Need to restrict USER in IR and ID based on SWC and CS

Similar Messages

• Need to restrict users from adding or modifying folders or reports

  Requirement: Need to restrict users from adding or modifying folders or reports through Info view and to reflect the modifications only thriough LCM.
  Issue: Customer wants to restrict users from adding or modifying existing reports from Infoview and need to force users to do make the changes through Life cycle manager tool.
  As per my understanding LCM can only be used to to promote folders and objects from one environment to another and to schedule the promotion of these jobs on a daily basis.My query is:
  Can we add or modify existing reports or folders using the LCM tool?
  Could you please help me out in this issue and provide me your suggestions.
  Thanks in advance.
  Prashanthi Rayaprolu.

  You can not restrict that using LCM. Need to modify the rights at the folder level.
  Explicitly remove the following rights for the user group,
  Add objects to the folder
  Edit objects
  Delete objects
  Copy objects to another folder (check this if required)
  Once the above four are denied then users wont be able to Edit/Add/Delete reports in that folder.

• Restrict users from editing and deleting not owned items

  Hello guys.
  I'm trying to restrict users from editing and deleting items created by other users. I know, that it can be achieved by using SPList.WriteSecurity parameter, but if I change its value to 2 or 4 - nothing happens... 
  May be there are some list permissions that can override this security setting? I tried to combine permissions in different ways but users either cannot modify any items or can edit/delete all of them... 
  By the way, setting ReadSecurity=2 works as it should work regardless of user permissions...
  Please help.

  Hi,
  I understand that you want to change the write security for the document library. You can try the PowerShell script below:
  $web = Get-SPWeb http://serverURL
  $list = $web.Lists["Document library"]
  $list.ReadSecurity = 2
  $list.WriteSecurity =2
  $list.Update()
  $web.Dispose()
  This setting will not affect the site collection administrator, he will always be able to edit the documents. You need to sue another account to have a test. If this still doesn't work, I think you need to manually edit the permission for each documents.
  Thanks,
  EnTan Ming
  Entan Ming
  TechNet Community Support

• I need to restrict users to submit data from Smart view or Excel Addin.

  Hi All,
  I need to restrict users to submit data from Smart view or Excel Addin.
  I cant provision them as read access because I want them to write from the Hyperion Planning Web Form.
  Any help on the same will be highily appriciated.

  John,
  Thanks for the reply . if i dont give them essbase write role user cant submit data through smartview or Excel addin. at the same users want to see adhoc reports making connection in smartview through planning, then users can send data.
  1. I want users to restrict export dataform to smartview, if they can export dataform to smartview it automatically makes connection using planning and users can pretty much change data.
  2. is there any way to restrict users making connection through planning in smartview.
  3. when users make smartview connection through essbase, the secuirty works fine and they cant change the data.
  Please let me know if you any solution ....
  advance thanks,
  NM

• Restricting Users access to BW Query based on Criteria

  Hello  ,
  Haven't found much help with the security implementation documents , i have been given a objective to create Profiles/roles and which would be used only for reporting on 1 single Cube by users from multiple departments. 
  Create profile/Roles and provide access to users for Query ZREP_C0_1 .
  User belonging to comp_code1 & region4 & plant6 should be able to view only his data and none other  even if the user wishes to see Compcode2 & region3 & plant4. 
  ( Reporting with restrictions over the User authorizations  on Region/Compcode )
  Creating the Role has been the easy as it was just to provide access to the infoarea , cubes, infobjects , query and authorization objects to execute query.   However i am stuck on how to proceed further on the above scenario  regarding restricting the users.
  Your help is much appreciated .
  Regards
  Raja

  Hi Pratheesh,
  If you are going to use client authentication in SSL and if client authentication fails since not all users will have client cert provided by you, SSL handshake will not complete and hence no access. But this is a performance impacting option. Restricting access on FW would be a good option.
  During the flow of a normal SSL handshake, the server sends its certificate to the client. The client verifies the identity of the server through the certificate. However, the client does not send any identification of its own to the server. When you enable the client authentication feature on the ACE, the ACE requires that the client sends a certificate to the server. The server then verifies the following information on the certificate:
  The CA has not revoked the certificate.The certificate signature is valid. The valid period of the certificate is still in effect. A recognized CA issued the certificate.
  You can specify the certificate authentication group that the ACE uses during the SSL handshake and enable client authentication on this SSL proxy service by using the  authgroup command in SSL proxy configuration mode. The ACE includes the certificates configured in the group with the certificate that you specified for the SSL proxy service
  Regards,
  Kanwal

