RADIUS Group SACL and OD Groups - Nevermind

I am attempting to limit RADIUS authentication/authorization to members of a group. In Services I select Only Allow Users and Groups Below and bring up the group selection window. This window only shows groups in /Local/Default. If I switch to Users it shows Users in /Local/Default and /LDAPv3/127.0.0.1.
When I limit authorization to /Local/Default/Groups/Staff, authorization proceeds normally. If I limit authorization to my "Wireless Access" group that I created in Workgroup Manager, authorization fails. The user in question is a member of both groups.
There appears to be a problem with rlm_opendirectory accessing OD groups.
Snow Leopard Server 10.6.8 on a Mac Mini Server
Nevermind. This was me being stupid. Works fine.
Message was edited by: CJLinst

I was very excited about your helpful blog and I was hoping that it was giving me the solution I need for quite a while now.
Unfortunately it won't work! I followed your step exactly and I came across a problem while saving the edquote file because my volume contains a space. So I change my volume name, re-created all my shares and started al over again.
The edquote file created for the specific group keeps saying there is 1Kb in used while users from that group have already written more to this volume. When I start up edquote -u (user) I see that there is indeed more data from this specific user on the volume but apparently it isn't registered by its group.
Do you have any idea what the problem could be?

Similar Messages

I need to send group email and forward group email?

I need to send group emails and forward group emails and dont find that capability with ipad or iphone

There are quite a few group emailing apps available, but most will not allow you to forward an email, as they can only send new emails written within their own app.
MailShot Pro, uniquely, adds group email to your device so you can send to your groups directly from the standard Mail app. This allows you to forward an email, with any attachments intact, right from Mail.
Find out why quarter of a milllion users are now using our MailShot apps at jo.my/mailshot (iTunes link). A free version is also available to try, limited to a few small groups of contacts.
Peter
Soluble
Disclosure: I am the developer of MailShot, and may receive benefit from any sales.

Hash GROUP BY And Sort GROUP BY

Can anyone please explain how does Hash GROUP BY And Sort GROUP BY exactly work ?
Thank you.

As the name suggests, SORT GROUP BY achieves the same goal by sorting.According to Tom SORT GROUP BY doesn't always sort correctly .. tried to understand his explanation as he said "It always did a BINARY SORT - not a character set sort. So the data would be sorted incorrectly if you use anything but very simple ASCII strings..."
can you give me an example where binary value of a string A is greater than string B while ascii value of string B is greater than string A ?
http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:75397449124988
Thank you

Want to just have phone numbers on phone can you have different groups with and email group as well

Want to just have phone numbers on phone can you have different groups with and email group as well

The iPhone remembers information about previous contacts.
Complelely independently, you have a Contacts app with a contacts list. It sounds like your contacts list has 3 names on it. You need to add a few names.

Cisco Prime 4.2, Inventory group management and reports group

Hi
I have created some groups under Inventory > Group Management > Device. This works fine.
Then I want to create a monthly report for Reports > Performance > Device > Availability. Here I guessed I would find my groups created under inventory.
But I can se the groups, one group is duplicated, but all groups are empty. Under all devices, I can only see 6 og th devices but it should have been 122. Under the different subnet groups, there's no devices.
Should'nt I've seen the groups created under inventory when I want to make a report? Under the device list for quick report.
Br
Geir

Hm.... strange I've been looking around under Report, and looked at Inventory and Performance reports.
Inventory > Detailed Device shows all the devices and my groups.
Performance > Device > Availability show just 6 out of my 122 devices.
Under Inventory > Group Managment > Device I have a group called Datasenter.
Under Performance > Device > Availability I can see 2 of these groups, but their both empty.
When i delete this group, one of them dissapeer from Under performance. WHen I create it again, it comes back but empty.
Something must be corrupt.
Geir

