Portal groups/users and security

Similar Messages

• Difference between Security Oracle user and Security User

  Hi All,
  Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.
  Thanks,
  Mahesh.
  Edited by: 991854 on Mar 12, 2013 1:49 AM

  Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.Security > Oracle > Register:
  Use this window to register an ORACLE username with Oracle E-Business Suite. An ORACLE username grants access privileges to the ORACLE database
  http://docs.oracle.com/cd/E18727_01/doc.121/e12893/T174296T174305.htm
  Security > Oracle > Data Group:
  A data group defines the mapping between Oracle E-Business Suite products and ORACLE database IDs. A data group determines which Oracle database accounts a responsibility's forms, concurrent programs, and reports connect to. See: Defining Data Groups, Oracle E-Business Suite System Administrator's Guide - Configuration.
  http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
  Security > User > Define:
  Use this window to define an Oracle E-Business Suite user. This user is an authorized user of Oracle E-Business Suite, and is uniquely identified by a username.
  http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
  Thanks,
  Hussein

• MaxL command to import users and security in eas

  Hello,
  I would like to know if there is a command that allows Maxl export and then import the list of users native EAS and filters.
  In summary, I have a few applicationsversion 9 essbase to 11.1.2.2, via migration wizard. my essbase 11 is in standalone mode with SSO configuration to MSAD external authentication. In version 9 essbase security is mounted on the shared services.
  My question is, if I take my file essbase.sec version 9 and the copy in version 11, to get my native users and security filters. Will I lose my config sso?.
  Thank you in advance
  Edited by: 851398 on 25 sept. 2012 09:20

  851398 wrote:
  My question is, if I take my file essbase.sec version 9 and the copy in version 11, to get my native users and security filters. Will I lose my config sso?.It is probably not adviserable trying to copy your essbase.sec between versions or environments,
  You could look at the advanced security manager as an alternative solution to extracting the information, it is free and definitely worth a go - http://www.appliedolap.com/free-tools/advanced-security-manager
  Cheers
  John
  http://john-goodwin.blogspot.com/

• People Picker can resolve users and security group from another domain but no validation for groups

  Dear all,
  Here is the scenario of our issue:
  We are migrating from Domain A to Domain B and in Domain A we currently have a SharePoint 2013 on which we want to set permissions for users and groups that have already migrated to Domain B.
  A bi-directional trust exist between the two domains and all applications relying on trust and resolving IDs from on domain to another are working fine (Windows RDS for instance)
  The "bug" that we have is when using the PeoplePicker, it can resolve without any issue a user account in Domain A or B, and a security group (type global, I haven't tried local or universal yet) from domain A or B. But for the security groups
  only (it works well for users), when I click on "Save" to validate the add of the group to the site permissions, I have the following error:
  I have seen a lot of similar issues on the web but no answer so far that work :( 
  Example: https://social.technet.microsoft.com/forums/sharepoint/en-US/74e8d14b-a0f4-4e21-8cfa-b1a937247160/cant-provision-security-to-old-domain-users
  If you have any question that could help you to understand it, do not hesitate. 
  Thanks a lot in advance for your help ! :)

  Can you give the snippet from the ULS log where you're seeing this error?
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Problem in getting Portal Mapped user and password in Web Dynpro iView

  I am developing a webdynpro iview.My app need to read mapped user and password form a system in Portal runtime.
  I used the following codes in my Web Dynpro java program:
       IWDClientUser user = WDClientUser.getCurrentUser();
       IUser iuser = user.getSAPUser();
       IUserMappingService iums = (IUserMappingService)WDPortalUtils.getServiceReference(IUserMappingService.KEY );
  //     IUserMappingService iums = (IUserMappingService)
  //     PortalRuntime.getRuntimeResources().getService(IUserMappingService.KEY);
       IUserMappingData iumd = iums.getMappingData (systemalias, iuser);
       Map map = new HashMap ();
       iumd.enrich(map);
       String userid = (String)map.get( "user" );
       String pwd = (String)map.get ("mappedpassword");
  I've add a sharing references in project properties,the value is "PORTAL:sap.com/com.sapportals.portal.prt.service.usermapping.IUserMappingService"
  But when I run the iview on my Portal, it goes wrong, the message is:
  com.sap.engine.services.deploy.container.DeploymentException: Clusterwide exception: Failed to prepare application ''local/HomePage'' for startup. Reason= Clusterwide exception: Failed to start dependent library ''com.sapportals.portal.prt.service.usermapping.IUserMappingService'' of application ''local/HomePage''. Status of dependent component: STATUS_MISSING. Hint: Is the component deployed correctly on the engine?
      at com.sap.engine.services.webdynpro.WebDynproContainer.prepareStart(WebDynproContainer.java:1490)
      at com.sap.engine.services.deploy.server.application.StartTransaction.prepareCommon(StartTransaction.java:231)
      at com.sap.engine.services.deploy.server.application.StartTransaction.prepareLocal(StartTransaction.java:184)
      at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhasesLocal(ApplicationTransaction.java:365)
      at com.sap.engine.services.deploy.server.application.ParallelAdapter.runInTheSameThread(ParallelAdapter.java:117)
  Anybody can help me?And are there anyother methods can get mapped user and password of Portal systems in Web Dynpro JAVA.

