Multiple user id per user

Similar Messages

• Multiple Access Levels per User

  In a site I'm building, I need the ability to allow an administrator to intuitively assign different access levels to different users. There may ultimately be roughly 25 different pages to which a user may be granted access. One user may have access to section/page levels 1, 4, 5, 7 and 21. Another user may get access to 2, 3, 4, 17, 19 and 24, etc. While this is possible under the existing ADDT user login system by creating a separate access value that includes only the permissible pages (access level 1 could get to page 1, 4, 5, 7 and 21; access level 2 could only get to pages 2, 3, 4, 17, 19 and 24) it becomes impractical for the administrator since the developer (me) would have to come up with an access value and corresponding permissible pages for every possible combination. Every time a new combination was needed, my client would have to contact me to add that access integer and modify all the corresponding sections/pages that the user could access.
  The ideal solution IMHO in this scenario would be for the administrator to simply be able to select or deselect a checkbox at will for each page to which the user is granted access (this is actually the scenario to which another of my feature request post refers:
  http://www.adobeforums.com/webx/.59b75119
  In searching the old InterAKT forums, I came across a post in which this exact scenario was requested. The user and Ionut came up with a solution which I was able to modify to enable the system I describe above. Rather than repeating the solution, here is a link to that post:
  http://www.interaktonline.com/Products/Dreamweaver-Extensions/MXUserLogin/Product-Forum/De tails/110205/Access+level+based+on+pages.html
  While it appears this solution will work for me, it took me quite a while to find it, and even longer to understand it.
  So, that's my feature request: The ability for an administrator to easily assign any combination of pages to which a user is granted access, preferably with a set of checkboxes.
  Thanks!

  This is functioning now.  With 9.0 you simply use a forward slash between device IDs.
  [device ID #1]/[device ID #2]
  Put this information in the "Mobile Device ID" field on the user form.
  It also has been verified with 8.82 PL15-16, but I don't know how far back it goes.

• Selective redundancy compression of the user menu - per user

  Hi gurus,
  We would like to activate the redundancy compression of the user's role menus in the session manager. Problem is that some users have our new roles with the new menu structure, and others have the old lot still...
  In the new concept users have about 3 roles only and a "base" menu structure which is consistent 3 levels down. Folders are merged, transactions appear only once and empty ones disappear.. so we want to flick the switch in SSM_CUST.
  The problem is that I can only find this "global" switch for it, which will impact all users at once - including those with old roles and labyrinth type menus.
  Using compression within the individual role menus in PFCG already is not an option. Too chaotic.
  Area menus are not an option anymore for us.
  In a sample we discovered that many users have built their own favourites and discarded the old menus anyway, but not all of them
  Is there any way to do the redundancy compression user specifically? Any other tricks you have used?
  Cheers,
  Julius

  Hi Bernhard,
  This "trick" works as you have described, but there are 2 major show stoppers for my scenario:
  - The menu shows all role description texts, regardless of whether there are "visible" transactions in the role. Historically, there are a lot of "many chickens make lots of..." type roles using authorization defaults only, so these all appear.
  - The descriptions are not meaningfully maintained. The system started off in 3.0G and has always been upgraded! It is now 7.00 Ehp3 Sp19. A symbolic role without profiles was used until now as if it were an "area menu". Favourites are like snowboarding...
  I tested it in my lab system. I dont think the customer would let me do it in production anyway...
  The redundancy compression would be less disruptive for sure, and I will try to analyze the impact on "delta" roles for the various projects over the years which do have menu entries. These are our main risk.
  I will revert back with the results and the thread is still open for other ideas...
  For those not familiar with this but wanting to look into it, the reference is SAP Note 203994 -> table SSM_CUST ID = CONDENSE_MENU = YES (very usefull setting for (well) designed (single) role concepts and menu usage, but to be treated with caution => not default)
  Cheers,
  Julius
  Edited by: Julius Bussche on Feb 16, 2010 11:47 PM

