Query related to Authorization profile.

Similar Messages

• ISE - Authorization Profile issue

  I'm running a trial of ISE and I'm attempting to create the authorization profile with the following settings:
  Name: Posture_Remediation
  Access Type: Access_Accept
  Common Tools:
  Posture Discovery, Enabled
  Posture Discovery, ACL ACL-POSTURE-REDIRECT
  The documentation says Common Tools, but in the screen shot it shows Common Tasks which is accurate to my install. Doc: http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bba10d.shtml#topic19
  The issue is that I do not see a Posture Discovery option in the Common Tasks area. Can I add these the attributes using the Advanced Attributes settings or is there something I need to enable to display the Posture Discovery option within Common Tasks?
  Any help would be appriceated.
  Andrew

  Hello Andrew,
  As per your query i can suggest you-
  Creating a New Authorization Policy
  Use this procedure to create a new authorization policy.
  To create a new authorization policy, complete the following steps:
  Step 1 Choose Policy > Authorization > Standard.
  Step 2 Click to select either Insert New Rule Above or Insert New Rule Below.
  A new policy entry appears in the position you designated in the Standard panel of the Authorization Policy window.
  Step 3 Enter values for the following authorization policy fields:
  •Rule Name—You need to define a rule name for the new policy.
  •Identity Groups—Choose a name for the identity group that you want associated with the policy.
  –Click + ("plus" sign) next to the word "Any" to display a drop-down list of group choices, or choose Any for the policy for this identity group to include all users.
  •Condition(s)—Choose the types of conditions or attributes for the identity group associated with the policy. Click + next to Condition(s) to display the following list of condition and attribute choices that you can configure:
  –Select a Condition Name option from the drop-down list (Simple Conditions, Compound Conditions, or Time and Date Conditions) as needed.
  –Select one of the Attribute options as needed. This displays a list of dictionaries that contain specific attributes related to the dictionary type.
  When you select an attribute, you can define it as Equals, Not Equals, or Matches using a pull-down list of operator options, and select an AND or OR directive using a pull-down directive option.
  For more information please refer to the link -
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_authz_polprfls.html

• Query related to UPN Suffix in Hierarchical domain architecture in Active Directory deployment

  This is regarding a query related to UPN Suffix in Hierarchical domain architecture in Active Directory deployment.
  We use LDAP query (filter uPNSuffixes=* for the parent domain DN) to retrieve the upn suffixes configured in the AD Domain. This returns the UpnSuffixes configured for the entire domain tree ( upnsuffixes of parent domain and all the child domains) in the
  hierarchy. The AD Domains and Trusts configuration lists all the upnsuffixes as part of the dnsroot domain. 
  For one of our implementation, we need to distinguish between the UPNsuffixes belonging to the parent and child domain and map the UPN suffixes with the respective domain in the hierarchy. As the upnsuffixes are stored as part of the root domain in the AD
  domains and trusts configuration, it was not clear how to retrieve the information specific to each domain in the hierarchy.
  It would be helpful if you could provide pointers on how to obtain the above mapping for the upn suffixes in a hierarchical domain setup.
  Thank you,
  Durgesh

  By default, you can use only the domain name as UPN suffix for user accounts you create within the domain. It is possible to add extra UPN suffixes but these are added at the forest level and not specific to a domain.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Create Display Authorization Profile for SAP Transaction SPRO (IMG).

  Dear All,
  In my current implementation project there is an requirement to create display authorization profile for SPRO. I have tried a lot but was not able to do so.
  Any one is having an experience in creating display profile for SPRO (IMG) ? If any one has worked on this issue then please guide me.
  Thanks,
  Avinash

  Hi
  This is security related question. I am not security expert.
  But you can check this, Include the following authorization objects in the profile and assign this profile to the target user.
  S_IMG_ACTV
  S_PROJECT
  S_PROJ_AUT
  S_PRO_AUTH
  and assign activity = 03 (Display).
  Hoipe it helps.
  regards
  Srinivas

• Authorization Profile for attributes into qeries

  Hi all,
  I've a big problem in a Bex environment.
  Some users-id cannot see the kf-type attributes of 0material, but they can see only characteristic-type attributes. In general this happens for all characteristics with kf-type attributes.
  Instead with my user-id (sap_all) the query is ok.
  I believe the problem depends of the authorization profile.
  Every user has a lot of profiles.
  How can I do for detecting the restrictions of these users?
  Do you know the specific profile that limits the display of the attributes?
  Does it exists a t-code to identify the auth.profile used from a query?
  Thanks in advance.
  Cla

  Hi Claudia,
  It seems that key figure authroization has been set up in your system. You need to assign the role that would give the users access to these key figures. You can run the report by any other user's auth, through transaction RSSMQ.
  Hope this helps...

