Page and filed level security
Currently we are in the process of developing pages which involve both role based security as well as page level security. For e.g. depending upon a user is Admin or Moderator or guest user, certain pages may/may not be visible to him/her.
At the same time within a page itself some fields may or may not be editable to them.
How can u achive both a coarse grained as well as fine grained security mechanism.
Container security will be able to achieve this.
In the web.xml you can specify individual pages/folders which require a certain role to access. That should do you well enough for page level security. You need to define <security-role> and <security-constraint> sections in web.xml
With regards to components on the page, you have to go to the coding level. There are helper methods such as request.isUserInRole() which you can use to include/leave out various bits of a page.
Hope this helps,
evnafets
Similar Messages
-
Categories and Item Level Security
Hi,
We have implemented item level security on our pages. We also use Categories so that a user can retrieve all content that falls into a particular category easily e.g. address books or Policies and Procedures.
The desire is that if a user clicks on a category and an item the user normally would not see because of item level security on the page where the content is located, then the user should not see that item among all the other items returned by the category search.
What is happening is either that a link to the item is returned among all the other items in the category or we get an access error for the entire category.
We have tried playing with the settings on the template used for the category and with the access on the category result page but have not found the magic bullet yet.
One other interesting behavior in the situation where the restricted item is visible in the returned category search is that clicking on the Page link (instead of showing the page group the item is on, we show the link of the page the item is on)it takes us to the page and the display link for the secured item is now visible followed by what looks like a "smudge" type of character. The item's link can then be clicked and the item's content is now available to the user.
Thanks in advance for any help,
PeterTabs don't work with Item Level Security in 9.0.2. Fixed in the upcoming 9.0.2.6 release.
Regards,
Jerry -
Domain and User Level Security
Dear Friends
Tuxedo Version : 8.0
Weblogic Server: 7.0
Operating System : Win 2000
I have successfully run the simpapp example with WTC as the connector between
the remote domain (tuxedo) and local domain (WLS).
Now, i want to perform authentication, the documents are not being of much help
so can anybody give me any suggestion to create domain level security and ACL.
Please note, i'm just using the services (import).
As per the documents and newsgroup,
i made changes to the TUXEDO ENVIRNMENT, ubbdomain, adding SECURITY , AUTHSERV
parameters in it.
Also made respective changes in WTC, but when i run the example,
it throws an exception as TPENOENT.
Thank you in anticipation.
Please help me !Hi Shamu,
I answered similar questions in a posting with title "Service
Authentication How to". The questions were posted after your post.
Check out the questions and my reply see whether they are useful to you.
Regards,
Honghsi
shamu wrote:
>
Dear Friends
Tuxedo Version : 8.0
Weblogic Server: 7.0
Operating System : Win 2000
I have successfully run the simpapp example with WTC as the connector between
the remote domain (tuxedo) and local domain (WLS).
Now, i want to perform authentication, the documents are not being of much help
so can anybody give me any suggestion to create domain level security and ACL.
Please note, i'm just using the services (import).
As per the documents and newsgroup,
i made changes to the TUXEDO ENVIRNMENT, ubbdomain, adding SECURITY , AUTHSERV
parameters in it.
Also made respective changes in WTC, but when i run the example,
it throws an exception as TPENOENT.
Thank you in anticipation.
Please help me ! -
WWSBR_ALL_ITEMS and item level security - BUG?
Hi,
View WWSBR_ALL_ITEMS does not seems to work correctly when using item level security on a folder.
If I add an item to a folder with item level security enabled and do NOT define any special access settings for this item, ie the item setting is "Inherit Parent Folder Access Privileges", then the view does not return the item.
Has anyone else run into this? Is it a bug?
Any help appreciated.
Portal 3.0.9.8.0
Oracle8i Enterprise Edition 8.1.7.0 - 64 bit
IBM AIX 4.3.3I've been informed that patch 3.0.9.8.2 will solve the problem. Sorry about the double post.
-
Sequence in parent and row level security
Hi,
I have a column with "seq in parent" for the "autogen type" property in Designer.
I also have row level security (RLS) (or fine grained access control) on this column's table.
Since there are data that could not be seen because of the RLS and the sequence is "seq in parent", i get the error :
ORA-00001: unique constraint (string.string) violated
Cause: An UPDATE or INSERT statement attempted to insert a duplicate key.
Example : User A inserts a row and the sequence is 1. User B who cannot see the row inserted by A, inserts its own row. The sequence inserted by B also gets 1 instead of 2 (because he cannot see the existing sequence 1). The sequence is duplicated, hence the error.
Is there a turnaround for this ?
Thank you.You could consider using a 'real' sequence instead of seq-in-parent. I think seq-in-parent is using something like 'SELECT MAX(seq) FROM'... and that could also fail (depending on the moment this statement is issued) when 2 users are inserting a record.
HTH
Roel -
SAP-BO SSO and Row Level Security
Hi,
We can configure the SAP authentication and able to login InfoView via SAP user name and password. And also, we can import the roles from the SAP system.
