Regarding User Restriction on Approving his own request...

Similar Messages

• User forced to approve his own request -  how to skip it?

  A simple manager approve user request workflow, accessed via the end user interface, contains 2 manual actions.Each Manual action
  contains a form. The 1st form is where the user inputs information and the 2nd form is an approval
  Currently, The user clicks the link and enters the information on the form and submits it.
  but instead of going to the manager for approval, it sits in the user's menu(view Inbox) and the user has to approve it before it will go to the manager's queue.
  what parameter needs to be added to bypass this user approving their own request in SIM 6

  Well i hope it is the fact that
  <ref>$(theApprover)</ref>should be
  <ref>theApprover</ref>and may 'Approval' should be 'approval'
  Message was edited by:
  Iddo

• Define if users or functional owner can self-approve their own requests-OIM

  I have a scenario where in if a user replaces his manager as proxy and makes a request for a resource, the approval task triggered goes to the user itself and the user can approve it. I want to deactivate this functionality.
  I was told that since BP12 has been applied, OIM allows us to define if users or functional owner can self-approve their own requests. Is this possible and if yes then how to go about it??
  Thanks in advance.

  Per BP11 for OIM 10g documentation:
  9649346 A user could approve or update the user's own request. This feature could not be disabled. From this release onward, this feature can be enabled or disabled depending on your requirement. See Section 3.10, "Using the XL.AllowBeneficiaryToApprove System Property" for information about implementing the fix for this item.>
  There is also this in BP11:
  9271449 Requesters could reassign approval tasks to themselves. See Section 3.9, "Using the XL.RequesterCanBeApprover System Property" for information about implementing the fix for this item.>
  System configuration variables in 10g are in the design console. In 11g, they are in the web console.
  -Kevin

• User can edit only his own rows

  Hi,
  I have a simple generated application. I logged the user in the DB-table who has created the row. Now I want that all users can see all entries of the table (blackboard) and can create new entries, but the user can update only his own entries.
  Ideally he sees the Edit-Icon on the report only with the rows he created and he has the right to update.
  Regards, Juergen

  Juergen,
  Yes, I was answering a different question. A query like the following would show/hide the edit link based on a column's value:    select decode(ENAME,:APP_USER,
        ''||
  '<img src="#IMAGE_PREFIX#edit_big.gif" border="0" alt="Edit Big Icon">',
        null) Edit,
      ENAME,
      JOB
      from EMP Of course you want the edit page to check if the user requesting the page should be able to update the row corresponding to the primary key value passed in, just in case someone tampers with the URL and goes to the edit page directly. You could use an authorization scheme for that.
  Scott

• Grant privileges to the user to edit only his own information

  Hi all,
  my Portal version is 9.0.4.0.99
  I would like to grant to all users the privilege to change/edit only his own information.
  When I go to the Administer Tab, enter the username in the portlet User, and then I check the checkbox: "Allow User editing", then this User can edit all users.
  How can I grant the privilege to edit only his own information?
  Regards
  Leonid Pavlov

  The Portal does not expose the DAS Edit My Profile link until version 10.1.4. Prior to this version, if the associated DAS actually supports this, you can just add the link on your portal page as a URL item:
  http://host.domain.com:7777/oiddas/ui/oracle/ldap/das/mypage/AppEditMyPage?homeURL=http%3A%2F%2Fhost.domain.com%3A7778%2Fpls%2Fportal &doneURL=http%3A%2F%2Fhost.domain.com%3A7778%2Fpls%2Fportal&cancelURL=http%3A%2F%2Fhost.domain.com%3A7778%2Fpls%2Fportal
  I.e., it takes the url:
  <infra-host>/oiddas/ui/oracle/ldap/das/mypage/AppEditMyPage
  with 3 url-encoded parameters:
  homeURL - link rendered with Home icon in DAS
  doneURL - target for [ OK ] in DAS
  cancelURL - target for [ Cancel ] in DAS

• How i can find user locale/language from his/her request header ?

