Provision to secure access token (For OAuth2.0 User Authentication)

Similar Messages

• Access control for different user groups in APEX 4.0

  Hi guys,
  in Apex 4.0, is there any way to use the access control page to configure access control for different user groups?
  The access control page currently only has an access control list by users with 3 privileges namely, Administrator, Edit & View where Administrator has the highest access level & View the lowest. Therefore 1 user cannot have more than 1 different privilege, however if the user belongs to 2 or more different groups then we can control what access he can have in a more fine grained manner. We also want to have more than the 3 privileges given.
  Can we assign different groups to different users and let them have different privileges to be configured by page, region, process or item level?
  Now Apex will create 2 tables, Apex_Access_Control & Apex_Access_Setup to store the application access control mode & access control list. It will also create 3 authorization schemes "access control - administrator", "access control - edit" & "access control - view" based on the 2 tables.
  Does this mean we have to change the table structures & edit the authorization schemes to suit our usage? We are reluctant to do this because if we upgrade to a newer version of Apex then we would have to merge our pl/sql coding with Apex's updated code.
  How can we auto-configure more than the 3 authorization schemes in the access control page? Is there any way to achieve a finer grain of access control based on the current access control administration page given by Apex without writing it ourselves?
  We are afraid that we may have missed something on Apex access control & do not want to reinvent the wheel.

  Hi Errol,
  to build your own application authorization scheme around the security model supplied by Apex for administration of the Apex environment would be a bad idea.
  This was never intended for authorization scheme management in custom built Apex applications, it was solely intended to control access in the Apex environment overall. The API for it is not published, and making changes to it, such as adding more roles, would run the risk of breaking the overall Apex security model. It would not be supported by Oracle and Oracle would not guarantee the upwards compatibility of any changes you make in future versions of Apex.
  In short, you should follow Tyson's advice and build your own structure. As he indicated, there are plenty of examples around and provided your requirements are not too complicated, it will be relatively simple.
  Regards
  Andre

• URGENT : How to retrieve Last Accessed Timestamp for all Users in GRC

  Dear Experts,
  Please help me with this urgent request. Appreciate your help in advance.
  My client is trying to understand the usage of the GRC application and would like to know information regarding the Last Accesse Time for all users who have logged into the Oracle's Governance, Risk and Compliance applcaition.
  Thank You,
  Rakesh

  If you still need the solution,
  Have a callback on OnSubtaskUpdated in your BPEL. This call back will be called for any updates in parallel approval pattern.
  Thanks
  --Sreeny                                                                                                                                                                                                                                                                                                                                                                           

• Obtain a primary token for a user who does not have permission to logon locally

  I would like to know whether it's possible to obtain a primary token for a user who doesn't have permission to log on locally. If yes, what the recommended way is for doing that.
  I called LogonUserW with logon32_logon_network logontype for user which is not allowed to logon locally. It returned impersonation token. I called DuplicateTokenEx to create primary token but it still returned impersonation token.

  A Network Logon is always going to return an impersonation token.  This is by design. 
  A Batch or Service logon would return a Primary Token.  The user would need the corresponding right to return these 2 types of token.  Typically, all users are allowed to generate a Network Token (Impersonation Token) but as you have discovered
  it has limited usage which is by design.
  thanks
  Frank K [MSFT]
  Follow us on Twitter, www.twitter.com/WindowsSDK

• When I try to open itunes it says "token for the user expires, please authenticate. when I try to do so, it quits

  itunes won't open - it says "token for this user about to expire. Please authenticate yourself again". Then when I try to do so, it closes.

  Hello MF7642,
  Thank you for contacting Apple Support Communities.
  You can use this article to troubleshoot your issues with iTunes.
  iTunes: Missing folder or incorrect permissions may prevent authorization
  http://support.apple.com/kb/TS1277
  Regards,
  Jeff D.

• Activate Accessibility Features for all users?

  Is there a way to activate Accessibility Features for all users by editing a table on the Portal side?
  EP6 SP2 and NW04S.
  Thanks
  Jean Seguin

  Hi Jean,
  not that I would know of. But you can easily write a small portal component which sets the accessibility level of all users to your preferred level.
  The code snippet below should give you an idea of what I mean
  IUserFactory userFactory = UMFactory.getUserFactory();
  IUserSearchFilter filter = userFactoy.getUserSearchFilter();
  ISearchResult result = userFactory.searchUsers(filter);
  while (result.hasNext()){
    String userId = (String)result.next();
    IUserMaint user = userFactory.getMutableUser(userId);
    user.setAccessibilityLevel(IUser.SCREENREADER_ACCESSIBILITY_LEVEL);
    user.commit();
  Best regards,
  Martin

• PF attribute modification in Access Policy for existing users.

