R12: Role based security : Hiding a button in OAF page for roles

Hi All,
We have a requirement where in which, we have to hide a "Create" button in AR customer search form for some roles ... we have implemented UMX - Roles based security in our project and we cant hide it based on user or resp ...
Any ideas ... Is it feasible with this new featue of RBAC?
Thanks and Regards,
Senthil

Hi Ajay,
metalink note 2778881.1 is discussing "Page access tracking report".
but here i want to implement access restrictions to a particular page.
Regards,
Naren.

Similar Messages

  • RBAC / Role Based Security Set Up in R12

    We are working with a 3rd party consulting organization to implement Role Based Access Control in E-Business Suite R12. We have approximately 50 users and with 35 responsibilities today and are currently in the process of designing our role based security set up. In advance of this the consulting company has provided us with effort estimates to cutover from the current responsibility structure to RBAC. We are told this must be done while all users are off the system. The dowtime impact to the business is very high, expecially considering our small user base.
    With RBAC cutover downtime estimates such as these I can't understand how any company larger than ours could go live with it?
    Does anyone have previous Role Based Access Control implementation experience in EBS R11i or R12 and could provide some insight on their experience and recommendations, best practice for cutover to mitigate impacts to the business as we cannot accept the 90 hours of downtime outlined by the consulting company below?
    Disable users old assignments:
    *12.00 hours*
    Disable Responsibilities targeted for the elimination:
    *12.00 hours*
    Disable Responsibilities targeted for the elimination:
    *16.00 hours*
    Setup OUM options and profiles:
    *6.00 hours*
    Setup Roles and Hierarchies:
    *14.00 hours*
    Grant Permissions:
    *12.00 hours*
    Setup Functional Security and disable the obsolete responsibilities:
    *12.00 hours*
    Setup Data Security and disable the obsolete data accesses:
    *6.00 hours*
    Total *90 hours*
    Note - all activities must be performed sequentially*
    Any advice or experiences you could share would be extremely valuable for us. Thank you for taking the time advance to review & respond.

    On Srini`s comments "Creating Roles.. will have to be done manually "... I would like to know will the same approach be followed for PRODUCTION instance also. Say if we need to create 35 responsibilities and 50 roles so should this be done manually in PRODUCTION.
    I have not worked on this but I know that in my previous company this was done using scripts. Need to find more on this.

  • What is the mean of using Portal with Role Based security as entry point

    Hi Experts we have requirement of integration of Portal and MDM
    I am completely new to the MDM. So please give me some idea , what is the meanin for following points.
    1) Using the Portal with Role Based security as entry point for capacity and Routing Maintaince(These two are some modules).
    2) Additionally , Portal should have capability to enter in to the MDM for future master data maintence. Feeds of data will need to be come from  SAP 4.6c
    Please give me the clarity of what is the meanin of second point
    Regards
    Vijay

    Hi
    It requires the entire land scape like EP server and MDM server both should be configured in SLD.
    Your requirement is maintaing and updating the MDM data with Enterprise portal.We have some Business Packages to install in Portal inorder to access the functionality of MDM.
    Portal gives you a secure role based functionality of MDM through Single sign on (login into the portal access any application) to their end users.
    Please go through this link
    http://help.sap.com/saphelp_mdmgds55/helpdata/EN/45/c8cd92dc7f4ebbe10000000a11466f/frameset.htm
    You need to develope some custom applications which should be integrated into the portal to access MDM Server master data
    The estimation involves as per your requirement clearly
    Its depends upon the Landscape settings, Requirement complexity,Identify how many number of custom applications need to be developed
    Regards
    Kalyan

  • Error in Role Based security using weblogic 9

    Hi All,
    Currently I am working with Weblogic Server 9. I am trying to use role based security. Below is the entries for web.xml.
    <security-constraint>
         <web-resource-collection>
              <web-resource-name>Success</web-resource-name>
              <url-pattern>/form.jsp</url-pattern>
              <http-method>GET</http-method>
              <http-method>POST</http-method>
         </web-resource-collection>
         <auth-constraint>
              <role-name>admin</role-name>
         </auth-constraint>
         <user-data-constraint>
    <transport-guarantee>INTEGRAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <login-config>
         <auth-method>BASIC</auth-method>
         <realm-name>myrealm</realm-name>
    </login-config>
    <security-role>
         <role-name>admin</role-name>
    </security-role>
    When I am calling form.jsp from the browser it is asking for the username and password, but after giving the username and password it is showing the followig error:
    Error 403--Forbidden
    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
    10.4.4 403 Forbidden
    The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
    So can any one provide me the solution for the above problem.
    Thanks in advance.
    By,
    Sandip Pradhan

