PMP Restriction Across Administrator or BG
Dear All,
We have create a PMP in HRMS Manager Responsibility of one Business Group. The administrator also belongs to this Business Group. But when another person/administrator of other Business Group search for this he can see the PMP as well as can update it.
Can anybody help how to restrict the PMP being updated by other Business Group & administrator.
Many many thanks in advance.
Edited by: Bipin Behari Sethy on Jan 14, 2010 2:08 AM
I don't mind reading books. Especially if the books provide answers that I can identify, comprehend, and implement quickly and accurately.
The task is ongoing. It will require repetition.
There is no copying over to word, as the veracity of the document could be called into question.
As I explained in my original post the PDF documents being worked on are made from many types of digital files - word processors, previously created PDFs, spreadsheets and graphs, a variety of image formats, handwritten reports. All original documentation must be preserved in as close to the original as possible, which PDF allows, as you know.
The best solution available to this mess
Seems to be to create a fresh print of the document, rescan it (which i have already acknowledged creates larger file sizes), but then to use the Optimize Scanned Document tool in Acrobat 9 Pro which successfully reduced the file size significantly.
My current question regarding this topic is:
The document I worked on was only 300 pages and eventually shrunk down to 6mb, the document I received was over 650 pages, but about the same file size as mine at 6mb. Both documents were composed of similar file types - previously created PDFs, Word Documents, a variety of images and graphs, and a large portion of webpage information. What possible steps did I miss to further reduce the file size than what I documented above?
Similar Messages
-
Restricting an administrator to only adding or removing Business Roles
Hi:
Is there an out of the box rule or form in IDM that can restrict an administrator to only adding or removing business roles from accounts?
Thanks.Hi Dwayne,
This BU ruling is somewhat of a newer function with OIA. For mass alteration, the old-school way would be to execute a SQL script directly towards the DB.
Simply change the last line on what correlation you wish (in this situation, it's looking at the BU Name and the GU office name)
delete from BU_GLOBALUSERS where businessunitkey > 0;
insert into BU_GLOBALUSERS(BusinessUnitKey,GlobalUserKey)
select BU.BusinessUnitKey, GU.GlobalUserKey from BUSINESSUNITS BU, GLOBALUSERS GU
where BU.BusinessUnitName = GU.officename;
Regards,
Daniel Redfern
Technicalconfessions.com -
Restrict Workflow Administrator responsibility for a business group
My requirement is to restrict the Workflow Administrator responsibility to a specific business group so that the administrator can view all notifications/transactions for a given business group only for ALL item types. I tried following the steps given in the document 'Oracle Self-Service Human Resources (SSHR) Release Notes, Release 12.1.1' metalink id 578360.1. However, it doesnt seem to be working. Any idea on how to do this configuration?
Thanks,
PallaviHi,
EBS version: 12.1.3, Database 11g
Below are the steps to reproduce the issue:
1) Create a security profile 'XXX-UK-WF' with following values:
Business Group: <UK business group name>
View Employees: Restricted
View Contingent Workers: Restricted
View Applicants: restricted
View Contacts: Restricted
View Candidates: All
Organization Security Tab--> Security Type: View All Organizations(No Security)
2) Set the HR: Security Profile option at the responsibility level for the Workflow Administrator Web(New) responsibility.
3) Log on to the Functional Developer responsibility and search for the predefined Workflow Item Attribute Values (WF_ITEM_ATTRIBUTE_VALUES) object.
4) Click the Update icon to navigate to the Update Object page.
5) Click Create Grant on the Grants tab.
On the Define Grant page, enter the following details:
In the Name field, enter a descriptive name for the grant.
Specify the effective date for the grant as '01-Sep-2011'.
In the Grantee Type field, select 'Group of users' and select teh responsibility 'Workflow Administrator Web(New)' in the Grantee field.
