Prevent user from setting a parameter in url. Always use http session variable
In my xsql page I want to prevent a user from seeing data that he is not allowed to see. I am thinking of implementing this by reading a http session variable (like userid=xxx) to be used in my query. I want to be absolutely sure that the userid variable cannot be set manually by the user, for instance by manipulating the url (like: mypage.xsql?userid=123). How can I do this?
Sorry guys, already found it. Thanks to a reply from our lead-guru Muench on another post in this forum. Look here for the answer:
http://download-west.oracle.com/otndoc/oracle9i/901_doc/appdev.901/a88894/adx10xsq.htm#1023490
Search for "Understanding the Different Kinds of Parameters".
Similar Messages
-
Prevent user from closing the applications
Hello,
we would like to deploy to our users web application using Internet Explorer which is published over RemoteApps. Because this application takes long time to load we would like to prevent user from closing application. So we would like that session and application
stays opened when the user clicks on close button on Internet Explorer that is published over RemoteApps.
In other words, we would like to disconnect client from RemoteApp session, but stay logged in and keep the application running in the background.
Is this possible to do?
Thank you!
Best wishes,
MarkoHello,
thank you all for your answer. I guess this is not a good news. Any other idea how to solve this problem - to start Internet Explorer web application as soon as possible.
Last week I have found a VB script on one forum that would close the RemoteApp Windows without closing the appliaction on server but I can't find it today. Does anybody know something about this script?
Thank you!
Best wishes,
Marko -
How to prevent users from running PRC: Transaction Import from WebADI form?
Hi,
We are 12.1.3 and trying to create a workflow to approve Project transactions coming through web ADI before they become effective. To this end, we want to prevent users from running the PRC: Transaction Import from the Web ADI.
I know that if the checkbox Automatically run transaction import is not checked, the program does not run. But we want to hide this checkbox and not allow the possibility that the program could get triggered.
To this end, we updated the BNE_INTEGRATORS_B with source='C'. This allows you to edit the integrator from Desktop Integration Manager.
UPDATE BNE_INTEGRATORS_B SET SOURCE ='C' WHERE INTEGRATOR_CODE ='PAXTTRXB'
In the 4th step, where the value for Uploader Parameters is set, we have set boolean value to No. These are the fields on the page:
Parameter Name: bne:import
Display Name: Start Transaction Upload
Data Type: Boolean
Category: Field
Default Value: Boolean Flag: No
Description: start Transaction Import Concurrent Request
Display Options: Displayed: Unchecked
Display Options: Enabled: Checked
Display Options: Required: Checked
Prompt Left: Automatically submit Transaction import
Display Type: Check Box
Maximun Size: 100
Display Size:100
Now the checkbox is not appearing for the user to check it, But the program is automatically running when you hit Upload in the WebADI.Hi ,
Try removing the PRC: Transaction Import Program from the request group for the responsibility used by customers to submit the WebADI and then check if the program launches.
Regards,
Raghavan -
How can SAP be configured to prevent users from consuming locks?
How can SAP be configured to prevent users from consuming locks?
The issue is that we want to prevent users to use upto maximum locks and so that we will not get lock table overflow issue. I know that we can assign parameter "enque/table_size" a good amount of value. But it is not for any specific user.
Also want to alert in CCMS if any user reaches to its maximum speficified limit of locks.
Thanks
GopeshYou cannot set a limit of locks per user. There are two ways to reduce/control the number of locks:
- change fewer records within one transaction
- cover more records with one lock using wildcards
Basically it is an application / development issue.
Best regards, Michael -
Prevent user from posting invoices
Hello Profs
How would one generally/theoritically or practically prevent user from posting invoices >1000 rs (arbitary value), in MM Invoice verification.
some thoughts please
ThanksSunil,
As per my knowledge, there is no option to prevent user posting invoices if the invoice amount exceeds Rs.1000/-. And it can not be possible with standard /default LIV in MM.
