Restrict User Access to Planning Books- Creation of Roles

Similar Messages

• How to restrict user access in Oracle Application Server 10g (9.0.4)?

  Can anybody please let me know how to restrict user access in 10g AS? To be specific, how to allow http requests from specific IPs only?

  Hi,
  You have to edit httpd.conf and modify acces rights for each protected directory
  e.g.
  <Directory /var/www/sub/payroll/>
  Order allow,deny
  Allow from 192.168.1.0/24
  </Directory>
  then you have to restart Oracle HTTP Server
  jm--

• Time restricted user access

  Dear Experts,
  we are dealing with the following issue. Is it possible to set up time restricted user access in BPC 7.5? It means e.g. we want user to have access to BPC only in the first half of the year or (a bit trickier) in every first half of each month.
  And is it possible to temporarily prohibit access for an user without deleting him or his rights?
  Thanks for the reply,
  Jakub

  Hi Jakub,
  Can you explain why you want to set up your system this way? Depending on what you are trying to accomplish, there may be a good way to make it work in BPC (work status, security, data model design), but as Nilanjan said, there is not an easy way to totally lock out users based on date.
  Ethan

• Planning book creation

  Hi All,
  Is it possible to create multiple Planning Books in same Planning Area?
  If yes, how?
  Please reply.

  Hi Ashish,
  Planning Book: Planning Book is a content and layout for designing a Interactive Demand planning(IDP).
  we need to design the PB's for different demand planners/group of planners.
  we have the option for creation of macros for execution in planning books.
  A planning book is based on a Planning Area.there is no limitation for the planning books we can create number of PB's for one PA(Planning Area)
  For creating PB Tcode is : /SAPAPO/SDP8B
  select the radio button for creating PB
  Provide PB name and description.and the we need to provide our PA, So at this time what ever the Char and Kefg are available in PA all are existed in PB also
  then you can assign what ever you want the Kefg and Char assign to PA to PB.
  And the select check boxes related to UVM.MLR composite and Promotion.
  we need to select this check boxes what ever you want.
  Repeat the same procedure for all the Power users Individually.
  and also create DV's for each PB
  And better to find this bellow link very useful.
  http://help.sap.com/saphelp_scm41/helpdata/en/17/a5214732a111d398260000e8a49608/frameset.htm
  Regards,
  Pullaiah

• How to find out total of number of users accessing Hyperion Planning applications ?

  Hi All,
  Could someone help me with the details of how to find out total number of users who are accessing Hyperion Planning application in Env.?
  This is with regard to licenses so wanted accurate and unique information,
  Thanks
  Amith

  Hello Amith,
  I think you should have a look at the blog of Cameron Lackpour http://camerons-blog-for-essbase-hackers.blogspot.be/
  In the "Shared Services Stupid Trick" blogs, he shows how to find the real access to an application. The side benefit is that it is amusing to read.
  In how far this is OK for the licenses is written on another page. You likely need to use the same method as Oracle does. Ask the Salesperson how to do this. (I am curious what his/her reply is).
  Regards,
  Philip Hulsebosch.

• Restricting Users access to BW Query based on Criteria

  Hello  ,
  Haven't found much help with the security implementation documents , i have been given a objective to create Profiles/roles and which would be used only for reporting on 1 single Cube by users from multiple departments. 
  Create profile/Roles and provide access to users for Query ZREP_C0_1 .
  User belonging to comp_code1 & region4 & plant6 should be able to view only his data and none other  even if the user wishes to see Compcode2 & region3 & plant4. 
  ( Reporting with restrictions over the User authorizations  on Region/Compcode )
  Creating the Role has been the easy as it was just to provide access to the infoarea , cubes, infobjects , query and authorization objects to execute query.   However i am stuck on how to proceed further on the above scenario  regarding restricting the users.
  Your help is much appreciated .
  Regards
  Raja

  Hi Pratheesh,
  If you are going to use client authentication in SSL and if client authentication fails since not all users will have client cert provided by you, SSL handshake will not complete and hence no access. But this is a performance impacting option. Restricting access on FW would be a good option.
  During the flow of a normal SSL handshake, the server sends its certificate to the client. The client verifies the identity of the server through the certificate. However, the client does not send any identification of its own to the server. When you enable the client authentication feature on the ACE, the ACE requires that the client sends a certificate to the server. The server then verifies the following information on the certificate:
  The CA has not revoked the certificate.The certificate signature is valid. The valid period of the certificate is still in effect. A recognized CA issued the certificate.
  You can specify the certificate authentication group that the ACE uses during the SSL handshake and enable client authentication on this SSL proxy service by using the  authgroup command in SSL proxy configuration mode. The ACE includes the certificates configured in the group with the certificate that you specified for the SSL proxy service
  Regards,
  Kanwal

• Error while accessing DP Planning Book through Portal. ( internet)

