michael [mailto:Mike.LapeyreONSTAR.com]
Sent: Tuesday, November 21, 2000 7:04 PM
To: 'forte-userslists.xpedior.com'
Subject: (forte-users) URL-based Config Info
I am looking for a way to share run-time configuration information between
Forté and Java processes, possibly running on different boxes (Solaris).
Someone suggested we use an URL-based retrieval mechanism, or perhaps LDAP.
Does anyone have any pointers on how to access such info from a Forté
service object?
Thanks,
Mike Lapeyre
EDS / OnStar
mailto: mike.lapeyreOnStar.com
For the archives, go to: http://lists.xpedior.com/forte-users and use
the login: forte and the password: archive. To unsubscribe, send in a new
email the word: 'Unsubscribe' to: forte-users-requestlists.xpedior.comYou can use xml over http to pass information between Forte and Java. You
can use httpdc/httpsupport(Forte3.5) library to send and receive using http
in Forte and use servlets in java.
ka
-----Original Message-----
From: Lapeyre, Michael [mailto:Mike.LapeyreONSTAR.com]
Sent: Tuesday, November 21, 2000 7:04 PM
To: 'forte-userslists.xpedior.com'
Subject: (forte-users) URL-based Config Info
I am looking for a way to share run-time configuration information between
Forté and Java processes, possibly running on different boxes (Solaris).
Someone suggested we use an URL-based retrieval mechanism, or perhaps LDAP.
Does anyone have any pointers on how to access such info from a Forté
service object?
Thanks,
Mike Lapeyre
EDS / OnStar
mailto: mike.lapeyreOnStar.com
For the archives, go to: http://lists.xpedior.com/forte-users and use
the login: forte and the password: archive. To unsubscribe, send in a new
email the word: 'Unsubscribe' to: forte-users-requestlists.xpedior.com -
Privileges and Roles Based Views
Hello,
I have been confguring Roles based Views with Windows radius authentication on our 2960's and 3750's and it is working great. I have 2 users, one with a Roles Base View called "priv3" and the other is for admins of login as the "root" view. I have one Windows Active Directory group for "priv3" users and the other for admins using "root".
Now I have to configure this on our 2955 switches and to my horror they don't seem to support Roles Based Views!! fI you know if they can then all this would be solved, I've using the latest IOS c2955-i6k2l2q4-mz.121-22.EA13.bin.
How can convert the Roles Base Views to privileges and use radius and not effect the other switches,as I've never used privilges.
I hope someone can help with the config:
Below is the config I use on the 2960's and 3750's and also what I use on the radius servers. I guess I would need ot use a priv 15 setup and a custom view called priv3?
Priv3 radius user settings
cisco av-pair cli-view-name=priv3
Priv 15 or root user settings
cisco av-pair shell:priv-lvl=15
cisco av-pair shell:cli-view-name=root
Config:
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname 3750
boot-start-marker
boot-end-marker
logging buffered 64000
logging console informational
logging monitor informational
enable secret 5 $1$1UGK$kHB.S2UwMVXaG3C0
username admin privilege 15 secret 5 $1$BsaS$cLHllovL2ZFb1
username priv3users view priv3 secret 5 $1$JfnH$vUu.B.natnyB.