'HASH GROUP BY' and 'SORT GROUP BY' 11.2.0.2

deleting this thread..
Edited by: OraDBA02 on Oct 3, 2012 2:35 PM

select * from v$version;
BANNER
Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production
PL/SQL Release 11.2.0.2.0 - Production
CORE 11.2.0.2.0 Production
TNS for Linux: Version 11.2.0.2.0 - Production
NLSRTL Version 11.2.0.2.0 - Production
Optimizer parameter
NAME TYPE VALUE
optimpeek_user_binds boolean FALSE
filesystemio_options string setall
object_cache_optimal_size integer 102400
optimizer_capture_sql_plan_baselines boolean FALSE
optimizer_dynamic_sampling integer 2
optimizer_features_enable string 11.2.0.2
optimizer_index_caching integer 0
optimizer_index_cost_adj integer 100
optimizer_mode string ALL_ROWS
optimizer_secure_view_merging boolean TRUE
optimizer_use_invisible_indexes boolean FALSE
optimizer_use_pending_statistics boolean FALSE
optimizer_use_sql_plan_baselines boolean FALSE
db_file_multiblock_read_count integer 128
optimizer_index_caching integer 0
optimizer_index_cost_adj integer 100
SQL
SELECT sum(this_.AMOUNT) as y0_, count(this_.GC_ID) as y1_,count(distinct this_.GC_ID) as y2_, this_.GC_TRANSACTION_TYPE_ID as y3_
from GC_TRANSACTIONS this_ where this_.MARKETPLACE_ID=:1 and this_.CUSTOMER_ID=:2 and this_.EXTERNAL_GC_TRANSACTION_ID=:3
group by this_.GC_TRANSACTION_TYPE_ID;
Indexes and Histograms
INDEX_NAME LAST_ANALYZED COLUMN_NAME COLUMN_POSITION NUM_ROWS BLEVEL CLUSTERING_FACTOR DESCEND
I_GCT_CUSMKTLSTUPD 17-jul-2012:00:15:09 CUSTOMER_ID 1 222812460 3 150983660 ASC
MARKETPLACE_ID 2 3 150983660 ASC
GC_TRANSACTION_TYPE_ID 3 3 150983660 ASC
I_GCT_EXT_GC_TRANS_ID_EXE 17-jul-2012:00:17:35 EXTERNAL_GC_TRANSACTION_ID 1 234832560 3 165680180 ASC
C_ID
EXTERNAL_GC_EXECUTION_ID 2 3 165680180 ASC
Histograms
COLUMN_NAME NUM_DISTINCT NUM_NULLS LAST_ANALYZED SAMPLE_SIZE AVG_COL_LEN HISTOGRAM
COLUMN_NAME NUM_DISTINCT NUM_NULLS LAST_ANALYZED SAMPLE_SIZE AVG_COL_LEN HISTOGRAM
EXTERNAL_GC_EXECUTION_I 21657463 54047480 24.Jul.12/00:21:28 8788182 12 HEIGHT BALANCED
D
EXTERNAL_GC_TRANSACTION 20790576 0 24.Jul.12/00:21:28 11481216 18 HEIGHT BALANCED
_ID
CUSTOMER_ID 5130572 0 24.Jul.12/00:21:28 11483246 7 HEIGHT BALANCED
MARKETPLACE_ID 6 0 24.Jul.12/00:21:28 11482295 4 FREQUENCY
GC_TRANSACTION_TYPE_ID 21 0 24.Jul.12/00:21:28 11483039 3 FREQUENCY
GC_TRANSACTION_ID 229686260 0 24.Jul.12/00:21:28 11484313 8 NONE
Histograms distibution for MARKTEPLACE_ID
Enter value for column_name: MARKETPLACE_ID