  Dear SDN,
  We are using a collaborative planning book from SCM 4.0 system, which is published as a service on the ITS (6.20 version). This ITS has been published so that we can access the system from the Broadband, simply like any other website.
  The ITS URL is :
  http://mmscmoptprd.mahindradms.com/scripts/wgate/webgui/!
  The planning book service is
  http://mmscmoptprd.mahindradms.com/scripts/wgate/clpsdp/!
  When we try through our LAN, we can access it.
  When entering through broadband, we can see the first page of planning book , i.e. where selection of planning book and planning view is to be made.
  Once a selection is made from the dropdown, and when <u><b>"CHOOSE"</b></u> button is clicked (for that matter the rectangular box containing the selection criteria and also the <u><b>Exit</b></u> button ) we get a message as :
  <i>Problems with this Web page might prevent it from being displayed properly or functioning properly.
  Line : 714
  Char : 1
  Error : Object Expected
  Code : 0
  URL : http://mmscmoptprd.mahindradms.com/scripts/wgate/clpsdp/!?client=100&language=en&accessibility=0&DesignBaseUrl=%3A%2f%2fmdwds01.mahindradms.com%3A80%2firj%2fportalapps%2Fcom.sap.portal.design.portaldesigndata%2Fthemes%2Fits&~design=mm_dms_defaultTheme</i>
  and it remains on the same page.
  The IView used is of the type :
  1. URL IView ... CLPSDP service url is given as parameter URL.
  2. IAC IView : web-service is "clpsdp" and "ITS url" is given.
  We intend to give either one which should work fine.
  I am not able to figure out as due to what reason should this problem arise, either the UI attributes or the publishing or something else.
  Request you to please help.
  Regards,
  chandani
  ep consultant
  www.bcone.com

  Hello,
  SInce this is an Portal Error, for quick and efficient replies past it in SAP EP forum.
  Thank and regards,
  Abhishek

• Control/restrict user access

  Hi,
  we are currently on EP7.0,would like to find out if we are able
  to control/restrict number of users from accessing an ESS transactional
  page. Thanks.

  Hi Eric,
  access to portal content is managed with help of portal roles. Basically, you assign portal content (worksets, portal pages, iViews) to a portal role (see SAP Library  <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/4f/bceaffeb8c114ebef8255b63079c7c/frameset.htm">Roles and Worksets</a>). To make the content available to a certain set of users you have to assign the portal role to the users (see SAP Library <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/ed/845890b89711d5993900508b6b8b11/frameset.htm">Assigning Roles to Users and Groups.</a>).
  If you would like to restrict access to a certain ESS portal page remove this page from the standard ESS role and create a new role. Assign the ESS portal page to this new role and assign the role to all users you would like to give access to the page.
  Make sure you set the right Merge-Ids and Sort-Ids in order to display the ESS portal page at the right point in your portal navigation structure (see SAP Library <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/53/89503ede925441e10000000a114084/frameset.htm">Merging Navigation Nodes and Defining the Sequence</a>)
  Best regards,
  Martin
  <i>Please reward points for helpful answers</i>

• Restricted User Access

  Hi All!
  Is it possible to restrict the access of a user in that way that he can only edit a part of the columns, but he can see the whole table even the columns he isn't permitted to change! How can i solve this problem?

  Hi user552848,
  please provide your first name...
  I would see 2 possible solutions here:
  1) Create or own access roles
  a) create an application item where you store which "access role" the user has and
  b) use the "Read only" property of the page item, where you specify a condition of type "Value of Item in Expression 1 != Expression 2". Write the name of your application item into Expression 1 and eg UPDATE_ALLOWED (=>name of your access role) into Expression 2
  2) You use the APEX authorization.
  a) Create one at Shared Components\Authorization Schemes).
  b) Use the "Read only" property of the page item, where you specify a condition of type "PL/SQL Expression" with the following code in Expression 1
  NOT WWV_Flow.public_security_check('Name of the Authorization you created');Note 1: "Name of the Authorization you created" is case sensitive
  Note 2: WWV_Flow.public_security_check isn't a documented function, so use it at your own risk, Oracle may change it/remove in the next release.
  Hope that helps
  Patrick
  Check out my APEX-blog: http://inside-apex.blogspot.com

• Restrict user access to sales order

  Hi all...
  We have the following situation:
  A user xxxxx creates a sales order with va01 ... how can be limited the access to this sales order??..another user  yyyyyy is not allowed to modify this sales order but user yyyyyy can create orders/modiffy ordes with va01/va02.(something like limit access to o sales order created by another user).
  Regards,

  Hello Viadi,
  Your basis person can help you out in providing this restrictions.
  I would like to tell you that you can restrict a particular user from accessing a t-code entirely for eg: you can restrict a user to only VA01 & VA03 i.e., creation and display  and another user should be given access to VA02 i.e, change SO.
  This way you can maintain security measures for SAP usage.
  If you give authorization for creation and change there might not be sanctity of usage. But this again depends upon the client requirement.
  Hope this helps.
  SAP gurus any additions or corrections to this are welcome.
  Thanks
  Swami

