Plans for enhanced access controls inside of workspaces?
Hello,
Are there any plans to do the following,
Provide 'participant' role to most documents inside of a workspace, while and also granting 'viewer' role to same person for a few files in that workspace?
Provide the ablity to assign 'viewer' role to a few documents inside of a workspace versus them all?
Thanks
Hi,
Took a look at metalink.
I see a patch dates November 20 2003
I don't see anything that provides me with much hope except this:
'BULK ADMIN TOOL: WORKSPACE CREATION NEEDS TO HANDLE NON-PROVISIONED USERS'
Bug # - 3026676
Any idea how I can get more info on the bug or what that exactly means (i.e. handle non-provisioned users)?
Thanks
BP
Similar Messages
-
Where's iPhone's ID for MAC Access Control on Airport Express?
I'm running Apple Express (NOT Extreme) base station v5.5.1, & require Access Control on 802.11g network. I have "Apple IDs" for all our computers using network, but I can't figure how to get ID #s for iPhone. As workaround, I temporarily opened my network to standard 128-WEP encrypt w/ password, disabling Access Control. But some hash-chart wizard in my apt complex keeps beating WEP & bogging down network, no matter how many times I change passwords. Note: I can't set up WPA w/o Airport Extreme, so that's not an option.
Thanks in advance for any suggestions...Hello sportshark1. Welcome to the Apple Discussions!
To find the iPhone's MAC address: Settings > General > About -
WRT 120 Internet Access Control Problem for itouch
I've just set up my router. Cannot seem to control access to the internet for my son's itouch. The router recognizes it on the map as a wireless device part of the network, but it will not show up in the menu that allows for internet access control. My lap top shows up, but no itouch. I'm running Windows XP home premium edition - not sure if this makes a difference.
Open the linksys setup page...Under the Wireless tab,Change the Channel Width to 20MHz only,Channel to 11 and click on save settings...Under the Advanced Wireless Settings,Change the Beacon Interval to 75,Change the Fragmentation Threshold to 2304,Change the RTS Threshold to 2304 and Click on Save Settings...
On the I-Touch..Go to Settings>>>General>>>Reset>>>Now select Reset Network Settings.This will now reboot and restore you network connections. -
Change in Access Control components on the Service Marketplace
Hello GRC community:
We would like to inform you that as of yesterday (5/30) the Access Control components for support messages/SAP Notes have been changed (they have actually been replaced so all messages/notes logged under the old component will be moved/replaced to the new).
The main 4 components are now:
New: GRC-SAC-ARA Access Risk Management
Old: GRC-SAC-SCC Risk Analysis & Remediation (formerly Compliance Calibrator)
New: GRC-SAC-ARQ Access Request
Old: GRC-SAC-SAE Compliant User Provisoning (formerly Virsa Access Enforcer)
New: GRC-SAC-EAM Emergency Access Management
Old: GRC-SAC-SFF Superuser Privilege Management (formerly Virsa Firefighter)
New: GRC-SAC-BRM Business Role Management
Old: GRC-SAC-SRE Enterprise Role Management (formerly Virsa Role Expert)
There are also NEW components specific to areas of functionality. If you are not sure of what component to log your message under, please use the main components above.
GRC-SAC-ADS Directory Services
GRC-SAC-BI Access Control BW
GRC-SAC-CONF Configuration
GRC-SAC-DAS Dashboard
GRC-SAC-REP Repository
GRC-SAC-RPT Reporting
GRC-SAC-UAR User Access Review
GRC-SAC-UPG Installation & Upgrade
GRC-SAC-WF Workflow
Ramelyn Paredes
AGS Primary SupportHello COmmunity,
To Summarise in Short: New features introduced to V10.0 : GRC 10.0 is ABAP based, so extraction of data from users is fast & analysis as well.
As usual, the names for the Access control tool has been changed
A. Access Risk Analysis (RAR)
1. USOBT & object information will be automatically updated with GRC rather than manual upload (earlier version)
2. Mass Users can be imported from .CSV file for risk analysis, Role analysis etc.,
3. Variant creation / reuse for any report analysis
4. Option of having multiple rule sets & simulating users across multiple rule sets at same time
5. Risk analysis for CUA, Composite roles
6. Mitigation by system, risk id, mass mitigation for users, audit trail etc.,
7. Risk analysis for HR objects
B. Emergency Access Management (SPM)
1. Mass reporting for all FF users, Ids, Executions
2. Centrally maintained for all systems rather than individual ERPs.
C. User Access Management (CUP)
1. Customizable Access request forms
2. HR based role assignment for position, org unit
3. IDM integration using GRC Web services
D. Business Role Management (ERM)
1. Concept of Business role mapping for Technical roles.
2. Audit Trails & PFCG Change history.
Finally, the look, reporting format has been changed to provide additional information for analysis.
