New Group - Access Level

Hi,
In CMC ->Users and Groups ->Group Hierarchy, I right-click and create New Group.
Then righ-click on the newly created Group ->User Security, I can see the Administrator is appears in there (in Add Principle).
Why? Does it mean this newly created Group has adminstrator right?
I just want to create a Group (with Display access so that user can execute the crystal report in CMC etc), how to do this?

Hi,
You can see the "Administrator" in the user security page, because "Administrator " group has some set of permission to that . It does not mean that the group you have created has Administrator rights.
Answer for your 2nd question:
Create a new group and grant the required permission for the newly created group. If the folder contains only crystal reports then you can handle it in folder level rights.
Regards,
Ravi

Similar Messages

  • How to include group access level in a ws call

    I want to include a Group Access Label in a Permission for a Course using an iTunes web service call.
    I don't see how to do this in the docs.
    (The example in iTunesUAdministratorsGuide.pdf at page 111 doesn't include the Group Access Label.
    And it's not in the schema for the ws xml document at http://deimos.apple.com/iTunesURequest-1.0.xsd)
    Is this an obvious omission or am I missing something? Anyone know how to do this?
    Background:
    We're creating most Courses programmatically.
    Obviously, we'd strongly prefer not to require an administrator to go into every Course and manually add a common Group Access Label to the Permission. (This manual piece is essentially what's now missing from the ws call or at least from my understanding of it.)
    Either way -- manually by an administrator or programmatically -- our instructors would then be able to set Permissions themselves on any Group they create -- doing this themselves and without the help of an administrator.

    To resume with a little progress made:
    I have a Section
    * with Access Level == Edit for Credential == Instructor@...${IDENTIFIER} with no Group Access Label, and also
    * with Access Level == Download for Credential == Student@...${IDENTIFIER} with Group Access Label == Student.
    I'm doing ws calls to add a Course including an identifier. This is successful, and I can then go into the iTunes client as Instructor@...${IDENTIFIER} (substitution made) and manually add Groups and change Access to each individually. (I'm adding Groups "Download", "Shared Uploads", and "Drop Box", changing the Access Level accordingly for Group Access Label "Student".
    But naturally I want to do the manual part programmatically, to save n instructors from having to learn how to do this same thing and then to do it.
    So I'm trying to change my ws call to add the Groups, including Permissions. Schema http://deimos.apple.com/rsrc/xsd/iTunesURequest-1.1.xsd doesn't include Group Access Label for Permission. What does this mean?
    I've tried the actual Credential == Student@...${IDENTIFIER} (with IDENTIFIER substitution made before the call) and also Credential == Student (to see if I'm supposed to match the Group Access Label, instead).
    For either of these trials, the ws call successfully adds the Groups and a ShowTree includes the Permissions for the Groups. But in the iTunes client user interface, it's as if I gave no Permissions in adding the Groups.
    Am I approaching this wrong or is there a bug here?
    (I haven't tried yet a separate call to add the Group Permissions, not wanting to suffer the processing wait of getting handles for the three Groups.)
    Anyone else doing this? (successfully or not ) Thanks.

  • Custom Access Level/User groups in BOBJ XI

    Experts,
    We are currently implementing BOBJ XI 3.1. Up on go-live, it will be handled by the Operations team from BOBJ CMC. We do not want to give administrator group for the operations users in CMC. Instead, we want to create custom groups with custom access levels.
    Ex. one for basis who will set up authentication, licenses etc
          one for the functional folks to maintain universes, export universes and set up security.
    Is there a way to set up user groups like this. We were able to successfully restrrict access just to folders, universes by creating a custom access level. But we were not able to do it on other items listed in CMC. Has anyone done this level of access before for the operations or even with in the development team instead of using administrator group>
    Appreciate your response
    Thanks
    Kee

    Hi,
    We can assign different rights to a group by creating custom access levels.
    Create a new group ,and also create custom access level and assign it to the new group.
    you can provide access to different objects to the group by adding rights to the access level.
    Under the access level > click  Included Rights > Add and Remove Rights > Under the Rights Collection > click on System.
    You  could find all the CMC object access rights can be assigned.
    Regards,
    Rameez

