Restrict access to buttons, regions, etc. on a per user basis?

Similar Messages

• Restrict access to Sharepoint to a group of AD users

  Hi, I have a sharepoint 2013 server which is connected to the AD. I’ve setup the User Profile Syncronisation Service to synchronize only one group of users. But as soon as a User logs in it creates a profile. I want to limit the access
  to the sharepoint to only the users in the group.

  There is no way to limit access to SharePoint to a specific group.  There are two workarounds that will accomplish the same goal: 
  First, if you have an AD group that represents everyone except the people who should have access to SharePoint then you can add that to the Web Application user policy and Deny All permissions.  No one
  in that group will be able to access anything in that SharePoint web application
  Second, you can create a filter for your people picker that only allows adding users who are members of the group of users you are letting access SharePoint.  Users who are not members of the group can
  not be assigned SharePoint permissions in the future and won't be able to login in.  NOTE: this won't affect any users who already have access to a site.
  This article talks about how to filter the People Picker.
  http://technet.microsoft.com/en-us/library/gg602075(v=office.15).aspx
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• Restricted access to nodes in SOLAR01

  Hi
  I have setup restricted access to the nodes in SOLAR01 (details shared below in the for "information area") - now I need to enter the team members who are allowed to update documentation in each business process & step.
  It seems that access to a higher level node is not inherited by the lower level nodes so I have to update each business process & step individually.
  This is going to be a mammoth task that will need to be repeated every time a new team member joins - is there a mass update function avaialble or perhaps a way to cause the lower level nodes to inherit the team member access of its parent?
  regards
  Marina
  For information
  To set up restricted access I did the following for standard project users;
  1.  In transaction SOLAR_PROJECT_ADMIN, edit your project and go to tab "Proj. Team Member'
  Check the box "Restrict changes to nodes in project to assigned team members
  (make sure you have assigned your team members in the grid)
  2.  Make a copy of SAP_SOLAR01_ALL role into the customer namespace and make the following changes
  S_PROJECT
  ACTVT = 03,23,71,76
  also set your project ID
  S_PROJ_GEN
  project ID = your project
  proj_func = SCEN
  S_DATASET
  actvt = 33,34
  add in S_IWB
  ACTVT = 01,02,03,33,6,80,D1,V1
  IWB_AREA = IWBSOLAR
  IWB_EXTNSN = /KWCUST/
  IWB_FLDGRP = your project
  AI_SA_TAB
  remove PRODATA from TABNAME (for administrators who should be able to edit everything create an auth with this made available).
  Any other entries I have not specifically mentioned I have given them a * value.

  Hello,
     If you want the team member to be inherited along the lower nodes you have to use button "Make Mass Changes"; access the higher node, go to "Administration" tab, then "Team member" tab, then use the fourth button "Make mass changes" to add a team member, after that, it will be inherited along the lower nodes.
  I hope that hleps!
  Best regards,
  Federico.

• SSH login- how do I restrict access to a shared folder?

  I have created Shares in WGM for SMB and AFP access on my OS X 10.4.8 Server. However when I connect via SSH it's not restricting access to the folder based on the User Name I login with- I see the entire volume! How do I restrict access to a specific folder based on a user name setup in WGM? ACL's?

  Hey George,
  It sounds like you are trying to limit ssh/sftp users to a specific area, aka jails. The FTP server lets you 'chroot' users to a certain area making it appear as the root thus preventing them from navigating up the hierarchy, which is what I think you, and me and many others are trying to accomplish.
  The ssh compiled into OS X is missing this very needed feature. There have been a few documented workarounds, but they've either been too insecure or too clunky for me.
  I've dealt with the fact that my users can get to the root of the hard drive, and have just been very careful about my privileges (by using ACLs), thus preventing them from getting inside areas they shouldn't.
  There's a good write up here: http://www.schwie.com/brad/macosxsftpchroot/ and if you include the term 'chroot' in your searches, you should find a bit about it here too.
  And Roger, I think George meant the file sharing protocol used by ssh. man sftp.

