Multiple Access Levels per User

Similar Messages

• Multiple access level Webi Reports

  Hi,
  We have Business Objects Enterprise XI 3.1 SP2 FP2.4. Our problem is that we want to asign to the same user diferent levels of visualization for a webi report, but if we asign the security at application level (WebIntelligence) the access levels applies for all reports and if we assign the access level at folder level it doesn´t applied to the visualization of the report. Basically we want that a user see a WebiReport without refresh the data and the same user saw a diferent report in a diferent folder with the capability to do this action.
  Is this possible??
  Thanks a lot.

  Hello,
  I apologize for not replying earlier. I tried to reproduce what you mentioned. InfoView kept crashing on my end when I disable right-click.
  In any case, you mentioned that disabling right-click only works when applied on on the application level (for Webi). We can work with this itself.
  Again, for sake of simplicity, lets assume that we have only two access levels.
  1. Right_Click_Disabled
  2. Toolbar_Disabled
  Also, lets assume that a specific user requires the Right_Click_Disabled access level on Rep_1 in Folder_A and the Toolbar_Disabled access level on Rep_2 in Folder_A.
  For this, you'll need to create two groups. Lets call them Right_Click_Disabled_Grp and Toolbar_Disabled_Grp. Add the user to both groups. Also apply access level Right_Click_Disabled to Webi (application) for group Right_Click_Disabled_Grp (principal).
  Similarly, apply access level Toolbar_Disabled to Webi (application) for group Toolbar_Disabled_Grp (principal).
  Now, give both groups View access on Folder_A. So, the user will have the most restrictive access of the combination of ViewRight_Click_DisabledToolbar_Disabled for all Webi reports in Folder_A.
  Now, for Rep_1 in Folder_A, the user requires Right_Click_Disabled access. So, for Rep_1 in Folder_A, for principal Right_Click_Disabled_Grp, disable inheritance and give the group Right_Click_Disabled (access level) only for Rep_1. Similarly, for Rep_2 in Folder_A, the user requires Toolbar_Disabled access. Again, for Rep_2, for principal Toolbar_Disabled_Grp, disable inheritance and give the group Toolbar_Disabled (access level) only for Rep_2.
  Summary:
  Groups
  Right_Click_Disabled_Grp
  Toolbar_Disabled_Grp
  Access Levels
  Right_Click_Disabled
  Toolbar_Disabled
  Let me know if you have any questions.Also, note that I haven't tested this.
  Best.
  Srinivas

• Multiple Access Level Management

  Let's say there are 8 pages on a web site. Each of the pages
  until now has had a different access level defined in the database.
  A user logs in, and access levels are checked via the predefined
  levels on the pages he is attempting to view. Now users begin to
  require access to different combinations of the 8 pages. So user A
  might require page 1, 3, 5, 7 user B 1, 2, 3, 4 and user C wants 2,
  4, 6, 8.
  Is there a way to tell coldfusion to examine a string in the
  access level field in which case a 1 means grant access and a 0
  means no access? In other words, a string of 11001000 would grant
  access to page 1,2 and 5 while a string of 00011100 would grant
  access to 4, 5 and 6.
  It seems as though this should be relatively easy, but after
  searching the documentation, I cannot find any solution.

  It would be easier to store individual database records
  resembling
  user_id has_access_to
  1 1
  1 3
  1 5
  etc

• Access level to users at specific fields

  Dear Techies,
  I am new guy In BO and also to this forum icon_smile.gif
  I am designing my universe and now i little concern
  I want to design one universe for 5 departments in company
  and then i want to give specific rights for users for specific fields in the universe level
  any best way / solution there...
  any suggestion / help / link / tutorial would be highly appreciated
  regards
  Nadir Firfire

  Hi,
  You can deifne metadata restrictions for group of users in the universe.
  In Universe Designer, select the "Tool" menu then the menu option "Manage Security" and finally menu option "Manage access restrictions".
  Then click on "New" button to create an access restriction and select the "Object" tab.
  Last you have to associate the restrictions to users or group of users.
  Didier

• Restrict Access to certain users based on if a variable in the SQL database is set to 1

  Hey guys,
  I am quite new to PHP and MySQL and I have a question concerning access  restriction. For a website project I am experimenting with Dreamweaver's  login and restrict access behavior, which works fine. However, on the  website I would like to restrict access for users that only have a 1 set  in the corresponding MySQL database (which means that e.g. each page has a different variable in the database that can be set to 1, which would allow me to personify access beyond the level of the out-of-the box option, where each user can only have one access level). So it is quite similiar to the  out-of-the-box restrict access to page based on user group, but just  depending on another variable in the database.
  I guess it can be done with an if condition that checks in the database if the logged in user has a 1 in this variable, and if yes give her/him access if not redirect to another page. However, I could not figure out  how to implement that.
  Your help is highly appreciated!
  Thanks in advance!