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default line
aaa authorization console
aaa authorization exec default group radius local
aaa session-id common
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
switch 1 provision ws-c3750g-12s
switch 2 provision ws-c3750g-12s
system mtu routing 1500
udld aggressive
no ip domain-lookup
ip domain-name CB-DI
login on-failure log
login on-success log
crypto pki trustpoint TP-self-signed-3817403392
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3817403392
revocation-check none
rsakeypair TP-self-signed-3817403392
crypto pki certificate chain TP-self-signed-3817403392
certificate self-signed 01
removed
quit
archive
log config
logging enable
logging size 200
notify syslog contenttype plaintext
hidekeys
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 10 priority 8192
vlan internal allocation policy ascending
ip ssh version 2
interface GigabitEthernet1/0/1
interface GigabitEthernet1/0/24
interface Vlan1
description ***Default VLAN not to be used***
no ip address
no ip route-cache
no ip mroute-cache
shutdown
interface Vlan10
description ****
ip address 10.10.150.11 255.255.255.0
no ip route-cache
no ip mroute-cache
ip default-gateway 10.10.150.1
ip classless
no ip http server
ip http secure-server
logging trap notifications
logging facility local4
logging source-interface Vlan10
logging 10.10.21.8
logging 172.23.1.3
access-list 23 permit 10.10.1.65
snmp-server community transm1t! RO
snmp-server trap-source Vlan10
radius-server host 10.10.1.33 auth-port 1645 acct-port 1646 key 7 090D7E080D37471E48
radius-server host 10.10.1.34 auth-port 1645 acct-port 1646 key 7 08607C4F1D2B551B51
radius-server vsa send accounting
radius-server vsa send authentication
line con 0
exec-timeout 60 0
logging synchronous
line vty 0 4
access-class 23 in
exec-timeout 60 0
logging synchronous
transport input ssh
line vty 5 14
access-class 23 in
no exec
transport input ssh
parser view priv3
secret 5 $1$XSCo$feyS.YaFlakfGYUgKHO/
! Last configuration change at 16:34:56 BST Fri Apr 13 2012
commands interface include shutdown
commands interface include no shutdown
commands interface include no
commands configure include interface
commands exec include configure terminal
commands exec include configure
commands exec include show ip interface brief
commands exec include show ip interface
commands exec include show ip
commands exec include show arp
commands exec include show privilege
commands exec include show interfaces status
commands exec include show interfaces Vlan10 status
commands exec include show interfaces Vlan1 status
commands exec include show interfaces GigabitEthernet2/0/12 status
commands exec include show interfaces GigabitEthernet2/0/11 status
commands exec include show interfaces GigabitEthernet2/0/10 status
commands exec include show interfaces GigabitEthernet2/0/9 status
commands exec include show interfaces GigabitEthernet2/0/8 status
commands exec include show interfaces GigabitEthernet2/0/7 status
commands exec include show interfaces GigabitEthernet2/0/6 status
commands exec include show interfaces GigabitEthernet2/0/5 status
commands exec include show interfaces GigabitEthernet2/0/4 status
commands exec include show interfaces GigabitEthernet2/0/3 status
commands exec include show interfaces GigabitEthernet2/0/2 status
commands exec include show interfaces GigabitEthernet2/0/1 status
commands exec include show interfaces GigabitEthernet1/0/12 status
commands exec include show interfaces GigabitEthernet1/0/11 status
commands exec include show interfaces GigabitEthernet1/0/10 status
commands exec include show interfaces GigabitEthernet1/0/9 status
commands exec include show interfaces GigabitEthernet1/0/8 status
commands exec include show interfaces GigabitEthernet1/0/7 status
commands exec include show interfaces GigabitEthernet1/0/6 status
commands exec include show interfaces GigabitEthernet1/0/5 status
commands exec include show interfaces GigabitEthernet1/0/4 status
commands exec include show interfaces GigabitEthernet1/0/3 status
commands exec include show interfaces GigabitEthernet1/0/2 status
commands exec include show interfaces GigabitEthernet1/0/1 status
commands exec include show interfaces Null0 status
commands exec include show interfaces
commands exec include show configuration
commands exec include show
commands configure include interface GigabitEthernet1/0/1
commands configure include interface GigabitEthernet1/0/2
commands configure include interface GigabitEthernet1/0/3
commands configure include interface GigabitEthernet1/0/4
commands configure include interface GigabitEthernet1/0/5
commands configure include interface GigabitEthernet1/0/6
commands configure include interface GigabitEthernet1/0/7
commands configure include interface GigabitEthernet1/0/8
commands configure include interface GigabitEthernet1/0/9
commands configure include interface GigabitEthernet1/0/10
commands configure include interface GigabitEthernet1/0/11
commands configure include interface GigabitEthernet1/0/12
commands configure include interface GigabitEthernet2/0/1
commands configure include interface GigabitEthernet2/0/2
commands configure include interface GigabitEthernet2/0/3
commands configure include interface GigabitEthernet2/0/4
commands configure include interface GigabitEthernet2/0/5
commands configure include interface GigabitEthernet2/0/6
commands configure include interface GigabitEthernet2/0/7
commands configure include interface GigabitEthernet2/0/8
commands configure include interface GigabitEthernet2/0/9
commands configure include interface GigabitEthernet2/0/10
commands configure include interface GigabitEthernet2/0/11
commands configure include interface GigabitEthernet2/0/12
ntp logging
ntp clock-period 36028961
ntp server 10.10.1.33
ntp server 10.10.1.34
end
Thanks!!!!DBelt --
Hopefully this example suffices.
