Obiee11g upgrade: Preventing authenticated-user from accessing obiee system

Similar Messages

• Cannot prevent authenticated users from creating a blog on "My Page"

  I have a brand new Snow Leopard (10.6.1) 2.26 Ghz quad core Xserve with 12Gb RAM that will be used for web collaboration services. I've currently set up Wiki and Blog services with a group membership to allow creating wikis/blogs. The reason for this is for staff development purposes with the plan to add people into the group as they are trained. The process to set it all up was very simple, however, I'm having an issue preventing authenticated users from creating a personal blog. Although I can prevent the creation of wiki's to members of a group easily, any authenticated user on the server can log into "My Page" and will be able to create a blog. I've gone to server admin>choose the server>choose the "access" icon and set the column "for selected services below" (blog) to "allow only users and groups below" (the group) and it still doesn't prevent them from making a blog page. In WGM for the group on the "Basic" tab, the "enable the following services for this group" has only the choice of "none" and therefore since the site isn't showing as a choice, the Wiki, Blog, Calendar and Mailing List is grayed out. I've seen another thread that states in 10.6 that option for setting the service acl in the group settings of WGM is unavailable. Does anyone know a fix for my problem of security access for a "My Page" blog or is it a possible bug in Snow Leopard? Right now my only workaround is to remove the users access and enable it as they are trained. This isn't an ideal fix, however, because we have some users who want to limit their wiki or blog to authenticated users only, not public access. Any help will be greatly appreciated.
  Message was edited by: dstrollo.il

  Ran into this same issue.... Talked with a field engineer who confirmed the behavior. The question now is this a defect or "feature that does not work as as the audience desires". As I far can tell, the security setting for blogs in server admin does nothing at all. This has the potential to cause a few issues as you cannot limit who can have a blog.
  Message was edited by: jlindler

• 10.6.1 Server - cannot prevent authenticated users from creating a blog

  I have a brand new Snow Leopard (10.6.1) 2.26 Ghz quad core Xserve with 12Gb RAM that will be used for web collaboration services. I've currently set up Wiki and Blog services with a group membership to allow creating wikis/blogs. The reason for this is for staff development purposes with the plan to add people into the group as they are trained. The process to set it all up was very simple, however, I'm having an issue preventing authenticated users from creating a personal blog. Although I can prevent the creation of wiki's to members of a group easily, any authenticated user on the server can log into "My Page" and will be able to create a blog. I've gone to server admin>choose the server>choose the "access" icon and set the column "for selected services below" (blog) to "allow only users and groups below" (the group) and it still doesn't prevent them from making a blog page. In WGM for the group on the "Basic" tab, the "enable the following services for this group" has only the choice of "none" and therefore since the site isn't showing as a choice, the Wiki, Blog, Calendar and Mailing List is grayed out. I've seen another thread that states in 10.6 that option for setting the service acl in the group settings of WGM is unavailable. Does anyone know a fix for my problem of security access for a "My Page" blog or is it a possible bug in Snow Leopard? Right now my only workaround is to remove the users access and enable it as they are trained. This isn't an ideal fix, however, because we have some users who want to limit their wiki or blog to authenticated users only, not public access. Any help will be greatly appreciated.

  Thanks for the suggestion, but that would prevent all users from creating personal blogs. I was hoping to be able to have a group of users that can create a personal blog outside of the blog attached to a wiki.

• I need to prevent unauthorized users from accessing the application pages

  Hi^^,
  I have created an application in jsp and servlets. It has several pages like manager, supervisor accountant. I need to prevent unauthorised users from accessing these pages. In other words I need to implement a filter. Anyone who types a url other than that of the login page needs to be blocked. However I am not able to conceptualize the code that is going to be inside the doFilter() method. Please help
  Sincerely,
  Prashant