When we create a connection to BW cubes from designer, we want to use "Use Single Sign On when refreshing reports at view time" to apply row-level security which is defined at the BW cubes.
In our tests, we use "Use BusinessObjects credential mapping" while creating connection from designer to test the row level security. As you can guess, after importing the SAP user, in CMC screen > Users and Groups > Users, we manually enter the password of the user to the Database credentials part. However, as you can guess, the password of the user's is not static and that is not a good solution.
My question is that, do I need to configure SSO between SAP and BO system or how can I enable row level security?
System Information
Business Objects XI 3.1
SAP Intg. Kit 3.1
Thanks a lot,
OmerHi Omer,
please note that only row-level security implemented through authorization variables in BW queries can be used in BusinessObjects. Row-level security defined at cube level will not be applied.
As long as you have used the SAP authentication to log on your BOBJ server, the SAP credentials will be used automatically to get the data from your SAP BW source as long as the "Use Single Sign On when refreshing reports at view time" option is selected in the Database configuration panel (Found in the CMC when viewing the properties of your report) and the option "Use BusinessObjects credential mapping" is selected in your universe connection.
Please note that this will only work for reports that are invoked directly in the infoview. If a user schedules such a report, she/he has to enter her/his SAP credentials explicitely in the Database Configuration Panel appearing in the scheduling assistant window. In this case you can activate SNC trust between your two servers in order to avoid entering a password when the report is scheduled.
Regards,
Stratos
Edited by: Efstratios Karaivazoglou on May 5, 2009 10:16 AM
Edited by: Efstratios Karaivazoglou on May 5, 2009 10:23 AM -
Tab level and column level security
Hi
Can anyone suggest a high level view of implementing a tab level security based on the user logged on? I have a form that has multiple tabs and within each of these tabs there are multiple fields displayed (in a multi record block). Based on the user, the relevant canvas tabs should be enabled and only those fields within each of these tabs to which the user is authorized to view should be displayed. I am looking for an approach methodology that can be implemented dynamically. There could be another form to maintain the user, roles and accessibility options.
Any suggestions are welcome.
ThanksWhen the form loads, capture the username (network login ID).
Based on this username, in you when-new-form-instance trigger or when timer expired trigger(you have to create a timer for this), set the property that certain tabs/fields must be enabled/disabled depending on the user.
Say, you have two groups of users, admins and non-admins..
when the form loads, capture the username
compare this username with the tabular data to determine if that user is an admin or non-admin (you can do this using a select query)..
and using when-no-data-found exception you may set the appropriate previleges using set_tab_property('tab_name',ENABLED,property_true) and hence forth
hope this helps -
WebServices and message level security
Hello,
I am investigating about the use of XI web services using message level security (encrypted xml), is it possible to achieve this between an SAP provider and a third party consumer, without using a PCK or developing a specific adapter? (most solutions I see always point to this).
If anyone could shed some light into this matter i would be thankful.
Regards,
Leandro FonsecaHello,
I am investigating about the use of XI web services using message level security (encrypted xml), is it possible to achieve this between an SAP provider and a third party consumer, without using a PCK or developing a specific adapter? (most solutions I see always point to this).
If anyone could shed some light into this matter i would be thankful.
Regards,
Leandro Fonseca -
APP recommendation for Pages and Numbers file security?
I have a new IPAD 4 and I have Numbers and Pages files that need to be kept secure and protected. What APPs are best to either encrypt a group of files and/or password protect. Thank you
You said you can't get instructions. Do you mean a real item or the getting started guide. If you mean the getting started guide then it should be there if its not go into setting, and on the left side of the screen scroll down until you see pages and number and keynote if you need that as well. Then you will chose one of the three apps on the side bar and turn on restore getting started. If that doesnt help try to download the apps again. Just remember to back up the documents in the app before you delete it and redownoad it from the purchesed tap in the app store.
-
Page and Record level Authentication / Access control.
Hi,
I hope some of you might have come across this kind of issues. I am trying to setup page level authentication and record level access control. Please see below for the detailed description.
1. Does APEX have any functionality where I can implement my page level authentication schemes.
Say there are 5 pages/tabs and 10 users, and I want to restrict access as follows.
All users can read the data in all the pages.
User 1 thru 8 can read all the pages and edit page 1 and 2
User 9 and 10 can read and delete the records inside the page.
2. Is there any mechanism, that supports record level access control.
Example : There is a page, it shows a product information of all the products. Is there a mecanism inside APEX wherein this page shows only the products created by it's creater (any end user)
Is there a way in APEX, we can implement this functionality without having user information stored in the DB. ?
Thanx in advannce.