• CUPS 8.6 - Supporting Multiple SIP Domains on a per-user basis

  Working on a CUPS 8.6 PoC with a customer who currently is running a deployed OCS environment. 
  Users all sign into a single domain internally but have multiple SMTP domains for email as this customer has many different companies they have aquired.
  OCS  is able to support and route multiple SIP domains by specifing the SIP address under AD User settings such that two users both signed into the same OCS server can send IM's to each other even though they have different SIP addresses.  sip:[email protected] , sip:[email protected]
  CUPS on the other hand does not seem to allow this on a per-user basis.  It places every user in the sip domain that the server is a member of.
  The Jabber client allows you to specify a domain but I am not how this is used as the actual user account in CUPS is only ever the one domain and if you try and specify a different domain in the Jabber Connection Settings, it will not allow you to login.
  It is not a big deal for internal communications if everyone is on the same domain, but where it is important is for future B2B IM.  Users need to be able to give out THEIR IM address with THEIR respective domain.
  Does anyone else know for a fact that I will only be able to have one domain per CUP cluster?
  Any thoughts on this design?

  Not sure on the design perspective but as for CUPS Domain, we can only have single domain per cluster. As you have already found out that for any user licensed for CUPS, their IM address would be userid@CUPSDomain
  CUPS does have funtionality of federating with foreign domains such as AOL/GoogleTalk/WebEx Connect.

• Is there any other way to achieve per user call forward restriction other than to create multiple voice policies?

  Hello,
  We mentioned the environment details below:
  Environment
  In our PBX environment, currently a user can forward calls to any local (within a region) internal extension. But for external PSTN call forwarding, a user needs to send a request and be approved by their manager. And the forwarding restriction
  is applied such that user is only allowed to forward to that particular PSTN number - to prevent toll fraud.
  Moving forward to Lync, using voice policy's call forwarding and simultaneous ring PSTN usages, I can set it to allow forward and simultaneous ring to custom PSTN usage and a custom route that will only send calls to these pre-approved
  external numbers.
  Outcome
  But in such a scenario,
   sSince all the custom external allowed numbers will have to be put into a single Route match table, User A will be able to successfully
  set up call forward to User B's number. (if they come to know about it somehow, that is)
  rü 
  Route matching list will be very long due to the number of users per hubsite that has call forwarding enabled.
  Questions
  Is there any other way to achieve per user call forward restriction other than to create multiple voice policies ? MSPL may be ?  
  2. Is there a limit in the number of entries you can have on the Route pattern matching regex expression ?
  Please advise. MANY THANKS.

  1) I think multiple policies may be your best bet, though it's not a fun one to manage, I agree.  MSPL could do it, but it would be more complex to maintain in the end.  Even gateways have limitations on routes.
  2) I'm not aware of a limit, though I'm not saying there's isn't one.  But if you hit it, you could move to a second usage/route combo.
  I'd suggest building out some PowerShell usage/route creation/organization script for this so it's not something that would need to be maintained within the GUI.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Amount of Resources CPU and Memory per user

  Hi,
  We are looking to deploy a Line of Business Application via RemoteApp and a custom template.  The application requires a significant amount of RAM and CPU, can someone tell me who much RAM and CPUs are allocated per session \ user?  I would expect
  that we would use the Standard tier if any difference to resources available.
  Thanks
  Giles

  Hi James,
  Currently there is no way to configure resources other than selecting either Basic or Standard.  If you would like a lower per-VM user density (and thus higher resources for each user) what you can do is create more collections, and only assign
  a small number of users to each.
  For example, say you only wanted to have a maximum of 4 users on each VM, providing typically at least 1 vCPU per user.  In this case you would create collections with the Basic plan, each linked
  to the same template image, and only assign a maximum of 4 user accounts on the user access tab of each.  Assuming each user uses 80+ hours a month, the total (before discounts) cost for each collection would be $228/month, making each user
  cost about $57/month, slightly less than equivalent cost under Standard plan pricing if you factor in resources per user.
  You probably already know this, but I will explain how scaling works normally for others that may read this.  Azure RemoteApp will automatically create more VMs for each collection as needed to handle user load (Scale-Out) and shut down VMs when the
  user load is reduced (Scale-In).  The key thing that affects this scaling mechanism is the maximum concurrent users allowed on each VM, which for Standard is 10.
  In your case you are asking if you can have more resources per user, hence my instructions above for creating multiple collections and limiting the number of assigned users to less than 10 each.
  Depending on your unique needs it may make more sense to create a custom RDS deployment on Azure IaaS VMs.  In this case you could control the size/type of VM used, user density, etc.  Downside is you have to set up and manage more
  RDS components than you do if you use Azure RemoteApp.
  -TP

• ISE 1.2 & AD & Meraki - Per User Group Policy ?