You can do so for the PO's, since there is a procedure called release procedure and for each release code you can set the amount limit and if it falls within that, then he can release the PO (by configuring the release procedure based on total net order value with classification).
Similar to the above you can not do for the Invoices, but this can be possible to the user through workflow to the logistics inovice verification process. For that you need to activate the workflow concept for the LIV (i.e. you can set the workflow for your invoice verification process, if the invoice verification is done by more than one accounts payable processer (i.e user), like first invoice is parked by user1 and then later the user2 will verify (complete) and post the invoice verification process. And for that you can setup workflow concept, so that the next user gets intimated once the first user is completes his process in the LIV. But i don't think it is possible to stop or prevent if the invoice amount exceeds.
But, this can be possible to the some extent, that is though the configuration of attributes of system messages in LIV (by that the user will be notified with a text (i.e. error) message on the status bar, when the user is posting the invoice document which exceeds, hence he can not post the inovice in this case and also try by maintaining the user default paramer (i.e.WLC: Workflow -User specific settings (i.e. to be maintained in parameter id in in user master).
Suggestion:
Refer useful link for more information on workflow:
http://help.sap.com/saphelp_47x200/helpdata/en/9b/572614f6ca11d1952e0000e82dec10/frameset.htm
http://help.sap.com/search/highlightContent.jsp
Hope this will clarifies you,
Reward, if it helps,
Regards,
Srin.K -
Hi All, We are in to Release 11.5.10.2.There is a specific requirement to Prevent users from creating Manual Sales Orders in Oracle and yet users should be able to book the Sales Orders Imported from CRM system into Orcale.Please advise.
Thanks for your advise.
However, I missed to mention that we have two set of users One is for Finished Goods and another for Spares.
Only Spares users need to be prevented from creating Direct/Manual Sales Orders in Oracle.
As you suggested, if this will be done at Form level, that may Disallow FG users also to create Manula Sales Orders which should not be the case.
Further, I tried to test one scenario through Processing Constraints but it did not work.
Application
OM
Validation Type
Entity
Temp
Short Name
TBL
Validation Semantics
Created By
Equal To
User(Myself)
Processing Cosntraint
Application
OM
Entity
Order Header
Constraint
Operation
User Action
Create
Not Allowed
Conditions
Group
Scope
Validation Entity
Record Set
Validation Template
101
Any
Order Header
Order
Above Created
Please advise. -
Is there any way to prevent users from ship confirming on a particular date?
Hello All,
We have a requirement to prevent users from ship confirming on a particular date. This is due to they are performing Annual Physical Inventory.
Is it possible to restrict users performing shipping transactions on this particular date?
I have tried adding exception to the existing Calendar set at org level and there is no customer specific Calendar defined, however it is still allowing me to perform ship confirm.
Please let me know if you have any suggestion on this requirement.
ThanksHi,
Yes is Possible.
You can add An Exception in Your Shipping Calender.
So when Some one tries to ship an Order on that date Oracle will automatically select Next possible date.
Thanks
Shameer -
To prevent user from droping his own object .
Dear User
I have a database user like "aaa" in oracle 7.3.4.0.1 database.i do not want user "aaa" to drop his own schema objects like table and any other objects that he is owner.Do i have any system privilege to stop this user from doing so.User should be able to create objects and modify object but not to drop his own objects.For this purpose i have created a database trigger at database level to stop user "aaa" for doing above action.this trigger is giving me error on creation in oracle 7.3.4.0.1 .But when i tried same trigger in oracle 8i and 9i it work well.In oracle 8i and 9i it is preventing user from droping his own objects but i get other errors also along with raised error in trigger which i want to stop .The error which i am raising in trigger is
ORA-20001 INVALID COMMAND BUT OTHER TWO ERRORS THAT R RAISED AUTOMATICALLY ARE
ORA-00604 ERROR OCCURED AT RECURSIVE SQL LEVEL 1
AND
ORA-06512 AT LINE 8
I WANT TO STOP THESE TWO ERRORS .
