OID filter to restrict ocs user in calendar, files, mail
We are trying to setup some filter in OID in order to restrict some search screen and list of value in calendar, mail and files so that our users doesn't see the users under another subtree of OID.
We have the following in OID:
orcldefaultsubscriber: dc=sric,dc=ca
orclcommonusersearchbase: cn=users, dc=sric,dc=ca
Under this Common User Searchbase we have about 50 different organization under which the end user of our services are located.
We want to restrict the users of one organization to his particular organization. So that he cannot see the users of the others organizations.
For example, in mail, when the user open a new mail and use the address book.
The user shouldn't see all the user of dc=sric,dc=ca but instead be limited to the user under cn=his organization,cn=Users,dc=sric,dc=ca.
We currently have OID filter in place to restrict the user of Portal.
These filter are working fine. Trying to duplicate this functionality for calendar, mail and files.
Any hints ?
many thanks for your answer.
if i can't filter corporate directory. can i disable this function from oracle web client?
can i hide an user from corporate directory?
many thanks
best regards
giorgio
Similar Messages
-
Restrict Which Users Can Enter Data In List Form in SharePoint Foundation 2013
Is there a way to restrict which users can enter data in particular fields in a list item entry form?
We are using a SharePoint Foundation 2013 list and calendar to manage vacation time. We need to restrict non-supervisor users users from entering a value in a certain field in the vacation request form.
Here is how the system works now:
1. Employees complete the vacation request form (which creates a list item)
2. An email is sent to their supervisor to either approve or decline the request
3. Approved requests are automatically entered onto the vacation calendar
We have restricted the list so that only supervisors can edit items (the pending vacation requests). The problem is that all users can mark their own requests as approved when they fill out the request form in the first place. Is there a way to restrict
which users can enter data in particular fields on a list item entry form?Thanks for the suggestion. We ended up 1) hiding the approval column and 2) creating a second list, workflow, etc. The user no longer sees the approval column when filling out the form. Requests are now submitted to list A. Workflow #1 copies the request
to List B, then deletes the item from List A. Once the request is added to List B, Workflow #2 emails the user that the request has been received and emails the supervisor that a request needs to be approved. Only supervisors have editing permissions on List
B. Approved requests are automatically added to the vacation calendar (the calendar view of List B).
We found the following site to be helpful in learning how to hide the list column:
http://community.bamboosolutions.com/blogs/bambooteamblog/archive/2013/06/03/how-to-hide-a-sharepoint-list-column-from-a-list-form.aspx -
How to restrict the Users at Page level
Hi Gurus,
I want to restrict the users page to page.I am having 3 pages and 3 set of users.If any user having access to page1 then he will not see Page2 & Page3 .For Page2 & Page3 it is same case i.e page2 will displayed to user2 and not to user1 & user3.Same for page3 which will be displayed to user3 only.
Waiting for reply..
Thanks & Regards
GaneshHi,
There is PCDFilter, which can be used to filter role and workset content depending on the context.
I think this can solve your usecase.
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/3367e690-0201-0010-d285-c69bd884c9f3
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/17968de1-0a01-0010-1f9f-c090fbc7001a
Greetings,
Praveen Gudapati
[Points are always welcome for helpful answers] -
Find all Office 365 users where calendar permissions on default user is not "NonEditingAuthor"
Hi
How do I make a Powershell script to find all users where calendar permissions on "default" user is not "NonEditingAuthor" in Office 365?
Best Regards
MSISOMHi MSISOM,
To export calendar permission on default user, please refer to this script:
$rptCollection = @()
$mailboxes = get-mailbox -ResultSize Unlimited
$mailboxes | foreach-object{
$alias = $_.alias + ":\Calendar"
$displayName = $_.DisplayName
write-host $alias
$permissions = Get-MailboxFolderPermission $alias | Where-Object {$_.user.UserType.value -eq "Default"}
if($permissions -ne $null){
foreach($perms in $permissions){
foreach($right in $perms.AccessRights){
$rptCollection += New-Object psobject -Property @{
"User" = $perms.User
"Identity" = $perms.Identity
"StringAccessRights" = $right}
}$rptCollection
The result is for your reference:
Then you can filter the result with the cmdlet "where-object {}"
If there is anything else regarding this issue, please feel free to post back.