  Hi^^,
  I admit that there were some mistakes in the previous posting. I have corrected the mistakes and now there is going to be no compile time error. However when i put in the login id and the password it is redirecting me to the login page. I think that the front end jsp is directing the control to the controller servlet. But as "YOU" have pointed out in your previous post,
  "by default requestDispatcher.forward(...) does not pass through the filter change. If the user requests the login page from their browser however, then they will still get the error message, which may not be appropriate."
  I feel we need to somehow make the code pass through the requestDispatcher.forward(...) method of the servlet.
  I am again posting the corrected code.
  package com;
  import java.io.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  public class SecurityFilter implements Filter
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws   ServletException, IOException
    HttpServletRequest req = (HttpServletRequest)request;
    HttpServletResponse res = (HttpServletResponse)response;
    String X = req.getRequestURI();
    if(X.equals(http://localhost:8080/MyProject/LoginPage.jsp))
       //writing code for passing through the filter
       final class MyGenericFilter implements javax.servlet.Filter
        public FilterConfig filterConfig;
        public void doFilter( final ServletRequest request, final ServletResponse response, FilterChain chain) throws java.io.IOExeption, javax.servlet.ServletException
        chain.doFilter(request,response);
        public void init(final FilterConfig filterConfig)
        this.filterConfig = filterConfig;
        public void destroy()
  else
     HttpSession session = req.getSession();
     String username = (String)session.getAttribute("username");
     if(null==username)
       request.setAttribute("Error","Session has ended. Please login");
       RequestDispatcher rd = request.getRequestDispatcher("Login.jsp");
       rd.forward(request,response);
       chain.doFilter(request,response);
      else
       RequestDispatcher rd = request.getRequestDispatcher("X");
       rd.forward(request,response);
  public void init(final FilterConfig filterConfig)throws ServletException
        public void destroy()
    Edited by: pksingh79 on Aug 12, 2008 5:23 AM

• Prevent a user from accessing Cube Navigator

  Is it possible to prevent a user from accessing the cube navigator in Analyzer so the user can only view reports that are setup? thanks

  In Analyzer 6.2, there are some 'behind the scenes' parameters that can be added to suppress menu items. If you are currently using Analyzer 6.2, try adding the following parameter to your applet tag:<PARAM NAME = HideNav VALUE ="True">Note: this will hide the Navigate button for all users accessing the page.

• Is there a way to prevent AD users from accessing the VPN?

  I have ASA 5510's that authenticate users to the Active Directory. Is there a way to prevent users, that even though they are validated through the AD from being to establish a VPN connection?

  Haven't tested this lately, but with the ipsec client, you used to be able to go to an AD user's "dial-in" tab, and there was a check box there for "allow remote access" or something that. If this was checked, they could authenticate via IAS, if not, they couldn't. This allowed only selected users within AD to use the VPN. Not sure if this is still the case, but it's a start...

• Prevent multiple users from accessing a list item at the same

  Hi,
  I have a scenario where, if a list item is opened (in edit mode) by one user, no other user should able to access it. I mean to checkin/checkout kind of thing which is not possible with sharepoint lists.
  One thing that I have done through infopath 2010, by setting a rule on form load. On form load, set a field's value Assigned To to Current User and then submit data. In case I am getting value of Assigned To getting stored in the list as a new record
  along with all the values from previous fields.
  I want to update the same record not the duplicate record.
  Please suggest a solution for it. 

  Hi
  add a new column to your list COL_EDITING( type yes, no )
  Default value : NO
  Customize your editform.aspx attached to your form, when it open
  A. analyze if COL_EDITING=NO
  If it isn;t alert  an error message ( the item is in edit mode by another user  )  , and close the page
  if it is --->
  B to fill COL_EDITING=YES
  and next permit user to fill the fields in the form
  Also
  Romeo Donca, Orange Romania (MCSE, MCITP, CCNA) Please Mark As Answer if my post solves your problem or Vote As Helpful if the post has been helpful for you.

• Prevent multiple users from updating coherence cache data at the same time

  Hi,
  I have a web application which have a huge amount of data instead of storing the data in Http Session are storing it in coherence. Now multiple groups of users can use or update the same data in coherence. There are 100's of groups with several thousand users in each group. How do I prevent multiple users from updating the cache data. Here is the scenario. User logs-in checks in coherence if the data there and gets it from coherence and displays it on the ui if not get it from backend i.e. mainframe systems and store it in coherence before displaying it on the screen. Now some other user at the same time can also perform the same function and if don't find the data in coherence can get it from backend and start saving it in coherence while the other user is also in the process of saving or updating. How do I prevent this in coherence. As have to use the same key when storing in coherence because the same data is shared across users and don't want to keep multiple copies of the same data. Is there something coherence provides out-of-the-box or what is best approach to handle this scenario.
  Thanks

  Hi,
  actually I believe, that if we are speaking about multiple users each with its own HttpSession, in case of two users accessing the same session attribute in their own session, the actually used cache keys will not be the same.
  On the other hand, this is probably not what you would really like, you would possibly like to share that data among sessions.
  You should probably consider using either read-through caching with the CacheLoader implementor doing the expensive data retrieval (if the data to be cached can be obtained outside of an HTTP container), or side caching with using Coherence locks or entry-processors for concurrency control on the data retrieval operations for the same key (take care of retries in this case).
  Best regards,
  Robert

• Is there any way to prevent non-root users from rebooting the system?