  I am working on a PoC for a deployment in an MDU. We are using Meraki switches and access points. There are 250 units in the building, each unit will have it's own subnet. The goal is to have the tenant be able to connect to a common building SSID and be placed into their assigned VLAN. There will also be physical ports in each unit that will need to do the same. I am trying to figure out a way to use ISE to authorize on a per user basis and not based on groups of users. On the Meraki system there are group policies that will assign the VLAN for the user as well as any type of layer 7 firewalling and bandwidth control. So there will be 250 group policies, one for each unit. There is a deployment guide that shows how to setup ISE for use with Meraki and it is great but it assumes that there will be large groups like Employees, Contractors, etc.. that will be used. This is where I'm being tripped up, also... this is my first swing at a NAC deployment so I have a lot to learn.
  1.Can I setup each user in Active Directory to have a tag that ISE can then forward on to Meraki for the group policy? Say it's unit 101 and I have a group policy called 101 in Meraki, Meraki documentation says to use the Airespace-ACL-Name attribute in ISE to indicate the group policy to use. This gives me the ability to place a group into that policy but not an individual. Or would this be better done by creating the users in ISE directly? Omit AD entirely?
  2. Each unit will have devices that will need MAB because they are not 802.1x compatible. I need to do the same as above with them. I would create a separate SSID for these devices but then use the MAC address to authenticate them but will need to authorize them to go into a specific group policy.
  I know this isn't a typical ISE application but I think that this will work really well in the end, just need to iron out these details and get a test system functioning. Any help would be greatly appreciated!!!
  Thanks,
  Nathan

  Please find the Meraki_ISE integration doc. in attachment.
  When VLAN tagging is configured per user, multiple users can be associated to the same SSID, but their traffic is tagged with different VLAN IDs. This configuration is achieved by authenticating wireless devices or users against a customer-premise RADIUS server, which can return RADIUS attributes that convey the VLAN ID that should be assigned to a particular user’s traffic.
  In order to perform per-user VLAN tagging, a RADIUS server must be used with one of the following settings:
  MAC-based access control (no encryption)
  WPA2-Enterprise with 802.1x authentication
  A per-user VLAN tag can be applied in 3 different ways:
  The RADIUS server returns a Tunnel-Private-Group-ID attribute in the Access-Accept message, which specifies the VLAN ID that should be applied to the wireless user. This VLAN ID could override whatever may be configured in the MCC (which could be no VLAN tagging, or a per-SSID VLAN tag). To have this VLAN ID take effect, “RADIUS override” must be set to “RADIUS response can override VLAN tag” under the Configure tab on the Access Control page in the “VLAN setup” section.
  The RADIUS server returns a group policy attribute (e.g., Filter-ID) in the Access-Accept message. The group policy attribute specifies a group policy that should be applied to the wireless user, overriding the policy configured on the SSID itself. If the group policy includes a VLAN ID, the group policy’s VLAN ID will be applied to the user.
  On the Client Details page, a client can be manually assigned a group policy. If the group policy includes a VLAN ID, the group policy’s VLAN ID will be applied to the user. 

• An OS-Intergrated place to store per-user application configuration files.

  A Chairde,
  I'm developing an application that could be deployed on multiple platforms. I'm looking for a location to store per-user configuration files in a OS-integrated way.
  I use a utility class to determine the OS of the users machine. I know from experience that Windows NT5+ likes to store per-user settings/configurations in the %APPDATA% path (which is usually C:\Users\<username>\Appdata\Roaming\<vendor>\<software> etc.) I'm using a call to the environment labels to determine it's location.
  I'm a linux user myself, so I'm aware that most UNIX based Operating Systems like to store personal configurations in hidden folders in the user's home directory (ex /home/<username>/.<application> etc.), Obviously, I'm using a call to the system property user.home to determine that location.
  My Question is in relation to Mac OS and Mac OS X, where would it be a safe location to store per-user configurations? I know OS X is BSD/UNIX based so is it safe to assume to store them as a hidden subfolder of the user.home directory? What about Mac OS classic? Where are per-user settings stored, or is it like Windows 9x and NT4 and lacks proper multi-user setups (although NT4 is somewhat more prepared then 9x) ?
  It would be much appreciated if anybody has any ideas.
  Is Mise,
  Seán Mac Aodha
  PS. I'm not using Javas Property files etc. I've rolled my own exchangeable format for storing key,value pairs.