  Hello guys,
  I spend quite some time on the internet reseaching my wish and redefined my need: I would basically like to have the possibility to assign a user multiple access levels. There would be e.g. 10 pages for each I create an access level. Then a user with e.g. access to pages 2 and 8 can only access these two pages. So my basic question is if and if yes how I can assign a user muliple access levels at a time and store these values in the MySQL database.
  Thanks a lot for your help!!

• QaaWS Access Level

  All,
  I am setting up access level for users in the production environment for QaaWS tool. All users can view QaaWS in production, but they CAN'T create/modify/delete QaaWS in production. What access level do I need to enable this?
  I tried to use the "View" access level out-of-the box, but I got this "You are not authorized to design or edit a query. Please contact your administrator (QWS 02718)."  If I use "Full Control" access level, the user can login fine, but the issue is that user can create/modify/delete QaaWS in production. I am puzzled as to what access level can give me the view ability...
  Please advise...
  thanks...

  qaaws is a query tool designed for editing wsdl's. If you grant view that is most likley for infoview not for opening with the client. So I believe this is by design. If you do not get anyone to verify this then I'd suggest opening a case with support admin team so they can test it and verify that for you.
  Regards,
  Tim

• Restrict access to buttons, regions, etc. on a per user basis?

  My application restricts access to buttons, regions, etc. on a per user basis.
  Here is my application logic...
  1. A User can only edit items they own.
  2. A Super-User can edit all items
  So, when a user logs in, I use a post-authentication process to set the user ID to an application level item.
  Now, for example, to have an edit button display on a page, I need to check the item's owner ID against the application level user ID...and check to see if this user is on the Super User list via a query.(which could be set to another application level item upon login...I guess)
  Question...What is the best way to do this? Conditional display? Authorization scheme?
  Would something like the following work for a Conditional Display?
  Condition: SQL Expression
  &USER_ID.=&P6_ITEM_OWNER_ID. OR USER_ID in (select USER_ID from table where USER_ID=&USER_ID.)
  How would I do this with an Authorization Scheme? (I like the idea of updating the logic in single location...but I'm not sure if it is possible because I have to check PX_OWNER_ID would be different on each page.)

  Hi Denes,
  Thanks for your code which allows user to edit (if authorized) and view (if not).
  But some how - I do not get the image to show up - instead it show a small underline.
  From SQL point of view - here is what I get - when i run the sql
  '<img src="/i/ed-item.gif">',2,CR TEST,,,,dune2.cit.cornell.edu,CRDMTEST.CIT.CORNELL.EDU,PSPROD,,,CRDMTEST
  Here is my wrap_image function
  create or replace function wrap_image(p_user_name in varchar2,p_dm_name_id in number)
  return varchar2 IS
  v boolean := False;
  ret_val varchar2(1000);
  begin
  dbms_output.put_line('user='||p_user_name);
  dbms_output.put_line('dm_name='||p_dm_name_id);
  -- Check authorization if the user is super user - return true, else if he has edit priv on dm_name_id - return true - else false
  v:=ACL_DMTOOLS_DM_PRIV(p_user_name,p_dm_name_id);
  if v then
  ret_val := '<img src="/i/ed-item.gif">';
  ret_val := ''''||ret_val||'''';
  dbms_output.put_line('TRUE');
  else
  ret_val := '';
  dbms_output.put_line('FALSE');
  end if;
  return ret_val;
  end;
  Thanks for your great educational site.
  Regards
  atul

• Best way to handle user access levels with spring.

  I'm a spring newb, and I'm not sure how to properly handle user access levels with a validation controller. There seems to be a lot of information out there about creating simple login validators but like I've said I need to create multiple levels of user access. I could throw something together but i want to do it correctly. Does anyone here have any links to resources or information they could provide?