PLZ HELP ME IN THIS REGARD AS SOON AS POSSBILE .
plz tell me is there any system privilege to stop user from droping his own object or any other way along with trigger at database level.
Thank u.Hi
DBAs can use PRODUCT_USER_PROFILE (in system schema) to disable certain SQL and SQL*Plus commands in the SQL*Plus environment on a per-user basis. SQL*Plus, not Oracle, enforces this security. DBAs can even restrict access to the GRANT, REVOKE, and SET ROLE commands in order to control users' ability to change their database privileges.
The PRODUCT_USER_PROFILE table enables you to list roles which you do not want users to activate with an application. You can also explicitly disable use of various commands, such as SET ROLE. For example, you could create an entry in the PRODUCT_USER_PROFILE table to:
read more about this at
http://download-west.oracle.com/docs/cd/B10501_01/server.920/a90842/ch10.htm#1005648 -
How to prevent user from creating jobs
Hi,
we need to prevent user from creating jobs on a dev enviorement. It's a 10.2.0.4 database standard on linux 64bits.
Their schema has only connect and resource roles. Is there a way to prevent them from creating jobs? In 11g it's the CREATE JOB permission, but in 10g i'm not sure how can i do this.
Thanks for any ideas!On 10g it's probably the CREATE JOB as well.
http://www.oracle.com/pls/db102/homepage
Alternatively you could:
alter system set job_queue_processes=0
http://download.oracle.com/docs/cd/B19306_01/server.102/b14237/initparams089.htm#REFRN10077 -
Prevent user from deleting rows from all tables in his own schema
Hi,
How can I prevent user from deleting rows in all tables in his own schema.
I want the user to not able to delete rows from any existing or new tables that might be added in the future.
The user does not have the "DELETE ANY TABLE" system privilege.
Please advise.
Thanks.Nowadays, I'd also avoid triggers (if possible).
Sometimes, when I daydream, I'm rewriting a few applications that I've contributed to as a newbie, and I'm very ashamed of it nowadays.
From what I've experienced, in retrospective, the emphasis on teaching 'Oracle stuff' has been lying far too much on PL/SQL row-by-row oriented processing instead of letting Oracle 'crunch' sets at once.
Most of my debugging hours ended up in discovering one or more database triggers 'doing stuff automagically'.
Another nice blogpost: http://rwijk.blogspot.com/2007/09/database-triggers-are-evil.html
Regarding OP's question:
I would just rethink/reconsider this requirement completely.
Correctly implementing privileges and roles seems the best way to go, yes.
Triggers? Nah...
pre-post-edit, noticed thread got updated just before posting
Don't know what you mean with 'namedropping', but I think it's legitimate to point other readers to interesting Oracle related opinions/articles that do have a technical background and lots of interesting examples.
post dreaded OTN outage edit (from here)
Again: I would just rethink/reconsider this requirement completely.
Both trigger/vpd are being used to hide a design flaw here. -
Prevent user from changing calendar permission
Hi team,
How to prevent users from changing calendar permission in outlook. When user open calendar option in Outlook he should either he should able to view the calendar sharing tab or he should not able to make modification in calendar permission by assigning permission
to others.Hi,
Agree with Andy. Exchange has no built-in feature to prevent mailbox owner to modify their calendar permissions. Since they are owners, they can set their calendar permissions.
Thanks for your understanding.
Best regards,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Amy Wang
TechNet Community Support -
Prevent user from making to many requests...
Hallo everybody,
We are using Tomcat 5.0 and have some large jsp's (reports) that consume large memory.
1. Is there an easy way to prevent a user from making to many requests (eg. if he refreshes the page too many times, Tomcat gets an Out-of-memory error).
Of cource increasing the memory is not the answer I'm looking for (already did that).
2. Or may be a way to retrict a user to a certain maximum of memory
This seems like a common problem; anyone have good advice?
Thanks in advance.