  Hi Wayne,
        Did you added com.sap.security.api.jar to your webdynpro project. if not follow this steps.
  1. Right-click the project in Eclipse or SAP NetWeaver Developer Studio.
  2. Select Properties.
  3. Choose Java build path -> Libraries -> Add Variable -> Select variable WD_RUNTIME -> Extend -> com.sap.security -> lib -> com.sap.security.api.jar.
  I hope this should solve your problem.
  Regards, Suresh KB

• Users And Security Best Practice

  Dear Experts
  I am designing an application with almost fifty users scattered in different places. Each users should access tables according to his/her criteria. For example salessam, salesjug can see only the sales related tables. purchasedon should access only purchase related tables. i have the following problems
  Is it a best practice to create 50 users in the DB i.e. 50 Schemas are going to be created? Where are these users normally created?
  or is it better for me to maintain a table of users and their passwords in my design itself and i regulate through the front end. seems that this would be risky and a cumbersome process.
  Please advice
  thanks
  Manish Sawjiani

  You would normally create a single schema to own the
  objects and 50 users to use them. You would use roles
  and object privileges to control access.Well, this is the classic 'Oracle' approach to do this. I might say it depends a bit on what you want to achieve. Let's call this approach A.
  The other option was to have your own user/pwd table. You can create your own custom authentication but I would go for the built-in Application Express Users - authentication scheme. You can manage the users via the frontend (Application builder > manage Application Express Users) . There you can manage the groups and end users which you can leverage in your Apex app. You can even use the APIs to create the users programmatically. It is all done for you. Let's call this approach B.
  Some things to consider:
  1) You want to create a web application and also other applications that access the data stored in Oracle (another PHP / Oracle Forms / Perl ) or allow access via SQL/Plus. Then you should use approach A. This way you don't need to reimplement security for these different approaches.
  2) You want to create one (or multiple) Apex applications only. This will be the only mechanism the users will access your data. Then I would go for approach B.
  3) When using approach A some users didn't like that all users will have access to their workspace, including the sql command line and having the capability of building applications and possibly being able to change the data they have access to through the Oracle roles. Locking down this capability is possible but it takes some effort and requires an Apache as a proxy.
  4) When using approach A you will need DBA privileges to manage the users and assign the roles. This might not always be possible nor desired. Depends on who will manage the Oracle XE instance.
  5) Moving the application including the end users to another machine is a bit easier using approach B since they are exported via the application export mechanism. Using approach A you would have to do it yourself. Be aware that the passwords are lost when you install the users into a different Oracle XE instance.
  6) If you design the application using approach B you will have to design security in a way that doesn't rely on the Oracle roles / grants security mechanisms. This makes it easier to change the authentication scheme later. For example, later you want to use a LDAP directory, a different custom authentication scheme or even SSO (SSO is not available out of the box but feasible). This is directly possible.
  Using approach A you would have to recode the security mechanisms (which user is allowed to update/delete which data).
  Hope that clarifies your options a bit.
  ~Dietmar.
  Message was edited by:
  Dietmar Aust
  Corrected a typo in (5): Approach B instead of approach A , sorry.
  Message was edited by:
  Dietmar Aust

• How to get Portal Login User and Its Related BP in CRM?