More important - GRC V5.3 support is till 2015 & SAP has planned to push the customers to upgrade to 10.0. Eventually SAP is also planning to release GRC 11.0 by mid next year. So we have to wait & watch the show -
Impliment GRC Access control in difffrent landscape
Hi Friends,
In our company we have different landscapes in SAP and now we are planning to implement Access control in all landscape.
R/3 landscapes with out any Java stack( both ECC6 and 4.7 EE)
Solution manager landscape
XI landscape.
BW
and EP.
Our first target is R/3 Landscape. Can you please guide me. what will be the best approach to implement AC in R/3 systems as they don't have any Java stack.
I will appreciate if you can guide me with other landscape also.
Thanks,
SatyabratSatyabrat
The GRC landscape is technically separate from the different SAP Application components you mention so technically, you can connect the GRC system to any of the other components but creating the appropriate JCOs and SLD entries.
You will need to instal the RTAs in each of the required source systems (ERP, ECC, BW, XI, SM, CRM, SRM etc!) but they can all link to the sepearate GRC systems.
The exact landscape setup is dependant on what you wish to use GRC for. For example, you may wish to only link production GRC to production backend systems for Risk analysis and SoD. However, if you wish to use ERM or use Role bases analysis, you may find it useful to connect your production GRC system to your development backend systems where the roles are actually defined!
The architecture is deliverately flexible to allow you to do this.
For the initial use cases, it may make sense to keep Production segregated away from Pre-production systems but in the future, you may find that you wish to re-assess this as your useage grows.
Regards, Simon -
Time Capsule Access Control and Extended Network Question
I have a Time Capsule where I have set up a wireless network access list…and extended the network using an Airport Express unit. The Airport Express unit also has settings for an Access Control list. Do these need to be the same as the those for the network from TC that it is extending…or does that happen automatically…and if not what on earth are they for?
Thanks for any help…this doesn't seem clear from what I've read/seen.
JamesI have a Time Capsule where I have set up a wireless network access list…and extended the network using an Airport Express unit. The Airport Express unit also has settings for an Access Control list. Do these need to be the same as the those for the network from TC that it is extending…or does that happen automatically…and if not what on earth are they for?
Unfortunately, they are not automatically applied to each base station in an extended network. You would have to manually enter the exact same list in each base station. -
GRC Access Control licensing and Sizing
Dear All,
I am putting up a proposal for GRC Access Control. Could someone please help me with the calculation of licensing cost and the hardware requirements?
1. Is the license cost totally driven by revenue ?
2. Is there a flat base price plus number of user accounts?
3. What sort of hardware config is required?
Thanks,
AjPlease ask your SAP account contact for pricing information.
Frank. -
Any best practice to apply role based access control?
Hi,
I am starting to apply the access permissions for new users as being set by admin. I am choosing Role Based Access Control for this task.
Can you please share the best practices or any built-in feature in JSF to achieve my goal?
Regards,
FaysiHi,
The macro pattern is my work. I've received a lot of help from forums as this one and from the Java developers community in general and I am very happy to help others and share my work.
Regarding the architect responsibility of defining the pages according to the roles that have access to them : there is the enterprise.software infrastructure.facade
java package.
Here I implemented the Facade GoF software design pattern in the GroupsAndRolesAccessFacade java class. Thus, this is the only class the developer uses in order to define groups and roles of users and to define their access as per page.
This is according to Java EE 6 tutorial, section VII Security, page 471.
A group, role or user is created with an Identity Management application or by a custom application.
Pages of the application and their sections are defined or modified together with the group, role or user who has access to them.
For this u can use the createActiveGroup and createActiveRole methods of the GroupsAndRolesAccessFacade class.
I've been in situations where end users very strict about the functionality of the application.
If you try to abstract web development, u can think of writing to database, reading from database and modifying the database as actions.
Each of these actions should have suggester, approver and implementor.
Thus u can't call the createActiveGroup method for example, without calling first the requestActiveGroupCreationHelper and then the approveOrDeclineActiveGroupCreationHelper method.