  This question seems to be addressed many times on the web, but the problem is that none of the wannabe-howtos work on my system. In particular, this doesn't work and this doesn't work either, because (1) I need to keep policykit installed for udisks and other dependencies to function and (2) renaming (or removing) the file /usr/share/polkit-1/actions/org.freedesktop.login1.policy has (again) no effect on the users' ability to reboot and shut down the system. Even more surprisingly, adding the following to /etc/polkit-1/rules.d/20-disable-shutdown.rules has no effect at all:
  polkit.addRule(function(action, subject) {
  if (
  action.id == "org.freedesktop.login1.power-off" ||
  action.id == "org.freedesktop.login1.reboot" ||
  action.id == "org.freedesktop.login1.suspend" ||
  action.id == "org.freedesktop.upower.suspend" ||
  action.id == "org.freedesktop.login1.hibernate" ||
  action.id == "org.freedesktop.upower.hibernate"
  return polkit.Result.NO;
  As a result, ordinary users (not in the wheel group and with no special permissions) can simply reboot the machine by typing reboot. I remember that a simple polkit rule (as proposed on the Fedora forum) worked fine just a few months ago, but this doesn't work nowadays. The action IDs mentioned there are no longer listed in pkaction, so it's quite obvious that some changes (and bugs) have been introduced since then. I just need to prevent the users from rebooting the machine and to keep policykit installed. Is there any way to do this?

  karol wrote:Do said users have the ability to push the Power or Reset buttons?
  No, they don't.
  But come on, access permissions are a matter of principle rather than a matter of what you can possibly do with a hammer in your hand. That makes your question somewhat irrelevant to this issue. Imagine someone asking: "How can I protect my home directory from access by other users?" You would then probably ask: "Do said users have the ability to pull out the hard drive and mount it on their computer?"
  Even if the users had physical access to the ACPI buttons, rebooting the computer by mistake (via software) would still be much more likely than pressing (or even holding) the ACPI buttons by mistake.
  If I call rm -Rf / as a normal user, nothing should happen to the system in terms of availability to other users. Only my home directory and temporary files would vanish, but that's all. This is what permissions are there for. Similarly, when I type reboot as a normal user (no matter if I'm on SSH, on a local terminal or logged into KDE), it should be possible to simply disallow rebooting.
  The idea that users logged in locally can restart the computer may be fine for laptops under certain conditions, but it is a bad idea in almost all other cases. In a "kiosk" type environment, for example, the ability to reboot and get to the bootloader can be a huge security hole, unless all your disks are encrypted, and a huge "reliability hole" in any case. Suppose you use a desktop as a home server. You want everyone to be able to log in and to connect a USB flash drive (using polkit and udisks). But you simply don't want the machine to be rebooted. Why is such a simple thing so hard to do?
  Last edited by andrej.podzimek (2014-03-10 02:15:35)

• We are using version 3.6 on several machines. Is there a way to restrict users from accessing the about:config page?

  Prevent users from making modifications to the about:config page?

  You can do this with the [https://addons.mozilla.org/en-US/firefox/addon/3911/ Public Fox] add-on.
  It can be used to password protect access to about:config. To prevent the user from disabling/uninstalling the add-on, it also allows you to password protect the add-ons manager. You can also lock down other parts of Firefox such as the options dialog and clear history.

• Preventing the User from going back to the main page after logging out.

  Hi all,
  In my project I want to prevent the User from going back to the Main page, by clicking the back button of the browser, after the user has loggged out.I had invalidated the session so the user will not be able to do any operations, but he can vew the infos. I want to redirect to the login page if the user tries to go back using the back button after he has logged out.
  I tried the same in this forum after loging out. Surprisingly it is the same. I can browse through all the operations i did even after logging out from here.
  Is it not possible to do that in Servlets?Could somebody help?
  Thanks,
  Zach.