• Restrict view buiseness area and profit center

  Dear all,
  We have  requirement that for particular user we need to restrict to view only one Business Area ( we have total 6 Business Area )  in standard T-code (e.g FBL3N,FBL5N)
  Please let me know how to do this.
  We tried certain authorization objects, but it won't help us to restrict user.
  Thanks and Regards,
  Abhijit

  Hi Abhijit
  Please check below documentation from help.sap.com:
  "    You can protect the user activities that affect accounting documents from different viewpoints. On the one hand, you can specify the organizational units (such as company code, business area) in which an employee may post or display a document. On the other hand, you can define authorization for posting and processing documents from the point of view of the accounts.
      You should note the following special features of authorization objects for accounting documents:
          With automatic postings, the system does not carry out an authorization check for business areas and accounts. Therefore, these authorizatons only take effect with manually-entered line items.
          Authorizations for document types and business areas are not taken into consideration for display functions and for reporting. That is, line items are always displayed in lists for all document types and for all business areas.
          Line items for which an employee has no authorization are suppressed when displaying and changing documents. The system indicates the missing authorization with a message.
          The authorization check for business areas is carried out when posting and changing documents, but not when displaying them. You use this authorization check for posting and changing, to avoid incorrect entries."
  [http://help.sap.com/saphelp_40b/helpdata/en/d6/eb2c7dd435d1118b3f0060b03ca329/content.htm]
  Please check with functional people on configuration settings as well because I searched and found that in IMG there is option "Activate display authorization for business area" which needs to be activated as applicable.
  I hope in consultation with functional guys you would be able to come up with desired solution.
  Best Regards
  Prashant

• Restricting users by creating other user Account in outlook

  Dear Team,
  I need to restrict users creating other mailbox account in outlook 2010/2007.
  We are using 2003 Exchange Server.
  Regards,
  RAJ

  Hi,
  Agree with Ed’s suggestion, creating mailbox is an Exchange level action and we cannot achieve that by Outlook.
  If you want to restrict users configuring accounts in Outlook client, I also recommend you ask for more professional help on our Office forum:
  https://social.technet.microsoft.com/Forums/office/en-US/home
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Hi guys I need to restrict access to the settings with a passcode but also need passcode for the screen lock due to MS Exchange. Can these codes be different?

  We are introducing iPhonse into the business but have a question regarding security. We need to restrict user access to the settings on the iphone  probably via a passcode. We also need the user to have access to their emails (which when using exchange enforces a passcode). Is this the same passcode that is used for both by default? Because if it is then by allowing the user access to their emails they would by default have access to the code that allows them to change the settings of the iphone?
  Does anyone have any knowledge of this or how I can achieve something similar.
  Thanks
  Paul

  Hi,
  Thanks for your reply
  Could you by any chance provide a few simple steps on how to do this as i not too sure how you differentiate creating a passcode for restrictions and creating a passcode for lock screen?
  Kind Regards,
  Paul

• Windows 2008 : How to Restrict Users to Copy file from Shared Folder

  Hello All,
  I need to Restrict Users to Copy file from Shared Folder. Please let me know is there any method to achieve this requirement.

  If user have Read permission, they can copy it. So actually you cannot restrict user from copy your files if they could read/edit.
  Some programs could help restrict users from edit/modify/copy the content of their files such as Office files, PDF files etc as Oscar said above.
  TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected]

• Restricting user from changing price in me22n after goods receipt

  i want to restrict the users from changing the price of the material in me22n after after goods receipt.
  pls tell me the userexit for it with detail.

  Okay, then let me play the role of the bad man.
  Why would you need to restrict users from changing a price after GR ?
  Do you think that users are changing prices just for fun or to mess up the system?
  Have you talked to users why they want change the price after a GR?
  do you have an alternative plan, for the case that the price really needs to be changed to be able to post the invoice?  do you want to cancel always the GR in this case? Is is possible? What if the stock is already issued? do you then want to cancel the entire chain? what if a month end closure was already done?

• BADI for MIGO for restricting User to entered other MVT types?