• Restricting access to link based on a user's accesslevel

  I've gotten the DW login feature working for restricting
  access to pages based on a user's successful login and associated
  accesslevel. However, I have some links that open an Excel
  spreadsheet and an Outlook calendar. Is there an easy way to
  restrict access to a link so that an unauthorized user can't
  navigate to the link? Here's my code for the link:
  <td height="19" colspan="3"
  valign="top"><em><strong><a
  href="STI-Intranet/XLS/PROD_SCHED.xls" title="Current Production
  Schedule (Read Only)">STI Production Schedule
  </a></strong></em></td>
  <td height="4%" valign="top"><strong><a href="
  http://server_3/public/cal_engineering/"
  title="FROM INTRANET"><font size="2" face="Verdana, Arial,
  Helvetica,
  sans-serif">INT</font></a></strong></td>

  What server side language are you using? Do the links need to
  be restricted
  to just one access level, or multiple levels? Should it be
  blocked for only
  one level or multiple?
  Bryan Ashcraft (remove brain to reply)
  Web Application Developer
  Wright Medical Technologies, Inc.
  =============================
  Macromedia Certified Dreamweaver Developer
  Adobe Community Expert (DW) ::
  http://www.adobe.com/communities/experts/
  "mslee1965" <[email protected]> wrote in
  message
  news:e52o7e$3ak$[email protected]..
  > I've gotten the DW login feature working for restricting
  access to pages
  > based
  > on a user's successful login and associated accesslevel.
  However, I have
  > some
  > links that open an Excel spreadsheet and an Outlook
  calendar. Is there an
  > easy
  > way to restrict access to a link so that an unauthorized
  user can't
  > navigate to
  > the link? Here's my code for the link:
  >
  > <td height="19" colspan="3"
  valign="top"><em><strong><a
  > href="STI-Intranet/XLS/PROD_SCHED.xls" title="Current
  Production Schedule
  > (Read
  > Only)">STI Production Schedule
  </a></strong></em></td>
  >
  > <td height="4%" valign="top"><strong><a
  href="<a target=_blank
  > class=ftalternatingbarlinklarge
  > href="
  http://server_3/public/cal_engineering/"">http://server_3/public/cal_engin
  > eering/"</a> title="FROM INTRANET"><font
  size="2" face="Verdana, Arial,
  > Helvetica,
  sans-serif">INT</font></a></strong></td>
  >
  >

• Restrict application instances per user?

  We have a new ERP application.  As with most enterprise software, it has a restrictive license on concurrent uses.  It even counts multiple instances from the same user as multiple uses of its license.
  The application runs from a Windows 2012 R2 server, as a RemoteApp.
  Is there a way to restrict it so that each user may only run a single instance of the application?

  Hi Itwally1,
  All RemoteApp programs on the same server for the same user will run in the same session.
  There seems to be no built-in method to limit a RemoteApp to a single instance per user session. Please refer to following threads and check if can help you.
  Restrict a published RemoteApp to a single instance per user
  Limite RemoteApp to one instance per user
  If anything I misunderstand or any update, please don't hesitate to let me know.
  Best regards,
  Justin Gu
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• TV Access Connection​s per-user settings?

  I needed to set up a 2nd user acct profile on my T500 (Win XP Pro) to use for a special purpose and need for the Wireless Radio to be powered off when this user's desktop loads (same as clicking the TVAC icon in the system tray and choosing Power Off Wireless Radio).
  So far my experience has been that any TVAC changes made while using the 2nd user account are carried over to the 1st user acct, and vice-versa.  I would like settings to be on a per-user basis and not applied globally to all users.  Is this possible, and if so how can I do it?
  Using the system tray icon, I was able to have the radio powered off in the 2nd acct and powered on in the 1st acct.  And when the 2nd user's desktop loads the icon is in fact powered off, at least initially, but then the auto-connect popup appears and automatically powers on the radio.  If I could configure the 2nd acct to not attempt to connect automatically that would work for me, but I can't figure out how that is possible.
  Any help is appreciated.
  Regards,
  Frank

  It is not possible to do per user setting in Access Connections.

