Object-group with network-object containing an IP address range

Similar Messages

• Problem subclassing an object group from an object library

  Hi
  I've created an object group using Forms 6i (can't tell you the exact version just now) containing a number of objects, including a couple of alerts, a couple of data blocks, canvas, window, program units etc. I've saved the object group into an object library and used it successfully for some time. Now I've gone to a new job, I suspect that I'm using a subtly different version of Forms 6i (6.0.8.16.1), but I'm finding a strange behaviour when I try to add the object group to a form.
  Dragging the object group over, I get the 'Do you want to copy or subclass the object?' message. If I select 'Copy', everything gets copied across fine - the datablocks have all the items in them and the program units are fine. However, if I select 'Subclass', the items all appear in the object navigator, but are 'empty', so the data blocks contain no items and the program units are just 'begin' and 'end' statements with nothing in between.
  Funnily enough, if I 'copy' the object group into a form (so everything's present), then create another copy of the object group in the current version of Form Builder and save it in a (new) object library, the behaviour is still the same.
  Has anyone come across this situation before (I couldn't find anything exactly comparable on Metalink), and what workaround (if any) did you find?
  regards
  Andrew
  UK

  Hi again
  The answer to this strange behaviour became apparent when I found bug 2772326 on Metalink.
  Basically, either the OLB has to be on the FORMS60_PATH, or the option in Forms Builder under Tools->Preferences->Access->Subclassing Path has to be set to 'Keep' rather than 'Remove'. Doing either of these things solves the problem.
  regards
  Andrew

• Added webutil object group with JDAPI - adjust the webutil block sequence ?

  Hi all,
  I'm using the JDAPI to subclass in the webutil object group into Forms in an application. Annoyingly, the webutil block becomes the first block on the Form - which means on some Forms it displays on startup. Is there anyway (programmatically using JDAPI) that I can move the block the end of the block list after I've subclassed in the object group ?
  TIA
  Steve

  Hello,
  move
  void move(JdapiObject nextObject)
  Reorders an object with respect to its siblings in the collection it belongs to. This is similar to using drag and drop in Form Builder to move a block in a list. This method represents a way to do the same thing programmatically. For example, if you want a block appear immediately before Block5 in a list, you pass the object representing Block5 as the nextObject argument.
  Pass null to this method to move the object to the end of the list. If the specified object and the next_object do not share the same owner, or do not have the same type, the method throws an exception.
  You cannot use this method to move objects between parents. For example, it cannot be used to move an Item from one Block to another. If you want to move an object from one parent to another you will have to do something like:
  // to move 'itmA' to be positioned before 'itmB' in block
  // 'blkB' (when 'itmA' is in another block)
  // copy itmA into a new parent (blkB) using same name
  Item newItmA = itmA.clone(blkB, itmA.getName());
  newItmA.move(itmB); // move new item relative to itmB
  itmA.destroy(); // delete original object
  itmA = newItmA;
  Parameters:
  nextObject - the object next to which the specified object is to be moved.
  Throws:
  JdapiException - if you attempt to move an object next to an object that does not share the same owner or is not of the same type.
  Francois

• Association of authorization group with authorization object

  Dear Colleagues,
  We are using ECC 6.0 system. There is a transaction EMMAC2 where in the user would pick the case categories & view/make changes as required in the cases.
  However, we would like to have a user to pick only those case categories for which he/she is authorized & view/change the data.
  This EMMAC2 is controlled by authorization object B_EMMA_CAS & this authorization object has field BRGRU (Authorization Group) along with ACTVT (activity).
  We would like to control this via authorization groups
  We would like to create authorizations groups based on case categories & those authorization groups would be assigned in this BRGRU field.
  Meaning, the end result should be such that, when that new authorization group is added in BRGRU field & that role is assigned to an end user, the user should be able to see data only for those case categories for which the new authorization group has been created
  If I use SE54 to create authorization group, it automatically associates itself with authorization object S_TABU_DIS & this does not solve my purpose.
  But we would like to create a new authorization group & associate it with authorization object B_EMMA_CAS.
  Can someone please let me know the steps on how to achieve it or any other method to achieve it(for above underlined text)?
  Does a developer or functional consultant also need to be involved in this?
  PS: I tried to search in Google & our forums but could not get any answers

  Dear Aninda,
  Thanks for the help.
  I created an auth group via SE16 in table TBRG & associated to B_EMMA_CAS
  A case category was then assigned to this auth group
  We tested it - below are the results:-
  1. The user is allowed to 'change' and 'display' the case for the case category for which the user is authorized: this works as per requirement.
  2. The user is not allowed to 'change' case for the case category for which the user is not authorized: this works as per requirement.
  3. However, he is able to 'display' cases for the case category for which the user is not authorized: this we do not want.
  If I remove activty 03 (display), then the user is unable to display the case for the case category for which the user is  authorized.
  How to resolve this?