  • In contacts section for the groups section i want to delete old groups i have on the phone and then add a new group for easy access for work contacts for calling. rather then searching each individual contact when needed. is this possible?

    i currently have about 6 different groups listed on the iphone in my contact list section and i want to delete the old ones and create a new group for work puposes!
    i dont want any apps all i want is something similar to my favourites list but in a group so i can just go into that work group and scroll to the person i need to call and this way seperating my personal and work contacts.
    because i do alot of calls from my car i dont want to have to search my contact lists to find the right person i just want them all in a simple folder.
    is this possible because if i already have groups on my iphone i should be able to delete the old ones and create a new one?

    Deleting groups on the phone and creating new ones is not supported with iOS4, you'll have to do that on your computer and sync again.
    Let's see if they changed that in iOS5 when it is released.

  • Restrict certain function based on access level

    I'm working through an approval process with Office 365 SharePoint Lists and Infopath, and I want certain people to be able to submit items in a Sharepoint list on behalf of someone else. So, the boss might have her assistant post news for her,
    but her name will be on it. I only want certain people with a higher access level to be able to do this. Most people will just be able to submit news on their own behalf. I'm not sure how to do this other than to actually have a separate list that only certain
    people can access to support this one function.
    Currently I have lists for...
    Draft Items
    Submitted Items
    Published Items
    and I might create a fourth one for "Drafts Items on behalf of." Can you think of a better way than to actually create a fourth list?

    Hi  ,
    According to your description, my understanding is that you want to three permission level for a list: unable submit and unable approval, able submit and unable approval, able submit and able approval.
    If you just want to restrict  for a list, you can try to stop inheriting permissions for the list.
    For the above permission level, it can be reflected to the SharePoint default permission level: read, edit, approve. So for achieving your demand, you can add the users  into  suitable permission
    group (Site Visitors, Site Members, Approvers).
    Then you can go to the list ->List Settings ->Versioning Settings, select “Yes” for Require content approval for submitted items.
    Best Regards,
    Eric
    Eric Tao
    TechNet Community Support

  • Security and access levels

    I have created 4 users access levels, however, when I try to implement, when I keep inheritence, default security keeps coming up,   e.g. try changing everyone to my new access level and I get the new access level, but I also get view (inherited) - how can I "clean out" the old security settings??

    Sorry for the delay!
    OK, here's our situation - it's pretty straight forward;
    1500 users
    1500 (all) users in Everyone
    Of the 1500 users in Everyone;
    1200 in subgroup A
    200 in subgroup B
    90 in subgroup C
    10 users in Administrators
    4 universes
    1 connection
    Goal:
    Everyone and subgroups, same as admin, exception: can't delete or save to "corp" doc's.  My thought is to use same access level, then use the advanced configuration on the folders to prevent everyone from deleting any "corp docs"
    I have applied this access level to everyone and admin at;
    application > infoview, webi. cmc, deski, discussions, search
    universes > all 4
    connections > the 1
    folders > root folder,  level 1, denied access to everyone accordingly on level 2
    I have also added this access level to the top level security for users and groups
    Issues; 
    1. When I check the access level for everyone on folders, level 1 and below, I get the custom access level as inherited, but also view aslo as inherited.
    2. The users added to the admin group do not have same rights as the "administrator - for example, administrator can delete objects in the folders, but other users (within admin group) can not?  if I manually add the users to the folders, I can get this to work,  but doesn;t make sense, why would a user within a group have different rights, than any other user within the same group, with the same rights???
    Hope this helps!
    Edited by: Michael Bujarski on Jun 5, 2009 3:56 PM

  • Access Level - LOV

    Hi Everybody
    Can any one tell what does the below 'Access Level' mean. I came across this in 'Resource Group' creation form.
    1. User
    2. Extensible
    3. System
    Raffath

    Hello Raffath,
    In BOM module, Resource group is defined as a lookup code.
    Access level is a field which defines how a lookup can be modify :
    - System : lookup values can not be changed, no value can be added.
    - Extensible : user can add new value but not change predefined lookup values
    - User means that you can create, modify, or remove value in your lookup.