Vijay.Vijay,
When a user creates the product why not store the user who created it in a column in the same table. That way you can write something like this:<BR>
CREATE TABLE products_tab
productid NUMBER PRIMARY KEY,
product_name VARCHAR2(200),
user_created VARCHAR2(30)
);<br>
SELECT
productid,
product_name,
( CASE
WHEN user_created = :F_USER THEN
--link to edit page goes here
ELSE '<nbsp>'
END ) edit_link,
( CASE
WHEN user_created = :F_USER THEN
--link to delete page goes here
ELSE '<nbsp>'
END ) delete_link
FROM products_tab<br>
I don't believe you can use an authorization scheme on a button the way you desired. It either displays the column or it doesn't.<br><br>
Hope this helps.<br><br>
chet<br><br> -
Data level and object level security how can we impliment in the obiee11g
How can we implement the data level security in obiee11g,
Concept is more or less same as in 10g
Data level
http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security/
Object level
http://docs.oracle.com/cd/E28271_01/bi.1111/e10543/intro.htm#BABHDGGB
Mark if helps
Edited by: Srini VEERAVALLI on Mar 5, 2013 6:48 AM -
Dynamic Login Environment with LDAP and Database level security.
JDeveloper 11.1.1.0.1 + ADF BC + ADF RC
Hi everyone,
We are ready to begin creating a dynamic login environment.
We would like to be able to keep security on the database side, instead of in the application layer.
We also want to be able to use Oracle LDAP for authentication.
Can anyone suggest any good documentation for our situation?
Highly appreciated. Thanks!Alexander,
unlike in Forms, authentication is separate from connection. You can have individual user connections - like in Forms - but this most likely is not of best performance. A document and example for this to follow is
http://radio.weblogs.com/0118231/2008/08/06.html#a902
Note that authentication does not need to be hard coded in either way. If you use a single database connection and container managed authentication, then all users access the database from the same user account but can have their authenticated names passed through. In ADF BC you can use the prepareSession method on the ApplicationModule to pass the name to the database as a prepared statement (e.g. to set the predicate on a VPD database). However, using PLSQL for authorization is a bit difficult because the business logic, unlike in Forms isn't executed in PLSQL. You can look up PLSQ from ADF BC - or Java in general - but its a separate call.
Frank -
Infocube and ODS level Security
Hi Gurus,
Just wanted to secure by Infocube and ODS, not to see other group of people. May I know step by step instructions for doing this
Hariyes you can control using the s_rs_comp,s_rs_comp1,s_rs_odso,s_rs_icube objects
-
Item level security not working when placed in a portlet page
I have three page links linking to separate pages and have two of them with item level security turned on for specific groups with view privilges. I have the access for those groups with view privilges in the page level as well. I have published that as portlet and placed the portlet in another page which has view priviliges for the groups specified in item level as well.
But I notice that when i place the portlet in a page, the item level security is not working.
Item Level Security Not Working for Items Placed on a page and published as portlet and placed in another page. Is there some work around for this.
Thanks
ValliWould you please clarify for me? Is the problem that unauthorized people can see the portlet, or that unauthorized people can see the links?
-
How to set users level security profiles and auditing?
hi,
We are using EBS 12( 12.0.6 ) with database 10g (10.2.0.3) on Linux redhat 4.
I want to set the all user level and site level security profiles like user login attempts, password attempts, case sensitivity, and all these
infos and attempts should be audit.
Please also explain the empact of audit on running system?
ThxI want to set the all user level and site level security profiles like user login attempts, password attempts, case sensitivity, and all these
infos and attempts should be audit. https://forums.oracle.com/forums/search.jspa?threadID=&q=Profile+AND+Option+AND+API&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
https://forums.oracle.com/forums/search.jspa?threadID=&q=Profile+AND+Option+AND+Audit&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
Please also explain the empact of audit on running system?https://forums.oracle.com/forums/search.jspa?threadID=&q=Auditing+AND+FND+AND+Profile+AND+Option&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
Try this in a TEST instance before you promote it to Production.
You will need to bounce the application services and enforce the users to sign off/on after setting those profile options.
Thanks,
Hussein
Maybe you are looking for
-
Background: In order to transfer logs to MFC, we had to use an intermediate logging server in our OOB network. When this logging server crashed we had to rebuild the server with new hardware and SCP no longer worked. Issue: The host key changed on
-
Retrieving lots of rows through XSQL servlet
Hi Steve! I am currently trying to break XSQL-servlet in order to have some proof of usability for our customers. During one of these 'sessions' I discovered that the XSQL servlet throws me out with an exception error (out of memory) when I try to re
-
D drive. Is that true and do you need to install third party apps like AppCleaner?
I read in a popular tech blog that when you uninstall an app in OS X it can leave behind files that eventually can bog down your hard drive. Therefore you might opt for a third party cleaner. Is this true and if not how do you completely uninstall an
-
Please i have Blackberry 8900, i have Gmail adress , i can send and take email, but to my email go email with text : This message is used to carry data between the BlackBerry handheld and an associated server. Please do not delete, move or respond to
-
My 10.9.3 Finder Window is extremely slow and unresponsive.
EtreCheck version: 1.9.12 (48) Report generated June 17, 2014 at 5:21:56 PM EDT Hardware Information: MacBook Pro (Retina, 15-inch, Late 2013) (Verified) MacBook Pro - model: MacBookPro11,3 1 2.3 GHz Intel Core i7 CPU: 4