6)In the Object field, select the delivered object Workflow Item Attribute Values
7)On the Grant: Select Object Data Context page, select the HR Self-Service Selected Person ID Instance Set (HRSS_WF_ATTR_PERSONID_INSTSET)
8) On the Grant: Define Object Parameters and Select Set page:
In the Set field, enter the delivered Business workflow item attribute permission set (WF_ADMIN_ITEM_ATTR_PSET).
Click Finish to complete the grant creation process.
9) Logout and login as a user having Workflow Administrator Web(New) responsibility. Navigate to Administer--> Status Monitor. Search for all the workflows started this week. All the transactions from all the business groups will be listed. ideally, only the transactions occuring in UK business groups should have been listed. -
Restrict Visual Administrator Services
Hi,
Does anybody know how I can restrict the Visual Administrator's services that one user can see in the tool?
Thanks in advance.Hi Luis,
I have no clue. Sorry for that.
Just go thro' this link to hunt a solution for our issue:-
http://help.sap.com/saphelp_nw04/helpdata/en/39/83682615cd4f8197d0612529f2165f/frameset.htm
Hope this helps.
Regards.
Praveen -
Is it possible to restrict Content Administrator from a room?
I'm having a hard time wrapping my brain around this one so please bare with me.
The client wants the following situation:
- they want a collaboration room that is restricted to 4 individuals in the company
- this room needs to be secure so that only those 4 individuals can access the content in the room, these are end users
- the Portal admin person will setup the room initially and then should no longer be able to access the room or content
I can't think of any way to do this. I've thought that maybe we could create a custom Content Admin role that has all access except to the room folder but this doesn't seem to be possible. From my testing it looks like you can see all the documents in the room from Content Admin -> KM Content if you have the Content Admin role (or a copied version of it).
Currently the portal team has Super Admin in production. We'd obviously like to keep that access because maintenance and support becomes difficult without it. The client would allow for special Super Admin access for temporary periods but it seems that we'd have to create a scaled down admin role that we would have all the time and then when we needed further access we'd need to get special approval to get the Super Admin role for a temporary period.
So, is there any way that we can revoke all access to a room and it's content except for the specific users assigned to that room? Any other ideas?
Thanks in advance for any help,
Robin SchmidtHello,
I'll explain what I am trying to achieve.
I've written phone book application. Each person has his/her personal card with his/her picture. In order to display the picture I need it to available in http. I've created an HTTP Alias (Like can be done on IIS). What I do is simply conctenate the HTTP alias the unique id number of each person which is also his picture's file name. The workers have an option to show or hide their pictures if they want to. The problem is that once creating an HTTP alias (or virtual directory on an IIS) this url becmes available to every person inside the LAN and the whole pivacy cocept is lost. If I could reveal this alias only to users who are entering the portal I could have control over the displying of the pictures but like this everyone can see every picture if he wants to. I beleive I can change the method of the picture retreival so it will take it from the file and not from http, but this methos is much more faster and simple.
Roy -
CFC access restrictions across sandboxes
I am trying to prevent files in a directory from invoking
CFCs in another directory. Here's the scenario:
\restricted\secure.cfc
\restricted\secure.cfm
\open\public.cfm
I want to restrict /open/public.cfm from accessing any files
in /restricted/. Accordingly, I setup a sandbox for /open/ that had
the following files/dirs restrictions:
C:\CFusionMX7\wwwroot\open\ (read,write,execute,delete)
C:\CFusionMX7\wwwroot\open\- (read,write,execute,delete)
From what I've read in the docs, these should be the ONLY
things that /open/ should have access to. /restricted/ should not
be accessible.
Trying to include secure.cfm from public.cfm:
<cfinclude template="/restricted/secure.cfm">
This results in the expected security error:
"The requested template has been denied access..."
However, when I invoke secure.cfc from public.cfm like this:
<cfinvoke component="restricted.secure" method="echo"
value="hello world" />
it gives me access--no security error. Am I missing something
here? How can I secure my CFCs from being called from another
directory?This technote was just published:
ColdFusion MX 7.0.1:
Sandbox Security for ColdFusion Components
Talk about timing! -
Unable to view BIPub report in the Dashboard by Non Administrator users
Hi All,
I have created a BI Publisher report and added the same to the Dashboard, I can view it as the Administrator user but unable to view it as any other Users.