• When I click on the Moilla button on my desktop, the firefox start page that shows up has no Mozilla button to access print, history. options etc., it just says mozilla firefox start page at the top. rt page tc.

  When I click on the Mozilla icon on my desktop, a mozilla firefox startpage come up that has NO mozilla button to click and access print, history, options etc. Also the whole page automatically shifts down slightly to show only google question box and no address bar. Also, there used to be a place where I could click on most accessed pages, but that disappeared a couple of weeks ago. I have an HP computer and never know what the start page will look like.

  Hey plainmad,
  Did you recently upgrade Firefox? I would be willing to be that everything is still there, it's just hidden. Take a look [https://support.mozilla.com/en-US/kb/common-questions-after-upgrading-firefox-36 this article]. It will give you some tips on how to bring back any of the options you might not see.
  Hopefully this helps!

• ASA WebVPN. How do you restrict access to users in an AD group using LDAP?

  Hi All,
  I am trying to configure separate WebVPN connection profiles to give different portal bookmark contents to users based on their AD group membership.  This has been very difficult, even though I beleive it should be easy.
  The login page of teh ASA by default has a dropdown to allow default users to access the default portal and the SSL VPN client connection.
  There are two other portals that I would like to restrict access to based on AD group membership.  I have set these up to be selected by URL.
  The biggest problem is, I have no way of knowing how to go about this.  The AAA LDAP options show a group membership search, which I have configured, but I cannot say "Profile X is restricted to AD group CarpetBaggers", so that if soneone that is NOT a carpetbagger tries to log in, it fails.
  I can only do an all or nothing scenario.
  It would be nice to use Dynamic Access Policies to do this, and I have created a few, but they do NOT seem to work when the drop down aliases or URLs are in use.  So how do I go about using them in this scenario?  Turning off the aliases or URLs is not really an option right now.
  Scenario 1 would work the best for me.  Restrict access to profiles/groups based on AD group membership using LDAP.
  Scenario 2 would be an ideal longer term solution.
  Any thoughts, ideas or assitance would be greatly appreciated.
  Cheers

  This is exactly what i was looking for, and Nelson is correct.  When you enter the DAP configuration for a profile click on "Advanced" and there is the option to create a logical expression.  The guide (ther is a button to access this) is really helpful, with a couple of examples.  This is what i used:
  assert(function()
     if ( (type(aaa.ldap.distinguishedName) == "string") and
          (string.find(aaa.ldap.distinguishedName, "OU=Users") ~= nil) )
  then
         return true
     end
     return false
  end)()
  from the debug dap you can see what Users relates to;
  DAP_TRACE: Username: MyUsername, aaa.ldap.distinguishedName = CN=Mr B,OU=Users,OU=Site ******,DC=CH,DC=Mycompany,DC=com
  My admin account fails to get me in to the same profile:
  DAP_TRACE: dap_add_to_lua_tree:aaa["ldap"]["distinguishedName"]="CN=Admin Mr B,OU=Admin Users,OU=Site *****,DC=CH,DC=Mycompany,DC=com"
  Thanks
  Andrew

• Restrict access for Vendor Master Data

  Hi all.
  Our company structure is like below:
  Single instance, just one mandant.
  Company codes like 1001, 3001, 6002, 6006, etc... over the world.
  At some companies just the central administration can create vendor for the companies using the transaction XK01.
  Now we need to give access to users from one of our company from other country but we can´t give access to transaction XK01 because just the central administration can create the master data for the vendors.
  I already read about the object F_LFA1_AEN that is possible to create some field groups and give access just for the rigth groups. I also read that this authorization groups don´t have effect on the vendor master data like address.
  How can I restrict access for the vendor master data? I´m thinking to give access to transaction FK01 and MK01 and restrict access for create a new vendor, I only want that the users can create the data for a new company or new purchase organization.
  Thank you
  Darlei Friedel

  among many other authorization objects, you find following three:
  F_LFA1_GEN general data
  F_LFA1_BUK company code data
  M_LFM1_EKO purchasing org data.
  If the user does not have authorization for F_LFA1_GEN , then he cannot maintain general data.

