Restricted access to nodes in SOLAR01

Similar Messages

• Restricting Access Based on IP Address

  I am wondering how Oracle Identity Management lets us check if the request comes from a specific IP Address before authentication. I need to restrict access to web pages for a username or role to a certain location and IP address, in fact a bank branch.
  Please note that I don't want to limit access to the server to one IP address in general, but I need to let in a pair of (IPx,Usernamex) in other words bind IPs and identities.
  Any suggestion for this?
  Thank you
  Regards,
  Farbod

  Hi
  Sorry for not answering until now but I have been busy the last couple of days.
  You need to implement this functionality on the first node in your system so that you can get the originator IP. If your application server is behind something that changes the originator IP you will simply not be able to read the IP and the approach of using SSO call outs will not work. SSO call out will only work if the app server is placed in front.
  If you have a load balancer in front you will need to install a reverse proxy of some kind in front of the load balancer. If you have the money for licenses I would recommend looking at OAAM.
  What you will be building is basically a SSO setup so as long as the SSO system supports your authentication scheme and has an SSO plug in that supports your app server you will be fine.
  If you have plenty of time but little license money you might want to look at building something based on Apache and Mod_proxy or mod_security. I did a little bit of work on this back in 2003 but it doesn't seem to be a common pattern today so I am not sure how viable this option is.
  Hope this helps
  /M

• Restricted Access Exception?

  Basically what's happening is I'm creating a 3D scroll-shooter and I need it to fire every time I press space.
  When that happens I add a transform group containing the laser, and it's position to the main branchgroup. Whenever I try to do this however it says I'm only allowed to add a BranchGroup node to it?
  Is a branchgroup only allowed to contain one transformgroup before I have to add another?

  Restricted Access Exception is thrown when you are trying to add a non-BranchGroup Object to a Live or Compiled Scene Graph
  So, in order to fix the Issue you have 2 options:
  1) wrap everything you were going to add in a BranchGroup Object and add that
  2) or, just add everything you will need(TransformGroup Objects, Behaviors, Lights etc) before adding it to the Locale or SimpleUniverse Object
  Hope this helps

• Access the nodes data in a table view (generated by aet).

  Hi all ,
  I have created a table view in bp overview page.
  so it has created new component /ztable/zbol entity .
  Now how can i access the nodes of BP page..in the new component created?.

  thanks vishal ,
  but as per the thread,when we create table view using aet ,
  Table view in EHP1 CRM 7.0
  You dont need to worry about the component usage nor you need to create or handle anything like that for AET compoent for table extension. SAP has a special way to handle it in WD_USAGE_INITIALIZE of component controller for AET extension generated component so its nothing for us to do about it. Thanks to SAP
  so still i need to redefine..or can directly access the nodes in do_prepare_output.?

• Restricting access to a  cube while it is being maintained

  Hi,
  We are trying to restrict access via discoverer/excel add in to a CUBE while cube is being maintained. We were able to achieve this by revoking privileges to certain roles before the start of the cube build.
  I would like to know if there is any better way or built in functionality(out of box) that restricts access to a cube a while it is refreshing? Any help is appreciated.

  Ragnar is correct, the best way to do this is to attach the AW in exclusive mode. You can either do this manually yourself before starting your load job, or automatically by scheduling the job and using mutiple processes to load and solve the cube.
  The problem is removing users currently viewing data via Excel/Disco when the job starts. If you can ensure there will be no users accessing the AW when the job starts, then the exclusive attach mode will prevent any users from attaching the AW during the processing. If you cannot guarantee this, then there is a problem because the job will fail when it tries to attach the AW in exclusive mode. Obviously you could put this in a loop and wait until a user exits the front end application and releases the AW. Alternatively, you could write a SQL script to disconnect/kill all sessions accessing the AW - not very nice for the users though if they are building a report because they will lose all their unsaved changes.
  When the AW is attached in exclusive mode, bad news is that Discoverer/Excel will probably generate a nasty Java error message when a user tries to connect using Discoverer/Excel.
  Therefore, overall not an ideal situation. But I cannot think of a really good way to manage this at the moment. Sorry I can't be more helpful.
  Keith Laker
  Oracle EMEA Consulting
  OLAP Blog: http://oracleOLAP.blogspot.com/
  OLAP Wiki: http://wiki.oracle.com/page/Oracle+OLAP+Option
  DM Blog: http://oracledmt.blogspot.com/
  OWB Blog : http://blogs.oracle.com/warehousebuilder/
  OWB Wiki : http://wiki.oracle.com/page/Oracle+Warehouse+Builder
  DW on OTN : http://www.oracle.com/technology/products/bi/db/11g/index.html

• Restricted access to attachments in SRM 7.0 web applications

  Hi,
  We have a very specific problem regarding the handling of attachments with SRM 7.0 web applications. The system is configured to use ArchiveLink for storing documents on a remote content server, which is working fine.
  Now we have a requirement which should restrict access to certain documents to specific user groups. As an example you could say that a Purchase order has (besides others) two documents attached, e.g.
  - signed contract
  - meeting minutes
  The contract should only be visible to a limited number of people, whereas the Meeting Minutes are accessible to everybody.
  Our problem is that apparently only one Content Category ("BBPFILESYS") is used by the SRM web applications for an upload. When granting authorizations on this content category, we cannot distinguish between contracts and meeting minutes anymore.
  Comparing this with the config in ECC we can freely define document types which can be used in AUTH profiles. Is there any similar solution that can be used in SRM 7.0?
  Any help would be greatly appreciated.
  Cheers,
  Mark

  Hello,
  Have a look at note 1334202. It provides some inputs.
  Regards,
  Ricardo

• ASA WebVPN. How do you restrict access to users in an AD group using LDAP?