  Hi Guys,
  I have an access policy for provisioning a resource. Suppose if I make some changes for the process form attribute value inside the access policy,How can I have the same attribute value reflected in the process form of users who are already provisioned by the access policy?
  Direct database update wont be a good idea here as I am having multiple access policies for the same resource. Is there any table which is having the relation between provisioned resource and curresponding access policy if at all I have to go for a custom scheduled task?
  Thanks,

  Does this solution also supposed to work in OIM 11g? I Tried it but data on the main form does not get reflected on the process form of existing users. For child data it does work.
  Edited by: bsteen on Aug 5, 2011 5:21 AM

• Access Policy for Existing Users

  Hi,
  Here is the Scenario:
  1. We have AD resource object having "Allow Multiple" Unchecked
  2. We have Users who are already provisioned to AD
  We are trying to introduce Auto Provisioning into our system for AD, I know new users will be evaluated against Access policies and will be provisioned to the resource and hence groups management will be taken care automatically, Questions:
  1. If I disable resources (and not revoke) for these new users what will be the group membership status -will they be removed from group?
  2. How to pull existing users under this auto prov umbrella? My thoughts: by writing a custom scheduler that will check resource provisioned and make it as part of the group, but will resource be revoked automatically if group is removed for these users? If not what should be the approach for existing users?
  Thanks in advance

  I've completed a similar tasks using SQL.Take a look at the following table and you can do these tasks:
  UPP, UPD, USG, POG and AD group table 'UD_ADUSRC'

• How to secure BSP applications for external users on the internet?

  I posted this question under Enterprise Portal forum but got no response. I am hoping some of you experts in this area can help.
  We have developed BSP applications and set them up as iViews in Enterprise Portal 6. Our portal implementation will be used by external users.
  We have security concerns that the access to the BSPs  allows external users direct access to the R/3 system. We were told that we should use ITS application instead of BSP application for external users.
  Do any of you have any insight into how we could work around the security problem with BSP applications, or BSP applications in EP6? Your help will be greatly appreciated.

  In sense they are correct as to whether it is more secure or not would have to be a call by people who are more of an expert than myself.
  But I can see there point the BSP runs directly on the system and uses the system security where as the ITS is basically just an RFC call. However for us we use a 620 server with BSP's and make RFC calls to our R/3 systems thus keeping people of the R/3 directly - however we are not opened to the Internet.
  If your message is answered please remember to mark it solved so others searching in the future can find the solved ones quicker - just click on the yellow star.

• Password security - set permissions for different users

  I am using Abobe Acrobat 9 Pro.
  In the HELP menu, there is a security section in the contents, In the overview, it states the following:
  "Each security method offers a different set of benefits. However, they all allow you to specify encryption algorithms, select the document components to encrypt, and set permissions for different users."
  I would like to know how you can set permissions for different users using Password Security.
  I am the only one in the company who has Acrobat 9 Pro and all others have Adobe Reader 8.
  I have created a PDF file in Acrobat 9, this file is accessible to anyone with Abobe Reader. I would like to set different permissions for different users. For example, i would like certain individuals to print the document and other individuals to not be allowed to print. Can this be acheived using Password Security?
  Many Thanks

  I have created a PDF file in Acrobat 9, this file is accessible to
  anyone with Abobe Reader. I would like to set different permissions for
  different users. For example, i would like certain individuals to print
  the document and other individuals to not be allowed to print. Can this
  be acheived using Password Security?
  No.

• OBIEE access denied for some users only

  Hi All,
  we are using OBIEE 10.1.3.4 version on windows envorinment .The users can access the OBIEE reports using 'PORTALPATH' session varible in RPD.For some of the users are got "access denied" while they are accessing for thir particular dashboard.Eariler these user got access this dashboard with out any errors.We dnt changed in our system anything from last three months.
  We have no idea why we are getting these error for particular users only.Its Prod issue we need to reslove these error ASAP.
  we are getting these error"acess denied for user to path/shared/shared/_test/testdashboard
  Error Codes:09XNZMXB"
  but last one year its working without any issues .From our side we dnt did any changes in production like RPD level,Catalog level and config file changes , we have no idea why suddenly we are getting these kind of error for some users only not for all users.
  Could u please advice me how to reslove this PROD issueASAP.
  Thanks,

  Well its Prod (you have a dashboard called testdashboard in Prod?) anyway - someone might have changed the presentation catalogue permissions on the dashboard. All it takes is for someone to remove 'Everyone' or change a Group permission and it could effect.
  If they changed the Parent folder and cascaded the changes down this might cause this issue.
  You have a folder called 'Shared' - check the groups that the people are in have 'Traverse' , 'Read' or higher. Also chek dashboard permissions themselves from Settings-Manage Interactive Dashboards - Check the Padlock icon.
  Are you users getting allocated into the correct WEBGROUPS ? Is this assisngment done explicitly in the webcat or via an RPD Variable ? Have you checked NQQueryl.log to make sure any init blocks are completing successfully?
  Either persmissions have changed or group memebership is not completing.
  Good luck
  Alastair

• How to Create ACCESS key for different users

  How to create or generate an ACCESS KEY which is required to make changes to the table V_FAGL_ACTIVEC (For New General ledger) for IDES 6.0. Is it created in table DEVACCESS, if so where or is it created in SU01 where user id's are maintained. Since I am working on IDES, I thought probably we can create it for each user in SU01, but dont know the steps to do it. Please help me. It is urgent.