I updated the privileges in the BI Presentation services and gave permission to Everyone for BI Publisher:
Oracle BI Publisher Enterprise
Add BI Publisher Reports to Dashboard - Everyone
View BI Publisher Reports - Everyone
Schedule BI Publisher Reports - Everyone
Send BI Publisher Reports - Everyone
Build BI Publisher Reports - Everyone
Analyze BI Publisher Reports - Everyone
but users still get the below error:
The error message is :
"Unauthorized Access: Please contact Administrator"
Any help is greatly appreciated.
RegardsHi Saichand,
Thanks for the reply, I did add and it worked successfully; but the issue now is that I had assigned the XMLP_ADMIN, XMLP_DEVELOPER roles to this user and he now has XMLP Administration rights. Which is not very good.
Is there any workaround to restrict XMLP Administration to this user and allow him just to view the BI Pub Report?
Your comments are greatly appreciated.
Best Regards
B -
How to create queries on multiproviders& what are steps to be taken.
Hi all,
How to create queries on multiproviders& what are steps has to be take care.
Thanks,
cheta.Hi,
Following scenario for sample for slow moving items for multiproviders.
Slow Moving Item Scenario
You want to define a query that displays all products that have been purchased only
infrequently or not at all. In other words, the query is also display characteristic values for
which no transaction data or only low values exist for the selected period.
Procedure
In the Administrator Workbench;
1. Create a MultiProvider consisting of a revenue InfoCube, containing the InfoObject
Material (0MATERIAL), and the InfoObject 0MATERIAL. The InfoObject must be set as
an InfoProvider in InfoObject maintenance. In other words, you need to have assigned
the InfoObject to an InfoArea. (also refer to Tab Page: Master Data/texts [Ext.]).
In the BEx Analyzer:
2. Select your MultiProvider in the Query Designer.
3. Define a query that contains the InfoObject 1ROWCOUNT in the columns.
The InfoObject 1ROWCOUNT is contained in all flat InfoProviders, that is, in all
InfoObjects and ODS objects. It counts the number of records in the InfoProvider.
In this scenario, you can see from the row number display whether or nor values
from the InfoProvider InfoObject are really displayed.
4. Save the query and execute it. All values are now displayed, including those for materials
that were not purchased.
If you filter by time (0CALYEAR, for example), values from the InfoProvider
InfoObjects are not displayed since 0CALYEAR is not an attribute of
0MATERIAL. You can see this from the absence of values in the 1ROWCOUNT
column in the query. If you want to restrict by time, you need to proceed as
follows:
Constant Selection for the InfoObject
You need to set the constant selection for the 1ROWCOUNT key figure in order to be able to
set a filter by time in this query.
1. In the Query Designer, via the context menu for 1ROWCOUNT, choose Edit.
2. On the left hand half of the screen, under the data package dimension, select the
characteristic InfoProvider (0INFOPROV) and drag it into the right-hand screen area.
3. From the context menu for the InfoProvider, choose Restrict, and restrict across the
InfoProvider InfoObject.
4. Also from the context menu for the InfoProvider, choose the function Constant Selection.
5. Save the query and execute it. You can now also set a filter for a time characteristic, the
materials display remains as it was.
Displaying Slow Moving Items
If you want to display a list of slow moving items, excluding products that are selling well, you
need to proceed as follows:
1. In the Query Designer, via the context menu for 1ROWCOUNT, choose Edit.
2. Via the context menu for InfoProvider, choose the function Display Empty Values. Also
select Constant Selection.
3. Save the query and execute it. The result is that the system displays the materials for
which there was no revenue.
Displaying Products with Small Revenues
If you want to display a list of products that have not been sold or have only been selling
badly, you need to proceed as follows:
1. Set constant selection as described above, but do not select the display empty values
function.
2. In the Query Designer, define a condition for the 0MATERIAL InfoObject. Specify a value
that is to be the upper limit for a bad sale.