Setup
SQL> CREATE USER test IDENTIFIED BY test;
User created.
SQL> GRANT CREATE SESSION TO test;
Grant succeeded.
SQL> GRANT CREATE PROCEDURE TO test;
Grant succeeded.
SQL> CREATE ROLE test_role;
Role created.
SQL> GRANT CREATE SEQUENCE TO test_role;
Grant succeeded.
SQL> GRANT test_role TO test;
logged on as Test
SQL> CREATE OR REPLACE PACKAGE definer_rights_test
2 AS
3 PROCEDURE test_sequence;
4 END definer_rights_test;
5 /
Package created.
SQL> CREATE OR REPLACE PACKAGE BODY definer_rights_test
2 AS
3 PROCEDURE test_sequence
4 AS
5 BEGIN
6 EXECUTE IMMEDIATE 'CREATE SEQUENCE test_seq';
7 END;
8 END definer_rights_test;
9 /
Package body created.
SQL> CREATE OR REPLACE PACKAGE invoker_rights_test
2 AUTHID CURRENT_USER
3 AS
4 PROCEDURE test_sequence;
5 END invoker_rights_test;
6 /
Package created.
SQL> CREATE OR REPLACE PACKAGE BODY invoker_rights_test
2 AS
3 PROCEDURE test_sequence
4 AS
5 BEGIN
6 EXECUTE IMMEDIATE 'CREATE SEQUENCE test_seq';
7 END;
8 END invoker_rights_test;
9 /
Package body created.
SQL> EXEC definer_rights_test.test_sequence;
BEGIN definer_rights_test.test_sequence; END;
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "TEST.DEFINER_RIGHTS_TEST", line 7
ORA-06512: at line 1
SQL> EXEC invoker_rights_test.test_sequence;
PL/SQL procedure successfully completed.
SQL> SELECT test_seq.NEXTVAL from dual;
NEXTVAL
1 -
Error in Role Based security using weblogic 9
Hi All,
Currently I am working with Weblogic Server 9. I am trying to use role based security. Below is the entries for web.xml.
<security-constraint>
<web-resource-collection>
<web-resource-name>Success</web-resource-name>
<url-pattern>/form.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>INTEGRAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
When I am calling form.jsp from the browser it is asking for the username and password, but after giving the username and password it is showing the followig error:
Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
So can any one provide me the solution for the above problem.
Thanks in advance.
By,
Sandip PradhanHere is a blog post for the backend (WebLogic Admin GUI) http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-role.html and a blog post for the web.xml in your project http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-ear.html.
-
EAM ID based or Role based? Why settle for just one?
G'Day All,
I've raised a question in the following blog, however I would like to open it up to other people as well so they might get something out of it and in the process might share their own thoughts on the matter at hand.
ID-Based Firefighting vs. Role-Based Firefighting
So this is where I am at this point:
From what I can gather so far, my understanding of EAM ID/ROLE based is as follows:
- Id Based: Logs in using own U.ID and through GRAC_SPM accesess FFID from the GRC Server and logs into the system assigned to them (ECC, SRM, CRM etc)
Only one user at a time can use a FFID.
Firefighter need not exist in every system assigned to them due to central logon however they need to exist in the GRC system
Knows exactly when FFID is being used as he/she has to login so has a psychological effect (good thing)
Better tracking of FF tasks - Specific log reports with Reason Codes. Bonus point from Auditors!
Two Log ins so potential to commit fraud. (1 action using own UserID and 1 action using FFID)
Could be hard to track and find out when a fraud has been committed so can be a problem with auditors.
ID Based -> GRAC_SPM : TCode for Centralised FFighting -> You will see FFIDs assigned to you
ID Based -> /n/GRCPI/GRIA_EAM : TCode for DCentralised FFighting -> You can see the FFIDs assigned to you
- Role Based: Logs into the remote system only using U.ID, so everything gets logged against that one ID.