    Here is a blog post for the backend (WebLogic Admin GUI) http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-role.html and a blog post for the web.xml in your project http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-ear.html.

  • Role based security and ACLs

    Hello,
    I have a question regarding Roles and ACLs. I understand that I can use one or more security realms to host users, groups, and ACLs. (In fact I am implementing a custom realm for users and groups like RDBMSRealm, and wanted WLPropertyRealm to handle ACL/permission based duties.)
    Reading the "Writing a Web Application" it is apparent that ACLs are not supposed to be used for Servlets/JSP anymore, but rather to map roles to security principals via the deployment descriptor files for the web application.
    So:
    1. I assume that Weblogic will determine, once I have authenticated the user in my realm, whether or not the user is in a certain role, and therefore, whether or not they have access to a particular resource?
    2. What happened to the concept of permissions? Is it assumed that if the user is in the required role that they have permission to execute the servlet/JSP?
    3. Does it make sense to talk about ACLs anymore? A checkPermissions() method on an Acl object doesn't make sense now. Instead am I to use isUserInRole() ? (This doesn't seem the same to me - asking if User A has execute permission on this resource is different than asking if User A is in the CSR role.)
    Your response is appreciated.

    Hello,
    I have a question regarding Roles and ACLs. I understand that I can use one or more security realms to host users, groups, and ACLs. (In fact I am implementing a custom realm for users and groups like RDBMSRealm, and wanted WLPropertyRealm to handle ACL/permission based duties.)
    Reading the "Writing a Web Application" it is apparent that ACLs are not supposed to be used for Servlets/JSP anymore, but rather to map roles to security principals via the deployment descriptor files for the web application.
    So:
    1. I assume that Weblogic will determine, once I have authenticated the user in my realm, whether or not the user is in a certain role, and therefore, whether or not they have access to a particular resource?
    2. What happened to the concept of permissions? Is it assumed that if the user is in the required role that they have permission to execute the servlet/JSP?
    3. Does it make sense to talk about ACLs anymore? A checkPermissions() method on an Acl object doesn't make sense now. Instead am I to use isUserInRole() ? (This doesn't seem the same to me - asking if User A has execute permission on this resource is different than asking if User A is in the CSR role.)
    Your response is appreciated.

  • Role-Based Security In SQL Server Reporting Services

    Hi
    I have created Reports,
    Now I need to assign Role-Based Security, ie like some particular clients can access only some particular report.
    http://localhost/reports/Pages/Folder.aspx
    Here in the above link i can see the property tool bar where i need to set the user assignement roles.
    could any one please help me out how to set different login assigned to a set of report.
    Or is there any tutor links for this.
    Thanks a lot.
    Shan

    Create folders under the Home page (the link you have there).  For each folder set group athentication (AD) or harder managed, user account roles for the folders and the reports under the folder.
    If you set security at that home level you will not be able to control what reports they see or can't see.  You'll need to go all the way to the folder/report level.
    It's also not best practice to deploy reports directly to the home level.  Not best practice in it creating a very hard to manage security level.  Think of the levels in security as such to SQL Server.  Set the connect to sql level, database level and then down to the objects in them.  Same priciples apply to SSRS.
    Here is a cast going through some security settings as well http://technet.microsoft.com/en-us/sqlserver/dd391734.aspx fro creating your roles and utilizing them
    Ted Krueger Blog on lessthandot.com @onpnt on twitter

  • Reseeding cache for users with role based security

    I have role based security and trying to set up cache by purging all cache and later seeding cache by query. The query would be different for different users. What is the best way to purge all cache and reseed cache for administrator as well as all users. The EPT would purge cache based on updated tables. But how do I next go about reseeding cache for better performance to all the users. Thanks.