  • Export Rights from Custom Access Level to Excel

    How can I export the rights from Custom Access Levels to Excel? Thanks.

    Hi Nancy,
    Is this what you're looking for:
    1522,Custom Access Level 1,/Custom Roles/Custom Access Level 1,CustomRole,General,General,Add objects to folders that the user owns,Not Specified,Object and Subobjects,
    This is the comma delimited output from a Security Query executed in the CMC.  You should have no problem pulling this into Excel by specifying the appropriate text delimiter.  This can be accessed under the "Query Results" section of the CMC by creating a new Security Query.
    The output represents the Object Name and ID (Custom Access Level 1 = 1522), the type of object, scope, etc.  I exported this for the Administrators group specifically, and it does have a limitation of only being able to run for a single group at a time, but will give you substantial information.
    Let me know if you'd like additional detail.
    Thanks,
    Jim

  • Create a new Grouping in IBY_FD_EXTRACT_EXT_PUB

    Hi,
    I need to create a new group in  IBY_FD_EXTRACT_EXT_PUB like below.
    eg:
    +*<OutboundPaymentInstruction>*+
    ---+
    +*<OutboundPayment>*+
    ---+
    +*<ExtendValue>*+
    -- <Extend>+
    ---<OUTPUTVALUE>Concatenated Value - 1</OUTPUTVALUE>+
    +*</Extend>*+
    -- <Extend>+
    ---<OUTPUTVALUE>Concatenated Value - 2</OUTPUTVALUE>+
    +*</Extend>*+
    -- <Extend>+
    ---<OUTPUTVALUE>Concatenated Value - 3</OUTPUTVALUE>+
    +*</Extend>*+
    *</ExtendValue*
    +*<OutboundPayment>*+
    ---+
    +*<ExtendValue>*+
    -- <Extend>+
    ---<OUTPUTVALUE>Concatenated Value - 1</OUTPUTVALUE>+
    +*</Extend>*+
    -- <Extend>+
    ---<OUTPUTVALUE>Concatenated Value - 2</OUTPUTVALUE>+
    +*</Extend>*+
    -- <Extend>+
    ---<OUTPUTVALUE>Concatenated Value - 3</OUTPUTVALUE>+
    +*</Extend>*+
    +*</ExtendValue>*+   
    I have got the Concatenated value inside a loop, but I need to split each of the values into 80 characters and then insert it into <OUTPUTVALUE>+
    So, if I have 240 characters, then I need it like+
    +*<OutboundPayment>*+
    ---+
    +*<ExtendValue>*+
    -- <Extend>+
    ---<OUTPUTVALUE>Concatenated Value - 80 characters*</OUTPUTVALUE>*+
    +*</Extend>*+
    -- <Extend>+
    ---<OUTPUTVALUE>Concatenated Value - 80 characters*</OUTPUTVALUE>*+
    +*</Extend>*+
    -- <Extend>+
    ---<OUTPUTVALUE>Concatenated Value - 80 characters*</OUTPUTVALUE>*+
    +*</Extend>*+
    +*</ExtendValue>*+
    What I have tried is
    FUNCTION Get_Pmt_Ext_Agg(p_payment_id IN NUMBER)
    RETURN XMLTYPE
    IS
    l_ins_ext_agg XMLTYPE;
    CURSOR get_invoices_cur(cp_payment_id in number) is
    SELECT IDP.document_payable_id DOCUMENT_PAYABLE_ID
    ,SUBSTR(IDP.calling_app_doc_ref_number,1,30) REFERENCE_NUMBER
    ,IDP.payment_amount PAYMENT_AMOUNT
    ,IDP.document_amount DOCUMENT_AMOUNT
    ,IDP.payment_curr_discount_taken DISCOUNT_AMOUNT
    ,SUBSTR(IDP.po_number,1,30) PO_NUMBER
    ,IPA.payment_amount PAYMENT_AMNT
    ,IPA.ext_branch_number EXT_BRANCH_NUMBER
    ,IPA.ext_bank_account_number EXT_BANK_ACCOUNT_NUMBER
    ,IPA.payee_name PAYEE_NAME
    ,IPA.int_bank_name INT_BANK_NAME
    ,IPA.payment_reference_number PAYMENT_REFERENCE_NUMBER
    ,IPA.creation_date CREATION_DATE
    ,IPA.payment_instruction_id PAYMENT_INSTRUCTION_ID
    FROM iby_docs_payable_all IDP
    ,ap_invoices_all AIA
    ,iby_payments_all IPA
    WHERE AIA.invoice_id = idp.calling_app_doc_unique_ref2
    AND IPA.payment_id = IDP.payment_id
    AND IDP.payment_id = cp_payment_id;
    BEGIN
    <Initialize all valiables>
    FOR get_invoices_rec IN get_invoices_cur(p_payment_id)
    LOOP
    lc_concatenate: = <Get the concanated Value as required>;
    lc_split:= < Written some logic to split it into char >
    BEGIN
    SELECT XMLConcat(
    XMLElement("Extend",
    XMLElement("lc_value1" lc_split))
    INTO lc_extendval
    FROM dual
    END;
    END LOOP;
    BEGIN
    SELECT XMLConcat(
    XMLElement("ExtendVal",lc_extendval),
    INTO l_ins_ext_agg
    FROM dual;
    END;
    RETURN l_ins_ext_agg;
    EXCEPTION
    WHEN OTHERS THEN
    RETURN NULL;
    END Get_Pmt_Ext_Agg;
    Now, my output comes only as the last 80 characters, I do not have the first 80 and second 80 characters.
    ANy inputs to achieve all the 240 characters split into 3 rows like described above would be helpful.
    Thanks