Multiple users can use the FFROLE at once.
Firefighter has to exist in every system assigned to them - so multiple logons.
Hard to differentiate between FF tasks and normal tasks as no login required So easy to slip up
Time consuming to track FF tasks - No Specific log reports. No Reason Codes
R.Based -> GRAC_SPM : TCode for Centralised FFighting -> You will see FFROLEs
R.Based -> /n/GRCPI/GRIA_EAM : TCode for DCentralised FFighting -> Not applicable so wont work
So based on this there are pros and cons in both however according to SAP only one can be used. To me personally, it makes more sense to get the best of both the worlds right? So here is my question why can’t we just use both?
. Really critical tasks -> FFID
. Normal EAM tasks -> FFRole
Alessandaro from the original post pointed this out:
"Per design it isn't possible to achieve both types of firefighting at the same time. It's a system limitation and hence to configurable."
Well this is what I can't seem to get my head around. For a FFID, there is a logon session so it has to be enabled and as far as I can tell there is no way around it.
However for FFRole, there isn't such limitations/restrictions like starting a separate session. FFRole is just assigned to an end user for him/her to perform those tasks using their own user ID.
So in what way is it different from any of their other tasks/roles, other than the fact that they've got an Owner/Controller assigned to the FFRole? and
What is stopping us from using it when ID based is the default?
If I were to do the following does it mean I can use both ?
. Config Parameter: 4000 = 1 (GRC System) -> ID Based
. Config Parameter: 4000 = 2 (Plug-In) - > Role Based
Please excuse me if my logic is a bit silly, Role Based firefighting is only done on Plug-in systems so the following should work just fine:
. Config Parameter: 4000 = 2 (Plug-In) - > Role Based
However for ID based, it is a Central Logon, so the following is a must:
. Config Parameter: 4000 = 1 (GRC System) -> ID Based
Which means both ID/Role based can be used at the same time, which seems to be working just fine on my system. Either way I leave it you experts and I hope you will shed some light on it.
Cheers
Leo..Gretchen,
Thank you for thoughts on this.
Looks like I'm failing to articulate my thoughts properly as the conversation seems to be going in a different direction from what I am after. I'll try once more!
My query/issue is not in regards to if/what SAP needs to do about this or why there isn't more support from Companies/Organizations and not even, which one is a better option.
My query is what is stopping us(as in the end users ) from using both ID/Role based at the same time?
Now before people start referencing SAP documentation and about parameter 4000, humour me with the following scenario please. Again I would like to reiterate that I am still in the learning phase so my logic might be all wrong/misguided, so please do point out to me where I am going wrong in my thought process as I sincerely would like to know why I am the odd one out in regards to this.
Scenario
I've created the following:
FFID
FFROLE
Assigned them to, two end users
John Doe
Jane Doe
I set the Configuration Parameters as follows:
IMG-> GRC-> AC-> Maintain Configuration Settings -> 4000:1 - ID Based
IMG-> GRC (Plug-in)-> AC-> Maintain Plug-In Configuration Settings-> 4000:2 - Role Based
User1
John Doe logs into his regular backend system (ECCPROD001)-> executes GRAC_SPM-> Enters the GRC system (GRCPROD001)-> Because the parameter is set to ID based in the GRC Box, so he will be able to see the FFID assigned to him-> and will be presented with the logon screen-> Logs in -> Enters the assigned system (lets say CRMPROD001) At this point the firefighting session is under progress
User2
Jane Doe logs into her regular backend system (ECCPROD001) -> (can execute GRAC_SPM to check which FF Role has been assigned to her but she can see that in her regular menu, so there is no point) -> Executes the transactions assigned in FFROLEThis is done at the same time while FFID session is in progress
So all I want to know is if this scenario is possible? if the answer is No, then why not?
I physically carried out this scenario in my system and I had no problems(unless I am really missing the plot here), which brings me back to my original question: Why settle for just one?
Again to reiterate I am not getting into the efficacy or merits of this or even if one should use this. Just want to know if it is possible/feasible or not.
So there you have it. That's the whole enchilada(as they say there in Texas). I tried to word my thoughts as concisely as I can, if there are still any clarifications, more information you or anyone else reading this would like, please do let me know.