  Hi,
  An ABAP Webdynpro program is called in CRM from Portal user by a portal link. How to get the user ID and its related BP in CRM? Thanks!
  The portal is integrated with ECC, and all users and BPs are maintained in ECC then replicated to CRM.
  Best regards,
  Hao

  Hi,
  Try the below code
  IUserFactory userfact=UMFactory.getUserFactory();
  IUser user=userfact.getUserByUniqueName(request.getUser().getUserId());
  String usrid=user.getUniqueName();
  And also you can get the groups assigned to user by using the below code
  Iterator groups = user.getParentGroups(true);
  while (groups.hasNext()) {
       String groupstr = (String) groups.next();
       IGroup g = UMFactory.getGroupFactory().getGroup(groupstr);
       response.write("Group name "g.getUniqueName()"<br>");
  Regards
  Suresh

• Check number of users and security

  Gurus,
  In our EPM environment (system 11.1.2), we have four different applications/databases (planning and essbase included) and i need to list the total users in all of the applications and see what there provisioning and security are. How could I be able to do that?
  Do I need to export security on all of them and filter them or is there any way to check the users in all of the applications at once?
  Thanks

  hyperion start wrote:
  Thanks for your reply Celvin
  Is there any way I can view a list of users by department?
  Is there any thing like that to sort by group/department.
  ThanksList of users by department - There are groups in Shared Services, are your groups arranged by department? if the answer for that is "Yes", then yes, the export of all Groups from Shared Services will list the children (member) of each group.
  I don't think there is a sort in Shared Services, however once the csv file is exported, you can do the sorting.

• Issues with groups, users and shares.

  I have created new users and groups and assigned them to specific shares, however when the new users, that belong to the respective groups login, they are not seeing the shares. Can anyone give me some settings to trouble shoot.
  I had exisiting shares, from the snow leopard server installation, and they are working fine... new users aren't taking...
  thanks for any thoughts...

  Lion server runs fine, there are a lot of folks mad as some (most) gui functions were taken away and they seem to suggest the "don't use Lion server" as their answer to anything. Just ignore.
  Obviously, you have file sharing turned on, so, that's not it. Within file sharing in server app, for a share that does not seem to work, are you SURE the permissions are correct? Click on the share and the pencil. Does the group have read and or write access? Is the box checked that says share with mac clients?
  Are you trying to use it for a home directory for a network based account? That's another checkbox on that screen.
  ALL my accounts and shares are NEW as like you, it was on a new server. They all work.

• Groups/users and their priviligies

  Hi,
  I have created an application and that application has forms, reports, meunes, page with three tabs for Admin, Librarian and Reports. I put some portlets of Forms etc in different tabs. Now i want that the Admin can access and see all tabs, Librarian can access and see Librarian and Reports tab while Users just can see and run Reports. For that i created three groups
  Admin_group, Librarian_group and user_gropus. For each group i created test users and attach or add these users to the group. To each group i gave execute permission of the application. After that i went to the page and on the page i assign follwoing permission to the tab.
  Reports: all three groups(view only)
  Librarian: Librarian_group and admin_group view_only
  Admin: Admin_group view_only.
  Then i log on as a test user of the User_groups but i was just able to see the report tab but not the menue (which is portlet in this page). Same with other tabs and users. I want to know what i am missing.
  Your help will be highly appreciated.
  Thanks
  Muhammad Ejaz Azimi

  Hi,
  I have created an application and that application has forms, reports, meunes, page with three tabs for Admin, Librarian and Reports. I put some portlets of Forms etc in different tabs. Now i want that the Admin can access and see all tabs, Librarian can access and see Librarian and Reports tab while Users just can see and run Reports. For that i created three groups
  Admin_group, Librarian_group and user_gropus. For each group i created test users and attach or add these users to the group. To each group i gave execute permission of the application. After that i went to the page and on the page i assign follwoing permission to the tab.
  Reports: all three groups(view only)
  Librarian: Librarian_group and admin_group view_only
  Admin: Admin_group view_only.
  Then i log on as a test user of the User_groups but i was just able to see the report tab but not the menue (which is portlet in this page). Same with other tabs and users. I want to know what i am missing.
  Your help will be highly appreciated.
  Thanks
  Muhammad Ejaz Azimi

• "oracle" user and security

  I am running Oracle 10g XE on a Linux machine (RHEL 4.0).
  I am fairly new to Linux. In the LogWatch report I receive every day, I notice that hackers are trying to log in as the "oracle" user, e.g.:
  Authentication Failures:
  unknown (200.3.248.22): 4159 Time(s)
  oracle (200.3.248.22): 36 Time(s)
  How do I know that the password for the "oracle" user is secure? I didn't create it and I don't even know what it is.
  Can I change the password to something strong without affecting my system?
  Thanks!