3. Save the query and execute it. The result is that the system displays all materials that
have not been sold or have been selling badly.
Thanks,
Sankar M -
Display master data without data in the fact table
Characteristic 0PROJECT
Attribute Price
I want to show in the query all the prices including the projects that don't have registers in the fact table.
How do I do this?
Tnks.I believe you are describing what SAP referes to as the Slow Moving Item scenario. Search SDN using that phrase and you'll get hits on documents and Notes that talk more about this. Here's something from an old How To
Slow Moving Item Scenario
You want to define a query that displays all products that have been purchased only
infrequently or not at all. In other words, the query is also display characteristic values for
which no transaction data or only low values exist for the selected period.
Procedure
In the Administrator Workbench;
1. Create a MultiProvider consisting of a revenue InfoCube, containing the InfoObject
Material (0MATERIAL), and the InfoObject 0MATERIAL. The InfoObject must be set as
an InfoProvider in InfoObject maintenance. In other words, you need to have assigned
the InfoObject to an InfoArea. (also refer to Tab Page: Master Data/texts [Ext.]).
In the BEx Analyzer:
2. Select your MultiProvider in the Query Designer.
3. Define a query that contains the InfoObject 1ROWCOUNT in the columns.
The InfoObject 1ROWCOUNT is contained in all flat InfoProviders, that is, in all
InfoObjects and ODS objects. It counts the number of records in the InfoProvider.
In this scenario, you can see from the row number display whether or nor values
from the InfoProvider InfoObject are really displayed.
4. Save the query and execute it. All values are now displayed, including those for materials
that were not purchased.
If you filter by time (0CALYEAR, for example), values from the InfoProvider
InfoObjects are not displayed since 0CALYEAR is not an attribute of
0MATERIAL. You can see this from the absence of values in the 1ROWCOUNT
column in the query. If you want to restrict by time, you need to proceed as
follows:
Constant Selection for the InfoObject
You need to set the constant selection for the 1ROWCOUNT key figure in order to be able to
set a filter by time in this query.
1. In the Query Designer, via the context menu for 1ROWCOUNT, choose Edit.
2. On the left hand half of the screen, under the data package dimension, select the
characteristic InfoProvider (0INFOPROV) and drag it into the right-hand screen area.
3. From the context menu for the InfoProvider, choose Restrict, and restrict across the
InfoProvider InfoObject.
4. Also from the context menu for the InfoProvider, choose the function Constant Selection.
5. Save the query and execute it. You can now also set a filter for a time characteristic, the
materials display remains as it was.
Displaying Slow Moving Items
SAP Online Help 05.11.02
MultiProviders 3.0B, Support Package 07 10
If you want to display a list of slow moving items, excluding products that are selling well, you
need to proceed as follows:
1. In the Query Designer, via the context menu for 1ROWCOUNT, choose Edit.
2. Via the context menu for InfoProvider, choose the function Display Empty Values. Also
select Constant Selection.
3. Save the query and execute it. The result is that the system displays the materials for
which there was no revenue.
Displaying Products with Small Revenues
If you want to display a list of products that have not been sold or have only been selling
badly, you need to proceed as follows:
1. Set constant selection as described above, but do not select the display empty values
function.
2. In the Query Designer, define a condition for the 0MATERIAL InfoObject. Specify a value
that is to be the upper limit for a bad sale.
3. Save the query and execute it. The result is that the system displays all materials that
have not been sold or have been selling badly. -
Distributed JMS Queues and Port Information
Hello,
I am a reasonably inexperience WebLogic user, so forgive my ignorance.
We are setting up a distributed JMS queue as a destination for messages being sent from our EAI server. The distribution will be across 2 servers in our QA environment and 3 servers in our production. We are using WebLogic Server 8.1.3 on an Windows 2003 environment.
The people in our EAI environment need a port number on for the Queue in order to forward their messages to us. My question's are:
1) Is the listen port for the Distributed Queue the same as the listen port for the Admin Server?
