Restricted access on ACS for PAC file creation

Similar Messages

• How to restrict access to views for some users in the app?

  Hi SDN!
  I have an WD application wich embedded in the portal. Appication has 2 iViews (and 2  pages respectively). These iViews consist several views connected with each other (e.g. one view provide list data, second view is add/edit form for this data). I need to restrict access for some users for view with add/edit form. I can't make separate page for this view.
  What I've done:
  1) create yet another UIContainer for this view in main window and embed view to this container. It was be done for create separate iView for form.
  2) in the portal I create iView for this form but don't embedd in any page.
  When I try to call my form from list data (that is one iView from another) I get exception:
  <b>com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: duplicate usage of view .MyCarRentalAddCity</b>
  Is there a way to get needed functional?
  Thanks,
  Lev

  Hi,
  do you need to remove the IView from the portal menu or do you just want to make a View container in your WD application invisible if the user doesn't have the rights to see it.
  If so, you could create your own roles on the app server:
  You need to create a new class that extends NamePermission like:
  import com.sap.security.api.permissions.NamePermission;
  public class ApplicationAccessPermission extends NamePermission {
             * @param name
            public ApplicationAccessPermission(String name) {
                 super(name);
             * @param name
             * @param action
            public ApplicationAccessPermission(String name, String action) {
                 super(name, action);
  Also, you have to create an Action.XML file that looks like this:
  <BUSINESSSERVICE
       NAME="com.vendor.administration">
       <DESCRIPTION
            LOCALE="en"
            VALUE="actions view usage"/>
       <ACTION
            NAME="View Permission">
            <DESCRIPTION
                 LOCALE="en"
                 VALUE="Show view"
                 />
            <PERMISSION
                 CLASS="com.vendor.utilities.ApplicationAccessPermission"
                 NAME="ShowView"
                 />
       </ACTION>
  </BUSINESSSERVICE>
  If you have created these to files in your packages, you can access this function like:
  IUser user ;
  try {
            user = WDClientUser.getCurrentUser().getSAPUser();
            if(user.hasPermission(new ApplicationAccessPermission("Show view"))){
                 wdContext.currentV_UIElement().setViewVisibility(WDVisibility.VISIBLE);
            }else{
                 wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
       }catch (WDUMException e1) {
            wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
                  e1.printStacktrace();
  You have to bind the ViewVisibility attribute of the context to the View Container you want to hide.
  The applicationAccessPermission you defined in the XML File will be visible in the UME Manager of you J2EE engine. With this action you can create a new role and group that you can map to the users that should see you view.
  But, the exception you get is because you have embedded one view twice, which is not possible.
  Hope this helps.
  Regards,
  Dennis

• PAC File Creation

  I am having to write a PAC file for an iPad deployment. The idea is that all normal web traffic goes though a proxy (172....) while the ipad's will go directly to an internal ipad server to be enrolled into profile manager, etc (and bpassing the proxy). The iPad server is not my gateway server, I have a windows server that handles dhcp and all other stuff. If I go directly to the ipadserver.local/mydevices in safari on an ipad I get 'page cannot be displayed, DNS Fail'
  This is what I've written based upon pac file guides that I have Googled.
  function FindProxyForURL(url, host)  {
            if (localHostOrDomainIsHost(host, “ipadserver.local”))
                          return “DIRECT”;
            return “PROXY 172.etc:80”;
  Have I wriiten this code correctly???

  I am not an expert on writing PAC files but a quick scan suggests it looks ok. However I did spot that you are using a .local domain.
  If this means you are using .local as your internal domain name including for Active Directory then this is normally strongly discouraged at least from an Apple point of view. This is becuse Apple use the .local domain for MDNS (Multicast DNS) aka. Bonjour for automatic discovery of services. This tends to conflict horribly with trying to use the same domain for other purposes.
  As a test try in Safari on the iPad accessing the server via its IP address, if it loads the page properly then this might support the theory that your use of .local is the problem.
  Other things to try are manually defining the proxy server on the iPad, trying to access an external website from the iPad e.g. google.com you also want to try something to test that hostnames are being successfully resolved via a DNS server www.google.com would be one example but if you have internally a server that is not in the .local domain that would be another.
  The error suggests it is not being blocked by a firewall or the proxy server but is failing to resolve via DNS. Of course a remote possibility exists that DNS lookups are being blocked by a firewall which is why I am suggesting the need to do DNS lookup tests. A DNS lookup problem for the .local domain being that it could be conflicting is more likely.

• Access to data for STAT file

  Hi,
        As the STAT file is deleted and processed by a background job  ('COLLECTOR_FOR_PERFORMANCEMONITOR' ), in case if we want to access the data of the file and store is somewhre which is the best possible way.
  Suppose the file is getting deleted in 48 hrs and we want to retireve the data after the file got deleted (i,e. data before 2 days) from where can we obtain this data.
  Also before the file is getting deleted the background job writes the data in a performance data base. Where exactlly this database is located and how to access the data of this data base.
  regards,
        Milan.