After the pages a group has access to have been defined with the createActiveGroup method, a developer can find out the pages and their sections a group has access to by calling the getMinimumInformationAboutGroup method.
Further more, if the application is very strict, that is if every action which envolves writing to the database must be recorded, this concept of suggester, approver and implementor is available throught the recordActiveGroupAction method.
For example, there is a web shop, its managers can change the prices of the products, but the boss will want to know who had the dared to lower prices.
This action of lowering prices, is an action of modifying the information in the database and u can save in the database who suggested it, who approved it and who implemented it.
Now that I write about the functionality of the macro pattern, I realise that some methods should have more proper names and I haven't had time to write documentation in the API, but this will be a complete when I add the web pages for the architect to use for defining access control and for the end users to view who and what is doing with their application. -
Composition of business team in GRC Access control project
Hi
Can I get any information about the composition of business team in a GRC access control project?
What type of people form this team?
Please provide some clarity on the role of business people in this type of projects.
Regards
AbhijeetHi,
Idealy the team should comprise of
1] A representative of the IT Governance team -he ensures that the IT delivers value to the business,the risks have been analysed and fully addressed to.
2] The Buiness process owners -these people only define the access restrictions for various activities like purchase,payment,etc.
3] Application specialist -in charge of SOD-he defines the roles and profiles for the access control.
4] If required a member from "Assurance" - these will be auditing the "access control " on a regular basis after the implementation.
5] The configuration team.-they configure the controls in the Appln.sysytem
Regards.
Ramesh. -
Problem while working with Access Control List assigned to Group
Hi,
We have a following scenario for which Access Control List is not Working.
We have a group "Webi_Grp" who should acess only Webi Reports (can perform all operations related to Webi).
Following Steps are performed but still no success...
Pl. review and provide the solutions.
1) Create a Group "Webi_Grp"
2) Create user "user3"
3) Assign User to a a group (Now user3 is part of Webi_Grp)
4) Create Access Ctrl List (ACL) "Webi_ACL"
5) Goto Included Rights section of "Webi_ACL" & select "YES" for all Webi Operations.
6) User Security in ACL shows
a) Administrator -> Full Control (Inherited)
b) Everyone -> No Access
7) Included Right for ACL has all Webi Rights as "GRANTED", all Deski Rights "DENY", & Few of the General Rights "GRANTED"
8) Go to Users & Group
9) Select "Webi_Grp"
10) User Security
11) Add Principal
12) Add "User3" and its Security as "Webi_ACL"
13) Thus User Security in "Webi Grp" shows
a) Administrators -> Full Control
b) "user3" -> Webi_ACL
14) Login With "user3", but still cant create any Webi Report
Pl. let me know any further settings are required or not.
Regards,
PuravHi James,
Thanks for help.
I have given ACL to Universe & now user can create Adhoc Query.
But while I run this query it gives following error "You Donot Have Rights to Access Data in this Universe"
When I check the rights status in ACL we have following rights granted for "System Universe"
Create & Edit Query Based on Universe
Data Access
Edit Access Restrictions
New List of Values
etc... all other rights in this category are granted.
Still problem persist.
Could you let me know where else should I check for permissions / rights for data access.
Regards,
Purav -
Hi:
I am looking at the time capsule for the following:
1) Two Time Machine users
2) A shared folder for music and stuff
The macbook users should not have access to each others backup, other users should not have access to backups. Preferably, they should not even be able to see these partitions exist.
- Does the Time Capsule support such a multiuser scheme?
- Is it possible to assign space for each TM user and the shared folder? (2x200+100 GB).
- Is it possible to encrypt backups individually for each user and leave the shared folder unencrypted?
Wireless auth will be WPA2 enterprise EAP-TLS against a FreeRADIUS server, but there is no auth on wired connection. It would be useful if access to the disk using wireless connection would require no further authentication.
Thanks, ErikI have a Time Capsule where I have set up a wireless network access list…and extended the network using an Airport Express unit. The Airport Express unit also has settings for an Access Control list. Do these need to be the same as the those for the network from TC that it is extending…or does that happen automatically…and if not what on earth are they for?