Best Regards,
Anna Wang -
Restricting a user(based on Responsibility) from updating the sales order
Hi,
We have a requirement here, that for a prticular responsibility the user shouldn't be able to update anything in the sales order. He can although perform below operations -
1. Query the order to view the details.
2. Release the OM holds, if any.
Other than these two things.. He shouldn't be able to make/save any changes to the order. We are using R12.
Now, what we tried is -
1. Created a forms personalization, that would check
if fnd_global.resp_id = <desired resp_id>
then raise form trigger failure in when-validate-record.
this is restricting the user to make any change in order. But, issue is he can still book an entered order.
So, requirement drills down to -
1. How to restrict the user from booking an entered order.
2. How to restrict the user to perform any other thing than releasing the hold (from actions).
Any help regarding this will be highly appreciated. Also, please let me know, if it is possible using Processing constraints or any other standard means.
Regards
Bhushani think you are putting this filter on employee table.If you want to apply adat level security then put these filters on groups.create one group and assign al user on which you want to apply data level security.on this group put this filter
upper("Employee"."DEPARTMENT") = upper(VALUEOF(NQ_SESSION."DEPARTMENT")).
And create another group and assign Jeff to that group and dont apply any filter on this group.You can apply these filters on individual users also but its a good parctise to make use of groups.
Regards,
Sandeep -
Filter or Restrict on? Which is the best way to put it?
Hello Experts,
If there is a Characteristic/Key figure on a report in BEx, and I right click on it and find another data element say, 0FISPER it I EDIT. On right click on 0FISPER I a variable.
My question is this, do we way that the key figure is RESTRICTED ON 0FISPER
or, key figure is FILTERED by 0FISPER
When do we use Filter or Restrict on? Which is the best way to put it? How best is it read, please include the variable in your discussion.
I will appreciate this clarification.
e.g. Company code EDIT shows Company codes ZPPTcomp: with nodes 8000, 9000
Thanks.Hi Amanda,
as per my understanding,
you are checking the structure field, you have selected edit then you are viewing a key figure and 0fiscper restricted by varaible. am I right?
if this is the case this is local selection and the key figure is restricted by fiscper variable means the restriction value user can enter in selection screen. if you select 0fiscper and select restrict there you can see single values, value range and you can also see varaible tab. by using varaible tab you can restrict to variable value.
hope this gives you some understanding.
Sathya -
Restrict local user login via GPO
I need a way to restrict domain user's access to the PCs in my department. All users at the company are put into company wide general user groups and then, as a department, we put them into separate user groups per department OU. I want to restrict access
to all users except the users in my OU user groups but there are hundreds of other user groups created by other departments so direct exclusion per group is out. I need a way to restrict everyone except my users via a group policy object.
Any help is appreciated.Hi,
Please follow the below steps for denying logon to all users, except the users who are the members of groups in your department OU,
1. Create a new group called "MyExcludedGroups" (To whom we are going to add the groups, for excluding logon to your department computers).
2. Check the below steps for adding the groups to "MyExcludedGroups" group using powershell,
- Go to Start -> Open Windows Powershell using Run as Administrator
- In the powershell type, set-executionpolicy unrestricted (for allowing commands to execute)
- Type the command import-module activedirectory (to enable and execute AD cmdlets)
- For example to add the groups in "ou=test1,dc=mydomain,dc=com" to "MyExcludedGroups" group, type the below commands,
$test1=Get-ADGroup -Filter * -SearchBase "ou=test1,dc=mydomain,dc=com"
Add-GroupMember -Identity MyExcludedGroups -Members $test1
Similarly you can run the commands on each OU to add the groups to "MyExcludedGroups" group.
3. Create a Group Policy Object (GPO) linked at the OU containing your department computers called "Deny Interactive Logon".
4. Right click and edit the GPO "Deny Interactive Logon" and navigate to the node "Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment".
5. In the "User Rights Assignment" node add "Deny log on locally" permission for "MyExcludedGroups" group.
Regards,
Gopi
www.jijitechnologies.com -
Windows 2008 : How to Restrict Users to Copy file from Shared Folder
Hello All,
I need to Restrict Users to Copy file from Shared Folder. Please let me know is there any method to achieve this requirement.If user have Read permission, they can copy it. So actually you cannot restrict user from copy your files if they could read/edit.
Some programs could help restrict users from edit/modify/copy the content of their files such as Office files, PDF files etc as Oscar said above.
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected] -
How to Restrict the users from changing the Default variant of report.