• Object living with servlet/jsp container

  How do I make an Object live until the servlet container lives? I mean I want an Object to be instantiated once in the lifetime of the webserver session and its has to be singleton and should live alive until the webserver dies? How can I make this possible? I should be able to keep that object alive even if any no references are made to the object. Moreover I should be able to access that object from any java class on that webserver?

  You can't do this in memory. The easiest thing to do would be to read/write the persistant data you need from disk.
  Anything your JSP or servlet creates in memory will be cleared when it is done serving the request.

• Can a shape be grouped with an object?

  Is there any way to group a shape such as a line with arrowhead to an object? The intent is that the line overlay the object and point to a particular part of the object and that both should move with the text without the relationship between them being altered. I can place the two appropriately in the first instance but seem unable to select both at once or to group them to prevent the relationship being lost when the text moves.

  I'm glad you got it figured out & shared the solution. It will help others who come along. That didn't dawn on me at the time. It doesn't work to have one move with text & the other fixed on page as they are in different layers in the document.

• Links don't work when grouped with a object

  I am trying to create links on a element that will slide; however, when I group my link box to the image I created in Sketch I can no longer click the link. Is there a way to fix this?  Thank you.

  When objects are grouped, the group act as a single object, that's the reason for grouping. You can add a single link to a grouped object, but only one link. Any links added to individual objects will not action when they are grouped.
  If you want to link to multiple slides, you will need to keep any objects that include a link, ungrouped, I've never found a problem doing this.

• How to use object collection with linked objects

  <p>Hi,</p><p>I&#39;m using VS2005 Crystal reports in a c# client app (server has database, but client does not have!). So the use of the objects transfered to the client seemed to me a good solution for showing reports on the client. The objects mostly link to several other objects (properties of type <type> or properties of type [] <type>) and the links are correctly configured in database assistant.</p><p>But: Whenever using one of the linked fields, all of the main fields will never show up in the report.</p><p>So, what is the correct way of showing a master / detail report using linked object collections???</p><p> (A small test sample app can be provided upon request)</p><p> TIA</p><p>BP</p>

  What database and connection type are you using? Are you connecting the report directly to the database, or trying to assign the datasource to object data?
  It sounds like you might be trying to use a linked list, collection or other C# construct to pass your data in. This currently isn't supported by the Crystal Reports SDK. You can use a DataSet or a DataTable, and possibly also an IDataReader depending on which version of Crystal Reports you're referencing in your project. Of course you can also connect directly to the database, even if the database isn't on the same machine as the application.
  The way to show master records with detail information is through the use of subreports and linked subreport parameters. Linked subreports take their parameter value from a record in the main report, so that only the data appropriate to that master record is displayed. The guys over in the [report design|SAP Crystal Reports; forum can help you out with this if you have questions on the specifics.

• Object communicating with creator object question

  Hey, hopefully somebody can help me with this.
  I haven't used Java in a long time so this might seem like a very basic question.
  I have an object (obj1 say) that has created another object (obj2) of a different class. obj1 can obviously call functions etc. of obj2 but how can I allow obj2 communicate back up to obj1? In C++ I'd just pass a pointer to obj2 when I created it but how do you go about doing this in Java?
  Thanks very much,
  Philip

  I would strongly recommend using interfaces in this case. Suppose you have class A and class B. You create an Object of Class A say aObj, and this object creates an Object of class B, say bObj.
  Now you want bObj to callback aObj. The better design would be to have an interface BListener, that would be implemented by Class A. Example:
  interface BListener {
    callback();
  public class A  implementes BListener {
  public void create() {
      b = new B(this);
  public void callback() {
  private B b;
  public class B {
      B(Blistener _bl) {
        bl = _bl;
      public void event() {
         bl.callback();
     private BListener bl;
  }This way B doesn't know anything about A, and doesn't care. It can accept any class that implementes the BListener interface.
  Hope this helps,
  -Sid.