    >
    Now, my output comes only as the last 80 characters, I do not have the first 80 and second 80 characters.
    >
    based on
    >
    lc_split:= < Written some logic to split it into char >
    >
    so check logic for splitting
    i can't test on your data but
    >
    SELECT XMLConcat(
    XMLElement("Extend",
    XMLElement("lc_value1" lc_split))
    INTO lc_extendval
    FROM dual
    >
    what's code doing?
    looks like it's wrong because it create tag "lc_value1"
    >
    BEGIN
    SELECT XMLConcat(
    XMLElement("ExtendVal",lc_extendval),
    INTO l_ins_ext_agg
    FROM dual;
    END;
    RETURN l_ins_ext_agg;
    >
    what's code doing?
    so try another way
    FUNCTION Get_Pmt_Ext_Agg(p_payment_id IN NUMBER)
    RETURN XMLTYPE
    IS
    l_ins_ext_agg XMLTYPE;
    CURSOR get_invoices_cur(cp_payment_id in number) is
    SELECT IDP.document_payable_id DOCUMENT_PAYABLE_ID
    ,SUBSTR(IDP.calling_app_doc_ref_number,1,30) REFERENCE_NUMBER
    ,IDP.payment_amount PAYMENT_AMOUNT
    ,IDP.document_amount DOCUMENT_AMOUNT
    ,IDP.payment_curr_discount_taken DISCOUNT_AMOUNT
    ,SUBSTR(IDP.po_number,1,30) PO_NUMBER
    ,IPA.payment_amount PAYMENT_AMNT
    ,IPA.ext_branch_number EXT_BRANCH_NUMBER
    ,IPA.ext_bank_account_number EXT_BANK_ACCOUNT_NUMBER
    ,IPA.payee_name PAYEE_NAME
    ,IPA.int_bank_name INT_BANK_NAME
    ,IPA.payment_reference_number PAYMENT_REFERENCE_NUMBER
    ,IPA.creation_date CREATION_DATE
    ,IPA.payment_instruction_id PAYMENT_INSTRUCTION_ID
    FROM iby_docs_payable_all IDP
    ,ap_invoices_all AIA
    ,iby_payments_all IPA
    WHERE AIA.invoice_id = idp.calling_app_doc_unique_ref2
    AND IPA.payment_id = IDP.payment_id
    AND IDP.payment_id = cp_payment_id;
    BEGIN
    <Initialize all valiables>
    FOR get_invoices_rec IN get_invoices_cur(p_payment_id)
    LOOP
    lc_concatenate: = <Get the concanated Value as required>;and add logic for splitting like
    select xmlelement("ExtendValue", xmlagg(xmlelement("Extend", substr(lc_concatenate,1+80*(level-1),80) )))
    INTO lc_extendval
    from dual
    connect by level <= ceil(length(lc_concatenate)/80)so example
    SQL>
    SQL> with t as
      2  (
      3  select 1 id, lpad('a',80,'a') ||lpad('b',80,'b') ||lpad('c',80,'c') str from dual
      4  )
      5  --
      6  select xmlelement("ExtendValue", xmlagg(xmlelement("Extend", substr(str,1+80*(level-1),80) )))
      7  from t
      8  connect by level <= ceil(length(str)/80)
      9  /
    XMLELEMENT("EXTENDVALUE",XMLAG
    <ExtendValue><Extend>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    SQL> if you have some problem then plz post test data