• Authorization profile description

  hi experts,
  In tcode su01, we have authorization profile and its description for a user.
  I have a report in which authorization profile has been displayed. I need the <b>authorization profile description</b> next to it. I found the field PTEXT in table USR11 has got the description. However i dont have any relation (key) between  USR11 and (usr01, 03, 04). Kindly suggest me some idea to get the description.
  Thanks in advance.
  Senthil

  hi Senthil,
  Check
  UST04                          User masters                        
  UST10C                         User master: Composite profiles     
  UST10S                         User master: Single profiles        
  UST12                          User master: Authorizations         
  USTUD                          Students                           
  Regards,
  Santosh

• How to get all authorization objects for a certain authorization profile

  Hi ABAP experts,
  I have the following problem: for a certain authorization profile of a role (created with transaction PFCG) I would like to get all contained authorization objects: e.g. for the contained object PLOG I would like to know/read all corresponding parameter values.
  So:
  - where are these values stored (dictionary table)?
  - is there already a FM or a report to read all authoriation values for a certain authorization profile?
  Thanks in advance.
  Best regards,
  Oliver

  Hi,
  check the following it might useful for you:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c
  if helpful reward points are appreciated

• Query relating to the creation of Managed Service Accounts

  Hi Folks
  I am studying for my 70-411 exam and have a query relating to the creation of Managed Service Accounts.
  I have successfully created an MSA account named 'MSATest' on a DC  using:
   new-adserviceaccount -name msatest –dnshostname home-dc-01 -passthru
  and
   add-AdcomputerServiceAccount -identity home-ap-01 -serviceaccount msatest -passthru
  However the guide that I am using now says that I now need to run:  Install-ADServiceAccount on the host computer in the domain to install the MSA in order to make available it available for use by services.
  So on my member server (home-ap-01) I have installed the Active Directory Module for powershell and ran:
  PS C:\Users\administrator.PCECORP> Install-ADServiceAccount -Identity msatest
  Install-ADServiceAccount : Cannot install service account. Error Message: 'An
  unspecified error has occurred'.
  At line:1 char:1
  + Install-ADServiceAccount -Identity msatest
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : WriteError: (msatest:String) [Install-ADServiceA
     ccount], ADException
      + FullyQualifiedErrorId : InstallADServiceAccount:PerformOperation:Install
     ServiceAcccountFailure,Microsoft.ActiveDirectory.Management.Commands.Insta
    llADServiceAccount
  PS C:\Users\administrator.PCECORP>
  However this errors, Have I misunderstood the purpose of the Install-ADServiceAccount ?  or am I doing something wrong?
  Thanks in advance for you help.

  Try using  -RestrictToSingleComputer parameter when creating service account with New-ADServiceAccount.
  Gleb.
  Hi Gleb
  Thank you for your help, it is appreciated.  That did the trick.
  All the best.

• Query related to multiple attachments in mail adapter

  Hi,
  I have a query related to multiple attachments in receiver mail adapter.
  I have successfully configured mail related scenarios but now I have another requirement in which I have multiple source files in one directory and I want to send one mail for multiple files as mail attachment using receiver mail adapter. Can anybody help me how to achieve multiple attachments in reciever mail adapter.
  To clarify the requirement more let us take an example
  Ex: I have 5 input files in the source which I pick up using additional files option in the sender file adapter, now I want to send those 5 files into one mail with 5 attachments. Can anybody explain how 5 different payload will be sent as multiple attachments in one mail.
  For your information I used, options like "keep attachments" , some parameters in module processesors etcs...but not able to find out as how exactly it will be achieved.......I dont want to use BPM collect pattern for this.....
  Need your help on this issue. Please suggest the solution as how it can be achieved using receiver mail adapter.
  Thanks & Regards
  Prabhat

