Restrict user to access report of a specific layout

Similar Messages

• Restricting users in accessing project/project reports

  Hi,
  We are having various Projects created thru PS Module, which can be categorized thru Project Types "Large", "Medium", "Small", "Utility" etc.
  We need to block users from accessing certain projects (by Project Type or individual project itself) which they are not attached. Access should not be available for create,change,display of master data and viewing all reports to these projects. Whether it is possible within PS Module or is it possible by authorization restriction thru basis.
  Please provide your valuable update.
  Regards,
  Vinod

  Ketul,
  You are right. SAP gives hierarchical reports in controlling area currency.
  All hierarchical reports are report painter reports. You need to copy the report going into CJE0 and in form change the currency to company code currency for all key figures.
  Later you can assign an transaction code to access these reports in company code currency.
  Hope it helps.

• User/System Access Reports

  Hello
  We have been running SAP Business One (2005A build 680.320) for about two months. As the administrator, I will need to run access reports for our compliance requirements. Can someone tell me where within the system I can utilize the necessary tools to 1) run a user access report (including failed logins) 2) create a report on user authorizations and if possible audit system-level changes to the database?
  Thank you for your advice.
  Tracy Strub

  Tracy Strub,
  1) run a user access report (including failed logins)
  <li> There is not really a report for this.
  2) create a report on user authorizations
  <li> If you go to Administration > System Initialization > Authorization > General Authorization ......Click Expand.... and Export this to Excel
  There are no specific reports providing Authorization information by User
  and if possible audit system-level changes to the database?
  <li> SAP maintains a Change Log for most documents and you are view the changes when you are on any particular document by going to Tools > Change Log.
  Suda

• How can i restrict user to access database object (procedure) or JSP

  Hi
  I have 9ias infrastructure 902, on win2k box with 9i DB.
  and I have one PL/SQL web application and another J2EE application both are hosted by 9ias 902.
  Now we are looking forward to couple both with SSO.
  I have deloyed samples of both and works fine.
  Each application have different set of users, i mean there is no common user.
  How can i restrict user not to view the web page which is not authorised to them.
  as far as i understand from the Grocery demo is pick the role (which is a string only) from OID and programaticall apply security via if else endif construct.
  can any one through light upto my concern.
  regards
  [email protected]

  Hey Mary
  No i haven't try to do that via pl/sql....
  as the our application is j2ee app... deployed in oc4j.. with sso and ldap....
  still finding to do so....
  what i have realized that LDAP is just to store user information in inverted tree... and one have to build separated access security mechnisum that will be applicable to j2ee system....
  thanx...
  samir....

• How to restrict users to access the files directly from /irj/go/km/docs/doc

  Dear Experts,
  I have made a folder in KM where I have saved some files, and also I have made a application from where user can access those files.
  But the users are able to access the files by directly typing the path of the file in internet explorer, I have to restrict it that the user should not be able to access the files directly.
  Please give your helpful suggestions.
  Warm Regards
  Upendra Agrawal
  Edited by: Upendra Agrawal on May 15, 2009 4:49 PM

  Hello,
  You can have a link/button react to a mouse clic by reading the KM document and putting it on the htpp flux with the correct header (this is the same kind of code that is used when you generate the pdf). As the file access is in you server-code, user will not have access to the URL...
  an exemple for the WD Java (coming from this [PDF|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d0cc41cb-9576-2b10-99a6-ab90ef28c73b]), with slight modifications :
  public void exportToPDF( ) {
     //@@begin exportToPDF()
     ByteArrayOutputStream outputStream = null;
     outputStream = new ByteArrayOutputStream();
     // read the file with KM API and copy it to the outputStream
     showPopUp(WDWebResourceType.PDF, outputStream, "PDF Out Put");
     outputStream.close();
  //@@end
  regards
  Guillaume

• Help needed restricting users admin access to devices using ACS 4.2

  I have users that access the network via a VPN client to a PIX 515 which authenticates to the ACS (using the default group for unknown users) which uses an external Active Directory Database.
  The problem I have is that as the ACS authenticates these users, it now allows them admin access to the PIX. How do I restrict access? I have looked at NARs using the 'All AAA clients, *, *' approach but that just stops their VPN access. ( I have a separate group called 'PIX ACCESS' which will contained only defined users for admin access).
  Incidentally I have other devices on the network which are AAA clients, in particular Nortel switches. I can set the group settings for that RADIUS set up to 'Authenticate Only' (RADIUS Nortel option) and that works fine, I was expecting the ACS to have a similar setting for TACACS+.
  So how do I allow the unknown users to authenticate to their AD database but restrict them admin access to the AAA clients?