    I have created an ibot with the following:
    General - Normal Priority, Personalized (recipient's data visibility)
    Conditional Request - example_report
    Schedule - some schedule
    Recipients - Me(administrator) and User1
    Destinations - Oracle BI Server cache
    when the ibot runs 2 cache entries are created (for the 2 recipients).
    I have the report (example_report) on the dashboard (1 dashboard, 1 page, 1 report).
    After the ibot runs:
    When the administrator logs in first, there is a cache hit on the report. Followed by when the User1 logs in there is NO cache hit.
    On the other hand when the User1 logs in first, there is a cache hit on the report. Followed by when the administrator logs in there is no cache hit. The query log creates a Query issued to the database instead of cache hit on query.
    The User1 has a data level security.
    Please let me know where was I making an error in setting the ibot and how to get the cache seeding work for the different users with different role based security.
    Thanks for your inputs.

  • JHeadStart Security problem-error page cannot be found- role based security

    JHeadStart Security problem-error page cannot be found- role based security
    Good morning! How are you? I would need some help in a jheadstart 10.1.3.2 security case and I was wondering if you could give me a hand to go on. I create the Model project with tables of oe schema. Then in JHeadStart to perform security I follow the following steps: In ViewController/WEB-INF/web.xml – properties I do the following: login configuration: http basic authentication rfc 7617: realm:jazn.com
    Security roles : I define two roles: customer and administrator , Security Constraints: web_resources: All_pages, Url Patterns: faces/*. Then in Tools/Embedded OC4J Preferences/Global/Authentication JAZN/Realms/jazn.com/users: I define two users c1, password c1 and a1,password a1, roles/member users/ I attribute the roles to the relevant users c1—customer and a1—administrator. Then in application definition editor on service level I define security/use role based authorization=true , authorization type: JAAS and when access denied go to next group=true. On group level e.g.: ProductInformation: Authorization/Authorized Roles Permissions: administrator.On item level : Orders/Items/OrderTotal/Operations/Update Allowed: #{jhsUserRoles['administrator']},Then I generate the pages (run the jag) . The generation is completed successfully but when I run the View Controller project a “the website declined to show this webpage…(page cannot be found)’ is displayed. What should I do? I would appreciate it if you would help me on this issue! Thank you very much.

    Thand you very much for your reply! Unfortunately there is a specific restriction-convention in the project I work in. I am supposed to perform role based security with my own tables and no by the jheadstart’s ones. Could you find out what is my fault with the steps I follow trying to perform the process?
    To remind you my steps I paste the following again:
    JHeadStart Security problem-error page cannot be found- role based security
    Good morning! How are you? I would need some help in a jheadstart 10.1.3.2 security case and I was wondering if you could give me a hand to go on. I create the Model project with tables of oe schema. Then in JHeadStart to perform security I follow the following steps: In ViewController/WEB-INF/web.xml – properties I do the following: login configuration: http basic authentication rfc 7617: realm:jazn.com
    Security roles : I define two roles: customer and administrator , Security Constraints: web_resources: All_pages, Url Patterns: faces/*. Then in Tools/Embedded OC4J Preferences/Global/Authentication JAZN/Realms/jazn.com/users: I define two users c1, password c1 and a1,password a1, roles/member users/ I attribute the roles to the relevant users c1—customer and a1—administrator. Then in application definition editor on service level I define security/use role based authorization=true , authorization type: JAAS and when access denied go to next group=true. On group level e.g.: ProductInformation: Authorization/Authorized Roles Permissions: administrator.On item level : Orders/Items/OrderTotal/Operations/Update Allowed: #{jhsUserRoles['administrator']},Then I generate the pages (run the jag) . The generation is completed successfully but when I run the View Controller project a “the website declined to show this webpage…(page cannot be found)’ is displayed. What should I do? I would appreciate it if you would help me on this issue! Thank you very much.