• Need to restrict access to XD02/XD03

  Hi All,
  I  need to restrict access to some acct group in the search screens for individuals who do not have access to this account group in transaction XD02/XD03.  Other than this group we should not allow to search the screens.
  Please guid me if any exit / badi....etc. where i can put this validation.
  Thanks.
  Raj.

  Hi,
  Try this link...
  Customer Master Maintenace - restriction general data tabs
  Regards,
  Guru

• Creating a restricted access page.

  I need to create a restricted access page within my website, so that a username and password are required to access. The Dreamweaver instructions ask me to go to the Server Behaviors panel (Window > Server Behaviors), click the plus button and choose User Authentication > Restrict Access To Page.    However, the Server Behaviors panel does not provide me with an available plus button to choose.  What can I do about this?

  CC is the current version of DW. It was released this year and Server Behaviors were removed from it because they are outdated.  Before that was CS6, CS5.5, and CS5.  CS4 was released in Fall of 2008.
  Password Protecting a page or folder on your server can usually be done very quickly through your remote server's Admin or C-Panel.
  Or if your host server is Linux, you could do it with just 2 files:  .htaccess and .htpasswd
  http://www.htaccesstools.com/articles/password-protection/
  Nancy O.

• Problem with Restrict Access to Page with access level using ASP

  I'm using Dreamweaver CS3 with ASP-VBScript and an Access
  database. The pages were created from scratch for this project,
  using those tools all the way through.
  I've created a login page, an admin homepage, and add, edit,
  and list records pages for three tables. The login page uses the
  Server Behavior "Log in User", all other pages use the Server
  Behavior "Restrict Access to Page". All of these are based on an
  Access Level.
  Login seems to work correctly, and redirects to the admin
  homepage. From the admin homepage, I can open any other page as
  expected, and they initially display correctly. On the add and edit
  pages, however,
  submitting the form often results in getting logged out, but
  not always.
  Once this happens, I can log back in, but other problems will
  sometimes occur during that second login session. Sometimes,
  logouts will occur on pages that worked fine during the first login
  session. Sometimes, another session variable that I've setup
  manually will change when it shouldn't...as if there were two
  values stored for my session variable, and reloading the page
  changes to the other value.
  This
  post seems closest to my experience, but it doesn't look like
  there was really an answer beyond "I had to fight with it for a bit
  to get it to work":
  I suspected that there is some problem with session settings
  on the server. We have an almost identical tool on the same server
  that was developed with an older version of DW that works more
  reliably; it sometimes has problems with the initial login, but
  never has a problem after that.
  Has anyone experienced problems like this? Any suggestions
  for what to check? I'm really pulling my hair out since it's so
  unreliable...the kind of problem that goes away when you try to
  show someone and comes back when they leave.

  Hello,
  I was thinking that all I would need would be the username, although username and paswsword would be more secure.  There are about 50 users and no groups or levels.  They are all equal ... same level.
  The website is private and there is a general content area for all users and then there will be private areas for each user where proprietary documents will be held.  I need to be able to ensure that user 'A' can only see the user 'A' pages, user 'B' can only see user 'B', etc.
  I don't really understand what the Dreamweaver script is doing, but the overview sounded like it was the right tool to accomplish what I'm trying to do.
  Any assistance greatly appreciated.
  thanks.

• FERC Code of Conduct - Restricting access for employees

  hello - I am project lead for an effort to separate market and transmission data from certain employees in our company. I'm finding this to be a monumental task, since we have a large SAP implementation. FI/CO, MM, HR (postion-based security), Customer (IS-U-CCS), PM, PS, xRPM. We have implemented SOD for SOx compliance, but this is an entirely different effort. Unlike SOx, we need to totally restrict transactions that could contain non-public market and transmission data, so we need to separate the data behind the transactions. Does anyone have experience with this? Would love to hear what approach you took and swap ideas.
  Annette M Alboreo, FirstEnergy Corp.