  Yes, You Can access the BAM Database.
  But all the table name and columns name will be starting with an under score. So you will have to mention the table name and column name in " "
  Thanks
  Laj

• One username for two tunnel in IPSec remote access vpn + ACS for authentication

  Hi all,
  I want to set up a username which can be used for two different IPSec tunnel (i.e. username USER1 can be used in tunnel TUN1 and TUN2). Can anyone help me how to do this? My current configuration is that I tied the username to tunnel group using group-lock (RADIUS property) so a username can only be used for a particular remote access vpn tunnel (USER1 can only be used for TUN1). I have already tried to enable multiple entry for group lock in ACS (by manipulating the dictionaru setting in ACS), but it seems that authentication still takes the first group and can not take the second group.

  You'd have to create a new AAA server group pointing to servers in the new domain for authentication.
  Then make a new connection profile that uses that AAA server group.
  Your users would have to choose the connection profile (absent some more advanced tricks like issuing them user certificates that can be checked for attributes which map to one profile or another).
  This could also be done with ISE 1.3 which can act as the RADIUS server and join to multiple AD domains on the backend as identity stores. (or even with ISE 1.2 if you use one of the AD directories as an LDAP store vs. native AD).

• How do i restrict access on ipad for public use?

  My employer would like to set up Ipads in each office to display our advertizements and products as well as play informative videos.
  Eventually we would also like to be able to set up access on the ipads for the clients to type in their personal info and submit quote requests electronically.
  However, we want to be able to restrict the access so that the public are only able to view and access specific apps or websites that we have chosen.
  also if anyone has a recommendation on an app that provides a pausable slideshow for displaying documents that would be helpful as well.

  One option would be to investigate an MDM such as AirWatch.  Devices can be placed in Single App Mode, or setup with a restricted browser.  You can also display business content on your devices. 

• Monitor for .err file creation in a specific directory

  Does anyone know if it's possible to get SCOM to monitor a certain directory and then alert if a .err extension file is created there?   If so, are there any instructions you might be able to provide or resources to point me to?  I tried
  searching but wasn't having too much luck. Any assistance would be appreciated!

  Hi,
  I would like to suggest you create a monitor based on powershell script which can be used to test existance of .err file in a specific directory. The below command can be used to check .err extension existance under D:\specific directory
  Test-Path "D:\specific directory\*.err"
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• SQL Loader tool for control file creation

  We are planning to use SQL*Loader to move a lot of data from mainframe to Oracle 10g database. We will write the data in flat files and use SQL*Loader to load these files into tha database. There are more than 100 tables with lot of columns in each. So, I was just wondering if there is any tool available (visual mappings etc.) that can help create the control files for the SQL*Loader, so that I don't have to manually type all the lengthy control files
  Thanks for any help,
  Sam

  sql*loader is capable to generate the controlfile for external tables which are pretty much the same
  Something like
  sqlldr scott/tiger ulcase1 EXTERNAL_TABLE=GENERATE_ONLYhttp://download-west.oracle.com/docs/cd/B10501_01/server.920/a96652/ch08.htm#1006964

• Restricting access to reports for certain users

  Hi,
  We have few reports on a Multicube with Reporting unit authorization object. A certain group of users has this authorization. Now, we want a few of these users not to have access to one particular report on this multiprovider.
  Can anyone suggest a way to achieve this?
  Thanks,
  Abhishek.

  Abhishek,
  Use S_RS_COMP authorization object to restrict by queries. You can create 2 roles based on this object, one role with access to all the queries. The second one will have access to all but one. You can assign this role to relevant people.
  Although, this is slightly more maintenance intensive as every time a new query is created, someone has to add the query to one fo the roles based on security required.
  -Saket

• Not able to access local path for script file

  Hi All,
  I am integration my application (built in Asp.Net/Vb.Net) with InDesign Server CS4.
  InDesignServer is installed on separte machine other than the machine on which application is running.
  All of the scripts and indd files are placed on the machine (on which application is running):
  When I send SOAP request to the InDesign Server from my application. I get following error:
  "Cannot find the folder for the script "C:\ Path of the Script (.jsx)"
  Please let me know how to manage this error.
  It would be great if I get following doubts clerified:
  1. Is it required to put network-path for the script files when InDesign Server is running on different machine and client machine is on other machine?
  Kind Regards...
  Prashant

  I get the same error, I'd like to know if anybody can help me here??

• APIs for XML file creation

  hi,
  can anyone tell me whether there is any Java APIs for creating XML file( similar to the one used for parsing).
  thx in advance,
  -Soni.