COLUMN_NAME ENDPOINT_VALUE CUMMULATIVE_FREQUENCY FREQUENCY ENDPOINT_ACTUAL_VALU
MARKETPLACE_ID 3 6543166 6543166
MARKETPLACE_ID 4 11041781 4498615
MARKETPLACE_ID 5 11459282 417501
MARKETPLACE_ID 35691 11469536 10254
MARKETPLACE_ID 44551 11475336 5800
MARKETPLACE_ID 78931 11482295 6959
6 rows selected.
CBO switches between two plans
plan-1
Plan hash value: 2380563624
| Id | Operation | Name | Rows | Bytes | Cost (%CPU)| Time |
| 0 | SELECT STATEMENT | | | | 13 (100)| |
| 1 | HASH GROUP BY | | 1 | 42 | 13 (8)| 00:00:01 |
| 2 | VIEW | VW_DAG_0 | 1 | 42 | 13 (8)| 00:00:01 |
| 3 | HASH GROUP BY | | 1 | 43 | 13 (8)| 00:00:01 |
|* 4 | TABLE ACCESS BY INDEX ROWID| GC_TRANSACTIONS | 1 | 43 | 12 (0)| 00:00:01 |
|* 5 | INDEX RANGE SCAN | I_GCT_EXT_GC_TRANS_ID_EXEC_ID | 11 | | 4 (0)| 00:00:01 |
Predicate Information (identified by operation id):
4 - filter(("THIS_"."CUSTOMER_ID"=:2 AND "THIS_"."MARKETPLACE_ID"=:1))
5 - access("THIS_"."EXTERNAL_GC_TRANSACTION_ID"=:3)
Bind (child_curosr=1)
select SQL_ID,CHILD_NUMBER,HASH_VALUE,NAME,DATATYPE,WAS_CAPTURED,LAST_CAPTURED,VALUE_STRING from V$SQL_BIND_CAPTURE where SQL_ID='&sql_id'
order by LAST_CAPTURED;
Enter value for sql_id: 1hc1r8qubfdnh
1hc1r8qubfdnh 1 3031905936 :1 2 YES 24.Jul.12/00:52:29 3
1hc1r8qubfdnh 1 3031905936 :2 2 YES 24.Jul.12/00:52:29 535098352
1hc1r8qubfdnh 1 3031905936 :3 1 YES 24.Jul.12/00:52:29 203-2351701-6925919
Plan-2
Bind (child_curosr=6)
Plan hash value: 700639342
| Id | Operation | Name | Rows | Bytes | Cost (%CPU)| Time |
| 0 | SELECT STATEMENT | | | | 13 (100)| |
| 1 | SORT GROUP BY | | 1 | 43 | 13 (8)| 00:00:01 |
|* 2 | TABLE ACCESS BY INDEX ROWID| GC_TRANSACTIONS | 1 | 43 | 12 (0)| 00:00:01 |
|* 3 | INDEX RANGE SCAN | I_GCT_EXT_GC_TRANS_ID_EXEC_ID | 11 | | 4 (0)| 00:00:01 |
Predicate Information (identified by operation id):
2 - filter(("THIS_"."CUSTOMER_ID"=:2 AND "THIS_"."MARKETPLACE_ID"=:1))
3 - access("THIS_"."EXTERNAL_GC_TRANSACTION_ID"=:3)
bind values
select SQL_ID,CHILD_NUMBER,HASH_VALUE,NAME,DATATYPE,WAS_CAPTURED,LAST_CAPTURED,VALUE_STRING from V$SQL_BIND_CAPTURE where SQL_ID='&sql_id'
order by LAST_CAPTURED;
Enter value for sql_id: 1hc1r8qubfdnh
1hc1r8qubfdnh 6 3031905936 :1 2 YES 24.Jul.12/03:06:04 5
1hc1r8qubfdnh 6 3031905936 :2 2 YES 24.Jul.12/03:06:04 1278126152
1hc1r8qubfdnh 6 3031905936 :3 1 YES 24.Jul.12/03:06:04 171-5012459-0045134
Why is CBO using two different 'HASH GROUP BY' with view 'VW_DAG_0' in first plan ?
Is that due to difference in MARKETPLACE_ID =4 And 5 ?