Hello everybody,
The requirement is to restrict the users to save and overwrite the default layout variant (Layout for higher managenet)set for the report, but at the same time they should be able to change and save the other layouts for which they are having access.
I have written the logic in the program which is working fine for all the scenario when we execute the report. But the logic doesnt work if the user is selecting the layout on the output screen of the report.
for e.g if the user runs the report using the layout varaint for which he is having the authorization then he gets the all 4 options so he then he can select the layout for which he is not authorized and he can overwrite.
i have debugged and check as i have found that after the report output is shown all the layout paramater is controllled by the statndard SAP objects.
Can anyone help me out in this issue.
Thankyou in advance.
*to get the default layout variant.
w_save = 'A'.
if p_vari is initial.
clear disvariant.
disvariant-report = sy-repid.
w_variant = disvariant.
call function 'REUSE_ALV_VARIANT_DEFAULT_GET'
exporting
i_save = w_save
changing
cs_variant = w_variant
exceptions
not_found = 2.
if sy-subrc = 0.
p_vari = w_variant-variant.
endif.
endif.
*logic to check user authorization to change the layout setting.
if p_vari = c_layout.
if not sy-uname is initial.
select single * from agr_users
where agr_name = c_role
and uname = sy-uname.
if sy-subrc = 0.
w_save = 'A'.
else.
w_save = ' '.
endif.
endif.
endif.
Regards,
Satish.Hi Maine,
Thanks for your reply.
As you mentioned for your own program, you can control the parameter "I_SAVE", when calling "REUSE_ALV_GRID_DISPLAY".
so already i have use the same logic and control the parameter through I_SAVE and here i am calling method ALV_GRID->SET_TABLE_FOR_FIRST_DISPLAY instead of "REUSE_ALV_GRID_DISPLAY".
and it works fine when we execute the report but the logic doesnt work when the user tries to change and save the layout variant on the output screen of the report.
Regards,
Satish -
Restricting Multiple Users To Only Their Specific Areas Of A Site
I think I understand the basics of user authentication and
password protection for areas of a site using PHP/MySQL, etc. Maybe
I don't however.
My question is: If I have 10 users how do I restrict each
user to only their specific pages in the site so that they can only
see their specific pages and not every protected page?
See, maybe I don't understand, but any help would be
appreciated. Thanks in advance.
Glenn AtkinsCan you password-protect individual folders, each containing
only a single
user's pages?
"GEAtkins" <[email protected]> wrote in
message
news:fj4gel$1sh$[email protected]..
>I think I understand the basics of user authentication
and password
>protection
> for areas of a site using PHP/MySQL, etc. Maybe I don't
however.
>
> My question is: If I have 10 users how do I restrict
each user to only
> their
> specific pages in the site so that they can only see
their specific pages
> and
> not every protected page?
>
> See, maybe I don't understand, but any help would be
appreciated. Thanks
> in
> advance.
>
> Glenn Atkins
> -
How we can restrict remote user to access same URL?
HI,
We have two remote sites A and B.
Site-A --- Users accessing application by using this URL: http://frsys.abc.com.pk:7777/forms/frmservlet?config=sales
Site-B --- Users accessing application by using this URL: http://frsys.abc.com.pk:7777/forms/frmservlet?config=market
We want to restrict the users A and B, to access the login pages vise versa.
Regards.Hi,
I m not sure how the task would be achieved throughOAS.
But with the help of developer n DBA,we can restrict the users A and B, to access the login pages vise versa.
1) Create 2 tables in DB,one table which contains only user A and another only for user B
2) With the help of Developers,create inital login page(Userrname/Password) for both applications ie Site A and Site B
3) At Login page validate with the respective table created ie check whether the user is from table A or table B
Regards,
Fabian -
Can you add delegate access to a user's calendar or mailbox folder via powershell?
Basically I want to know if you can grant a user delegate access to another user's calendar or meeting room using native powershell commands?
I know you can do this via method 1, listed below, however when you grant permissions in this way and if a user wants to see who has delegate access to their calendar or inbox by going to delegate access in outlook they will not see user's who have access
to their calendar or inbox.
Method 1:
Add-MailboxFolderPermission -Identity "userA:\Calendar" -User UserB -AccessRights editor
The above is a nice and simple way of granting userB EDITOR access to UserA's calendar.
But as stated above as you are using mailboxFolderPermissions and not DelegateAccess, this applies directly to this folder and if userA goes to their delegate access view in Outlook, they will not see that userB has access to their calendar.