Unfortunately, they are not automatically applied to each base station in an extended network. You would have to manually enter the exact same list in each base station. -
Access Control Vendor Comparison
Hello... I'm in the process of evaluating different proposals for an access control system for our City Hall facility. We have proposals from four vendors that propose three different systems. Just reaching out for feedback from others who might be using one of these systems to see how you like it, reliability, any pitfalls, etc. We are going to be a pretty basic setup here - just exterior entrances and a few secondary internal doors. Any feedback from real experience with any of these systems would be appreciated:InfiniasPaxtonRS2 Technologies
This topic first appeared in the Spiceworks CommunityHi friend,
ACS is entirely different from clean access server. Refer the below url for details.
http://www.cisco.com/en/US/products/ps6128/products_qanda_item0900aecd803be813.shtml
If it helps, please rate or answer another question.
Regards,
Rafael Lanna -
I have been trying to setup Timed Access Control in Airport Utility and it does not seem to be working correctly.
In Airport Utility from Edit Timed Access Control I Enter a name for my device (iPad/iPhone any device), enter my mac address, set time for Everyday and use default Between 9:00 AM and 5:00 PM, save and then update. When I go to my device iPad iPhone etc. I still have access even when it is after the time set, 5:00PM. If I set no access it will restrict access also I set a time between 2:00 PM and 5:00 PM and access was restricted. It doesnt seem to matter what the device is. I know that the MAC Adress is set correctly. It seems like an issue with the Utility, possibly time miss match or something. Not sure if I am missing something or if this Utility just has flaws. Please Help.I changed the default to (no access) and set an entry for my test device (an iPad) to "Everyday Between 9am to 5pm. The iPad was still able to gain access to the network.
Something else to note, if I try to edit the time of an entry it gives me an error on my MBP "Invalid value", "The value for “Timed Access Control” is invalid." This happens even if I delete a digit (number or letter in the time field) and replace with the exact same. Not sure if the two are related. I have tried to edit access from my iPad. I don't get any errors but I still don't get the expected results. I called Apple to try and get Tech support but they were not much help. Thanks again. -
"Assign Access Control" returns error for essbase apps in shared services
Hello,
I installed and configured Oracle EPM 11.1.2 (Foundation, Essbase, Planning, Reporting&Analysis):
OS: Windows Server 2008 Sp2 (32bit)
Default Installation with default ports,
Installation of all components on the same server,
no clustering
EPM System Diagnostic says that everything is OK.
Now I want to assign filter access for an essbase database in the Shared Services.
Starting the menu item "Assign Access Control" in Shared Services returns the following error:
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
+10.4.5 404 Not Found+
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
+....+
Can anybody help ???
best regards,
NicoleHello,
here's what I found out so far:
I get the error if I start the shared services console via the URL "http://servername:port/interop/index.jsp" and then select the "assign access control" for an essbase database.
If I start the shared services console via the workspace everything works fine.
Does anybody know what to do so that it also works if I start the shared services console via URL?
best regards,
Nicole -
Inside of idm and access control products
Hello Friends,
For the past few months I was working on a blog where I shared my past experiences with the IAM products, New technologies and problems faced in the products at a conceptual level. I thought of sharing that with experienced team of technocrats like you. Please have a look into this and let me how how can I improve this.
blog URL --> http://identitycontrol.blogspot.com/
Thanks
idmguruFrinends,
Visit my blog http://identitycontrol.blogspot.com to get inside working of the identity and access control products. My efforts here is to explain insides in a simple language.
Latest topic i added is "SAML in action"
Please post your comments also so I can improve the contents.
Thanks
Maybe you are looking for
-
Sent this Letter to CEO, Emailed Support, Tweeted and Still NO Response
Not sure how to get anyone's attention here, but the complete disregard for my situation guarantees that I'm taking my business elsewhere. Hubert Joly CEO 7601 Penn Ave. S Richfield, MN 55423 RE: {removed per forum guidelines} and {removed per foru
-
In our country we dont have iTune Store if i create iTunes accounts in another country (example UK) can i use my local bank credit card??
-
Error when retreiving UWL items in webdynpro application
Hello, I am getting nullpointerexception when retreiving the items from the UWL in webdynpro application in java. error is throw at the following line NullpointerException at com.sap.netweaver.bc.uwl.core.ItemCacheManager.internalGetItemsForView(Item
-
Three questions: 1. I am thinking of upgrading my 60gig HD that my MacBook came with to 80 possibly even 120 Gig. I think it allows the user to change the HD without voiding the warranty, am I right? 2. How do I switch HD without loosing my data. In
-
firefox says "server not found".. but is found from other computers? whats wrong? == URL of affected sites == http://camaro5.com