Creating a query with group function and non group function

Could anyone help me with creating a query that contain single row function and multiple row function in Report6i.
what i want to do basically is to create a query that will display sum of certain columns according to a column in that table

You can either calculate a sum yourself, or let Reports do it for you.
1. select sum(column) from table where ....
This will just display the sum, not the records.
2. Make a query: select column from table where ...
Create a summary field. You can do it manually or with the report wizard.
That will create a report like this:
   Column
       10
       20
       15
   ======
Sum    45

ASR IOS-XE and object groups

We recently installed a pair of ASR1004 routers and were somewhat (unpleasantly) surprised to find that the "object-group network" and "object-group service" were not supported. After doing some searches on the forums here I found this discussion:
https://supportforums.cisco.com/message/3573041#3573041
At that time (28 Feb 2012) it was mentioned that support for object-groups for ACLs were planned for 3.9S / Q1CY2013. We're running 3.10S and still no object groups so I was just wondering if anyone has heard an updated estimate of when this feature will be added to IOS-XE?

As the release notes state, this feature is implemented in 3.12S:
http://www.cisco.com/c/en/us/td/docs/routers/asr1000/release/notes/asr1k_rn_rel_notes/asr1k_feats_important_notes_312s.html#pgfId-3452835

ASA 5505 VPN Group Policies (RADIUS) and tunnel group

I have a single ASA firewall protecting a small private developing network, and I need it in order to access remotely to two distinct network spaces both of wich are VLAN tagged: 1 is LAN and 3 is management. Each net has its own IP address space and DNS server.
I'd like to set up Anyconnect to land on lan 1, and SSL VPN in order to see the IPMI and management websites sitting on VLAN 3. In order to make things "safer" I have found a free OTP solution, OpenOTP, and I decided to implement it on a virtual machine, setting up a radius bridge to allow user authentication for VPN. I can pass wichever attribute I'd like to using this radius bridge (for example "Class" or "Group-Policy" or whatever is included in the radius dictionaries).
Actually all I need is quite simple. I have to segregate my remote users in 2 groups, one for Anyconnect, and one for SSL based on the radius response from authentication. (I don't need authorization nor accounting) I'm no Cisco Pro, what I've learnt is based on direct "on the field" experience.
I'm using two radius users for testing right now, one is called "kaisaron78" associated to a group policy "RemoteAC" and a second one called "manintra" associated to a group policy called "SSLPolicy". "kaisaron78" after logging in should only see the Anyconnect "deployment portal", while "manintra" should see the webvpn portal populated with the links specified in the URL list "Management_List". However, no matter what I do, I only see the default "clean" webvpn page. This is an example of "sh vpn-sessiondb webvpn" for both users..
Session Type: WebVPN
Username     : kaisaron78             Index        : 1
Public IP    : 172.16.0.3
Protocol     : Clientless
License      : AnyConnect Premium
Encryption   : Clientless: (1)RC4     Hashing      : Clientless: (1)SHA1
Bytes Tx     : 518483                 Bytes Rx     : 37549
Group Policy : RemoteAC               Tunnel Group : DefaultWEBVPNGroup
Login Time   : 10:59:33 CEDT Mon Aug 18 2014
Duration     : 0h:00m:23s
Inactivity   : 0h:00m:00s
VLAN Mapping : N/A                    VLAN         : none
Audt Sess ID : c0a801fa0000100053f1c075
Security Grp : none
Asa5505# sh vpn-sessiondb webvpn
Session Type: WebVPN
Username     : manintra               Index        : 2
Public IP    : 172.16.0.3
Protocol     : Clientless
License      : AnyConnect Premium
Encryption   : Clientless: (1)RC4     Hashing      : Clientless: (1)SHA1
Bytes Tx     : 238914                 Bytes Rx     : 10736
Group Policy : SSLPolicy              Tunnel Group : DefaultWEBVPNGroup
Login Time   : 11:01:02 CEDT Mon Aug 18 2014
Duration     : 0h:00m:05s
Inactivity   : 0h:00m:00s
VLAN Mapping : N/A                    VLAN         : none
Audt Sess ID : c0a801fa0000200053f1c0ce
Security Grp : none
As you can see, it seems like the policies are assigned correctly by radius attribute Group-Policy. However, for example you'll notice no vlan mapping, even if I have declared them explicit in group policies themselves. This is the webvpn section of the CLI script I used to setup remote access.
! ADDRESS POOLS AND NAT
names
ip local pool AnyConnect_Pool 192.168.10.1-192.168.10.20 mask 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_27
subnet 192.168.10.0 255.255.255.224
access-list Split_Tunnel_Anyconnect standard permit 192.168.1.0 255.255.255.0
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.10.0_27 NETWORK_OBJ_192.168.10.0_27 no-proxy-arp route-lookup
! RADIUS SETUP
aaa-server OpenOTP protocol radius
aaa-server OpenOTP (inside) host 192.168.1.8
key ******
authentication-port 1812
accounting-port 1814
radius-common-pw ******
acl-netmask-convert auto-detect
webvpn
port 10443
enable outside
dtls port 10443
anyconnect image disk0:/anyconnect-win-3.1.05170-k9.pkg 1
anyconnect profiles AnyConnect_Profile_client_profile disk0:/AnyConnect_Profile_client_profile.xml
anyconnect enable
! LOCAL POLICIES
group-policy SSLPolicy internal
group-policy SSLPolicy attributes
vpn-tunnel-protocol ssl-clientless
vlan 3
dns-server value 10.5.1.5
default-domain value management.local
webvpn
url-list value Management_List
group-policy RemoteAC internal
group-policy RemoteAC attributes
vpn-tunnel-protocol ikev2 ssl-client
vlan 1
address-pools value AnyConnect_Pool
dns-server value 192.168.1.4
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_Tunnel_Anyconnect
default-domain value home.local
webvpn
anyconnect profiles value AnyConnect_Profile_client_profile type user
group-policy SSLLockdown internal
group-policy SSLLockdown attributes
vpn-simultaneous-logins 0
! DEFAULT TUNNEL
tunnel-group DefaultRAGroup general-attributes
authentication-server-group OpenOTP
tunnel-group DefaultWEBVPNGroup general-attributes
authentication-server-group OpenOTP
tunnel-group VPN_Tunnel type remote-access
tunnel-group VPN_Tunnel general-attributes
authentication-server-group OpenOTP
default-group-policy SSLLockdown
!END
I had to set up DefaultWEBVPNGroup and RAGroup that way otherwise I couldn't authenticate using radius (login failed every time). Seems like in ASDM the VPN_Tunnel isn't assigned to AnyConnect nor to Clientless VPN client profiles. Do I have to disable both default tunnel groups and set VPN_Tunnel as default on both connections in ASDM ? I know I'm doing something wrong but I can't see where the problem is. I'm struggling since may the 2nd on this, and I really need to finish setting this up ASAP!!!!
Any help will be more than appreciated.
Cesare Giuliani