  Hi
  thank you for reading my post
  what is request header field that shows user agent language/locale ?
  is there any http header value that shows user locale/language ?
  if yes , how i can extract it ?
  thanks

  Certainly there is.
  http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html#z12
  The header is "accept-language"
  You can get it via
  request.getHeader("accept-language");
  You can use request.getHeaderNames() to give you an enumeration of all the headers sent by the browser, so you can see them and the values.
  Here is an extract from a test page I use every once in a while that prints out useful information. This bit prints out request headers (using JSTL)
  You can just drop it into a jsp page (don't forget to import the JSTL tag library) and it will show you all the request headers.
  <h3>Headers </h3>
  <table>
  <c:forEach var="h" items="${header}">
    <tr><td><c:out value="${h.key}"/></td><td><c:out value="${h.value}"/></td></tr>
  </c:forEach>
  </table>Cheers,
  evnafets

• AE-How can we restrict a role approver to request or approve is own access?

  Currently, in our AE a role approver can submit a request to add a role for which he is the approver and therefore he will be able to approve it as well.
  We would like to not authorize someone to approve his own access request.
  Is that possible and how ?

  Patrick-
  That enhancement is available in Access Control (CUP, formerly AE) 5.3.  It is not available in 5.2.
  Ankur

• To prevent user from droping his own object .

  Dear User
  I have a database user like "aaa" in oracle 7.3.4.0.1 database.i do not want user "aaa" to drop his own schema objects like table and any other objects that he is owner.Do i have any system privilege to stop this user from doing so.User should be able to create objects and modify object but not to drop his own objects.For this purpose i have created a database trigger at database level to stop user "aaa" for doing above action.this trigger is giving me error on creation in oracle 7.3.4.0.1 .But when i tried same trigger in oracle 8i and 9i it work well.In oracle 8i and 9i it is preventing user from droping his own objects but i get other errors also along with raised error in trigger which i want to stop .The error which i am raising in trigger is
  ORA-20001 INVALID COMMAND BUT OTHER TWO ERRORS THAT R RAISED AUTOMATICALLY ARE
  ORA-00604 ERROR OCCURED AT RECURSIVE SQL LEVEL 1
  AND
  ORA-06512 AT LINE 8
  I WANT TO STOP THESE TWO ERRORS .
  PLZ HELP ME IN THIS REGARD AS SOON AS POSSBILE .
  plz tell me is there any system privilege to stop user from droping his own object or any other way along with trigger at database level.
  Thank u.

  Hi
  DBAs can use PRODUCT_USER_PROFILE (in system schema) to disable certain SQL and SQL*Plus commands in the SQL*Plus environment on a per-user basis. SQL*Plus, not Oracle, enforces this security. DBAs can even restrict access to the GRANT, REVOKE, and SET ROLE commands in order to control users' ability to change their database privileges.
  The PRODUCT_USER_PROFILE table enables you to list roles which you do not want users to activate with an application. You can also explicitly disable use of various commands, such as SET ROLE. For example, you could create an entry in the PRODUCT_USER_PROFILE table to:
  read more about this at
  http://download-west.oracle.com/docs/cd/B10501_01/server.920/a90842/ch10.htm#1005648

• Requestor able to approve / Reject his owen request....

  Hi Experts,
  Please help me on the issue.
  Present i am involving the GRC implementation project. But i had one issue in CUP workflow.
  Recently i have created the one workflow (New User Account) with 3 stages (Line Manager, Role Owner, and Security) and Path everything is looking fine.
  Finally we have created the request for New User Account and request was submitted successfully. But we have also able to approve/Reject our own requests. It should not happen?
  If we creates the request with other user, the actual approvers only able to approve/Reject that request.
  Regards,
  Arjun.

  Thanks Alpesh,
  Yes, i am part of the cup workflow configuration (But my user id is not included in to the CAD approver list, eventhough i am able to approve/Reject my own requests). The following roles were assigned to my UME account.
  AE security
  AE approver
  AE administrator
  and the default End user personlization(approve/reject own reques) is set to "NO" under the configuraton tab. please clarify... if we suppose to assigned the AE Administrator role to user accounts, are they able to approve their own requests?
  Thanks in advance,
  Arjun.
  Edited by: Anithab on Dec 12, 2010 4:18 PM
  Edited by: Anithab on Dec 12, 2010 4:25 PM

• User is not able to change his own password... Only DBA can change users password ??