  Hi,
  I resolved the issue on my own. Thanks for your help and support.
  Thanks & Regards
  Prabhat

• Query related to Email adapter

  Hi,
  I have query related to receiver Email adapter. I am able to run a scenario for 2 attachments in receiver mail adapter scenario.
  My scenario is that I am picking up the multiple files using sender file adapter "additonal fiiles" fucntionality and and post the two files as attachments in receiver email adapter. I am picking up two formats: .xml file and PDF and successfully attached to the receiver email adapter.
  My query is is related to Standard module processors sequence.
  For 3 files in mail attachments(.xml , pdf & .txt)  what should be the module processors sequence in receiver email adapter?
  Currently I am using the following module processors sequence
  1     localejbs/AF_Modules/MessageTransformBean                          Local Enterprise Bean     trans2
  2     localejbs/AF_Modules/PayloadSwapBean                          Local Enterprise Bean     swap
  3     localejbs/AF_Modules/MessageTransformBean                          Local Enterprise Bean     trans1
  4     sap.com/com.sap.aii.adapter.mail.app/XIMailAdapterBean     Local Enterprise Bean     mail
  swap -> swap.keyName -> payload-name
  swap> swap.keyValue> file1
  trans1> Transform.ContentDescription>file1
  trans1> Transform.ContentDisposition>attachment
  trans1> Transform.ContentType>application/pdf;name="file1.pdf"
  trans2>Transform.ContentDescription>file1
  trans2>Transform.ContentDescription>inline
  Can any body tell me what should be the sequence of module processors and the associated parameters so that all formats(.xml , pdf & .txt)  should go as an attachments in the reciever email adapter.
  Thanks & Regards
  Prabhat

  it would be something like this, Try this
  1 localejbs/AF_Modules/PayloadSwapBean Local Enterprise Bean swaptxt
  2 localejbs/AF_Modules/MessageTransformBean Local Enterprise Bean trans3
  3 localejbs/AF_Modules/PayloadSwapBean Local Enterprise Bean swapxml
  4 localejbs/AF_Modules/MessageTransformBean Local Enterprise Bean trans2
  5 localejbs/AF_Modules/PayloadSwapBean Local Enterprise Bean swappdf
  6 localejbs/AF_Modules/MessageTransformBean Local Enterprise Bean trans1
  7 sap.com/com.sap.aii.adapter.mail.app/XIMailAdapterBean Local Enterprise Bean mail
  swapxml -> swap.keyName -> payload-name
  swapxml> swap.keyValue> file2
  swappdf -> swap.keyName -> payload-name
  swappdf> swap.keyValue> file1
  trans1> Transform.ContentDescription>file1
  trans1> Transform.ContentDisposition>attachment
  trans1> Transform.ContentType>application/pdf;name="file1.pdf"
  trans2>Transform.ContentDescription>file2
  trans2>Transform.ContentDisposition>attachment
  trans2> Transform.ContentType>application/xml;name="file2.xml"
  trans3> Transform.ContentDescription>file3
  trans3> Transform.ContentDisposition>attachment
  trans3> Transform.ContentType>application/txt;name="file3.txt"
  mail --> mime.contenttype   --> multipart/mixed
  I have not tried this myself. but it should work

• Query related to GAL

  Hello All,
  We are in process of implementing Exchange 2013 in our Organization and had a Query related to GAL.
  Below is our Environment description:
  01. We have a Single Forest and Single Domain Architecture.
  02. We will have separate Active Directory Sites for all 3 Regions across Global.
  03. Exchange 2013 will be installed in each region.
  04. In APAC region Exchange 2013 Language pack for Japanese will be installed to support Japanese language.
  Our Requirement:
  ================
  01. When a Japanese User tries to browse GAL all the display names have to be displayed in Japanese language and when a user who resides other Region (Europe or AMERICAS) tries to browse GAL the Address list has to be displayed in default English Language.
  Can someone guide us on how this can be achieved?
  Awaiting for all your suggestions.
  Thanks in advance.
  Thanks & Regards,
  Nagaraj N
  Nagaraj N