Ok, it makes sense.
Last question then I'll try and report any success / failure. In this Cisco webpage, http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/ref_extserver.html#wp1661512 there's a list of supported radius attributes. Actually I'm using number 25 Group-Policy, in order to get the correct group policy assigned to users. I see, in that list an attribute 146 Tunnel-Group-Name. Will it work out for the purpose you explained in the previous post ? I mean, if I set up two tunnel groups instead of 1, 1 for anyconnect with its own alias and its own url, and 1 for SSL VPN again with its own alias and url, do you think that using that attribute will place my users logging in into the correct tunnel group ?
Thank you again for your precious and kind help, and for your patience as well!
Cesare Giuliani

ISE and Node Groups

Hi,
Does anyone know if node groups are purely for policy server nodes behind a load balancer such as ACE. If you have a pair of policy server nodes at a site with no load balancer, and both nodes configured in all NAS's can these be in a node group.
Does anyone know if you can use a load balanced set of policy nodes with LWA and WLC. There has to be affinity between the portal ISE and the AAA ISE configured in the WLC, these would be two different sessions one Radius and one HTTP, so the ACE would not be able to distinguish.
Thanks.
Gary

Hi Pon -
Do you mean groups of users or group of pages?
If you mean groups of users, you can create your sub-groups as a regular groups, and then when assigning users to your Main Finance group ... add the 2 groups which are your subGroups.
If you are talking about the Portal Page Group structure, you cannot nest page groups, but you can create pages and subpages.
Hope this helps,
Candace