  • Need to change the LOV field based on checked box selection in OAF page

    Dear ALL,
    I have a requirement as below:
    I have a custom OAF page having a lov  field which is mandatory, a check box and a two text fields.
    So based on LOV value selection i am defaulting two text field value automatically.
    So my requirement is when user selects the check box automatically the LOV field should be non mandatory and user can insert in values to the lov field and text field and submit it.
    SO basically based on check box field selection i need to make the lov field in such a way it should accept all the values what user enters instead of check the query added in VO behind the LOV.
    Please suggest me some pointers to achieve this requirement.
    Thanks
    Deb

    hi,
    in PFR use:
    if ("checkevent".equals(pageContext.getParameter(EVENT_PARAM))) 
                     HashMap hashMap = new HashMap();
                     String checkboxval=pageContext.getParameter("item2");
                  hashMap.put("checkboxval",checkboxval);
                    pageContext.setForwardURLToCurrentPage(hashMap ,
                    true, // retain the AM
                    OAWebBeanConstants.ADD_BREAD_CRUMB_NO,
                    OAWebBeanConstants.IGNORE_MESSAGES);
    and in PR use:
    if((pageContext.getParameter("checkboxval'))!=null)
    OAMessageLovInputBean lovInputBean=(OAMessageLovInputBean)webBean.findIndexedChildRecursive("item3");
          lovInputBean.setRequired("false");
    try it
    Regards
    Mahesh

  • How to prevent multiple clicks of submit buttons in OAF Pages

    Hi All,
    Our page takes around 30 seconds to 1 minute for processing.
    Some users are not patient enough. I have tried putting the below code in my PR method.
    OAWebBean body = pageContext.getRootWebBean();
        if (body instanceof OABodyBean)
        ((OABodyBean)body).setBlockOnEverySubmit(true);
    This code disables submit button for some time. After few seconds, the submit button can be clicked again by the user.
    Also, if I click on other browser window and come back to OAF page, the submit button can be clicked again immediately.
    Have also searched OAF forum but didn't find any satisfactory answer.
    Need answer from Oracle on this. If not answered on the forum, will raise an SR.

    Hi Amit,
    Try using the Processing Symbol , after clicking the Submit button. Which does shows you processing clock symbol once you click Submit Button.
    Regards
    Raghu

  • Applescript based app: Hiding a button in the UI if a certain file exists

    Hope someone can help,
    I'm writing a small app which can be used to easily configure printers in a school environment. I have designed the applescript-based app in xcode and it is working well.
    I now wish to improve driver support for the app. I am installing each printer with the lpadmin command, and have had a reasonable amount of success with this too. But...
    The app sources the drivers from /usr/share/cups/model. I need to have the app detect whether the driver(s) have been copied to the model dir, and if it can see them, hide the "Install Drivers" button in the UI.
    So basically, in an applescriptish tongue,
    if /usr/share/cups/model/2100.ppd exists then
    enable button "Install drivers"
    end if
    Wow, hope thats not too confusing!
    Hope you can help me to do this!

    You could try something like this:
    set exists_ to driverInstalled("/usr/share/cups/model/2100.ppd")
    if exists_ then
    set enabled of button "installButton" of window "main" to false
    end if
    -- OR --
    if exists_ then
    set hidden of button "installButton" of window "main" to true
    end if
    on driverInstalled(thePOSIXPath)
    try
    set thePath to ((thePOSIXPath as POSIX file) as alias)
    return true
    on error
    return false
    end try
    end driverInstalled
    You could try either of those options, though the hidden option is only available in OS X 10.3 and later. Also, I've only guessed at the syntax, since I moved on from AppleScript Studio to Objective C a while ago. This script assumes that you have a window whose AppleScript name is "main" and directly in it is a button whose AppleScript name is "installButton".
    Hope this helps....
    Dual 2.7GHz PowerPC G5 w/ 2.5 GB RAM; 17" MacBook Pro w/ 2 GB RAM -   Mac OS X (10.4.8)  