  • How to change lookup code  with Access Level as 'System'

    Hi,
    I need to append new lookup codes in a lookup type having access level as 'SYSTEM'. Is there any standard way to do the same or just updating the customization level column will do ? Please let me know if you have any solution for this.
    Regards
    Girish

    You can also change the meaning on that value to something like "*** DO NOT USE***". This will make it obvious to the user that he/she should not choose it.
    You can try to add a when-validate-record personalization to show error if someone selected a disabled value.
    You can also try to modify the list of values associated with the field using personalizations.
    If nothing else works, you can use a SQL to uncheck the enabled flag. The risks involved in this are well known.
    Hope this answers your question
    Sandeep Gandhi
    Independent Consultant
    513-325-9026

  • What is the use of access level

    Hi Experts,
    What is the access level and what is use of each option in access level
    1  Application
    2  Superior component
    3. Top Component
    4. Sap
    5. Global
    and in Details section what is the use Properties tab
    1. Application Component
    2. Software Component
    3. Development Package
    4. Settings Class
    Please explain Each option use.
    Thank you in advance,
    Srini M.

    Hi Srini,
    just read the documentation (although the current status on SAP Help Portal isn't really up-to-date):
    1. [Entry point|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/cc/85414842c8470bb19b53038c4b5259/frameset.htm]
    2. [Setting an Access Level|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/32/6aba9c49fd41a5a14f710e121220f1/content.htm]
    W/r to "Application Component" etc., docu on Help Portal is definitely not sufficient. Here, the following applies:
    An application offers attributes for the application component and the software component. The application component and software component have to be the same as defined for the development package. Application and software component are automatically derived from the development package if they are not set explicitly.
    For the definition of the development package, application component, and software component, we recommend that you choose the same values that are in effect for the software solution that you want to enhance by a new BRFplus application. This simplifies all activities related to the software infrastructure, especially transports.
    CU
    Claus

  • New group in Shared Services does not come up in projects?

    Hi All,
    I'm working on a system that has externalized security, and we use Hyperion Shared Services to add users to groups and assign filters to groups.
    I have just added a new group in the analkytic server in shared services, I have also provisioned it to have filter access of a particular DB.
    When I go to the projects folder and check the list of groups under the application, to look for this group so I could assign the filter, I dont find the group listed.
    Does anyone know what I am missing out on.
    Thanks in advance.
    Anindyo

    Hi John,
    I tried to delete the group and create a new group again:
    searched for the group, right clicked on it and clicked on Provision.
    Then I expanded the Analytic server tree to the left, selected server Access, and moved it using the arrow button.
    Then I expanded the DB name, there were "Provisioning Manager", "Application Manager" and "My Role".
    I expanded the Tree of "My Role" and found "Calc", "Filter" and "Read".
    I expanded the tree "Filter", and found Start/Stop Application.
    I selected "Filter" (not Start/Stop Application) and moved it to the second list on the right using the Arrow button.
    Then I clicked on the save button.
    Now I expanded the Projects Folder:
    Clicked on the DB to which I provisioned this group.
    It showed the list of users and groups to the right.
    I selected groups in the drop down.
    Clicked on refresh, but the new group does not appear.
    Please let me know if I missed out on anything.
    Thanks for the response,
    Regard,
    Anindyo

  • HT5760 New group being created everytime someone responds to our existing group message.

