OIM 11g-How to restrict the role administrator from seeing "other" roles

Dear All,
How to restrict Administrator from seeing roles he is not suppose to administer?
My administrator is suppose to assign only Role A. When he logs in He can see every single role. How to correct it so that he can see only Role A?
Thank you for your time
Maria

Modify "All User Role Management Policy"

Similar Messages

  • How to restrict the department to not user other departments' equipment?

    Dear SAPIENTS,
    How to restrict the department to not user other departments' equipment? If suppose any one creating order for equipment having different authorization group then system should not allow me to do this.
    Regards,
    Kaushal Rai

    Kaushal Rai,
    Use Authorization group for technical objects, create authorization gruops in IMG and assign the same to the Equipment master and block the other department with the same authorization group. For ristricting the authorization group to other departments after creating and assigning it to the equipment seek help from your BASIS team.
    goto the below path for cerating the Authorization group:
    IMG - PMCS - Master data in PMCS - Technical Objects - Define Authorization groups:
    Here you define the authorization groups, after completion of this step go to the Equipment master in General Data tab page there is a feild Authourization Group, mention the respective authorization group and provide this Authorization gruop value to the respective user in the user role with the help of BASIS Team.
    Regards,
    Praveen.

  • How to restrict the user(Schema) from deleting the data from a table

    Hi All,
    I have scenario here.
    I want to know how to restrict a user(Schema) from deleting the values from a table created in the same schema.
    Below is the example.
    I have created a table employee in abc schema which has two values.
    EMPLOYEE
    ABC
    XYZ
    In the above scenario the abc user can only fire select query on the EMPLOYEE table.
    SELECT * FROM EMPLOYEE;
    He should not be able to use any other DML commands on that table.
    If he uses then Insufficient privileges error should be thrown.
    Can anyone please help me out on this.

    Hi,
    kumar0828 wrote:
    Hi Frank,
    Thanks for the reply.
    Can you please elaborate on how to add policies for a table for just firing a select DML statement on table.See the SQL Packages and Types manual first. It has examples. You can also search the web for examples. This is sometimes called "Virtual Private Database" or VPD.
    If you have problems, post a specific question here. Include CREATE TABLE and INSERT statements to create a table as it exists before the policies go into effect, the PL/SQL code to create the policies, and additonal DML statements that will be affected by the policies. Show what the table should contain after each of those DML statements.
    Always say which version of Oracle you're using. Confirm that you have Enterprise Edition.
    See the forum FAQ {message:id=9360002}
    The basic idea behind row-level security is that it generates a string that is automatically added to SELECT and/or DML statement WHERE clauses. For example, if user ABC is only allowed to query a table on Sunday, then you might write a function that returns the string
    USER  != 'ABC'
    OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'So whenever any user says
    SELECT  *
    FROM    table_x
    ;what actually runs is:
    SELECT  *
    FROM    table_x
    WHERE   USER  != 'ABC'
    OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'
    ;If you want to prevent any user from deleting rows, then the policy function can return just this string
    0 = 1Then, if somone says
    DELETE  employee
    ;what actually gets run is
    DELETE  employee
    WHERE   0 = 1
    ;No error will be raised, but no rows will be deleted.
    Once again, it would be simpler, more efficient, more robust and easier to maintain if you just created the table in a different schema, and not give DELETE privileges.
    Edited by: Frank Kulash on Nov 2, 2012 10:26 AM
    I just saw the previous response, which makes some additional good points (e.g., a user can always TRUNCATE his own tables). ALso, if user ABC applies a security policy to the table, then user ABC can also remove the policy, so if you really want to prevent user ABC from deleting rows, no matter how hard the user tries, then you need to create the policies in a different schema. If you're creating things in a different schema, then you might as well create the table in a different schema.

  • OIM 11g: How to track the net result of a change?

    Is there any way in OIM 11g to track (by database key, unique identifier, etc.) the net result of a user change?
    For example, if I change the OIM user's password, is there any way to determine which "Change Password" or "Password Updated" tasks were generated as a result on the connectors?
    If there's nothing like that built in, has anybody implemented anything like this?
    Thanks.

    It looks like when using Requests, that the Request ID is propagated to any process task spawned as a result of the request.
    Is this a correct statement?