  Hi All,
  BADI for MIGO for restricting User to entered other MVT types?
  I want to restrict some of user not to use 501 Movement type ..I already created a Ztable for checking User for 501 type.
  Please let me know any Enhancement to be used to restrict user ?
  Thanks and Regards
  Steve

  Hi Steave,
  You can use this enhancement exit MB_CF001, this exit will be called every time before posting, you can use your logic in this exit. see its documentation first before implementing.
  Regards
  Ahsan

• How to restrict users from printing documents and exporting to local file

  Hi SAP gurus,
  I have two questions.
  1. How can I restrict users from printing a document? i.e. billdoc? I would like to know if I could block it though authorization. If yes, what auth obj to use?
  2. How to restrict certain users from exporting to local file? the System> List>Save-->Local File. I have tried restricting it using auth object S_GUI but it seems it is only applicable to older versions of SAP. im on ecc6.
  Thank you in advance.

  Hi,
  Check this:
  Create your own gui status and attach it to the list in the event START-OF-SELECTION.
  In the menu painter extra -> adjust template.
  Make it a list status and you will see all the standard list options appear including list->download
  Deactivate the ones you don't want. 
  If you just want to prevent users from downloading the list you can achieve this with authorization object S_GUI, activity 61. Menu option will still be there though.
  Please note that if you remove authorisation for S_GUI activity 61 then all downloads will not be possible. 
  If you just want to disable downloads only for a particular report, you can try this test program:
  Code:
  REPORT ztest. 
    DATA: PROGNAME LIKE SY-CPROG value 'Z_CHECK_AUTH', 
          FORMNAME LIKE SY-XFORM value 'F_CHECK_AUTH'.
  START-OF-SELECTION. 
      CALL FUNCTION 'SET_DOWNLOAD_AUTHORITY' 
           EXPORTING 
                FORM    = FORMNAME 
                PROG    = PROGNAME 
           EXCEPTIONS 
                OTHERS  = 1.
    WRITE: / 'TEST'.
  You also need this:
  Code:
  PROGRAM z_check_auth.
  FORM f_check_auth USING pe_result TYPE i. 
    pe_result = 5. 
  ENDFORM.
  Also have a look at the exit SGRPDL00.
  Hope this helps you.
  Rgds,
  Raghu

• How to restrict users working on Windows 7 clients from accessing Windows Explorer and other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2

  Dear All,
  We are having an infrastructure setup of around 500 client computers managed through group policy.
  Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
  Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
  It would be great if you can assist me with the following query.
  How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
  Can we disable Network Tab on the left hand pane ?
  explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.

  >   * explorer.exe is blocked already, but users are able to enter the
  >     Windows Explorer by clicking on the name which is visible on the
  >     Start Menu.
  You cannot block explorer.exe when you do not replace the shell - the
  desktop you see effectively IS explorer.exe...
  Your requirement sounds like you need a custom shell:
  http://gpsearch.azurewebsites.net/#2812
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• I have a Win7Pro SP1 PC locked down with a Group Policy as it is a public facing PC. PDF fillable forms cannot be completed when logged on as the restricted user. The forms work as a normal user. What are the user requirements/permissions needed to fill f

  I have a Win7Pro SP1 PC locked down with a Group Policy as it is a public facing PC. PDF fillable forms cannot be completed when logged on as the restricted user. The forms work as a normal user. What are the user requirements/permissions needed to fill forms?

  Well, try this (I was able to fix my with these steps):
  Go Utilities > Disk Utility
  Select your Startup Disk, e.g. Macintosh HD
  Then, under the First Aid Tab, click Verify Disk Permissions.
  If there are errors, then click repair Disk Permissions.
  After it is done, restart the computer and see if your problem is resolved.
  I hope this help.
  Zeke
  www.ZekeYuen.com/blog/

• Problems with restricted users, urgent help needed

  Greetings,
  I represent a company called eChiron, a service desk company for several client companies.
  We have a client company that has bought between 100 to 200 cell phones, all Nokia 6233. They all run client PCs with windows XP SP2 and are all restricted users (mandatory).
  We've installed 2 nokia PC suites as pilot prior to mass deploying and have both failed to run correctly.
  They execute correctly if the user is changed to local admin (being that the method of instalation), but when reverting back to restricted user the application doesn't work correctly.
  It starts and (apparently) conects to the mobile phone trough bluetooth interface. In reality the conectivity is nonexistent (we've tested by turning off the mobile phone...) and the connection log reports "conection failed".
  As i mentioned before, it's not an hardware fault since it all works correctly in admin mode.
  Thanks in advance for any possible help,
  J
  Edit: the installed version is the latest (17/december) and the language is portuguese.
  Message Edited by echiron on 17-Dec-2007 02:27 PM

  This has always been a limitation in PC suite, I assume you've tried the latest version 6.85?
  You may want to take a look at the link below, it may suit your needs better.
  http://www.businesssoftware.nokia.com/pc_suite_downloads.php