  Hi,
  I have this problem today.I am using Oracle 8.1.7 on Solaris 2.8
  A Oracle user say " SCOTT" trying to change his password but could not.. he gets the followling message
  SQL> alter user scott identified by abc123;
  alter user scott identified by abc123
  ERROR at line 1:
  ORA-28003: password verification for the specified password failed
  Scott's profile has password_verfiy function. Hence i thought abc123 password was not matching with the password verify condition. Surprisingly, what ever password SCOTT tries with, he could get the same error message and could not change his password.. Ultimatly SCOTT could never change his password. How is it possible ??
  It is noteworthy to mention that if i give DBA role to SOCTT then he can change his password with abc123 or any thing that satisfies with password verification function.
  Now Only a user who has DBA role or a DBA could change passwords..
  Can somebody through some light on it and explain what corrective action to be taken so that Users can change their password without DBA's interreption.
  Thanks in advance
  Regards
  Srini

  <PRE>
  This is the description of the error message:
  =============================================================================
  ORA-28003 password verification for the specified password failed
  Cause: The new password did not meet the necessary complexity specifications
  and the PASSWORD_VERIFY_FUNCTION failed.
  Action: Enter a different password. Contact the database administrator to find
  out the rules for choosing the new password.
  =============================================================================
  it clearly says that password has to match the complexity specifications. You will not be able
  to change password without meeting the complexity requirements.
  DBA's can make the change to the password because if DBA's can not change the password, it could lock
  you out of the database (all users including the DBA's) and you will not be able to access the
  database.
  Try removing the password verify function and see if you can then change the password succssfully.
  </PRE>
  hi Prakash,
  The verify password function is standard oracle function and I do not think the current problem is any way related to the rules that were framed in verify password function. The key point here is a user could not change his own password. But a DBA or a user who has ALTER USER system privs.. can do so..
  Regards
  Srini

• Review activity set to notify Affected User of Approval Required - Service Request

  We are trying to setup a new employee on boarding process.   We have a service request form that gathers information.
  We also have a review activity that the affected user (who is the manager on boarding the employee) has to approve when they get a signed confidentiality agreement, etc.
  We cant set Affected User as a Reviewer but the affected user can approve.  
  How can we notify the affected user to review and approve the review activity.
  On the screen shot below it is the first review activity.
  Note:  we have some workflow activity events setup that work when the reviewer is assigned in the template.
  Thanks Lance

  You want to set the affected user of the SR as a reviewer on the RA? In essence approving their own request. Why not just make the signed confidentiality agreement mandatory (cannot create request without it). 
  Anyways you have two ways to go. A custom workflow/scheduled PS-script or a runbook. If you have Orchestrator that is the easiest. Setup a "Monitor Object" that targets new SRs and a criteria that uniquely identifies the SR (Title may do). Then get the related
  user from the SR and add this to the RA as a reviewer. Should be fairly easy to google a blog on specifics on how to do this.
  http://www.scsm.se/?p=895
  and a long one:
  http://blogs.technet.com/b/servicemanager/archive/2012/05/22/working-with-relationships-in-the-scsm-orchestrator-integration-pack.aspx
  http://codebeaver.blogspot.dk/

• How to allow user to modify his own data with a Portal Form

  Hi,
  I have a form (Master-Detail) to update a user-profile (Master) and the user's skills (Detail).
  How can I make sure, that a user can only modify his own profile - assuming the master table has an attribute containing the users loginname for Portal?
  thanks!
  bye Stephan...

  Yes, along with the default value of wwctx_api.get_user, you also need to specify the default value type. In this case it should be Expression returning Varchar2.

• How to give access to user when he login with his credentials to create his own virtual machine

  Dear Experts ,
  In scvmm ..how we can allow an user to create his own VM with out providing him administrator rights...
  I am able to create machines with user accounts when I give Administrator rights only..and if i remove Administrator rights..i am gettting a message for user-"you cannot access the private cloud", where as If i give administrator rights to that
  same user , I can able to access private cloud and template for the user.
  Please suggest me and help with any useful link.
  Regards
  N.V.Srinivas ,
  [email protected]

  Self-Service user delegation
  SCVMM 2008 - 2008 R2:
  http://technet.microsoft.com/en-us/library/dd548291.aspx
  SCVMM 2012 - 2012 R2:
  http://technet.microsoft.com/en-us/library/gg696971.aspx
  Brian Ehlert
  http://ITProctology.blogspot.com
  Learn. Apply. Repeat.
  Disclaimer: Attempting change is of your own free will.