  Hi Annette,
  First of all, good luck! Data segregation is always a tricky one to manage and needs to be carefully thought out.  This sort of activity has a large security and functional overhead and you need to make sure you have access to them.
  When I've worked on this sort of thing in the past, there are a few things that you need to identify
  - What data is sensitive?  The business should ID <b>all</b> sensitive data and the functional team translate that into fields etc.  What data needs to be legally segregated, what data is nice to have segregated.  A set of rules should be drawn up to say who get's what in which circumstances.
  - How are people accessing data? What transactions give access to sensitive data? Standard SAP tx, custom tx (which may need auth checks changing), access to SE38/SA38, SQ01, SQVI etc.  All of the routes to the data need to be identified.
  Once it is known what data needs to be restricted then it is possible to address how to restrict access to it.  A reasonable amount of it should be able to be catered for in the standard auth concept.  It's also likely that there will be the requirement for additional config & customising (e.g hide fields, change screens, user exits) to meet these new control needs.  I think it goes without saying that the more that you can fix with the standard auth concept, the easier it tends to be.  If this means removing some transactions from users then in some cases it may be less costly than knocking up a whole load of custom code to solve the problem - of course this is dependent on the situation.
  Hope that is of some use
  Cheers
  Alex

• Having trouble restricting access to virtual multihosting entry

  Hi,
  I've created a new proxy instance with all default settings. I'm trying to use virtual multihosting with an ACL to restrict access to this virtual multihost. I'm having troubles and am not able to block it. I thought I could use a template to impose this, but perhaps I'm wrong. Here's how I've done it:
  I've created a single template called "testing-access", containing:
  http://testing\.mydomain\.com/.*
  I've then added a single Virtual Multihost entry as follows:
  Source Hostname (alias): testing
  Source Domain Name: mydomain.com
  Destination URL Prefix: http://testing2.mydomain.com
  Use This Template: testing-access
  At this stage, the virtual multihost works. I can access testing2.mydomain.com via testing.mydomain.com.
  Now I go to implement the ACL to, for testing purposes only, Deny all access to this virtual multihost. Remember this just testing to learn how to apply an ACL to a virtual multihost. Later, my intention is to block all http access (by way of Deny applied to http://.* resource ACL) via the proxy, except for the virtual multihosts. These virtual multihosts will also include access control based on different IP addresses. The thought is to have a different template for each virtual multihost then apply a set of ACE Allow conditions for the template's ACL.
  I go into Administer Access Control, select the "The template 'testing-access'" resource. I then click on Edit and add the ACL as follows:
  Action: Deny
  Users/Groups: anyone
  From Host: anyplace
  Rights: all
  Extra: N/A
  Continue: enabled
  I restart the server instance then attempt to access the virtual multihost, which I can. I cannot understand why this is not being blocked.
  I've tried changing Continue to be disabled but that hasn't helped either. It seems as though the ACL for http://.* (which incidentally by default has no ACL) is taking precedence. I've also tried adding to the template without success: http://testing2\.mydomain\.com/.*
  If I were to add an ACL to http://.* resource to Deny it blocks all http://.* requests. This is no good because effectively what I would like to do is block all http://.* access EXCEPT for those virtual multihosts I add. Each virtual multihost will need to have its own ACL to restrict based on IP. This is why I created a template for the one above. The objective would be to add several Allow ACEs depending on host, such that only those who are on this ACL can access the URL in the template (a virtual multihost, remember), anything else is blocked via the http://.*
  I only did the test at the top to learn how to successfully implement an ACL on a reverse multihost, by applying a Deny for everyone via the template ACL.
  Any ideas?

  In the case structure you can replace the 'success' button with the vi that you want to run. If you set the properties of the vi to 'show front panel when called' it will open and run when a log-in is successful.
  There are other ways to do this, this is one of the more simple ways.
  Ian