MarcusThe main reason for multiple refreshes is the report taking too long to run and users getting impatient? Or is there another reason.
1 - Give the users fair warning. Put a message on the page saying "this report takes time to run. do NOT refresh this page as then the report will take even longer"
2 - You might set it up as a two stage process. Generate the report to a file. Then give them a link to check the progress of the report or load it if it is finished.
That way when they refresh, they don't regenerate the report, but just get back a immediate response that tells them "come back later"
3 - Perhaps you might consider the synchronizer token pattern.
http://www.javaworld.com/javaworld/javatips/jw-javatip136.html
4 - restricting users to max amount of memory would be difficult. How do you tell it is the same user? You could use a session variable, and record how many reports they have currently running, and reject any more then 3-4 requests at one time. But that could be worked around quite easily - just open up a new browser and its a new session. -
Prevent user from doing device transfer using desktop manager
Hi everyone,
My company would like to prevent user from using the Blackberry desktop manager to perform the device transfer. The reason is we do not want the user to have company data stored on privately-owned device. Is there a way to do that?
Thanks.Do you want to prevent them from using the program all together, or just from using the Device Switch Wizard? If not, then what do you mean by device transfer?
If it's the Device Switch Wizard then the BES admin can set an IT Policy - http://www.blackberry.com/btsc/KB18290
If someone has been helpful please consider giving them kudos by clicking the star to the left of their post.
Remember to resolve your thread by clicking Accepted Solution. -
How do I prevent users from being able to update Firmware
I have several users (14) with iPad 2 and they rely on an in-house developed App. we have yet to test this App on iOS 5.1 and therefore want to avoid any of the users updating the iPads at all cost!
this question is in two parts:
How can I prevent users from upgrading firmware themselves short of just asking nicely?
How can I stop the iPad from automatically downloading the Upgrade when I deploy a Policy using the iPhone Configuration Utility?
Any advice would be great!We've been looking at the AirWatch mdm and have been told it has this capability. Not sure if it would be justified from an economic standpoint for you, however.
-
How to prevent users from saving and emailing intranet documents externally
Someone in our company needs to upload a pdf to our sharepoint intranet site for internal-only use. How can I prevent users from downloading it and emailing it externally?
I mean, a user could screenshot it I guess, but I need to give management a due diligence answer.You would need to look into a reverse proxy/firewall that had the ability to block access based on content. This isn't something you can accomplish out of the box with SharePoint (even with AD RMS).
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Maybe you are looking for
-
HP 7520 All in One "Unable to Communicate with Printer" msg
We have a HP all in one Photosmart 7520 printer- it is USB connected to a mac (OS Snow Leopard I believe). This was the original set up. When I moved back here I was able to set up a wireless network with the mac as the host computer (connecting th
-
SAP_COLLECTOR_FOR_PERFMONITOR
Hi All, In our BW PRD server job SAP_COLLECTOR_FOR_PERFMONITOR is scheduled on hourly basis, all the jobs finish sucessfully , but it has been observed that in the morning 7:30 & evening 22:30 , same jobs are cancelling daily and giving dump as ABAP/
-
Sapgui640 partner not reached (host127.0.0.1service sapdp00)
hi everybody,I really need a help.I am a beginner on SAP world; my laptop settings: -microsoft Win XP Média center Edition ver2002-service Pack2 -packardbell centrino-intel 1.86ghz 1Go de Ram SAP LOGON640 designation:NSP application server:localhost
-
BAdi: Meaning of "active not switchable through custom" ?
Looking at a BAdI implementation on the tab named "Enh. Implementtation Elements" of se18, there is a checkbox labelled "active not switchable through custom" . What exactly does this mean? And if I uncheck it, where in the IMG might I be able to cus
-
Maximum TDES length data to cipher
Hi, I have been testing with the creation of TDES keys, and using to cipher data, and with the results I'm receiving i'm wondering If there is any limit on TripleDes with the length of the data to cipher because I'm only able to cipher data from 8,16