• HOW TO CONFIGURE MANAGER or APPROVER USER IN ACCESS REQUEST MANAGEMENT TO APPROVE OR REJECT REQUEST

  hi sap gurus,
  i configured grc 10 system successfully. I created one user: GR_AR_APP001 and assign following roles:
  SAP_GRAC_ACCESS_APPROVER
  SAP_GRAC_ACCESS_REQUEST_ADMIN
  SAP_GRC_FN_BASE
  SAP_GRC_FN_NUSINESS_USER
  and I maintained GR_AR_APP001 in access control owners as "POINT OF CONTACT", "SECURITY LEAD" and "WORKFLOW ADMINISTRATOR"
  but when i am creating access request for new user and defining MANAGER under user details tab as GR_AR_APP001.
  the user GR_AR_APP001 is not receiving any request for APPROVE or REJECT in his WORK INBOX.
  can u please guide me how to configure APPROVER or MANAGER to approve or reject request.
  I will be very much thankful if you guide me successfully.

  Hi Colleen,
  thanks a lot for your time.
  PIC1: I created one user: GR_AR_APP001
  and assigned all the GRC ROLES.
  PIC2: I assigned owner type to GR_AR_APP001 user : POINT OF CONTACT, SECURITY LEAD and WORKFLOW ADMINISTRATOR in NWBC ACCESS CONTROL OWNERS
  PIC3: I created one EUP 980 (copied from default EUP)
  PIC4: I maintained default manager as GR_AR_APP001 user in 980 EUP
  PIC5: I selected SAP_GRAC_ACCESS_REQUEST process id
  PIC6: I created one agent id as ZGRAC_MANAGER11 in which I added approver user id: GR_AR_APP001
  PIC7: I saved agent id
  PIC8: I added agent id as ZGRAC_MANAGER11 in stage5 in manager stage.
  PIC9: I saved
  PIC10: I maintained EUP 980 (in which I configured manager as GR_AR_APP001 user) in stage 5 task settings
  PIC11: Maintain Route Mapping, I clicked on next
  PIC12 and PIC13: I saved and activated.
  After this process I created one request for new account and selected the manager as GR_AR_APP001 and one request is created with request no 9000000030.
  now I logged into system by user GR_AR_APP001 and checked, there is no request under his work inbox.
  please guide me at least one procedure, how to receive request in approver work inbox so that I can learn other procedures to configure approver as per our organization requirement.
  thanks for your support Colleen.

• How to notify a self registered user that his/her request has been denied

  Hello,
  Is there a way to send an email to the requestor (this email address is what the user puts in the self registration form under requestor email) to notify that the request has been denied? (OIM 9.1)
  In The User Registration Process Definition, Task Awaiting Approval Data, I have the Assignment Tab set as follows:
  Rule: Default
  Target Type: Group
  Adapter AssignApproverGroup (this adapter dynamically looks for the members in a group based on the requestor organization, assigns the task to these individuals, and sends an email notifying that self registration approval is pending to all members of that approvergroup)
  Priority: 1
  Notification Tab
  Assignee is checked
  Status: R
  Email: Self registration request Denial
  When the Assignee logs in and denies the request, an email is sent to the Assignee about the denial.
  Questions:
  1. If the ApproverGroup has more than 1 member, how can we notify all the members of the Approver group that the request has been denied?
  2. How can we notify the requestor that his/her request has been denied using his/her provided email from the self registration form?
  Thanks
  Edited by: Khanh on Dec 4, 2008 3:36 PM

  You need to think about how the whole system is going to work - you need to know everything that the button will require, and then think about how to provide this information to the button.
  So, by the sounds of you need say a single button to press when you want to add a new button to the calculator. Associated with this have text fields that take the function for the calculator. I would specify that the function uses variables e.g. x and y as in function = x * y. Then your program could parse the input string describing the function, by recognising "*" to mean * in the Java code syntax and "/" to mean /. Then treat everything else as variables. Since you can filter out the other variables i.e. not the operators, you can then say associate an array to contain the values of these. Then when the user uses the button and specifies the input parameters and presses the button, you can update this array, and perform the calculation based upon these values.
  Hope this helps.
  My advice really is just to think about everything that a button that creates new function buttons is going to need.
  PS. Remember to repaint the GUI once update its Container. Swing does this automatically, but I always specify it explicitly anyway to be safe. You can use either repaint(), validate(), or revalidate().
  Goodluck mate!