  • How to get sequence value on click of button in OAF Page

    Hi all,
    I have a requirement to get a field called Bankrefernece number populated with sequence value on click of apply button ; i mean inserting new record in database for new transaction.
    Sequence Value should be something like this:
    Example
    No     Transfer Date     Bank Reference Number
    (DDMMYY_999)
    1     24-Oct-2010     241010_001
    2     24-Oct-2010     241010_002
    3     25-Oct-2010     251010_001
    means every day sequence should start with the date initials.
    Kindly give your valuable input.
    Thanks
    Sims
    Edited by: sims on Jan 4, 2011 11:22 PM

    sims wrote:
    Hi Anil,
    Its a standard page & i want it on click of apply button but my question is when i click apply button it navigates to other page..is it possible in such scenario to extend the controller.
    Thnx for ur suggestion
    SimsThat is not an issue, you can extend the controller of that page and get the value of sequence and set it to the VO attribute.
    Thanks
    --Anil
    http://oracleanil.blogspot.com

  • Add Landing Page for Role Node

    Hi, I have a detail navigation section that is made up of roles and the roles can be expanded to present IViews.  When a user clicks on a Role Node instead of the expand icon, the 1st report in that node/role is kicked off Automatically.  Is there a way to make a custom page appear on each of these nodes instead?
    Thanks!

    Hi,
    Yes, there is a way to allow an iView to appear when this automatically opens.  What you need to do is create an iview with the parameter "Invisible in Navigation Areas" set to YES.  This will disable the item from being viewable in the navigation, but then set "Default Entry for Folder" to YES.
    This should then work as your require.  Alternatively you could change the parameter "Launch First Nav Node" in the detailed navigation, but will effect all roles within your Portal.
    Please reward points if this helps fix your problem
    Kai Chalker

  • Duet Enterprise 1.0 SP2 - SAP Role based authantication

    Hi All,
    We have implemented Duet Enterprise 1.0 SP2 in our landscape. Now we try to implement SAP Role based authantication.
    But don't know which role to assign for which authorisation. In my scenario i have created 2 users. For one user i want to have only read access to all lists (Contact, Employee, etc) and for another user i want to have all acess (read, write, modify, delete) on all lists available at sharepoint.
    Can someone help me to tell what roles (template) need to assign for what operation.
    Which roles i do assign to user in SAP that which ristrict users access at Sharepoint.
    Thanks & Regards
    Virender Solanki
    09818316550

    Hi Binson,
    I want to ristrict the crude operation (create, update etc) by giving roles in backend system. i am able to apply restriction at sharepoint end but i don't want that. i want SAP role based security.
    So i want, according to given roles in backend system user is able to do operations at sharepoint.
    Thanks & Regards
    Virender Solanki

  • Role based reflection security manager?

    Hi,
    I am trying to find out whether there is a possibility to implement a role based Security Manager to control access to reflection operations (such as checkMemberAccess() for example).
    I need to implement an application where using reflection is totally forbidden, except for some very specific parts of the code. Is this possible? If yes, how should I proceed? Is there a concept of identity around the security manager? Should I use ReflectPermission? If yes how?
    I have been doing some reading, but it is still not clear to me. I am looking for a general implementation procedure.
    Thanks.

    Jrm wrote:
    Ok, fair enough regarding storing data on end user PC.
    But I see a contradiction here (or I mis-read you). I understand that SecurityManagers are used for applets to restrict some of their actions. What if people are able to bypass SecurityManagers? What is the point of having them? If a .jar application is started with a SecurityManager, can an end user strip it and replace it with its own security manager (from its own code for example)?First of all, the SecurityManager is provided by the local computer, not the applet. But, the most important point is that the SecurityManager used when running third-party applet code is not trying to protect the third-party code, it is trying to protect the local computer from unknown third-party code. the user is perfectly able to disable the SecurityManager and/or give the third-party code whatever permissions it desires if they decide to trust the code. you are trying to protect your code (+which is the third-party code with respect to the user+) from the user. that is the opposite situation, and does not work.
    I would be happy if I could deliver a .jar application with my customized and 'unremovable' SecurityManager. Is that possible or can one always fiddle the .jar to remove it?
    Because if people can always remove it, it is a permanent open door for man-in-the-middle attacks when code is delivered to end-users, correct? Is there any way to protect .jar from tampering?As i said in my previous post, there is no way to stop this. as a software developer, i'm sure you are aware that you can find "cracked" versions of any commercial software that you are interested in (if you know where to look). what makes you think that your java program is any more "secure" than those other programs?

Maybe you are looking for