  I've used databases in the past to store local files but clients have sometimes run into trouble when the database daemon goes down or doesnt start-up normally because of a "improper" shutdown etc.
  In my own implementation of "Settings Files" i have serialized hashtables marked with appropriate metadata stored to the users "application data", a backup or original copy of those settings in the common directory shared by my application framework and then in a networked enviroment, the Settings can be hosted on a database server, so the user can travel between client machines and keep their settings (and files) with them.
  I have, with a bit of googling, come across the most obvious page i should have looked at in regards to Apple Mac OS X
  http://developer.apple.com/documentation/MacOSX/Conceptual/BPFileSystem/Articles/WhereToPutFiles.html
  According to Apple's guidlines, the most suitable place to store User configuration files is in the ~/Library/Application Support/<Application Name> directory.
  and for System-wide configuration files, /Library/Application Support/<Application Name> rather then storing them with the application in the /Applications directory.

• Single Database Session Per User in ADF/BC Application

  Hi, I am using ADF with BC (JDeveloper 11.1.1.1). My application contains multiple application modules, each connected to the same JDBC data source. On the app server, I have configured the data source to use Identity Based Connection Pooling.
  My current configuration is resulting in numerous database sessions for each user. I have a requirement to use only a single database session per user HTTP session. Is there any way to configure the application modules to achieve this?
  Thanks,
  Brad

  Hi,
  use a single root Am module and make sure the others are used as nested modules. This will create a single connection
  Frank

• Permit only one access per user on guest portal Cisco ISE

  Hi,
  Could you please help me to figure it out if it´s possible to create a guest account on cisco ISE which permit only one concurrent access?
  We don't want to have multiple devices registering with the same account, just one different account for each device.
  Thanks,

  Hi Gino,
  You  can restrict guests to having only one device connected to the network  at a time. When guests attempt to connect with a second device, the  currently-connected device is automatically disconnected from the  network.
  This is a global setting affecting all Guest portals.
  Step 1 Choose Administration > Web Portal Management > Settings > Guest > Portal Policy.
  Step 2 Check the Allow only one guest session per user option.
  Step 3 Click Save.

• Restrict application instances per user?

  We have a new ERP application.  As with most enterprise software, it has a restrictive license on concurrent uses.  It even counts multiple instances from the same user as multiple uses of its license.
  The application runs from a Windows 2012 R2 server, as a RemoteApp.
  Is there a way to restrict it so that each user may only run a single instance of the application?

  Hi Itwally1,
  All RemoteApp programs on the same server for the same user will run in the same session.
  There seems to be no built-in method to limit a RemoteApp to a single instance per user session. Please refer to following threads and check if can help you.
  Restrict a published RemoteApp to a single instance per user
  Limite RemoteApp to one instance per user
  If anything I misunderstand or any update, please don't hesitate to let me know.
  Best regards,
  Justin Gu
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Assigning Material Group per User

  Hi SAP Experts! =)
  Pls Help! does anybody have an idea how can I assign a Material Group per User. This is for authorization purposes. What I just know, is to Assign just one Material Group per user through Parameter ID MKL. This will only solve my problem if a User will only have access for a Single Material Group.
  Do you know a way how to Assign access for Multiple Material Groups? I would want to use this for the PR/PO process, so a User will only purchase Materials under his/her assigned Material Groups. =)
  Mik

  HI,
  Usually we give a star symbol for the authorisation object of material groups means the user is authorised for all the material groups.
  In case if you want to give multiple material groups for the user then we have to specify the material groups instaed of the star symbol.
  You can check the users authorisaion against the user ID in tcode SUIM.(Users with complex selection)
  Thanks & Regards,
  Kiran

• How to realize only one identical remoteApp per session per user per computer?

