Querying AD for users with SmartcardLogonRequired

Similar Messages

• How to Control authorization for users with certain status for level 2 WBS Element

  Dear All,
  Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
  Pre-requisite:
  There is only 2 level of project i.e.
  Lev_ WBSE_______Description
  1___ 7-14.E_______summay outage controller
  2___ 7-14.E.2310__ Plant/unit # 2310
  2___ 7-14.E.2310__ Plant/unit # 2220
  Project Controller  (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
  Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
  User ID_ Plant #
  123345_ 2310
  122455_ 2220
  Issue:
  After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
  Solution required: 
  Can any one tell how to control this scenario either by standard or enhancement available to control authorization
  BR
  Saqib Usman   

  Hi,
  Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
  Thank you and regards,
  Varshal Kachole
  The SCN Rules of Engagement

• How to make form field read only for users with certain permissions

  We need to make two form fields read only for users with certain permissions. Kindly guide me on how to do this in Infopath. I searched and there is an option to disable to the column, but no option to select user permissions. 
  Please give your suggestion on this. 
  thanks.

  Hi,
  See the link below:
  http://info.akgroup.com/blog-0/bid/69277/InfoPath-Restrict-visibility-to-users-in-a-SharePoint-Group
  Here you can add the fomatting action on the field to disable the field if those users belong to certain Sharepoint group (does not matter the permission levels though). Hope it helps.
  Regards, Kapil ***Please mark answer as Helpful or Answered after consideration***

• How add Authorization check for user with assigened role for t.code-MIR4

  Hi All,
  Regarding authorization how to check authorizations check for user whith assigned roles for the t.code MIR4  using ABAP.
  In Detail:2)     All users are allowed to go to MIR4(invoice number), But ONLY for users with role: MM_RELEASE_INVOICE can proceed to do the posting.
  suggest me...
  Thanks,
  srii..

  Hi Sri ,
  first u need to find out  in which user rules u are using this object , after that if u want to restrict users then remove create/change values from that object values .
  make use of Tcode SUIM to find out all roles which are using this Object.
  or
  ask ur basis guy to remove authorizations to create/change....
  regards
  Prabhu

• Sun Convergence for user with disabled calendar service

  I have Communication Suite 7 installed with the "Sun Convergence" web interface.
  I create a test user with a disabled calendar service (service package platinum).
  The user test logged in in Sun Convergence web interface and I'm surprised,
  that the calendar for him is available.
  How can I disable the calendar view in Sun Convergence for user with disabled calendar service?
  Thank you.

  petrahu wrote:
  I'm getting the expected result with a service package for mail and calendar,
  e.g. mercury, and setting the status of calendar service to inactive or disabled.The behaviour you are seeing is both "expected" (i.e. as per the current Convergence design) and "unexpected" (i.e. doesn't make sense from a DA service provisioning perspective). It is a real "can-o-worms".
  The problem stems back to the "local.autoprovision" functionality provided at the Calendar Server end (enabled by default):
  http://docs.sun.com/app/docs/doc/819-4654/acajh?l=En&a=view
  "The first time a user logs in, the user's LDAP entry in updated to add calendar service, and a default calendar is created. The user entry must already exist in the LDAP directory. If it does not, an error is returned."
  So even if the calendar service has not been granted at the Delegated Administrator end, the calendar server will "helpfully" add the required objectclasses/attributes when a client (such as Convergence) attempts to login as that user.
  This means Convergence cannot automatically assume a user is not able to access the Calendar service based on the users current objectclass/attribute settings.
  This leads to an existing bug for Convergence:
  Bug#6871400 - "Mail only user is able to access the calendar service"
  I've also created a new Change Request for Calendar Server:
  RFE#6898717 - "local.autoprovision should be disabled by default"
  Please raise this issue with Sun support (log a support request) if you believe the current behaviour is confusing/needs changing (i.e. fix the bug/RFE above).
  Regards,
  Shane.

• Reseeding cache for users with role based security

  I have role based security and trying to set up cache by purging all cache and later seeding cache by query. The query would be different for different users. What is the best way to purge all cache and reseed cache for administrator as well as all users. The EPT would purge cache based on updated tables. But how do I next go about reseeding cache for better performance to all the users. Thanks.

  I have created an ibot with the following:
  General - Normal Priority, Personalized (recipient's data visibility)
  Conditional Request - example_report
  Schedule - some schedule
  Recipients - Me(administrator) and User1
  Destinations - Oracle BI Server cache
  when the ibot runs 2 cache entries are created (for the 2 recipients).
  I have the report (example_report) on the dashboard (1 dashboard, 1 page, 1 report).
  After the ibot runs:
  When the administrator logs in first, there is a cache hit on the report. Followed by when the User1 logs in there is NO cache hit.
  On the other hand when the User1 logs in first, there is a cache hit on the report. Followed by when the administrator logs in there is no cache hit. The query log creates a Query issued to the database instead of cache hit on query.
  The User1 has a data level security.
  Please let me know where was I making an error in setting the ibot and how to get the cache seeding work for the different users with different role based security.
  Thanks for your inputs.