Cisco ISE and AD group

Hi, I have a problem
I setup ISE join it to AD, get from AD group name, and add it to ISE as external identity group. Then I make simple authentification policy rule which says, if protocol RADIUS than use AD1 store.
After this I create authorization police rule, and it says that if external group from AD then permit access.
And now when I try to connect via ASA, using anyconnect client, my authentification log says that I choose default authorization rule. Seems like ISE does not check my username for external group membership.
Why it's happens ?
Thanks

Hi,
The issue is with your Authorization Policy, you have configured a internal identity group.
You need to change this and point to the your AD group, if you have retrieved the group from AD in the Groups settings under the AD settings, then you should be able to look for the condition but dropping down the "Attributes" Selecting AD ExternalGroups followed by your group.
Thanks,
Tarik Admani
*Please rate helpful posts*

WLC and LDAP Groups

Is there any way on an LDAP server to create an LDAP group that can be tied to the WLC for LDAP authentication. I have this url that explains local authentication and LDAP... http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml . That helps with local authentication but one thing I don't see is any guidance on how to create a group in a DC to communicate with anything on WLC. Any ideas?

You are right. You need a radius server overall that integrates with AD and do AD-to-radius group mapping. This way authentication is allowed/denied from radius, not WLC itself.
If the user can get a radius server to achieve this that will be great (especially if the user is using 802.1x/EAP authenticaion). If not, what I described about OU mapping is the only solution to get the users classified as per what I understood from users requirements.
The user is not only limited to Microsoft RADIUS (IAS or NPS). However, any radius server that supports AD group mapping can be used. with cisco ACS for example this is supported as well. I am not sure if this is also supported with open-source radius (openRadius for example). But if it is then openRadius can also be used.

How to restrict Sales office and Sales Group.

Hi All,
I want to restrict the users from changing the sales office and sales group in the sales order.
Is there any standard way to achieve this or do we need to do with User exit??
Please help.
Thanks,
Pavan.

hi
there is no standard settings for estrict the users from changing the sales office and sales group in the sales order
so you have to write the logic in userexit
DATA: lt_user_list   TYPE STANDARD TABLE OF tvarvc,
       lw_user_list   TYPE tvarvc,
       lr_user        TYPE RANGE OF syuname,
       lw_user        LIKE LINE OF lr_user.
IF screen-name EQ ' VBAK-VKBUR' and   VBAK-VKGRP.
* IF sy-tcode EQ 'VA02'.
**Get list of users who are allowed to change SO - only they can change payment terms
     SELECT *
       FROM tvarvc
       INTO TABLE lt_user_list
      WHERE name = 'ZSD_VA02_ALLOWED'
        AND type = 'S'.
     IF sy-subrc = 0.
       LOOP AT lt_user_list INTO lw_user_list.
         lw_user-sign = lw_user_list-sign.
         lw_user-option = lw_user_list-opti.
         lw_user-low    = lw_user_list-low.
         lw_user-high   = lw_user_list-high.
         APPEND lw_user TO lr_user.
         CLEAR lw_user.
       ENDLOOP.
**    If user is not in the users listed for change allowed
       IF sy-uname NOT IN lr_user.
         screen-input = 0.
       ELSE.
         screen-input = 1.
       ENDIF.
     ENDIF.
   ENDIF.
ENDIF.
go to STVARV t code here you check the NAME and give the user ids who need to change

Trash and user group help!

why do i need to type in password when i delete things? how do i remove it?
and i can't delete items directly from the dock as well. like opening from the downloads folder and dragging the file to trash. i have to bring open up Finder and delete from the folder directly.
another issue is that am i able to remove the gues user from my start up screen? i've already disabled it from the user groups but i still see it in my login screen.
one last problem, is it a norm to have current leakage for the MBP? i've been having frequent shocks from the 2 bottom corners of it when i plug it in to a power source. i bought it from an authorized retailer and using it in the country where i've gotten it from. i've just gotten my mbp about 3 weeks back.
thanks for replying my queries!