  Can I change the password to something strong without affecting my system?
  I just wonder if it will cause any problems if I change the password? I don't want to mess up my system.Well for Oracle SW (and whole local OS) there is no problem. Problem could be if you are using some external scripts that you are using on remote machine (and which using login password sequence to access the OS).
  How do I know that the password for the "oracle" user is secure? I didn't create it and I don't even know what it is.To check the password strength you can use some utilities. For example John is very good for that: http://freshmeat.net/projects/john/
  I am fairly new to Linux. In the LogWatch report I receive every day, I notice that hackers are trying to log in as the "oracle" user, e.g.:Why aou are running your database in untrusted network segment (internet). Best practice is to place such system to secured segment (DMZ, VLAN). If the reason is that your 3rd party partner needs to connect to database you can do IPSEC tunnel.
  Of course don't allow to connect anyone to your machine and to any port. So the recommendation about iptables (netfilter) is appropriate.

• AUDIT action (create, delete, privilege escalation, set and change password from users account and group) users and admins in Solaris 10

  Hello.
  in Solaris 10 i need auditing process create, delete, privilege escalation, set and change password and etc... from users account and group.
  I set settings:
  in file syslog.conf:
  *.info;mail.none;cron.none;audit.notice            @IP-Remote-syslog-server-SIEM
  in file   /etc/security/audit_control:
  dir:/var/audit
  flags:lo,ad,ex,cc,am,no,fc,fd
  minfree:20
  naflags:lo
  plugin:name=audit_syslog.so;p_flags=lo,ad,ex,cc,am,no
  in file   /etc/security/audit_user:
  root:lo,ad:no
  Now I see in the logs only the fact of a connection via SSH and run processes on behalf of users. Creation. delete users, change passwords for some reason do not is logged.
  Many users. For each individual write permissions in the file /etc/security/audit_user not possible, it is likely to forget any new user (or there is a possibility in this file one line to describe the audits for all accounts?)
  Where is the mistake?

  You are most likely hitting Bug 15779000 user/role/groupadd/mod/del don't audit their use.
  And the fix is only available in S11.2.
  -- Renaud

• Users and Security Levels in lookout client

  I would like to setup users with different security levels in my Lookout 6.7 client application. When I try to add a user I get an error message that says "add user operation failed. Check the system drive disk space". There is plenty of drive space, 50GB. Is it possible to have users logon to the client with different security levels?
  Thanks,
  Brad Adams
  Communications Group Inc.
  Solved!
  Go to Solution.

  Run the User Manager in Administrator mode
  C:\Program Files (x86)\National Instruments\Shared\Logos
  Right click "usrmgr.exe", select Run as Administrator
  Forshock - Consult.Develop.Solve.

• Grant access to help desk users to add members to distribution and security groups

  Hello,
  I am trying to create a set of help desk users that has full access to add or remove members from distribution and security groups as well as update users.  We want it to bypass owner approval and essentially allow this group to add or remove members
  in the FIM Portal and flow it down to ADS.
  This obviously works fine if one is a member of the Administrators set, but we want a second tier of power users with limitied rights compared to FIM Admins.  We have added the help desk team to the  Security Group Users and Group Users set as
  well as MPR "Security group management: Users can read selected attributes of group resources".
  The help desk users can update users in the Portal with no issue.  The can search groups with no issue but when they try to add members to a group they get the error "Access Denied".
  Any help is greatly appreciated.
  Thanks!

  I'm having very similar problem - I have users with delegated right to modify group membership only. User can add someone to group and it works fine, but when the same user is trying to remove and user from a group (even if this is the same user
  which was added a minute ago) he gets Access Denied:
  The
  request included members which the requestor is not authorized
  to add and/or remove from this group."
  It is caused by default MPR:
  Group management workflow: Validate requestor on remove member
  Question is how this activity validates this request - any insight?

• Users and pw's from NT

  Can portal take users and passwords from NT session? i can even use only NT user if it is possible.
  How can i do that?
  Thanks in advance

  I've run into this issue as well. My client was using the Snow Leopard Apple Server on a Mac Mini. We checked the UPS units and they were solid with voltage regulation in place, but users and groups were randomly missing. We would re-add them and others would go missing.
  We upgraded to Lion and Lion Server, but the problem persists. I've run disk permissions on the internal raid, which was a bit of an exercise in itself since Disk Utility is broken on the Mac Mini with a raid drive, but terminal was able to fix any issues. So far it seems to be working, but the problem seems random.
  What's surprising is I have found next to no other reports of a similar issue. At this point, it appears to be a hardware failure of some sort. There doesn't seem to be a software answer if the disk permissions fix doesn't help it. I'm sitting on pins and needles at this point hoping this works.
  Did the repair permissions fix your problem, Chris?