  • How to restrict the posting document from the parked user

    Hi All,
    Please help me in the below requirement
    The requirement is, need to restrict the posting of document by the same user, who has parked the document.
    For this I did the code changes in BTE: 00001140 by copying the function module:
    u2018SAMPLE_INTERFACE_00001140u2019 into new function module asu2019 Y_IB_FI_PROCESS_00001140u2019
    In this I have restricted as
    IF ( sy-tcode = FV60 or
    sy-tcode = FV50 or
        sy-tcode = FBV0 ).
    IF i_parked = u2018xu2019. " document has already been parked
          READ TABLE t_bkpf INDEX 1.
          IF t_bkpf-usnam EQ sy-uname. " park user = current user ?
            t_exctab-okcod = 'BU'.    " do not allow to post
            APPEND t_exctab.
          ENDIF.
        ENDIF.
    This function module is getting trigger while parking and posting the documents
    While posting the document, the parameter i_parkedu2019 is not getting the values as u2018Xu2019,
    To get the values as u2018Xu2019 for the parameter: i_parked what can I do?
    Can you please help me, is there configuration side need check?
    Or do I need to write code some where else.
    Thanks in Advance
    Rambabu .A
    Cross-post

    Hi
    Well, in such a case, it might be justified... BUt again, I would ask how would you differentiate between What USER1 can park and what can he post?... Certainly, it would be by means of fields like Doc Type, etc...
    Else, if you leave it to the discretion of USER1 and give him both the authorizations, why would he like to park when he can post the doc? 
    Anyways, now coming to the BTE, each BTE uses a structure... For eg: BTE 1120 uses BSEG_SUBST... If the fields you desire are not available in the structure, then you can also enhance the structure... See if you can enhance the structures involved and achieve the result
    Regards
    Ajay M

  • Using Oracle 11g How to change the Log mode from NoArchieve to Archieve Log

    Hi,
    I currently using oracle 11g How can I change database from NoArchivelog node to Archivelog node using spfile.
    And where exactly the spfile will be located?
    My instance is EPM11 in my local oracle is present in D folder where can i found the pfile?
    In this path i found 1 pfile in my Local Machine
    "D:/Oracle/Product/11g/admin/epm11/pfile" .I have added the following commands in this pfile
    # Archive Log Destinations -benr(10/15/04)
    log_archive_dest_1='location=/u02/oradata/cuddle/archive'
    log_archive_start=TRUE
    Then i have ran the shutdown command.
    Database instance is showtdown.
    After that i am not able to perform startup.
    So please suggest me how to change the mode using SPfile and tell me the path where spfile and pfile should be located?
    And also do i need to set the "Oracle_Home" path in my environment variables"
    Thanks In Advance,
    Chandana

    user11225122 wrote:
    Hi,
    I currently using oracle 11g How can I change database from NoArchivelog node to Archivelog node using spfile.
    And where exactly the spfile will be located?
    My instance is EPM11 in my local oracle is present in D folder where can i found the pfile?
    In this path i found 1 pfile in my Local Machine
    "D:/Oracle/Product/11g/admin/epm11/pfile" .I have added the following commands in this pfile
    # Archive Log Destinations -benr(10/15/04)
    log_archive_dest_1='location=/u02/oradata/cuddle/archive'
    log_archive_start=TRUE
    Then i have ran the shutdown command.
    Database instance is showtdown.
    After that i am not able to perform startup.
    So please suggest me how to change the mode using SPfile and tell me the path where spfile and pfile should be located?
    And also do i need to set the "Oracle_Home" path in my environment variables"
    Thanks In Advance,
    Chandanaremove log_archive_start=TRUE from pfile (it is depricated from 10g onwards)
    SQL>startup nomount pfile="D:/Oracle/Product/11g/admin/epm11/pfile/initYOUR_SID_NAME.ora"
    SQL>Create spfile from pfile="D:/Oracle/Product/11g/admin/epm11/pfile/initYOUR_SID_NAME.ora"
    SQL>SHUT IMMEDIATE;
    SQL>STARTUP MOUNT
    SQL>ALTER DATABASE ARCHIVELOG;
    SQL>ALTER DATABASE OPEN;
    SQL>ARCHIVE LOG LIST;
    SQL>SHOW PARAMATER SPFILE;
    YOU WILL FIND THE LOCATION OF SPFILE
    SQL>

  • How to restrict the .class file from decompilation

    Hi all,
    i got a security problem. i need all the java class files to be most secured. is there any to restriction on the java class files from decompilation. is that possible?. pls help me out. it's very urgent
    thanks in advance

    You can make it harder to understand the decompiled code if you use an obfuscator. (I don't have links to any, do a google search, or search these forums, it have been discussed here previously.)
    You cannot completely prevent decompilation, though. Obfuscating does not for example not mean that any passwords you have hardcoded in the source is secure.