  Hi,
  You can use a servlet filter to do this , as it can interceptany request to your application you can decide to allow user access or not to any page/servlet.
  public class Test implements Filter{
       public void destroy() {
       public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException,
                 ServletException {
            System.out.println("filter");
            HttpServletRequest request = (HttpServletRequest) arg0;
            if(!request.getRequestURI().contains("index")){ // set condition that will be checked to verify if the user is logged in
                 System.out.println("redirecting ... ");
                 RequestDispatcher d = arg0.getRequestDispatcher("/index.jsp");
                 d.forward(arg0, arg1);
            arg2.doFilter(arg0, arg1);
       public void init(FilterConfig arg0) throws ServletException {
  }in you web.xml add :
  <filter>
            <filter-name>test</filter-name>
            <filter-class>test.Test</filter-class>
       </filter>
       <filter-mapping>
            <filter-name>test</filter-name>
            <url-pattern>/*</url-pattern>
       </filter-mapping>

• How to prevent multiple users from updating the same data in coherence

  Hi,
  I have a Java Web Application and for data cache am using coherence 3.5. The same data maybe shared by multiple users which maybe in hundreds. Now how do I prevent multiple users from updating the same data in coherence i.e. is there something in coherence that will only allow one user a time to update. If one user is in a process of updating a data in coherence and some other user also tries to update then the second user should get an error.
  Thanks

  I have a question on the same line. How can I restrict someone from updating a cache value when I a process is already working on it. I tried locking the cache key but it does not stop other process to update it , it only does not allow other process to get lock on it.

• Prevent multiple users from editing/approving the same form SPD 2013,SP 2013

  Hello all, I have a workflow with a to do task, the task is assigned to a group so any of the users in that group can go in and do a quality check on form data and approve it.  How do I prevent multiple users from working on the
  same form? do I just require check out? or is there a way to notify the rest of the group that a user has already started the quality check.

  The "Require Checkout" option is your best bet.  You can also enable the auto checkout on edit option to allow minimal effort on the side of the user.  Other users will then get the error message stating the item is checked out, if they try to
  edit it.
  If you'd like, you could add a workflow to the task list that triggers when something is changed.  That workflow can check if the item is checked out and if so, email the other users assigned to the task.
  I trust that answers your question...
  Thanks
  C
  |
  RSS |
  http://crayveon.com/blog |
  SharePoint Scripts | Twitter |
  Google+ | LinkedIn |
  Facebook | Quix Utilities for SharePoint

• How to prevent a user from entering characters into a number field

  How do you prevent a user from entering characters like A or B into a field that is defined as a numeric field?
  Please note that
  - we use block validation (for other reasons)
  - we are not able to convert these numeric fields to character fields
  We want to avoid a user being hasseled with the FRM-40209 ... message.
  This message is
  - not very helpfull because it does not inform us what the problem field is
  - not suppressable
  Any hints ?

  I went back to the drawing board on this one.
  You are absolutely right : the message can be catched !
  By writing an on-error trigger you can check for the error number. Sadly enough my first attempt on this used the on-message trigger which never fired hence my desperation.
  Anyway, the on-error trigger in combination with :SYSTEM.CURRENT_ITEM or :SYSTEM.TRIGGER_ITEM enables me to display a more meaningfull message to my users.
  Thanks for the hint.

• Is there a way to prevent a user from using the graph cursor legend to delete a cursor?

  I would like to have 2 cursors on a graph that can't be deleted by the user.

  Hi Dennis,
  I'm having this problem as well, and found your post. Are you referring to the Enabled State of the entire graph?  If so, this prevents the user from moving the cursor at all while the VI is running, which, of course, defeats the purpose of having a cursor at all.  Ideally, I would like to show the cursor palette and disable it's run-time shortcut menu.  This doesn't appear to be possible.   One workaround would be to hide the palle and instead include some indicators that show the cursors' values.  I'd prefer to show the palette to keep the program simpler.
  Any other solutions?
  Thanks,
  Alan
  Alan Blankman, Technical Product Marketing Manager and LabVIEW Developer
  LeCroy Corporation
  800-553-2769 x 4412
  http://www.lecroy.com
  [email protected]