• Bex query crash for user on sap portal

  hi gurus
  i have a bex query which users see it through sap portal, i have the case where a user X has made some drill down between rows and columns of the query (over portal), and since then every time this user X open the query, portal shows the query on the rows-columns format that the user X used once.
  What can i do in order user X see que query (on portal) in the default rows-columns??
  This problem just happen with user X, others users see the query in the default format with no problems.
  I ve tried deleting the portal personalization for user X on sap portal, but the problem persists...
  suggets?
  regards..
  joker

  If its Java only error then there wont be any dump in ST22.
  Strange issue for you, in general if we get 500 error, there should be details of it in the same page.
  You said this issue is occuring for only one user, is it getting replicated every time?
  You are also seeing the same error when u login as that particular user?
  Do one thing, assign him the Content Admin role and then do the preview of this iView form content admin and see if ur still seeing this error.
  Regards
  Yugandhar Reddy

• How to get Unique calid for users with same name in multiple domain env..

  I found we need to use "-k legacy" option for creating users in non-hosted setup..
  I had two domains default as xxxx.com and the one that I created as yyyy.com
  When I have users with same name in two of the domains as user1..
  The calid for both of them is... user1 ....so they share the same calendar
  When Im in valid SSO of yyyy.com I get the mail account for user1 as [email protected] .....but the calid .. common as user1
  How I can get unique calid for users under two domains..
  whether I need to set Hosted domain support...Then how the mailid's differ with out using hosted domain support..
  And I need to login UWC without using @domain.com...
  Help me on this...
  Ashik

  Do you have UWC and Cal configured at least for virtual domain support?
  basically.. for discussion.. let's say you have three domains on your server.. 1st domain is the default domain. other 2 domains are virtual domains.
  if all domains were created with mail and cal support (-S mail,cal).. you would use the following options when creating users:
  1) for the default domain.. you must use the "-k legacy" option when adding users.
  2) for the other two domains.. when you create the user.. do NOT use a "-k" option.
  If you do not use the "-k" option.. it defaults to "hosted" which will cause the user's calid to be [email protected]
  If you Do use the "-k legacy" option.. it will create the calid as just "userid"
  With regard to logging into UWC without the @domain.com part of a username in a hosted domain.. the easiest way to avoid this.. is to point a host name under the hosted domain to the server.
  if you point webmail.xxxx.com to the server... and then access it via:
  http://webmail.xxxx.com/uwc/
  any users in the xxxx.com hosted domain will NOT need to use @xxxx.com when logging in... they can just use "userid"
  This feature does not take any special configuration (aside from adding a DNS entry for the hosted domain)
  Hopefully that helps.

• Urgent: Search for user with 'ß' character failed.

  Hi all,
  I have problem for searching the user with 'ß' character included in the name of user in Identity Management.
  When nothing is specified in the search criteria, then the user is displayed.
  When the name of user without 'ß' is given in the search criteria, then also the user is displayed.
  But when the name is given with 'ß'  in search criteria, the user is not recognized and cannot be displayed.
  'ß'  is the German Character.
  Please help me out, why the user is not recognized with the character 'ß'  in the search criteria.
  Thanks in Advance.
  Regards,
  Yogita.

  Hi,
  You can ofcourse use ß and all other chars in your search.
  It makes no sence that you can create users with these chars, but cannot search using them.
  I tried to create user with char ß and also could search with this char. So it is only a local problem on your server.
  Is your UME connected with LDAP or DB? My UME where I tested is DB.
  So dont give up, open an OSS message with SAP for a solution and also update this thread if you find an answer.
  Regards,
  Praveen Gudapati

• Performance tab not working in Enterprise Manager for user with dba role

  Database: 11g2
  New to Oracle. Don't want share SYS user account among dbas. Tried to create user with dba role to perform all tasks.
  1. Removed DBMS_JOB, DBMS_LOB, UTL_FILE, UTL_HTTP, UTL_SMTP, and UTL_TCP from PUBLIC
  2. Created user dbauser1 with dba role
  3. Log in as dbauser1 in Enterprise Manager
  After click Performance tab, it just went straight to "Database Login" page. No error message.
  Any suggestions or advice will be appreciated.
  piaoma

  Hi Gourav,
  This is the wsdl url:
  http://hostname:8000/sap/bc/srt/wsdl/bndg_E04711310A0E55F1A0E3005056B03D6F/wsdl11/allinone/ws_policy/document?sap-client=450
  Kind Regards,
  Richard

• Install for users with limited rights.

  Is there a way to install Flash player so users with limited rights can perform updates?  I don't want to touch hundreds of machines each time a minor upgrade is released.  Security policies dictate that users cannot have local admin rights.

  Hi, not that I have heard of. If you can't update, then most likely you are under Group Policy and the IT Department would be in charge of that.
  If it is possible, then someone else would need to reply to you.
  Thanks,
  eidnolb

• GUI Query Builder for Users

  Hey all,
  For anyone who was following my last post, I did convince my
  boss to buy CF, so epic win there. I am now starting to replace
  some our existing software with CF based code. One of the first
  things we would like to do is setup a "Query builder" type of
  thing. Basically we have a database with over 100 fields in a
  particular table. I need some kind of interface that will allow a
  user to easily build a complex query that can include any number of
  those fields. Before I start reinventing the wheel I was wondering
  if anyone had code for something like this already or could point
  in the direction of a place that might. All it needs to do is put a
  nice front end on an SQL query basically, and really only for the
  where statement part of it. We are always going to be selecting the
  same info, from the same table, but what records we select will be
  very very different. Thanks in advance.