Regards,
Leo.. -
PPM Consulting Solution Role Based RPM Navigation for PPM50
Hi,
We just upgraded from PPM 4.5 to PPM 5.0. In PPM 4.5 the detail navigation in Portal is dynamic and changes based on the application opened in content area. I believe it is due to PPM Consulting Solution Role Based RPM Navigation as mentioned in SAP Note 0001276641.
How can we get a similar dynamic detail naviation in Portal for PPM 5.0. Is there a corresponding consulting solution in PPM50 as well?
Thanks,
YomeshHello Yomesh,
As per my understanding there is no consulting solution for this in 5.0.
Alternatively, you can try to utilize the config around 'Define Authorizations for Detail Screen Views/Subviews' IMG node and see if you can build a solution using the ACL authorizations.
I have not yet tried this in our system, but i'll give it a try and let you know.
Thanks,
Gaurav -
Sorry for posting again but I think this would be a better place to get answers for this kind of a question.
I am designing a role based community for a small organization. For all these members, the application is going to behave differently based on there roles. e.g a person with an administrative right would get a different lets say operations screen/jsp as compared to somebody with a role of marketing. What I am planning to do is to use the factory pattern for the purpose as follows
<<Role>>
getOperationScreen:String |<>-------------------------RoleFactory
setOperationScreen:void $getRole:Role
^
|
|
| |
AdminRole MarketingRoleSo what I am planning to do is to get the Role object from the factory based on the profile and define the jsp for the operation screesn based on this decision. Most probably in a config file where these configurations can be changed later on if required.
COuld you guys give me some expert opinion on how do you ppl think about it and what improvements or mods would you suggest.If you're interested in roles see reply 7 onwards here
http://forum.java.sun.com/thread.jsp?forum=425&thread=4
1667&message=2012642#2012783Thanx for the reply. I was looking at the role object pattern and that seems to be a good choice in my case. However I do have certain question regarding the implementation. Now as per the role object pattern lets say the Person class is the interface which is to be realized later on. It is implemented by PersonRole and PersonCore. My question is whether these two classes fullfill the is-a relayionship between parent and child. Secondly what is that the PersonCore class is supposed to do? and the relationship between PersonRole and PersonCOre class is going to be aggregation? Why is it when they are both implementing the same interface. -
Role based session service setup on AM 7.1 with separate conf/user ldap
AM 7.1 is installed with two separate LDAP instances used for AM config store and user repository.
I want to setup different active session quota based on role assignment.
The session service cos only existed on the AM config LDAP store.
If I create the role and assigned and customize the session service to the role on the AM config LDAP store, the role cannot be assigned to user profile only existed on the user repository.
If the role is created on the user repository, then the session service cannot assigned to the role on the user repository.
I try created roles on both repository, assign session service to the role on AM config ldap and assign role of same name on the user repository to the user. The role based session is not effective.
Would appreciate if any one can shed some light on how to setup role based session service on an AM installation with the AM config ldap and user repository being on 2 separate ldap instances.
Thanks
MoAM 7.1 is installed with two separate LDAP instances used for AM config store and user repository.
I want to setup different active session quota based on role assignment.
The session service cos only existed on the AM config LDAP store.
If I create the role and assigned and customize the session service to the role on the AM config LDAP store, the role cannot be assigned to user profile only existed on the user repository.
If the role is created on the user repository, then the session service cannot assigned to the role on the user repository.
I try created roles on both repository, assign session service to the role on AM config ldap and assign role of same name on the user repository to the user. The role based session is not effective.
Would appreciate if any one can shed some light on how to setup role based session service on an AM installation with the AM config ldap and user repository being on 2 separate ldap instances.
Thanks
Mo -
AAA and Role based access (NPS)
Hi
I authenticate all my cisco switches and routers with AAA + NPS + AD
A server runs NPS service with cisco attribute shell:priv-lvl=15 or 5, depending of AD group.
But I'd like configure role based with IOS view.
When I issue the enable view command, I get
Password:
I tried with my AD password, enable configurated password, and always gets
% Authentication failed
Mi line vty config
line vty 0 4
authorization exec VTY-AAA
login authentication VTY-AAA
transport input sshHave you gone through the below listed parser view configuration example. Please check here
View authentication is performed by an external authentication server via the new attribute "cli-view-name" so you need to use cisco-av-pair as cli-view-name=xxxx
AAA authentication associates only one view name to a particular user; that is, only one view name can be configured for a user in an authentication server.