    I have a group message with 8 people in it. We all have iPhones and the new iOS8 software. Once we got the new software someone renamed the group. Ever since the update, randomly it will happen that when someone responds in the group... instead of the response showing up in the group we already have... it creates a new group with all the same people. This does not happen every time it is random. This is very frustrating, someone please help!

    Hi Leela,
    Are you creating sales order in the same system like
    You have created table in Development system in same system your are creating sales order
    If you are creating here you just go to V/07 transaction then slect your access sequence go in to the tables detail screen here you select your table 953 then click on fields here you check all the fields are available correctly or not then save the changes.
    Now try
    or
    You transported these confugaration to other system like Quality or Production here and you are creating the sales order,
    If you are creating here you need to create condition table again then try.
    I hope it will help you,
    Regards,
    Murali.

  • Help creating apple script to create folder and set access levels

    I'm trying to create folders in FileMaker Pro using apple script and need some help in setting the access level for the folders.  I want to set both Staff and everyone to Read and Write access.   Secondly I would like to have a function key set on the desktop to create new folders and set that same access level.  The default access is Read and I can not find a way to change that.
    Thanks

    I'm trying to create folders in FileMaker Pro using apple script and need some help in setting the access level for the folders.  I want to set both Staff and everyone to Read and Write access.   Secondly I would like to have a function key set on the desktop to create new folders and set that same access level.  The default access is Read and I can not find a way to change that.
    Thanks

  • Problem with Restrict Access to Page with access level using ASP

    I'm using Dreamweaver CS3 with ASP-VBScript and an Access
    database. The pages were created from scratch for this project,
    using those tools all the way through.
    I've created a login page, an admin homepage, and add, edit,
    and list records pages for three tables. The login page uses the
    Server Behavior "Log in User", all other pages use the Server
    Behavior "Restrict Access to Page". All of these are based on an
    Access Level.
    Login seems to work correctly, and redirects to the admin
    homepage. From the admin homepage, I can open any other page as
    expected, and they initially display correctly. On the add and edit
    pages, however,
    submitting the form often results in getting logged out, but
    not always.
    Once this happens, I can log back in, but other problems will
    sometimes occur during that second login session. Sometimes,
    logouts will occur on pages that worked fine during the first login
    session. Sometimes, another session variable that I've setup
    manually will change when it shouldn't...as if there were two
    values stored for my session variable, and reloading the page
    changes to the other value.
    This
    post seems closest to my experience, but it doesn't look like
    there was really an answer beyond "I had to fight with it for a bit
    to get it to work":
    I suspected that there is some problem with session settings
    on the server. We have an almost identical tool on the same server
    that was developed with an older version of DW that works more
    reliably; it sometimes has problems with the initial login, but
    never has a problem after that.
    Has anyone experienced problems like this? Any suggestions
    for what to check? I'm really pulling my hair out since it's so
    unreliable...the kind of problem that goes away when you try to
    show someone and comes back when they leave.

    Hello,
    I was thinking that all I would need would be the username, although username and paswsword would be more secure.  There are about 50 users and no groups or levels.  They are all equal ... same level.
    The website is private and there is a general content area for all users and then there will be private areas for each user where proprietary documents will be held.  I need to be able to ensure that user 'A' can only see the user 'A' pages, user 'B' can only see user 'B', etc.
    I don't really understand what the Dreamweaver script is doing, but the overview sounded like it was the right tool to accomplish what I'm trying to do.
    Any assistance greatly appreciated.
    thanks.

Maybe you are looking for