2) If it is not, does it correspond to the listen port for the individual queues (which is the same between our environments)?
3) If there is a third port in play, how does this get configured and where do I retreive this information?
I appreciate any answers people are willing to give me on the issue.
Thank you,
Steven Enk
Harley-Davidson Motor CompanyHi Steven,
WebLogic JMS shares the same WebLogic port as other WebLogic services, regardless of whether or not the destinations are distributed.
One way to determine which ports are configured for a particular WebLogic server is to look at the log for that server.
Ports are usually configured to support multiple protocols, and typically, one uses the "t3" protocol for URLs (its the highest performer), but there are other options (such as "http" for tunneling).
You can configure additional ports (beyond the "default" port(s)) using the "channel" feature - i think you can find channels under the "WebLogic server" tabs on the console.
For a server or client to establish communication with a remote cluster, one need only specify a URL for any one of the server's within the remote cluster. J2EE JNDI name location transparancy and WebLogic RMI load balancing will usually take care of the rest, although some customers setup DNS to help with load balancing (by for example, configuing their DNS "round-robin" addresses).
Best practice is for the administrative server to be restricted to administrative purposes only. This means the admin server typically (A) doesn't host JMS (or any other services or any applications) and (B) is not a member of a cluster. So typically you won't be able to access JMS using an admin server's URL.
Tom -
Dimension security is not working if user have two roles in SSAS while connecting from Excel
Hello Genius,
I am facing the issue when user trying to connect the cube from excel if user have more than one role in ssas db.
Role 1: Countryuser, I have implemented the dimension security with country
dimension and countrycode attribute.
Role 2: CityUser, I have implemented the dimension security with
city dimension and citycode attribute.
If user is mapped to any one of above role dimension security is working perfectly according to the logic but mapped to both role, cube is exposing all the data in this case dimension security is not working.
Please give me the solution to fix this issue or incase I am wrong kindly advice.
Thanks
GaneshThis is the expected behaviour as allowed sets in roles are unioned together.
This is not a problem when your roles are restricting across a single attribute.
eg.
US_role = {[Geography].[Country].[USA]
France_role = {[Geography].[Country].[France] }
as someone in both roles ends up seeing {[Geography].[Country].[USA], [Geography].[Country].[France] }
But when you have different attributes:
NY_role = {[Geography].[City].[New York] }
France_role = {[Geography].[Country].[France] }
The first role is unrestricted on countries and the second is unrestriced on cities which is effectively:
NY_role = {[Geography].[Country].AllMembers , [Geography].[City].[New York] }
France_role = {[Geography].[Country].[France], [Geography].[City].AllMembers }
And when you union those two sets together you end up with:
{[Geography].[Country].AllMembers , [Geography].[City].AllMembers }
Which means that someone in both roles can see everything.
So if you want to restrict someone to City = New York and Country = France you have to create a
single role where both attributes are restricted. So if you have a lot of these combinations you will either have to create a lot of "combination" roles or look at dynamic security.
The other thing that might work is make sure that you only give some users access to certain cities and others access to certain countries. It's the mixing of the two for a single person that causes the issues.
http://darren.gosbell.com - please mark correct answers -
Best Practice for Storing Program Config Data on Vista?
Hi Everyone,
I'm looking for recommendations as to where (and how) to best store program configuration data for a LV executable running under Vista. I need to store a number of things like window location, values of controls, etc. Under XP I just stored it right in the VIs own execution path. But under Vista, certain directories (such as C:\Program Files) are now restricted without administrator rights, so if my program is running from there, I dont think it'll be able to write its config file.
Also right now I'm just using the Write to Spreadsheet File block to store my variables. Does this sound alright or are these better suggestions?
Thanks!
Solved!
Go to Solution.I fopund some stuff on microsoft page. Here the link and a short past from taht document:
http://www.microsoft.com/downloads/details.aspx?FamilyID=BA73B169-A648-49AF-BC5E-A2EEBB74C16B&displa...