In case you still have any issues, run debug parser view and share the output, I'll try to help.
~BR
Jatin Katyal
**Do rate helpful posts** -
How to create context sensitive help and call the role based help from my Java Project?
Hello All,
I am new to Robo Help. I have created a Robo help for my Java Web Applicaion. My application is role base i.e some user's will not see some of the pages of the application. So I want to hide those pages in Robo help as well. I tried creating multiple TOC for different Roles.
My Question is
How to call robo Help from my application?(I will be calling using java script. If it is with RoboHelp_CSH.js where can I get that and How to implement it in my project)
How to implement role based help?
Thanks,
Siva.I answered that. My point in asking whether it matters was that if it does, then you cannot use content categories and point different users to different categories and not allow them to see the others.
The alternative, as I said, would be to produce different outputs for each role.
As it does matter, then using webhelp you will have to use your RoboHelp project to produce a number of outputs, one for each category. Your app would install each webhelp into different folders and when your app determines the user role, you will link to the appropriate help.
There is another thread running where it has been explained by Willam van Weelden that you can achieve what you want using browser based AIR help. If that form of help can be considered, then the thread is at http://forums.adobe.com/message/4914753?tstart=0#4914753
Browser based AIR help must be run from a web server. It cannot be installed locally.
See www.grainge.org for RoboHelp and Authoring tips
@petergrainge -
OIM 11.1.1.5 provisioning role based objectclasses and attributes
TL;DR You can't provision some attributes in our LDAP directory without the objectclass and I can't figure out the best way to inject the dynamic objectclasses into the create user process without the user being created already.
Some background:
I have configured our oim 11.1.1.5 instance and LDAP connector to provision ODSEE. At another's recommendation, I put all possible LDAP attributes in a single form regardless of which objectclass was needed for them. In ODSEE, sets of attributes are allowed through objectclasses for each 'Role'. ie. Student, Employee, Guest, etc objectclasses. I have all of the roles identified in OIM and can map them to an objectclass in LDAP
My question is, how can I provision role based objectclasses along with the common ones that are configured in the lookup so that when the associated attributes are provisioned, I don't get objectclass violations?
Can I append objectclasses to the list stored in the Configuration lookup in ldapUserObjectClass?
Should I create a child form containing the objectclasses and try to provision them?
Can/should I create a child form for each set of attributes by role? Common attribs in the LDAP_USR form and role based attribs in UD_LDAP_STU, UD_LDAP_EMP, UD_LDAP_GST, etc. Would prepop and the rest of the main form functions work the same?
Anything else I'm not thinking of? I am still a novice with some of these topics and may be way off base.
Any help will be greatly appreciated and thank you in advanceIt is definitely doable if you use a custom LDAP connection implementation and just add objectclass update calls as needed as precursor tasks for the Update tasks.
Here is a small LDAP demo tool that you can adapt to do the update: http://iamreflections.blogspot.com/2010/08/manage-ad-with-jndi-demo-tool.html
There may be a smarter and more out of the box way to do it but this will work.
Martin -
RBAC / Role Based Security Set Up in R12
We are working with a 3rd party consulting organization to implement Role Based Access Control in E-Business Suite R12. We have approximately 50 users and with 35 responsibilities today and are currently in the process of designing our role based security set up. In advance of this the consulting company has provided us with effort estimates to cutover from the current responsibility structure to RBAC. We are told this must be done while all users are off the system. The dowtime impact to the business is very high, expecially considering our small user base.
With RBAC cutover downtime estimates such as these I can't understand how any company larger than ours could go live with it?
Does anyone have previous Role Based Access Control implementation experience in EBS R11i or R12 and could provide some insight on their experience and recommendations, best practice for cutover to mitigate impacts to the business as we cannot accept the 90 hours of downtime outlined by the consulting company below?