  Hi Nagaraj,
  Here are some requirements that I am still not quite sure. Could you please provide more information about it? Such as:
  1. Do you mean one user have two display names: one with Japanese language used for users in Japan, one with English language used for English users? Then we filter address lists with language difference. Based on my knowledge, one email address is generally
  involved for one display name.
  2. If there are both Japanese users and English Language users in the forest, and you just need Japanese users view users whose name is displayed as Japanese language. We can use
  Address book policies (ABPs) to segment users into specific groups to provide customized views of your organization’s global address list (GAL).
  To show different GAL for different users, we can specify the CustomAttribute1-15 property to divide your organizations. For example, we can set the CustomAttribute15 property for Japanese users to
  Japan. Just like:
  Set-Mailbox –Identity JapanUser1 –CustomAttribute15 Japan
  Then we can create global address list for Japanese that includes all of the recipients that exists in the address lists and room address list:
  New-GlobalAddressList -Name "GAL_Japan" -RecipientFilter {(CustomAttribute15 -eq "Japan")}
  For detailed steps about how to create and apply the Address Book Policies, please refer to:
  http://technet.microsoft.com/en-us/library/jj657455(v=exchg.150).aspx
  Hope it helps.
  Regards,
  Winnie Liang
  TechNet Community Support

• Query related to DataGuard Archicture...

  Hi All,
  I want to implement DataGuard Archicture in my setup, I'hv one query related to different operating system in my setup, I'hv two server one for primary and the other for standby Database with 10g DB R2. In one server having Linux os and the other own has Solaris, so DataGuard will work on different os or both server os should be same? And if I'hv 2 GB then will it be create any prob?
  pl. suggest me.

  A requirement for standby is both databases must be on the same platform and on the same db version, this requirement applies even if you are on a logical or on a physical dataguard database.
  You can verify the Step by Step instructions to create a standby database:
  Step-byStep Instructions for Creating a Logical Standby Database
  Step-by-Step Instructions for Creating a Physical Standby Database
  ~ Madrid

• Query related to withhold tax

  Hi  Freinds,
  This is mamatha i have a query related to withhold tax .what is diff b/w business place and section code.what is importance of section code.
  Regards
  S Mamatha
  Please, search SDN

  For India, witholding tax, you need to create the business place and section code with the same id.
  Section code is additional field provided by sap for tds related processig, reports etc.
  Regards,
  SDNer

• Query  related to the transfer of the control to the other controller.

  Hi all,
  I have a query related to the transfer of the control to the other controller.
  I have components A and B .From a view of component A I neeed to open a window which belong to component B.Problem is that ,if I use create_window_for_cmp_usage( ) and the open( ) method and after that there is some code,then that code is getting executed before the window is opening.
  I want that the control should be back to the these code after the window is poped up and  after clossing the window. 
  Eg
  method ONACTIONOPEN_WINDOW .
  DATA lo_window_manager TYPE REF TO if_wd_window_manager.
    DATA lo_api_component  TYPE REF TO if_wd_component.
    DATA lo_window         TYPE REF TO if_wd_window.
    lo_api_component  = wd_comp_controller->wd_get_api( ).
    lo_window_manager = lo_api_component->get_window_manager( ).
    lo_window         = lo_window_manager->create_window_for_cmp_usage(
                       interface_view_name    = 'ZHELLO_WORLD'
                       component_usage_name   = 'USAGE_HELLO'
                     title                  =
                     close_in_any_case      = abap_true
                       message_display_mode   = if_wd_window=>co_msg_display_mode_selected
    lo_window->open( ).
    data a type i.
    data b type i.
    a = 2.
    b = 3.
    a = a + b.
  endmethod.
  In this case I am calling  ONACTIONOPEN_WINDOW method.But before opening the window the a iscalculated here.I want that after popuping  the window the calculations should be done .
  How will I achieve this.
  Thanks in advance.
  Edited by: vaibhav nirmal on Nov 25, 2008 6:42 AM

  Hi,
  You will have to do your calculation as an event in your new window, or capture the closing of the new window as an event in your currenbt view and do your calculations in the event.
  Regards,
  Shruthi R

• Query related to User License.

  Hi all,
  I have some query related to User License.
  If we have 250 no of user license( with one developer),
  can we use them individually on DEV, QAS & PRD ?
  can we use them individually on differrent clients?
  what abt users on 000 client. Is they should different license or come under same group.
  Regards,
  shan

  Contact you SAP Account Manager.
  Regards
  Juan