• Migrate network object group members; risk

         We upgraded to new 5555 hardware and jumped from 8.2 to 9.1 last year. Our objects listing is now a bit messy. I have never run the "Migrate Network Object Group Members" menu option in asdm. I see what it is going to do, I am not sure it really helps me clean old objects, it seems low risk, but when I walk up to execution, there are a lot of changes it wants to make. We always save backup configurations but, if there are "gotchas" I don't want to put the company in that position. What has been the communities, Cisco's experience? Thanks for any feedback. jc

  John,
  if you feel that is risky, you can always go for plan B.
  - you can take closure look at the object groups and decide new object naming convention policy.
  - from ASDM or CSM, you can see overlapped or duplicate rules, so you can start with reducing them
  - you can see same services used in couple of rules with different service groups.
       - like object-group service WEB-PORTS tcp
                      port-object eq http
                      port-object eq https
               object-group service APPLICATION-PORTS tcp
                      port-object eq http
                      port-object eq https
                 object-group service APPS-PORT tcp
                      port-object eq www
                      port-object eq https
  - you can replace all these different object-group with one object group. like WEB-PORTS.
  - same way you can do excercise for network group as well.
  hope this helps.
  JD...

• NAT 0 using Network Object NAT in OS 8.6

  Hi,
  I am trying to create an IPSEC remote access vpn and am working for the first time with Network Object NAT on a 5512 X architecture with 8.6 OS. I would like to know how to create a NONAT scenario with users on the other side using a NAT 0 nat entry so that traffic going to subnets on the other end of the VPN do not get NATTED?
  Thanks,
  Vick.

  Hi,
  It would be the following then
  object-group network LAN-NETWORKS
  network-object 192.168.1.0 255.255.255.0
  network-object 192.168.2.0 255.255.255.0
  network-object 192.168.4.0 255.255.255.0
  network-object 192.168.5.0 255.255.255.0
  network-object 192.168.7.0 255.255.255.0
  network-object 192.168.8.0 255.255.255.0
  network-object 192.168.11.0 255.255.255.0
  network-object 192.168.12.0 255.255.255.0
  network-object 192.168.14.0 255.255.255.0
  network-object 192.168.16.0 255.255.255.0
  network-object 192.168.21.0 255.255.255.0
  network-object 192.168.31.0 255.255.255.0
  network-object 192.168.33.0 255.255.255.0
  object-group network REMOTE-NETWORKS
  network-object 192.168.10.0 255.255.255.0
  nat (inside,outside) source static LAN-NETWORKS LAN-NETWORKS destination static REMOTE-NETWORKS REMOTE-NETWORKS
  - Jouni

• Breaking Subclass/Removing Object Group/Without loss of code for child form

  Hi all..
  This is regarding Forms 10g (breaking inheritance)
  I have a base form as well as client form.
  The child form is having some properties as common to the base form. so child form is having sub class(inheritance) from the base class with the help of Object Group. This is the exiting setup
  Now, client wants the same information as child form with out link with base form.
  i.e., they want to remove the Object Group with out distrubing the child form.
  Finally, they want the child form as independant from base form. i.e., child form should not have inheritance from the base form and at the same time they don't want to loss of any code to the child form.
  There are 1000's of forms like that are need to re-work.
  Is there any tool/script available to do this process of work automatically.
  Please provide the necessary deatils and help me regarding this.
  Regards
  Madhava

  You CAN add new items to the subclassed block or change triggers code or even add new triggers. Form Builder won't let you create items in-between existing subclassed items or triggers. So if you need to create a new item, create at the end of subclassed item or trigger...
  You can not DELETE items of subclassed block or the block itself if it is subclassed. But you can remove the subclassed object from your child module --- by removing class info from the object group in child module --- but it will also remove all the subclassed child objects.
  If you delete or change anything in master object, it will directly affect the subclassed object and you can see the change immediatly in the child modules.
  When you drag the master object to child, it asks you if you need to subclass or copy, selecting copy will create a separate copy which you can play with in the child module.
  And below is brief help on the matter:
  If you don't want all the objects in the subclassed object group, then you might consider either subclassing the desired objects individually, or creating an object group which contains only the desired objects.
  Edited by: Zaafran Ahmed on Oct 13, 2010 12:41 PM

• Difference between these 2 object groups

  Hi Everyone,
  Need to understand about object-group network below
  when i run the command    sh run object-group id subnet
  on fw1  it shows
  network-object 10.0.0.0 255.0.0.0
  network-object 172.16.0.0 255.240.0.0
  network-object 192.168.0.0 255.255.0.0
  Same command on firewall 2 shows   
  network-object object 10.0.0.0
  network-object object 172.16.0.0
  network-object object 192.168.0.0
  Need to understand if contents of both the firewall are same?
  also if i remove config   below from fw2
  network-object object 10.0.0.0
  network-object object 172.16.0.0
  network-object object 192.168.0.0
  and add  the
  network-object 10.0.0.0 255.0.0.0
  network-object 172.16.0.0 255.240.0.0
  network-object 192.168.0.0 255.255.0.0
  which are same as fw 1  will it make any difference to the fw2?
  Regards
  Mahesh