  ZimmerS1337 wrote:
  SoulTech aren't you a smart ass, why post anything at all?You don't get to control what people post, any more than we can control what people ask. It's best to let stuff roll off your back.
  ST wasn't exactly abusive. If you had typed "spring security" into Google, you would have gotten exactly what I recommended. So why would you say that his advice to try Google first was being a "smart @ss"? It's actually a good recommendation. Try it before you post here.
  %

• Php code limit a user based on access level

  building site where users post items for sale
  different levels of access
  want to limit basic access level to 10 postings
  use php/mysql and dreamweaver CS4
  thanks for your help,
  jim balthrop

  sounds phenominal
  Like Craigslist but you have to pay... sign me up!
  If the activation method of the registration being sent to your email is this method then, as mentioned, it can be circumvented. And the IP address is an absolute fool-proof way to prevent multiple registration. That is of course without the consideration that the user may use a proxy server or otherwise cloak their IP address.
  Think of it this way: what if you were only allowed to post 10 threads in the Adobe forums and after that you had to pay to get "many benefits besides unlimited posting" What do you think DWFAQ would do?

• Permit only one access per user on guest portal Cisco ISE

  Hi,
  Could you please help me to figure it out if it´s possible to create a guest account on cisco ISE which permit only one concurrent access?
  We don't want to have multiple devices registering with the same account, just one different account for each device.
  Thanks,

  Hi Gino,
  You  can restrict guests to having only one device connected to the network  at a time. When guests attempt to connect with a second device, the  currently-connected device is automatically disconnected from the  network.
  This is a global setting affecting all Guest portals.
  Step 1 Choose Administration > Web Portal Management > Settings > Guest > Portal Policy.
  Step 2 Check the Allow only one guest session per user option.
  Step 3 Click Save.

• Grant RDP access to ONE user on multiple computers !

  I want to Grant RDP access to ONE user on multiple computers using PowerShell.
  List of computer names are stored in an excel sheet.
  Can this be done easily ?
  Thanks, Yeleshwar

  Hi, this script add users to remote desktop users group.
  $InputServers = Import-Csv "c:\servers.csv"
  $InputUsers = Import-Csv "c:\users.csv"
  $Servercount = 1
  $ServerCountTotal = $InputServers.Count
  $InputServers | ForEach-Object {
  $ServerTemp=$_.ComputerName
  "Starting " + $Servercount + " of " + $Servercounttotal + " : " + $ServerTemp
  $InputUsers | ForEach-Object {
  $objUser = [ADSI]("WinNT://" + $_.Username )
  $objGroup = [ADSI]("WinNT://" + $ServerTemp +"/Remote Desktop Users")
  $objGroup.PSBase.Invoke("Add",$objUser.PSBase.Path)
  "Complete " + $Servercount + " of " + $Servercounttotal + " : " + $ServerTemp
  $Servercount++
  Servers.csv has a header of “ComputerName” and then a list of servers you want to affect one per line.
  Users.csv has a header of “UserName” and then a list of user names Domain/User one per line.
  check this blog > http://www.blackops.ca/cms/blog/?p=215

• Multiple simutaneously logged in users accessing AFP home directories?

  Hi,
  Many of our problems are described in this guy's blog:
  http://alblue.blogspot.com/2006/08/rantmac-migrating-from-afp-to-nfs.html
  The basic capability we want is to have multiple simultaneously logged in users to have access to their AFP mounted home directory, which is configured in a sane, out-of-the box setup using WGM and Server Admin.
  Multiple user access could take the form of FUS (fast user switching), or simply allowing a user to SSH into a machine that another user is already logged into and expect to be able to manipulate the contents of her home directory.
  From my extensive searches, I have no reason to believe this is currently possible with 10.4 Server and AFP.
  (here's the official word from apple: http://docs.info.apple.com/article.html?artnum=25581)
  I've read that using NFS home directories will work, though.
  I want to believe that Apple has a solution for this by now (it's been almost a year since we first had difficulty), or at least a sanctioned workaround. If Apple doesn't have one, maybe someone else has come up with something clever. I find it hard to believe that more people haven't wanted this capability! (not being able to easily search the discussion boards doesn't help, though...)
  Thanks for your help!
  Adam

  Parallels Issue. Track at http://forum.parallels.com/showthread.php?p=135585

• CUPS 8.6 - Supporting Multiple SIP Domains on a per-user basis

  Working on a CUPS 8.6 PoC with a customer who currently is running a deployed OCS environment. 
  Users all sign into a single domain internally but have multiple SMTP domains for email as this customer has many different companies they have aquired.
  OCS  is able to support and route multiple SIP domains by specifing the SIP address under AD User settings such that two users both signed into the same OCS server can send IM's to each other even though they have different SIP addresses.  sip:[email protected] , sip:[email protected]
  CUPS on the other hand does not seem to allow this on a per-user basis.  It places every user in the sip domain that the server is a member of.
  The Jabber client allows you to specify a domain but I am not how this is used as the actual user account in CUPS is only ever the one domain and if you try and specify a different domain in the Jabber Connection Settings, it will not allow you to login.
  It is not a big deal for internal communications if everyone is on the same domain, but where it is important is for future B2B IM.  Users need to be able to give out THEIR IM address with THEIR respective domain.
  Does anyone else know for a fact that I will only be able to have one domain per CUP cluster?
  Any thoughts on this design?