I know that you can use the below commands to see a list of user's who have delegate access to you calendar:
Get-Mailbox userA | Get-CalendarProcessing | select resourcedelegates
I am new to powershell and don't know if there is a way of setting delegate access to a user's calendar or inbox/folder via powershell commands, similar to the above.
Any help with this query would be much appreciated!
thanksDelegate access is simply a combination of folder rights (which you've described) and Send As right, which is conferred by Add-MailboxPermission or Send On Behalf of right, which I'm not sure if you can confer with PowerShell. Set-CalendarProesssing applies
to resource mailboxes like conference rooms, not to user mailboxes.
Update: "Send on Behalf of" is conferred this way:
Set-Mailbox UserMailbox -GrantSendOnBehalfTo UserWhoSends
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." -
Another user's calendar appears when a date is selected in Mail message
Just upgraded to Lion on our family Mac. My wife and I each have an account on the Mac and share an Apple ID for purchases.
We each have an iPhone and have separate iCloud accounts. The shared Apple ID is used only for the App Store on the phones.
iCloud is working great, and syncing correctly with our individual accounts on the Mac.
But if I select a date that appears in a Mail message in my account on my Mac, the preview window for making an iCal event appears with my wife's calendar events, not mine!
If I go ahead and create the event anyway, it correctly appears in my calendar, not in my wife's.
Any way to prevent the display of another user's calendar when making an event from a date in a Mail message from your own account on a Mac running Lion?Duplicate thread!
-
Can you restrict a user in ASDM to only allow them to log a user out of a VPN session
We support many clients and we have found that many of them are sharing VPN credentials when logging in via AnyConnect/WebVPN. We were thinking about restricting simultaneous log in to 1. I also know that users may have situations where they lock up a session due to ISP or PC issues and won't be able to connect again until that session drops from the ASA. We would like to enable our helpdesk to log in to the ASA via ASDM and be able to logout a user that has an active connection. This would be in the logging area of the ASA where they could highlight a user and click logout. Is it possible to restrict a user to just this and not allow them to make any other changes to the ASA?
You should be able to do that. You would create a new privilege level (ie 7), assign all commands to that level except (this is my guess) the command vpn-sessiondb, you would put that at a lower privilege level (ie 6). Here's a write-up that may help getting you in the right direction.
http://www.packetpros.com/2012/08/read-only-asdm.html -
Viewing a User's Calendar on Windows - Can it Be Done Yet?
Goodmorning all,
I am already sure the answer is still no but has anyone found away to allow Windows users to view a iCal Server user's calendar?
The webcal looked like the job but you need to hand over your password. Not very satisfactory solution. I was hoping that Outlook would be able to be delegated to or at least subscribe to the users accounts. Alternatively use the excellent webcal but in read only capability.
Waiting with fingers crossed,
Frank.http://www.zideone.com/ could be what you are looking for (if it has to be Outlook). Gives you CardDAV (Addressbook Server) too.
Apart from that there are some other (non-Outlook) solutions listed on:
http://trac.calendarserver.org/wiki/CalendarClients (which also lists "openconnector" as Outlook solution)
Maybe you are looking for
-
Currently I am able to print to the printer via Airprint but because the iPad has a priority of Wi-Fi over 3G, when I want to browse the Internet at the same time via the iPad's 3G connection it will not which makes it hard to print pages from websit
-
Making an HDR document Aperture-Photoshop workflow experiment, any takers?
Howdy, Fellow Photographers I tried this recently but failed and I'm trying to figure it out. So, is anyone interested in a 32-bit HDR test using Aperture and Photoshop CS2? I think this feature is revolutionary in Photoshop CS2 and hope Aperture wil
-
I tried upgrading to version 4.0, but Facebook still won't load. I can't find a toolbar on my screen that has the tools button, so I am unable to clear my cache or cookies.
-
Issue with Jdeveloper when import the extension for Code Compliance Inspector
With Jdeveloper 11.1.1.7 oracle provides a new feature CCI. I have imported the CCI in my jdeveloper but when i try to check any of the code a pop up comes up with the below error org.apache.xerces.dom.ElementNSImpl.setUserData(Ljava/lang/String;Ljav
-
Visio Cisco Equipment Shapes out of Proportion and others Missing
Hello Everyone, Have any of you noticed that the shapes of line cards and port cards are out of proportion with the chassis Visio shape in which you place them. The ones below leave gaps not representative of the actual physical equipment. Also, it