  Hi,
  Had not tested this myself before to I configured this on my firewall
  object network TEST
  subnet 10.10.10.0 255.255.255.0
  object network TEST-2
  subnet 10.10.20.0 255.255.255.0
  object-group network TEST-GROUP
  network-object object TEST
  network-object object TEST-2
  network-object 10.10.10.0 255.255.255.0
  network-object 10.10.20.0 255.255.255.0
  access-list TEST extended permit ip object-group TEST-GROUP any
  ASA(config)# sh access-list TEST
  access-list TEST; 4 elements; name hash: 0xd37fdb2b
  access-list TEST line 1 extended permit ip object-group TEST-GROUP any 0x47cc12eb
    access-list TEST line 1 extended permit ip 10.10.10.0 255.255.255.0 any (hitcnt=0) 0x365de33c
    access-list TEST line 1 extended permit ip 10.10.20.0 255.255.255.0 any (hitcnt=0) 0xc98d1b29
    access-list TEST line 1 extended permit ip 10.10.10.0 255.255.255.0 any (hitcnt=0) 0x365de33c
    access-list TEST line 1 extended permit ip 10.10.20.0 255.255.255.0 any (hitcnt=0) 0xc98d1b29
  It would seem to work even though it creates an ACL that has overlapping rules but this is nothing new when you deal with "object-group" and ACLs.
  I would imagine that as long as you are doing the changes under the same "object-group" then traffic should not be affected. The traffic that is already been allowed through the firewall will keep on going through the firewall and naturally new connections should still match the ACL rule since the same network should be in the ACL all the time since if you first add the new lines and then remove the old.
  I would imagine that this "object-group" is probably used in the some "deny" statement in an ACL since it lists all the Private IP address ranges.
  You can naturally browse through the configuration to see where this "object-group" is used with
  show run | inc
  - Jouni

• Will these object-group cause override in CSM?

  Hi Everyone,
  Currently i can not make changes in live network to test the options below.
  Say we have Fw1  with object group below
  sh run object-group id Test
  object-group network Test
  network-object 10.0.0.0 255.0.0.0
  network-object 172.16.0.0 255.240.0.0
  network-object 192.168.0.0 255.255.0.0
  Fw2 shows below
  sh run object-group id Test
  object-group network Test
  network-object object 10.0.0.0
  network-object object 172.16.0.0
  network-object object 192.168.0.0
  Will above cause overiide in CSM ver4.2?
  Also if i have object group below on fw1
  sh run object-group Test_all
  object-group network Test_all
  network-object host 192.168.50.0
  Fw2 shows
  sh run object-group Test_ALL
  object-group network Test_all
  network-object host 192.168.50.0
  Will above also cause override as names are different?
  Regards
  Mahesh

  David, I think what you are referring to are nested structures, or in some cases "Deep" Structures.   I have tested this senario in my Netweaver 2004s system and there are no problems with this coding.    However, this does not mean all will be ok in your case.  I think that it really depends on how the structure(or deep structure) is used in the program and if the unicode checker is turned on.
  REPORT zrich_0001.
  TYPES: BEGIN OF t_sub,
         sub(10) TYPE c,
         END OF t_sub.
  TYPES: BEGIN OF t_object,
         object TYPE t_sub,
         END OF t_object.
  TYPES: BEGIN OF t_main,
         main TYPE t_object,
         END OF t_main.
  data: xvar type t_main.
  CHECK xvar-main-object-sub IS INITIAL.
  Regards,
  Rich Heilman

• ASA 5510 & Object-groups

  I have an ASA 5510 and have just started using object-groups which are super handy in theory, but not working in reality. I have a service object-group with a mix of tcp, icmp, and udp ports. Let's call it Sample_Port_Group. I'm trying to apply it to my dmz_access_in ACL. Here's the line giving me problems:
  access-list dmz_access_in extended permit object-group Sample_Port_Group 192.168.1.1 any
  The asa throws up an error between 192.168.1.1 and any. When I put up a ? after Sample_Port_Group, it gives me the option of putting in an IP address, any, etc. When I put in a ? after 192.168.1.1, it only gives me the option of putting in an IP address.
  Going off these posts:
  - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml
  - http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/nwaccess.html
  Those posts gave me the impression my line was possible, especially the "access-list outsideacl extended permit object-group myaclog interface inside any" line, which is at the end of the 2nd article linked.
  What am I doing wrong?
  Thanks in advance for any help.

  Hi Adam!
  You are doing it right, you are just missing on little keyword.
  The line should be as this:
  access-list dmz_access_in extended permit object-group Sample_Port_Group host 192.168.1.1 any
  or you could specify the subnetmask as:
  access-list dmz_access_in extended permit object-group Sample_Port_Group 192.168.1.1 255.255.255.255 any
  Regards