  If a terminalserver 2008 R1 is configured for only one session per user, everything works like it should if the user connects using the 'normal' remotedesktop session. A second connect with the same credentials kicks the first connect.
  If a remoteApp is used instead of the 'normal' connect, it's possible to start multiple instances of this app within one user a least from one computer. mstsc do run multiple times and seem to link in the existent connection without kicking it. How to change
  that?
  Continuative:
  The started RemoteApp checks the mutex of all started processes and stops herself if a process is found with the same mutex. This prevents multiple instances of this app within one user with the same sessionID. If a terminalserver is configured for only
  one session per user, this RemoteApp shouldn't start multiple within one user. Using a "normal" remote desktop session the app doesn't start more than one time, I tested it. Used as RemotApp, the app starts multiple! Possibly I'm able to change this behaviour
  with a code fix instead of configuring terminal services. Any tips regarding mutex and terminalservers?

  Hi,
  I tested the following code and it is working for me both in a RemoteApp and Full session:
  Imports System.Threading
  Module Main
  Sub Main()
  Dim createdNew As Boolean
  Dim m As New Mutex(True, "TPMutex", createdNew)
  If Not createdNew Then
  Return
  End If
  Application.Run(Form1)
  GC.KeepAlive(m)
  End Sub
  End Module
  -TP

• Multiple simutaneously logged in users accessing AFP home directories?

  Hi,
  Many of our problems are described in this guy's blog:
  http://alblue.blogspot.com/2006/08/rantmac-migrating-from-afp-to-nfs.html
  The basic capability we want is to have multiple simultaneously logged in users to have access to their AFP mounted home directory, which is configured in a sane, out-of-the box setup using WGM and Server Admin.
  Multiple user access could take the form of FUS (fast user switching), or simply allowing a user to SSH into a machine that another user is already logged into and expect to be able to manipulate the contents of her home directory.
  From my extensive searches, I have no reason to believe this is currently possible with 10.4 Server and AFP.
  (here's the official word from apple: http://docs.info.apple.com/article.html?artnum=25581)
  I've read that using NFS home directories will work, though.
  I want to believe that Apple has a solution for this by now (it's been almost a year since we first had difficulty), or at least a sanctioned workaround. If Apple doesn't have one, maybe someone else has come up with something clever. I find it hard to believe that more people haven't wanted this capability! (not being able to easily search the discussion boards doesn't help, though...)
  Thanks for your help!
  Adam

  Parallels Issue. Track at http://forum.parallels.com/showthread.php?p=135585

• How to set session timeout per user

  Hi,
  Ho do I set the session timeout per User in the
  Application.cfm File??
  I tried using
  <cfif SESSION.UID EQ 1>
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  sessiontimeout="#CreateTimeSpan(0,0,20,0)#">
  </cfelse>
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  sessiontimeout="#CreateTimeSpan(1,0,0,0)#">
  </cfif>
  But this didnt work because the cfapplication seems to have
  to be at the top before I call the variable SESSION.UID which
  I set on my login page..
  Someone know how to do this??
  Regards
  Martin

  Martin,
  Your code example cannot work because the "session" scope
  doesn't exist until your application scope is defined. So you have
  to handle this manually. Here's how you can get it done. First,
  define your application to the maximum sessiontimeout you want to
  have.
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  SESSIONTIMEOUT="#CreateTimeSpan(1,0,0,0)#">
  Then, I don't know how you are doing your login
  authentication but when you have authenticated the user, you need
  to define the userid and the most recent activity in the session.
  Also determine your timeout value based on the userid. See example:
  <CFIF IS_AUTHENTICATED>
  <CFSET session.user.uid = form.userid>
  <CFSET session.user.most_recent_activity = now()>
  <CFIF session.user.id eq 1>
  <CFSET session.user.timeout_mins = 20>
  <CFELSE>
  <CFSET session.user.timeout_mins = 1440>
  </CFIF>
  </CFIF>
  Now, all you have to do is check whether the user has been
  idle for too long and kill the session by purging all session
  variables. For example:
  <!--- if user id is defined, this means user is logged in
  --->
  <CFIF structKeyExists(session, "user") and
  structKeyExists(session.user, "id")>
  <!--- check if timeout has expired --->
  <CFIF datediff("n", session.user.most_recent_activity,
  now()) gt session.user.timeout_mins>
  <!--- timeout has expired, kill the session and log the
  user out --->
  <CFSET StructClear(session)>
  <!--- insert your logout code here --->
  <CFELSE>
  <!--- user hasn't timed out, so reset the most recent
  activity to now --->
  <CFSET session.user.most_recent_activity = now()>
  </CFIF>
  </CFIF>