  • How to restrict the change access in CRM for OLTP orders

    Hi Guru's,
    Please let me know  how to restrict the change access in CRM for the orders that are created in ECC. The ECC orders will only for display in CRM but not for change,
    We have  the orders that are  created in ECC, it will flows to CRM and should restrict the access to get in to the change mode in CRM but as of now CRM  system is allowing change mode for ECC orders and ending up with errors.
    Is there any additional middleware parameter that needs to be added to SMOFPARSFA table to get this functionality! Please advice! Thank your for your help.
    Regards
    Suneel

    Hi.
    You can use the PFCG role to control if the user is able to create, change, delete or only display a business transaction type.
    Regards.

  • How to restrict the user from making any changes in Sales order- item level

    Hi to all
    How to restrict the users from making any changes in sales order at item level if the same sales order is released by senior user through status profile.
    Regards
    Anish Parikh
    Edited by: anish parikh on Jan 24, 2008 5:16 AM

    Hi Anish,
    This can be achieved through the roles and authorization.
    This can be done through the basis team. they can create user profiles and roles.
    For the roles they assign some transaction codes so that they can view the only assigned tr. codes.
    Like that ur requirement can be done.
    Also u can prevent the user to change any fields in the sales order screen (VA02). for that please modify the authorisations.
    Hope i answers.
    Reward points if useful.
    Edited by: kaleeswaran bhoopathy on Jan 24, 2008 9:57 AM

  • How to restrict the news creations for members of the collaboration room

    Hi all,
    I have created a Project Room in collaboration and assigned members to that
    room.I need to restrict the room members from creating the news and folders.
    And also only Owner/Admin of the room should be able created the news and
    folders and members should be able view the news and folder
    One more query,i need to remove the room parts which are by default selected
    for that room when select the default templates.
    Can anyone please give me the solution on the above queries.
    It will be very much helpful for me to create collaboration rooms with the
    restricted permissions.
    Thanks in advance.
    PonnusamyP

    Hi Sascha,
        Here I am explaining what is my requirement.
        I have created collaboration room and added room admin and members to the
        room.
        Then in the room maintaince -> I have added the room parts as
         News(private) and the role I have assigned to member.
         When login into portal with the member login and go to the news in the
          collaboration room, member is getting the permissions to add/create news.
          At this point  I want to restrict the members of the collaboration room to view
          the news and only admin of the room should be able to post the news.
          how to go ahead for the above senario.
    Thanks
    Ponnusamy

  • How to restrict the changes in Relesed PO?.

    Hi all,
    How to restrict the users to make a changes in the Released PO?. User should make the changes only if it is unreleased by the respective codes.
    1. Is there any user parameters like functional authorisation?
    2. I have already suggested two solutions to the clients that
        1. To restrict the authorisation of TCodes ME22n at the user level, but it's not a suitable solution, if user want to make any changes before releasing, then system is not allow to do the changes.
        2. I have made release indicator as a 1 - not changeable if it is released, in release strategy settings. But the system is not allowing the all the users including release codes to make the changes?.
    If there is any solution, please reply immediately.
    with regards,
    Raja.

    hi,
    if u set release indicator 1, after release is taken place, for any changes, u need to revoke the release. and then change the PO.
    even u cant directly block the changes to already released PO, because, in future if at all qty or some changes is required to change, it should allow u to change!

  • In OBIEE 11G, how to get the special parameter created by JAVA?

    Hi Experts,
    In OBIEE 11G, how to get the special parameter created by JAVA?
    For example:
    In JAVA , it has set one parameter named 'test'.
    So how to get the parameter in filter area in OBIEE?

    Hi Kobe,
    No P2 holds the parameter name like PresentationTable.ColumnName, in your form you may go for complete name or just column name and before submitting the form you can define the Action url.
    I would suggest to read section 6.3.2.1.
    ex:
    <SCRIPT LANGUAGE="JavaScript">
    changeAction(url) {
    var TestVar = form.inputbox.value;
    document.this_form.action="saw.dll?Go&Path=/Shared/Test/SB2&Action=Navigate&P0=1&P1=like&P2=Customers.Region&P3="+TestVar;
    </SCRIPT>
    </HEAD>
    <BODY>
    <FORM NAME="myform" ACTION="" METHOD="GET">Enter something in the box: <BR>
    <INPUT TYPE="text" NAME="inputbox" VALUE=""><P>
    <INPUT TYPE="button" NAME="button" Value="Click" onClick="changeAction(this.value)">
    </FORM>
    If helps pls mark.
    Edited by: veeravalli on Oct 24, 2012 10:25 AM

  • How to restrict the job start conditions (only "Immediate" type) ?