Hi,
Yeah in ACS 3.1 its under the Shared Profile Components page. In ACS 4.1 its directly under the user groups or under SPC page.
You need to check the box for "define ip based access restriction" and deny access for all other groups to the wireless access points network device group.
ACS 3.X)
1. Denied Calling/Point of access restrictions
2. AAA Clients =UPS_PDU (Power Supplies)
3. Port = just put a * for all
4. Src IP address = just put a * as well
SUBMIT to SAVE
Create a second one for the other group like so:
1. Denied Calling/Point of access restrictions
2. AAA Clients =Routers_Switches
3. Port = just put a * for all
4. Src IP address = just put a * as well
Click submit to save it.
Go to the ACS User groups section and select the Network Administrators Group " that don't need access to the UPS's" and apply the NAR you created to that group. Do the same for the other grouping.
(ACS 4.X)
Go directly under the "user groups" and create the NAR under there. No need to go under the Shared Profile Components section
Hope this helps and let me know if you need further assistance or explanation.
Craig

I need to show grouped id and only the max order value for each unique id

select distinct
Table1.id,
Table1.id +' - '+ Table1.VisitNumber +' : '+ Table1.Priority as UidVisitKey,
Table1.VisitNumber,
DATEDIFF(d, [dob],[Visite_dte])/365.25 as Age_On_Visit,
Table1.Priority,
Table1.OrderOfVisit,
Table1.OrderOfVisit + ' - ' + Table1.Notes AS VisitNote,
Table1.Visitor_FName,
Table1.Visitor_SName,
Table2.dob,
Table2.sex,
Table1.Visit_dte,
into #Temp1
FROM Table1 INNER JOIN
Table2 ON Table1.id = Table2.id
WHERE Table1.LeaveDate IS NOT NULL
and Table1.LeaveDate between DATEADD(mm,-1,DATEADD(mm,DATEDIFF(mm,0,GETDATE()),0))
and DATEADD(ms,-3,DATEADD(mm,0,DATEADD(mm,DATEDIFF(mm,0,GETDATE()),0)))
select #Temp1.id, max(#Temp1.[OrderOfVisit]), #Temp1.VisitNote
from #Temp1
group by #Temp1.id, #Temp1.OrderOfVisit, #Temp1.[VisitNote]
ORDER BY #Temp1.id
drop table #Temp1
---I need to show grouped id and only the max OrderOfVisit for each unique id, and the VisitNote for each OrderOfVisit
----------------need help-------------

Sounds like this
select distinct
Table1.id,
Table1.id +' - '+ Table1.VisitNumber +' : '+ Table1.Priority as UidVisitKey,
Table1.VisitNumber,
DATEDIFF(d, [dob],[Visite_dte])/365.25 as Age_On_Visit,
Table1.Priority,
Table1.OrderOfVisit,
Table1.OrderOfVisit + ' - ' + Table1.Notes AS VisitNote,
Table1.Visitor_FName,
Table1.Visitor_SName,
Table2.dob,
Table2.sex,
Table1.Visit_dte,
into #Temp1
FROM Table1 INNER JOIN
Table2 ON Table1.id = Table2.id
WHERE Table1.LeaveDate IS NOT NULL
and Table1.LeaveDate between DATEADD(mm,-1,DATEADD(mm,DATEDIFF(mm,0,GETDATE()),0))
and DATEADD(ms,-3,DATEADD(mm,0,DATEADD(mm,DATEDIFF(mm,0,GETDATE()),0)))
select id,OrderOfVisit,VisitNote
from
select #Temp1.id, #Temp1.[OrderOfVisit], #Temp1.VisitNote,ROW_NUMBER() OVER (PARTITION BY #Temp1.id ORDER BY #Temp1.[OrderOfVisit] DESC) AS Seq
from #Temp1
)t
WHERE Seq = 1
ORDER BY id
drop table #Temp1
Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs

RADIUS Group SACL and OD Groups - Nevermind

Similar Messages

Maybe you are looking for