  Very common problem. I've solved it twice over the last 6 years with ACS. I'm sketchy on the details. But here goes. First option to explore is using RADIUS for VPN access, then TACACS on all the Cisco switches and PIX firewall. That would make it alot easier. I think that with TACACS, you can build a NAR based on TCP port number instead of IP address....
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a0080858d3c.shtml
  So you'd have a group with 3-4 Administrators that can access PIX CLI, and another group of VPN users that can't access the PIX but can VPN in. So on the VPN group, put a NAR that restricts access to SSH/Telnet TCP ports?
  This comes up everytime I install an ACS server, (every 2-3 years), and it's always a trick.
  Please let me know if this works for you. And if it doesn't, let us know how you fixed it. I think I can get back into the ACS I last did this with and take a look, but I'd have to call up and make a special trip.

• HFM: How to restrict user to generate reports when there is a data load process going on?

  Hi Experts,
  I want to get some idea on how we can restrict one user of generating report when another user is loading the data for the same entity, assuming both the users were at different location and there is no communication between them.
  i am dealing same kind of problem in HFM. we have many users created, some users will be loading the data using FDMEE while some users will be generating the reports. the problem arises when one user is loading the data for a particular entity and at the same time another generates the report for the same entity. this shows wrong data in the reports as the data's were not updated.
  please suggest how we can come out of this problem.
  Thanks in advance for your valuable suggestions.

  I thought for a while that I could solve the problem creating a parameter in the main report and casting the first argument of my subreportprocesssing event handler to LocalReport and setting the parameter using the SetParameters method of the LocalReport
  object indicating when there was data to show or not. But this doesn't worked , the parameter value remains the same when I use it in expressions to change the visibility property of my subreports.
  Codelines

• Restrict User to access/fetch data in back date

  Hi All,
  As financial year is about to close, one of my clients has requirement that for all t-codes, user must be having restriction to access or fetch the data in back date or till 31st March, he won't be able to access it. So my ques is can we do it at authorization level or from basis end.?
  If no, then how it would be possible?
  But they want only 3 users out of all should have access.
  Guida me for the same.
  Regards
  Disha

  Hi ,
  As per standard behaviour of the system you wount be able to achieve what you are looking for .
  As the system does not allow user to be restricted based on period for reports .
  You can check for either BADI or exits / Enhancement points for restricting but that too based on which t codes you want to restrict . It would be T code based like you identify the T codes and accordingly make the enhancements .
  Cheers ,
  Dewang

• Restrict user on custom report by using P_orgin

  Hi
  I have a requirement of restricting the view of a custom HR report based on Personnel Area(PERSA). I am using the standard authorization object "P_ORGIN" and  call the following in my code, still I am not being able to restrict the view of the report based on PERSA.
  The test user id created has the role rest
      CALL METHOD zyclmdmim_authority_chk=>zyxapm_authority_check
        EXPORTING
          infty = '0001'
          authc = 'R'
          persa = '0684'
        EXCEPTIONS
          noauthorization = 1
          OTHERS          = 2.
  method zyxapm_authority_check.
    authority-check object 'P_ORGIN'
    id 'INFTY' field infty
    id 'AUTHC' field authc
    id 'PERSA' field persa.
    if sy-subrc <> 0.
      raise noauthorization.
    endif.
  endmethod.
  Regards
  Swarnali
  Edited by: swarnali_IBM on Jan 28, 2012 9:10 AM

  Hi Swarnali
  You can use codee below
  CALL METHOD zyclmdmim_authority_chk=>zyxapm_authority_check
        EXPORTING
          infty = '0001'
          authc = 'R'
          persa = '0684'
        EXCEPTIONS
          noauthorization = 1
          OTHERS          = 2.
  method zyxapm_authority_check.
    authority-check object 'P_ORGIN'
    id 'INFTY' field infty
    id 'AUTHC' field authc
    id 'PERSA' field persa.
    if sy-subrc NE  0.
      raise noauthorization.
    endif.
  endmethod.

• Restriction user to access owa outside the organization

  I need a policy that a specific group of user, they can access owa in inside the organizational network but when they go outside they cannot access owa outside network.
  if possible please suggest

  Hi,
  Based on my research, we can block selected Users external OWA access by change the files
  startpage.aspx and basicmessageview.aspx
  For more information, you can refer to the following article:
  http://blog.leederbyshire.com/2012/11/27/block-or-allow-selected-users-depending-on-location-in-microsoft-exchange-2010-outlook-web-app/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Thanks,
  Angela Shi
  TechNet Community Support

• How to Restrict user to copy reports to other folder except favorites

  Hi
  I have created web intelligence reports and saved it in folders
  now i have to give rights to the user
  that he should only copy that report to favorites not to any other folder
  how to restrict this in cmc pls somebody help me ....
  or else there is one more case
  user can chage the report but the changes should reflect only to him not to other user who see that report

  Hi
  I have created web intelligence reports and saved it in folders
  now i have to give rights to the user
  that he should only copy that report to favorites not to any other folder
  how to restrict this in cmc pls somebody help me ....
  or else there is one more case
  user can chage the report but the changes should reflect only to him not to other user who see that report

• Can't Restrict users form accessing folders

  I have just installed my Mac osx server and i have created my users and shared my folders but it looks like all the users are able to access my folders even though i set permissions for them.even if i Deny in Acl the user still has access to the folder.i want to give specific users access to certain folders.what am i doing wrong? your help will be greatly appreciated.