• User access to "planning " data forms

  hi
  iam newbie to planning
  i have two different doubts in planning
  i have created a application in eas called "blue " in eas console and loaded the data and retrieved in excel , iam able to see the data . mean while i have created planning application called "gt" and its created sucessfully, i can able to "gt" see in the eas console . i wanted to get the data from "blue" in eas into planning "gt" dataforms i created a user called "blue" in shared services console , i decided to give the privilege to "blue" in eas , i clicked on the default application to blue application but was nt there ,but it showing separtely , i clicked on that and assigned roles like "administrator" and cube creator and planner
  my doubt is that
  1: when i logon "gt " planning application and created dataform folder i want to access the essbase application "blue" data, but there is no user available in that dataform
  iam confused whether i should give privileges to default application or "gt " i find both of them in shared services console
  clearly my doubt how to link eas "blue" with planning "gt " and datas form blue should be retrived in gt dataform
  iam using epm11
  sreekumar.H
  OLAP-DEVELOPER

  Hi,
  I am not totally sure what you are trying to achieve but if you create an essbase application in EAS it is a totally seperate entity from a planning application, so you can't just access it directly.
  The are many options on what to do but it needs to be clearer why you have to access the data from a seperate database.
  If there is a commonality in the dimensions then it would have been possible to create an extra plan type when you created the planning application, this creates an extra database as part of the planning application.
  The other options are to use XREFs to access data from one to cube to another.
  Another option would to use partitions.
  You could extract the data from one cube using an export or DATAEXPORT command and then load it into your planning database or use ODI to extract from one database and load it into the other.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Restricting user access based on a site column value in a document library.

   
  We have a business requirement to show the contents of a document library based on a value (or values) in the site column (or multiple columns). For example, my document library has a custom site column called confidentiality. This
  will have values like restricted, internal and public. Now, based on the AD Group the user belongs to, I should be able to control the access to Restricted or Restricted and Internal files from the document library. We are using SharePoint Online 2010.
  Please suggest the best way to achieve this requirement?

  SharePoint's security model doesn't allow you to specify security based on metadata. You could however create a Sandboxed Solution containing a Feature that registers a custom event receiver on the Document Library. The logic inside this
  Event Receiver would fire after editing item properties (ItemUpdated) to apply item-level permissions based on the rules you need.
  Make sure to read the article below to determine if fine-grained permissions are suitable in your case:
  http://technet.microsoft.com/en-us/library/gg128955.aspx

• Restricting user access to delegated administration pages

  I have a question about delegated administration services.
  When a user is defined, regardless of its privileges, it has access to OIDDAS pages.
  And he or she can see the other users' information. (through Directory and Users tabs)
  Is there any way to restrict OIDDAS pages to selected userids?
  Regards
  Farbod

  If your version of the servlet container is compliant (I assume iPlanet is), then you can declaratively set your security in the web.xml. You can specify entire directories (HTML, JSP, graphics, etc) to be secured. This also prevents you from converting all your static content to JSP and inserting code into each one to validate the user. You may define your own custom login page as well. This is by far the best method of security if you're not trying to do anything fancy like data-level security. The J2EE security model is role-based.
  Hope this helps.
  Chris

• HT201304 Is there a way to restrict user access to find my ipad with out restricting the mail app?

  I am working on setting up multiple Ipad 2 tablets with iOS 5.1.1 and I need to restrict access to turn off find my ipad. The only way I see to do this is to turn on restrictions and dont allow changes on accounts. The issue I have then is it also restricts the Mail app setup. Is there a way to restrict one and not the other? We use microsoft exchange mail and I would be willing to use another mail app if anyone can suggest one that works as an alternative?
  Thank you.

  I don't know of any reliable tracking app, but perhaps someone else here can suggest one I'm not aware of. Any could be defeated by just restoring the iPad, though, so about all you could hope to do would be make things a bit more difficult to turn off. For a third-party app, you'd have to restrict the user's ability to uninstall apps, something which might be equally problematic for you.
  Regards.

• Is it possible to restrict user access to files that need read/write permissions?

  I am in the process of implementing electronic payments for a company's AP department.  Dynamics GP (Great Plains) needs to create an EFT file that will get sent to the bank.  After it is created, a script is run that sends the TXT file to the
  bank and then renames the file extension to SNT.  Users are logged on to the Great Plains server and have their own permission group.
  Because the file is sending payment instructions, it is essential that users cannot modify or create a file with fraudulent payment instructions to the bank (incorrect bank account info).
  With testing, I was able to save the file from GP to a folder where users cannot read it's contents, however the script cannot send the file to the bank without "read access" (it says not files available).
  Any ideas for solutions?  For instance, is it possible to make Great Plains and/or the script file "system" so that it can override the user profile's permissions? 
  I was also looking into the ability to hide the folder/files, but it appears users can choose to view hidden files and folders.

  I dont think so you can do it that way..