  Not sure on the design perspective but as for CUPS Domain, we can only have single domain per cluster. As you have already found out that for any user licensed for CUPS, their IM address would be userid@CUPSDomain
  CUPS does have funtionality of federating with foreign domains such as AOL/GoogleTalk/WebEx Connect.

• The best way to implement user's access level via Servlet & JSP (or more)?

  Hi all,
  I am trying to implement user's access level in an application to allow certain access to certain page or components within a page (buttons, etc.). From my experience with JSP, Java, servlet, I am think of having the jsp/servlet to check for user's access level to decide what jsp components or forward page to go to next but that doesn't seem clean or elegant way to handle it.
  Any suggestions of how to do this? Are there other technologies (Struts) out there that can handle this?
  Thanks so much in advance for your feedback or suggestion,
  Thong Bui

  I haven't experienced a lot in defining security roles before, and there is probably a lot to learn about this area. However I might be able to assist you in some way. Whenever I have 2 or more objects that need to be stored in the session, I create a class called UserContainer. Say you have three properties:
  empSsn (String) , isAdmin (Boolean), isAgent (Boolean), then:
  public class UserContainer implements Serializable  {
  private String empSsn = null;
  private Boolean isAdmin = null;
  private Boolean isAgent = null;
  public UserContainer() {
  super();
  public void setIsAdmin(Boolean isAdmin) {
  this.isAdmin = isAdmin;
  public Boolean getIsAdmin() {
  return this.isAdmin;
  // getters and setters for the other properties
  Of course after you decide (in your sevlet) whether the app user is an administrator or an agent, you can set the corresponding property in the user container, and then save it in the session. Afterwords, in any jsp, you can decide to display a certain element (e.g a button) after you check the user's role. Example:
  // Welcome.jsp
  <% UserContainer userContainer = (UserContainer) session.getAttribute("userContainer");
  boolean isAdmin = userContainer.getIsAdmin().booleanValue();
  boolean isAgent = userContainer.getIsAgent.booleanValue();
  if(isAdmin) { %>
  <!-- HTML/Code corresponding to an administrator -->
  <% } if(isAgent) { %>
  <!-- HTML /Code corresponding to an agent -->
  <% } >Of course, this is a very simple way of doing such a task, you will find more secure ways if you look at LDAP or something of that matter.
  Cheers

• Is there any other way to achieve per user call forward restriction other than to create multiple voice policies?

  Hello,
  We mentioned the environment details below:
  Environment
  In our PBX environment, currently a user can forward calls to any local (within a region) internal extension. But for external PSTN call forwarding, a user needs to send a request and be approved by their manager. And the forwarding restriction
  is applied such that user is only allowed to forward to that particular PSTN number - to prevent toll fraud.
  Moving forward to Lync, using voice policy's call forwarding and simultaneous ring PSTN usages, I can set it to allow forward and simultaneous ring to custom PSTN usage and a custom route that will only send calls to these pre-approved
  external numbers.
  Outcome
  But in such a scenario,
   sSince all the custom external allowed numbers will have to be put into a single Route match table, User A will be able to successfully
  set up call forward to User B's number. (if they come to know about it somehow, that is)
  rü 
  Route matching list will be very long due to the number of users per hubsite that has call forwarding enabled.
  Questions
  Is there any other way to achieve per user call forward restriction other than to create multiple voice policies ? MSPL may be ?  
  2. Is there a limit in the number of entries you can have on the Route pattern matching regex expression ?
  Please advise. MANY THANKS.

  1) I think multiple policies may be your best bet, though it's not a fun one to manage, I agree.  MSPL could do it, but it would be more complex to maintain in the end.  Even gateways have limitations on routes.
  2) I'm not aware of a limit, though I'm not saying there's isn't one.  But if you hit it, you could move to a second usage/route combo.
  I'd suggest building out some PowerShell usage/route creation/organization script for this so it's not something that would need to be maintained within the GUI.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.