  If this is a production server, I'd suggest acquiring some IT coverage or an escalation path for issues, or both. As nice as Mac OS X Server is, you're still running a Unix server, and a month and a half of problems is going to be something that the users will take issue with.
  Your /Users folder looks somewhat problematic by what's not present there; I'd expect to find (more) users' home directories there, and I'd expect the users' directories to be owned by the specific user and by "staff"
  Here's what the home directory for user zork2 looks like in /Users directory, for a configuration with the users's homes in /Users.
  drwxr-xr-x+ 12 zork2 staff 408 Aug 31 2009 zork2
  0: user:_spotlight inherited allow list,search,fileinherit,directoryinherit
  This would be a common case for OD users created under the /Users directory on the server.
  The user edem parallels this and looks OK, but (if that's the entire contents of your /Users directory) it looks like the users are created elsewhere.
  You'll need to use Workgroup Manager (WGM) to locate that elsewhere, and then go check that area for its protections and ACLs. The commands involved in listing protections over in that path are similar (albeit adjusted for the different directory path), and the outputs should match what was posted for zork2 or edam in the existing /Users directory.
  Apparently I was insufficiently clear with the +ls -ale /users/somefolder+ command reference and had intended to look at the settings within one of the problematic user's directory, but it does appear that the first command showed enough to indicate that the users' homes are elsewhere.
  I'd also suggest getting an IT escalation path, first and foremost. Another good option (albeit from personal experience with following this path, one that can occasionally lead to frustration and outages) is going to be the school of hard knocks and whatever classes and books you can get your hands on or can attend; the proverbial crash-course in Mac and Unix server IT management. I've not viewed the tutorial videos available at Lynda.com, though various folks posting around the forum do indicate those can be a good resource.

• Restricting user's access to printer--how?

  I have a mac with several users, all with their own log-in accounts. The mac isn't part of a network and has only one printer. I'd like to restrict access to the printer to certain users. Can I do this? How?
  Thanks.

  Hi,
  You can't have the computer enforce that on it's own (at least easily or without adding some extra software). You can restrict a non-admin user from administrating printers (in general).
  You could ask all admins to pause printing and leave it off when they log out - then the other users would be powerless to start them again, but they could add items to the print queue for the admins to clean out before using the printers again.
  If you get Mac OS X Server - it has a Workgroup Manager program that can allow fine control over what user can print where - but you need to have your mac set up to authenticate against OS X server somewhere to have your mac obey the rules set up on the remote server...

• We are using version 3.6 on several machines. Is there a way to restrict users from accessing the about:config page?

  Prevent users from making modifications to the about:config page?

  You can do this with the [https://addons.mozilla.org/en-US/firefox/addon/3911/ Public Fox] add-on.
  It can be used to password protect access to about:config. To prevent the user from disabling/uninstalling the add-on, it also allows you to password protect the add-ons manager. You can also lock down other parts of Firefox such as the options dialog and clear history.

• Allow user to access /edit/delete/add specific items in list

  Hi
  I have one custom list.
  every month department head is creating some activity because of which some items are getting added in that list pragmatically.
  like-
  departmentID item1
  item2
  DEPT001 item001
  item002
  DEPT001 item003
  item001
  DEPT002 item004
  item001
  After that User want to edit or delete or add new entries only related to their department only.
  How can allow user to edit/delete or add entries (full control) only related to his department in the same list?
  How can I assign users for this?
  Should I create another list having department id and user mapping?
  please suggest any soln.

  The flow is like,
  User(Dept head/department user)will select department from drop down and clik on button to add some entries against the department.
  once the entries done he just click on save button.
  after some time if department head/department user want to add/edit/delete some entries against his department then he should able to view only his deapartment entries.  
  Also the email is generated to his manager.
  So my question is how should I allow user to view his own entires only which should be available for him to add/edit/delete.?
  If I create one list of department  and on adding the entries against each department I will add departmentID for every entry so that I can filter them by department.
  but how to allow users for those entries? If I added user for each entry and if any department user changed then I have to change his name from all entries for that department.If the entries are more than 50 or 100 then it will be very difficuelt to handle.
  Also for multiple users for single department this is very difficuelt to provide access.
   is there any alternate solution for it?