  A slightly more fleshed out example: Code is CF8 based, some
  features
  not compatible with older versions, but easily convertible.
  <cfscript>
  aTest = [
  label = 'foobar',
  updateable = false,
  type = 'picklist'
  label = 'george',
  updateable = true,
  type = 'int'
  label = 'nix',
  updateable = true,
  type = 'picklist'
  label = 'gracie',
  updateable = false,
  type = 'text'
  </cfscript>
  <cfdump var="#aTest#">
  <cfset FormItems = structNew()>
  <cfloop array="#aTest#" index="key">
  <cfset aTemp = structNew()>
  <cfset aTemp.label = key.label>
  <cfset aTemp.updateable = key.updateable>
  <cfset aTemp.type = key.type>
  <cfif NOT structKeyExists(FormItems,key['type'])>
  <cfset FormItems[key['type']] = arrayNew(1)>
  </cfif>
  <cfset arrayAppend(FormItems[key['type']],aTemp)>
  </cfloop>
  <cfdump var="#FormItems#">
  <cfoutput>
  <cfloop collection="#formItems#" item="elemAry">
  <h1>#elemAry#</h1>
  <cfloop array="#formItems[elemAry]#" index="element">
  <p>#element.label# - #element.updateable# -
  #element.type#</p>
  </cfloop>
  </cfloop>
  </cfoutput>
  Will need some modification to match your situation and there
  is some
  redundancy that could be eliminated. But should be a good
  proof of concept.

• SharePoint 2013 allows downloaded even for users with "view only" permissions

  I have a new on premises SharePoint 2013 server and assigned a single user "view only" rights to a document library. In the "permission levels" window, this permission is described as "Can view pages, list items,
  and documents. Document types with server-side file handlers can be viewed in the browser but not downloaded."
  Once I gave the user that permission, I noticed he was able to view documents in the library but the "but not downloaded" part does not seem to be working. The user can still download documents to his local desktop and SharePoint does not prevent
  it. The "download a copy" option appears and the user can use it.
  My goal is to make all documents in this library such that users can only view them in the browser and not download a local copy. How I do that?
  Thanks for your help.

  Not entirely positive :-) 
  However, you have no server-side handlers in place today without WAC installed, so that portion of the View Only permission wouldn't be applicable.
  Note that WAC must be installed on its own server and if your SharePoint server is extranet or public facing, it needs to have a valid, public SSL certificate. Also, WAC should always be run over SSL regardless if it is public facing or not as the token
  sent between the SharePoint server and WAC is the same as having a username and password for the user making the request.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• How to display DB specific data in WEBI for users with Single Universe

  hi,
  I have a WEBI report which is based on Single Universe, which can support both Oracle and SQL Server databases.
  There are 2 users for this report.
  1) Oracle_User
  2) SQLServer_User
  When 'Oracle_User' opens report in InfoView, he should see the data from Oracle DB
  When 'SQLServer_User' opens the same report in InfoView, he should see the data from SQL Server DB
  Please let me know how to achieve this functionality.
  Can we dynamically change the Universe connection based on the User who logged into InfoView..?
  Thanks,
  Vamsee

  hi Anil,
  Thank you for the response.
  I have tried creating 2 connections and restricted each connection for each group, but in Infoview, only one group user is able to refresh the report, whose connection is exported along with the Universe. when the other group user tries to refresh the report, an error is displayed 'You donot have access  the data from this Universe'.
  So the reason is : 'As Universe can be exported to Repository with only one connection' that connection specific group user is able to access data from Universe Whereas other groupuser cannot( as other connection can't be exported along with the same universe).
  As Universe can be exported to Repository with only one connection, how should these connections set for the corresponding groups?
  Could you please provide me the detailed steps w.r.t connections restrictions...?
  Thanks,
  Vamsee

• Query variable for InfoObject with texts

  Hello experts,
  In the BW I have an InfoObject of type NUMC 19 that stores tasks master data and does have texts, we assume that the InfoObject is called Z_TASK. The texts represent the multi lingual task names. I need to build up a query that filters on the task names, e.g. all tasks between A* and C*.
  When I use a variable in the query, the variable takes the key field values (NUMC values of the InfoObject Z_TASK).
  My questions are:
  1. Is there a possibility to solve this problem using query variables?
  2. Other solutions?
  Thanks in advance.
  Marco

  Hi Marco,
  one possibility would be to create a ods object and post the master data to that ods. Include the text (description) into the datafields of the ods. Enable BEX reporting for the ods. Create a Query on it with a variable selection on the text. Now go back to your other query and create a variable for your task infoobject. Use the prequery on the ods as replacement path for z_task. That should do the job.
  kind regards
  Siggi