Disable users old assignments:
*12.00 hours*
Disable Responsibilities targeted for the elimination:
*12.00 hours*
Disable Responsibilities targeted for the elimination:
*16.00 hours*
Setup OUM options and profiles:
*6.00 hours*
Setup Roles and Hierarchies:
*14.00 hours*
Grant Permissions:
*12.00 hours*
Setup Functional Security and disable the obsolete responsibilities:
*12.00 hours*
Setup Data Security and disable the obsolete data accesses:
*6.00 hours*
Total *90 hours*
Note - all activities must be performed sequentially*
Any advice or experiences you could share would be extremely valuable for us. Thank you for taking the time advance to review & respond.On Srini`s comments "Creating Roles.. will have to be done manually "... I would like to know will the same approach be followed for PRODUCTION instance also. Say if we need to create 35 responsibilities and 50 roles so should this be done manually in PRODUCTION.
I have not worked on this but I know that in my previous company this was done using scripts. Need to find more on this. -
Managed bean in both adfc-config.xml and faces-config.xml file
hi,
i can see that it's possible to declare managed bean in both adfc-config.xml and faces-config.xml file.
is there any difference? which one is recommended?
read here - http://www.jaypillai.com/tag/adf/
but still not clear.
thanks.Hi.
As you know ADF is a framework based on JSF.
In faces-config.xml you define general application manage beans. It offers you define manage beans for all application using JSF default scopes (application, session, request).
In adfc-config.xml you define general application manage beans using ADF Scopes. It means that you can use JSF default ones including "view, pageFlow and backing".
My recommendation is use only one point entry for your general manage beans. Use adfc-config.xml because allow you to use more scopes.
Regards. -
Hello,
I am using Portal 8.1 and want to hide button based on roles defined through Portal
Administrator. Using Interaction Management feature how could i achieve this.
Content selectors, user segments and other features uses user properties as a
search criteria.
I would like to know is there any built-in portal feature that i can use to achieve
role based personalization.
Thanks for ur reply.
AjitHi Ajit,
When you mention 'roles', I'm not sure if you're referring to
a) User Segments (dynamic classifications of users based on properties and
other factors)
or
b) Entitlement Roles, as defined in the Entitlements section of the WLP
Admin tools.
if (a), then you can use the pz:div tag to dynamically show/hide sections of
a JSP based on whether a user is in the selected user segment. So you could
show/hide your buttons via this tag.
if (b), then you can base Entitlement roles on expressions, which can
include user properties among several other options. Then you could use the
Entitlement API/taglibs such as auth:isUserInRole to show/hide the buttons
based on whether the user is in the entitlement role.
-Steve
"Ajit" <[email protected]> wrote in message news:40d81d7e$1@mktnews1...
>
Hello,
I am using Portal 8.1 and want to hide button based on roles definedthrough Portal
Administrator. Using Interaction Management feature how could i achievethis.
>
>
Content selectors, user segments and other features uses user propertiesas a
search criteria.
I would like to know is there any built-in portal feature that i can useto achieve
role based personalization.
Thanks for ur reply.
Ajit
Maybe you are looking for
-
Canon C2550 no longer allows Macbook to print...
Hello everybody! I recently moved to a new office and began printing to our Cannon ir C2550. I did the basic install when I arrived and all was good (except for the machine being old and cranky.) However, out of the blue this week my computer has sto
-
Hi, is there a way to deal with each user account on it's own rather than have the 'Mailboxes > Inbox, Sent etc' set-up followed by each user account below that? I have read time and again people suggsting setting up smart mailboxes but this seems a
-
Keypad Malfunctioning - Multiple or Wrong Letters on Press - Interuptions and Wrong Words on Swype
About 2 weeks ago my keypad stopped working or at least working as intended. Might have been from the latest update I am not sure. ISSUES WITH STANDARD PRESS AND TYPE: 1. I tap a letter and it often types that letter 2 or more times instead of once.
-
CS5 Pixel Aspect Ratio Problems...
Hello All, I am working on porting over an existing .mov file importer from Windows to Mac while also upgrading it from CS4 to CS5 (and also rolling in the creation of a hand-written 64-Bit QuickTime file handling library to boot, ouch). In my curren
-
Hi, i have the following doubts regarding the jdbc and paging please clarify me... 1)Is it advisable to use stored procedure to implement paging is records are more in database 2)If the records are more in the database and we execute select * from ta