Application settings that need to be
changed at run time should be stored in one of the following
locations:
CSIDL_APPDATA
CSIDL_LOCAL_APPDATA
CSIDL_COMMON_APPDATA
Documents saved by the user should be
stored in the CSIDL_MYDOCUMENTS folder.
Can't tell you more as I have no Vista around to look for the CSILD stuff.
Felix
www.aescusoft.de
My latest community nugget on producer/consumer design
My current blog: A journey through uml -
Change Management & Change Transport Process in GRC AC RAR
With RAR not being able to leverage the SAP ABAP Change Management Process (CTS) what is the best practise for controlling the changes for RAR rule set ?
How do we acheive job segregation from
1. Making Changes to Rules in Dev RAR
2. Transporting (Importing) them to RAR Prod
How do we make sure the 'Import Rules' functionality is restricted. ? (Can we remove Action 'ImportRules' from all the roles and restrict that to one role & restrict the administrator from making role assignments directly in RAR (Only from CUP) )
ThanksHi Prashanth,
You can restrict the access by removing the action ImportRules from the customized role that you can create in UME for RAR.
Thanks,
Darshan -
ACS/ASA authentication for vpn access vs. console management access
I have an ACS 4.2 Server and an ASA 5540. I have setup AnyConnect SSL VPN on the ASA and want to authenticate users using AAA tacacs+ authentication with the ACS and an external Windows AD database. I have done this successfully. I also want to use the ACS for authenticating SSH management sessions into the ASA. I have setup a group in AD and on the ACS called VPNUSERS and NETADMINS. The problem is, I want the VPN users to ONLY be able to authenticate for VPN but not have access to logging into the ASA CLI or ASDM. The NETADMINS should be able to do both. The question I have is how do I setup the VPNUSER group in ACS to have access to connect to the ASA for VPN but not for the management console? It seems that if they can authenticate for vpn, they can also ssh the firewall which is what I want to prevent.
Try using Network Access Restrictions (NAR)where you can restrict the administrative access on per device or on NDG basis.
By default user accounts from external database such as AD in ACS will get authenticated through telnet on network device or a AAA client which can be restricted by enabling NAR in ACS.
In your case it should be VPNUSERS group in ACS.
HTH
Ahmed -
Automatic assignment of authoriztaion values in a profile or role with code
Hi,
I would like to assign values into an authorzation by coding. Is it possible?
In BI, it is possible to do that by using a BEx variable inside the authorization in the role.
is it possible with other authorzation objects?
Best regards,
Tomer Steinberg.Hi Tomer,
It is possible, but only with a significant amount of coding and changes to standard SAP.
Basically you need to replace the AUTHORITY-CHECK logic with your own code which gets the data from a different source.
I have worked on a project where we used it for profit and cost centre values and the coding/testing effort was 3 months+ due to the complexity of providing this restriction across the application area.
Maybe you are looking for
-
Since I installed the new OS X Lion, the iCal syncing through iTunes is not working properly. When I sync my MacBook Pro with my iPhone and iPad, the events set in both devices (iPhone & iPad) are not transfered to the iCal on my labtop. Events creat
-
How do I attach photos to emails?
I can't add photos as attachments in emails. When I send pictures, they cannot be saved or stored in MS Outlook. How can I send them as attachments as I did with my old 3GS?
-
Playbook BB world won't respond
Hi. I have been trying to download applications on my playbook but the BB world just won't respond. I keep seeing a blue screen that shows installed. I try swiping down and I see three options; 1.content setting, 2. Payment Option 3. Help. I tried th
-
2 mail accounts - 1 can't move mail
I've set up 2 mail accounts, 1 for me and 1 for my wife. I can drag mail from my inbox to folders (or mailboxes) in the left pane. I can't drag mail from her inbox to any folder in the left pane. Why can't mail in her inbox be moved? When I try, get
-
i forgot my password for my iphone 4s and i cant plus it into itunes it says "itunes could not connect to the Natalie's iPhone because it is locked with a passcode you msut enter your passcode on the iPhone before it can be used with iTunes"