    Hi,
    We allow our users to schedule and execute in background mode transactions (example IP19, IW38). We gave them for that authorizations (object S_BTCH_JOB with LIST, PROT, RELE and SHOW - objetct S_PROGRAM with BTCSUBMIT).
    We would like that users can schedule and execute their jobs only with the u201CImmediateu201D job start condition (in the Start Time screen for the type of start condition : Immediate, Date/Time, After job, After event, or At operation mode).
    Another solution: prohibit the scheduling and the execution background job in a certain time interval ...
    How can restrict the job start conditions ?
    Thank you.
    Patrice.

    Hi Jan,
    Yes, sa38 makes it possible indeed to execute in background into immediate mode a job but
    the user have to know the name of the program to be carried out ...
    The user knows only the name of these transactions trade. For example, IW38.
    In the menu of this transaction, SAP gives the possibility to execute in background :
    Program --> Execute in Background --> display of Start Time screen for the type of start condition :
    Immediate, Date/Time, After job, After event, or At operation mode).
    It is at this time there that we want that the user can only choose the "immediate" mode.
    We must thus prohibit the other choices (Date/Time, After job, After event, or At operation mode) ... and
    and we don't know how to restrict these other options in this screen "Start Time screen for the type of start condition".
    Thank you.
    By.

  • How to restrict the copy & paste in string control?

    In my application user name & password string controls are there.After typing the username in string control it is copied and paste it in password string control .
    I like to restrict the string copy from one string control  & paste it into another string control ?
    How to do this?
    Kumar.
    Attachments:
    login.vi ‏11 KB

    These images illustrate anoth approach to inhibit the copying of text which is available in LV 8.2 (maybe 8.0)
    Ben
    Message Edited by Ben on 12-07-2006 10:12 AM
    Ben Rayner
    I am currently active on.. MainStream Preppers
    Rayner's Ridge is under construction
    Attachments:
    Edit_RT_Shortcut.JPG ‏60 KB
    Short_cut_Menu_edit.JPG ‏30 KB

  • How to restrict the duplicate values in lov column of VO based Adv Table

    Hi Gurus,
    I want to restrict the duplicate values at lov which is a colunm in an Adv Table.
    If user enters duplicate values then first it should show an error msg that Duplicate values have been entered.
    After the duplicate values have been removed, then the user can save all the values in the table.
    My Adv Table is based on a VO.
    The link how to restrict the duplicate values at form level
    talks about Adv Table based on a EoVO, which doesnot work in my case.
    My Approach,
    I am iterating through RowSetIterator and committing through PROCEDURE.
    I am able to avoid duplicate entry through a function checkRespId. (given below)
    Below code is for iterating and committing.
    public void saveline(String reqid,String userid)
    System.out.println("RequestId/saveline"+reqid);
    System.out.println("UserId/saveline"+userid);
    OAViewObject vo = (OAViewObject)getRespLineVO1();
    RespLineVORowImpl row = null;
    int fetchedRowCount = vo.getFetchedRowCount();
    RowSetIterator deleteIter = vo.createRowSetIterator("deleteIter");
    if (fetchedRowCount > 0)
    deleteIter.setRangeStart(0);
    deleteIter.setRangeSize(fetchedRowCount);
    for (int i = 0; i < fetchedRowCount; i++)
    System.out.println("Inside the for LOOP");
    row = (RespLineVORowImpl)deleteIter.getRowAtRangeIndex(i);
    String respoidid = row.getAttribute("ResponsibilityId")+"";
    String respname = row.getAttribute("ResponsibilityName")+"";
    String stdate = row.getAttribute("StartDate")+"";
    String enddate = row.getAttribute("EndDate")+"";
    String linestatus ="A";
    if(userid!=null)
    if(!(respoidid.equals("null")) && respoidid!=null)
    String checkingrespid=null;
    checkingrespid = checkRespId(userid,respoidid);+contains no if not duplicate and yes if its duplicate+
    System.out.println("checkingrespid for Resp with ID :"+respoidid+"exists or not "+checkingrespid);
    if(checkingrespid.equals("No"))
         String message, result = null;
    Connection txn = getOADBTransaction().getJdbcConnection();
    try
    calling PROC ...
    catch(Exception e)
    message = "Error in Inserting into line" + e;
    throw new OAException(message, OAException.ERROR);
    else
    throw new OAException("You have entered duplicate no. of values", OAException.ERROR);
    else
    System.out.println("respoidid is null");
    break;
    deleteIter.closeRowSetIterator();
    public String checkRespId(String userid,String respoidid)
    String createRow="No";
    OAViewObject vo = (OAViewObject)findViewObject("CheckRespVO1");
    if (vo != null)
    vo.setWhereClauseParams(null);
    vo.setWhereClauseParam(0, userid);
    vo.setWhereClauseParam(1, respoidid);
    vo.executeQuery();
    System.out.println("ROW COUNT IS "+vo.getRowCount());
    if(vo.getRowCount()>0)
    createRow="Yes";
    else
    createRow="No";
    return createRow;
    Problem:
    I remove the duplicate entries and click on save and get this error.
    Unable to perform transaction on the record. \nCause: The record contains stale data. The record has been modified by another user.
    \nAction: Cancel the transaction and re-query the record to get the new data.
    Thanks,
    Sombit