  Hi,
  you can try the org.apache.xml.serialize.XMLSerializer which is included in the Apache Xerces Package (http://xml.apache.org/xerces). This Class allows you to serialize a org.w3c.dom.Document to a OutputStream which can be a FileOutputStream.
  Check out this code:
  OutputFormat format = new OutputFormat();
  format.setDoctype("mapping","mapping.dtd");
  format.setEncoding("ISO-8859-1");
  format.setLineWidth(100);
  XMLSerializer ser = new XMLSerializer(new FileOutputStream(f),format);
  ser.serialize(doc);
  Rgds,
  Sebastian

• Microphone needed for WAV file creation

  I need a Microphone for my iMac G5 to record a wav file. The source of the sound I want to record is a Verizon cell phone message. I want to record the message and save it as a WAV file, but I don't currently have a device like a Microphone to record sound on my iMac.
  My old G3 Beige Mic doesn't work on the G5. What product do I need?

  Depending on the model you might have a built-in microphone on your iMac.
  If you decide to use it make sure the room is very quiet. I had to turn off TV and chase my wonderful but very loud children into another room.
  Check and see.
  On mine if I go to System Preferences-Sound-Input look and see if it says anything about Internal Microphone. If so you are in luck.

• Help to fill parameters in microsoft odbc file creation for Oracle

  When i get a modal window for odbc file creation i must fill this fields:
  user name:?
  server:?
  How i fill this parameters if i want connect to a remote server whit this credentials:
  ip:50.80.1.245
  port:1521
  server name: orcl
  scheme: sh
  pwd:sh
  I need know the correct sintax for connect to this remote server.
  kind regards.
  deniscuba

  What dialog is this? What application?
  First, do you have Oracle Client or Oracle Instant Client with the ODBC drivers installed?
  Second, do you have a TNS entry for this server?

• When we go for Flat File creatin

  Hi gurus,
            When we go for flat file creation.Can any one give me one Scenario with example.
  Thanks in advance

  Hello Srikar,
  How r u ?
  We go for flat file in some scenarios like,
  1. The source system could not be connected to the BW System (here u could generate a FlatFile)
  2. If the Customer asks for a different kind of report (in our case we do FlatFile Creation for a complex time management - Employee Working Time is 1st merged with R/3 data, then we combine both together as 1 FlatFile)
  3. Sometimes the customer will give the FlatFile data generated by them
  4. We also take FlatFile reports from Data Targers, using InfoSpokes
  More scenarios are there,
  Best Regards....
  Sankar Kumar
  +91 98403 47141

• IPhoto file creation date inconsistencies during drag and drop

  I have noticed that if I drag and drop a photo from iPhoto to Finder, the file creation dates in Finder are inconsistent.
  (This question is related to drag and drop only and not File->Export, which always uses the export date and timestamp for the file creation date and thus does not suit my needs).
  TEST A -- If the EXIF DateTimeOriginated is 01/01/2013, and today's date is 03/03/2013, then:
  In some cases when I drag a file to Finder, the EXIF date is used as the file modification/creation date in Finder
  In some cases, today's date is used as the file modification/creation date in Finder
  In some cases, a date in between the EXIF date and today's date is used
  It appears that for case A1, these are files that do not have a modified copy.  That is, if you select the photo in iPhoto and then click "File" -> "Reveal In Finder", the "Modified File" choice will be greyed out.
  For cases A2 & A3, iPhoto has inexplicably decided to create modified versions of these files either today or sometime in the past.
  TEST B -- I have read that unexplained modifications are tied to the auto-rotate function in cameras, and it does seem to be the case when I performed the test below:
  Select a large group of landscape format photos (these would not have been auto-rotated), then drag and drop to Finder.  The file creation dates are set to the EXIF date
  Add some portrait photos to the group in (1).  Now the file creation date of ALL photos including the non auto-rotated photos are set to the current date
  The behaviour in B2 is clearly wrong, since the landscape photos should be the same as in B1.  This is bug #1.
  Furthermore, iPhoto appears to be inconsistent with when these modifications are made.  For example, I dragged & dropped an auto-rotated photo on 02/02/2013, then dragged & dropped it again today, then the file creation date in Finder (and also the date of the modified file in iPhoto, as shown in iPhoto File->Reveal In Finder->Modified File) can either the EXIF date (01/01/2013), the late of the last drag & drop (02/02/2013), or today's date (03/03/2013); there does not appear to be any rhyme or reason to this.  This is bug #2.
  In any case, saying "you should never use drag & drop in iPhoto" (as I have read in some other forum posts) isn't a solution, because Apple should either (a) support this function correctly or (b) remove it altogether.  Furthermore, I regularly burn photos to disk for others so having the file date and timestamps correctly set to the EXIF date helps keeping the photos sorted in the directory listings for multiple OS, so File->Export isn't a solution.

  File data is file data. Exif is photo data. A file is not a photo.  It's a container for a photo.
  When you export you're not exporting a file. You're exporting a Photo. The medium of export is a new file. That file is created at the time of export, so that's its creation date. The Photo within that file is dated by the Exif.
  There are apps that will modify the file date to match the Exif.
  The variation you're seeing is likely due to the changes in how the iPhoto library works over the past few versions. Drag and drop is handy, but is not a substitute for exporting, nor intended to be.