  Hi
  ACCESS KEY - First of all its provided by SAP. You can get the key from http://service.sap.com -> SAP SUPPORT PORTAL -> Keys & Requests -> SCCR Keys -> Registration. Here u can register a DEVELOPER or an OBJECT, by this time SAP will give the ACCESS KEYS.
  **Note : To access http://service.sap.com u should have S number login or like that.
  Only after obtaining that ACCESS KEY, SAP will allow the DEVELOPER to create some objects or change or modify Delivered objects.
  Why ACCESS KEY - For creating or accessing any object some one should be responsible. Suppose, any issue arises with an object then can easily track the details who has created or modified.
  Reward with suitable points

• IE 11 Enhanced Security improperly enabled for one user in domain

  I'm running a small network with two domain controllers which use Server 2008 R2 Standard. The clients all run Windows 7 with the latest updates. Today one user suddenly started having their browser always start in Enhanced Security mode on the Windows
  7 clients! This happens for any client in the domain, but it does not happen when then user logs into the terminal server for the domain. I use roaming profiles and redirected folders. I have separate profiles for the Terminal server from those used for the
  local computers. I have restored the user's profile to last week when the problem was not happening, but it did not help. It does not happen for any other user in the network, even if the user logs in on the same computer. So there is something in the user's
  environment that is causing the problem. I have reset IE 11 to default and it still comes up in with Enhanced Security for that user on the Windows 7 clients. I've searched the internet for this problem without success.

  So I figured this out. I think that it is a mis-feature in Server 2008. The particular user is a member of the Backup Operators security group on the domain. Recently they did a backup on the server and then this problem started.
  It appears that even though they are not a server administrator or a domain administrator, the Enhance Security settings got put into their roaming profile and when they logged into their workstation, the settings got applied to IE on their workstation.
  If I turned of Enhance Security on the server for only users, the problem still happened for this user, even though they are only a Backup Operator, not an administrator. If I turned off Enhanced security on the server for administrators, logged in and out
  of the server as this user, then the problem went away.
  So it seems that Backup Operators are viewed as "administrators" by Enhanced Security and if you use roaming profiles for such users, Enhanced Security will be enabled for such users on their workstations. Yuck.
  Easiest solution is probably to have a separate user account for the backup role on the server.

• Where can I find an Access key for the user with "AS ABAP sneak preview" ?

  Hi all,
  I have installed AS ABAP sneak preview on my laptop.
  I use username "bcuser" and password "minisap". when I try to create some objects like, i.e. Function Group for Function Module, then it ask for an access key.
  Where can I find an access key for this ABAP SNEAK PREVIEW for user "bcuser"?
  I have gone thru some documents, I know we need to register user in OSS and need to get an access key from the marketplace but can I register this user "bcuser" or it's already register? I need some more specific information to resolve this issue.
  Please advise me on above question.
  Thanks,
  Haresh Solanki

  Hi Rich,
  I have entered ZH_XYZ as a Function Group name to create a new function group. While I am creating it, it asks for the Access Key. I tries to enter an Access Key here for the first time and it says wrong entry for access key.
  Also if I try to create new Function Module, it ask me to select the Function Group. As I couldn't create a new Function Group, I tried to select from existing(from SAP System's FG), still it asks for an access key, I enter the an Access Key here, then also it says wrong entry.
  I really got confused with this Access Key thing, can you provide me some insights?
  Thanks,
  Haresh Solanki

• Minimum set of ACLs / security access required for getting MBeanHome and Runtime MBeans

  Hi,
  Where can I get information regarding the "minimum set" of ACLs and security access/permission
  required for
  a) Accessing weblogic.management.MBeanHome [Local and Admin interfaces] and RemoteMBeanServer
  interfaces
  b) Use MBeanHome and RemoteMBeanServer interface to look up MBeans [especially
  Runtime MBeans] for Cluster, Server instances, EJBs, JDBC, Execute Queues, etc?
  Any help or hint is appreciated!
  Regards,
  DKV

  "DKV" <[email protected]> wrote in message
  news:3f4e8429$[email protected]..
  >
  Hi,
  Where can I get information regarding the "minimum set" of ACLs andsecurity access/permission
  required for
  I believe this was answered in the management jmx newsgroup.