    Hi Anil,
    I am trying out your code but stuck in inserting the rows
    using your code in URL: http://oracleanil.blogspot.com/2010/09/oaf-passing-table-type-object-to-oracle.html
    I am always getting the same exception i.e COde blast in when I run.
    My modified code is:
    String[] as = null;
    Number[] vNumber = null;
    Number[] vNumberrespid = null;
    Number reqidnumber = null;
    reqidnumber = new Number(Integer.parseInt(reqid));
    Connection txn = getOADBTransaction().getJdbcConnection();
    String mCreateSearchRequestStatement = null;
    OAViewObject vo = (OAViewObject)findViewObject("RespLineVO1");
    int j = vo.getFetchedRowCount();
    try
    System.out.println("abouce try");
    vo.reset();
    if (vo.getFetchedRowCount() > 0)
    System.out.println(String.valueOf("Fetched row count ").concat(String.valueOf(vo.getFetchedRowCount())));
    int i = 0;
    as = new String[j];
    vNumber = new Number[j];
    vNumberrespid = new Number[j];
    while (vo.hasNext())
    vo.next();
    System.out.println(String.valueOf("Inisde the do while loop").concat(String.valueOf(i)));
    vNumber[i] = (reqidnumber);
    vNumberrespid = ((Number)vo.getCurrentRow().getAttribute("ResponsibilityId"));
    as[i] = String.valueOf(vo.getCurrentRow().getAttribute("ResponsibilityName")).concat(String.valueOf(""));
    System.out.println("Request ID "+reqidnumber[i]);//getting null even there is some value selected
    System.out.println("ResponsibilityId "+vNumberrespid[i]);//getting null even there is some value selected
    System.out.println("Resp Name "+as[i] );//getting null even there is some value selected
    i++;
    CallableStatement cs = txn.prepareCall("{call XX_PassTableType.XX_PassTableType_prc(:1, :2,:3)}");
    ARRAY array = new ARRAY(new ArrayDescriptor("APPS.JTF_NUMBER_TABLE", txn), txn, vNumber);
    ARRAY arraynew = new ARRAY(new ArrayDescriptor("APPS.JTF_NUMBER_TABLE", txn), txn, vNumberrespid);
    ARRAY array1 = new ARRAY(new ArrayDescriptor("APPS.JTF_VARCHAR2_TABLE_100", txn), txn, as);
    cs.setArray(1, array);
    cs.setArray(2, arraynew);
    cs.setArray(3, array1);
    cs.registerOutParameter(3, 2003, "JTF_VARCHAR2_TABLE_100");
    cs.execute();
    ARRAY error = null;
    error = (ARRAY)cs.getArray(2);
    if ((error != null) && (error.length() > 0))
    System.out.println(String.valueOf("Error is ").concat(String.valueOf(error.getArray())));
    String[] retError = new String[j];
    retError = (String[])error.getArray();
    System.out.println(String.valueOf("Error in saving data").concat(String.valueOf(retError[0])));
    cs.close();
    catch (Exception exception)
    throw new OAException("code blast", OAException.ERROR);
    Thanks,
    Sombit

Maybe you are looking for