  Hi All,
  I am trying to configure separate WebVPN connection profiles to give different portal bookmark contents to users based on their AD group membership.  This has been very difficult, even though I beleive it should be easy.
  The login page of teh ASA by default has a dropdown to allow default users to access the default portal and the SSL VPN client connection.
  There are two other portals that I would like to restrict access to based on AD group membership.  I have set these up to be selected by URL.
  The biggest problem is, I have no way of knowing how to go about this.  The AAA LDAP options show a group membership search, which I have configured, but I cannot say "Profile X is restricted to AD group CarpetBaggers", so that if soneone that is NOT a carpetbagger tries to log in, it fails.
  I can only do an all or nothing scenario.
  It would be nice to use Dynamic Access Policies to do this, and I have created a few, but they do NOT seem to work when the drop down aliases or URLs are in use.  So how do I go about using them in this scenario?  Turning off the aliases or URLs is not really an option right now.
  Scenario 1 would work the best for me.  Restrict access to profiles/groups based on AD group membership using LDAP.
  Scenario 2 would be an ideal longer term solution.
  Any thoughts, ideas or assitance would be greatly appreciated.
  Cheers

  This is exactly what i was looking for, and Nelson is correct.  When you enter the DAP configuration for a profile click on "Advanced" and there is the option to create a logical expression.  The guide (ther is a button to access this) is really helpful, with a couple of examples.  This is what i used:
  assert(function()
     if ( (type(aaa.ldap.distinguishedName) == "string") and
          (string.find(aaa.ldap.distinguishedName, "OU=Users") ~= nil) )
  then
         return true
     end
     return false
  end)()
  from the debug dap you can see what Users relates to;
  DAP_TRACE: Username: MyUsername, aaa.ldap.distinguishedName = CN=Mr B,OU=Users,OU=Site ******,DC=CH,DC=Mycompany,DC=com
  My admin account fails to get me in to the same profile:
  DAP_TRACE: dap_add_to_lua_tree:aaa["ldap"]["distinguishedName"]="CN=Admin Mr B,OU=Admin Users,OU=Site *****,DC=CH,DC=Mycompany,DC=com"
  Thanks
  Andrew

• SSH login- how do I restrict access to a shared folder?

  I have created Shares in WGM for SMB and AFP access on my OS X 10.4.8 Server. However when I connect via SSH it's not restricting access to the folder based on the User Name I login with- I see the entire volume! How do I restrict access to a specific folder based on a user name setup in WGM? ACL's?

  Hey George,
  It sounds like you are trying to limit ssh/sftp users to a specific area, aka jails. The FTP server lets you 'chroot' users to a certain area making it appear as the root thus preventing them from navigating up the hierarchy, which is what I think you, and me and many others are trying to accomplish.
  The ssh compiled into OS X is missing this very needed feature. There have been a few documented workarounds, but they've either been too insecure or too clunky for me.
  I've dealt with the fact that my users can get to the root of the hard drive, and have just been very careful about my privileges (by using ACLs), thus preventing them from getting inside areas they shouldn't.
  There's a good write up here: http://www.schwie.com/brad/macosxsftpchroot/ and if you include the term 'chroot' in your searches, you should find a bit about it here too.
  And Roger, I think George meant the file sharing protocol used by ssh. man sftp.

• How can I restrict access to add. internal hard drive by account?

  Hello! Okay, so I am my computer's administrator, and I have a secondary 'guest' account that anyone else can use. So, I know that all my data on my main, OS hard drive is secure from the guest account accessing it, but what about the additional hard drive that I have installed?
  I have a good deal of sensitive data and files stored (and aliased) on my second internal drive that I do not care for 'guest' users to stumble upon. How can I restrict access to the secondary storage hard drive from my Guest login account, and/or just plain hide it from it? Surely, there is a need for this that has brought about a solution. Any tips/advice/solutions?
  Thanks!!!
  =)

  Click here and follow the instructions followed by placing the folders and files on the image; if the password is in the keychain, it will be supplied whenever you're logged in.
  (41018)

• HT201304 Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?

  Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?

  you might be able to block it if the app uses Internet access
  and depending on your wireless you might be able to block a specific user
  accessing the backend host that the app uses
  some firewalls offer application filtering but I'm not aware of any that work with ios apps

• Error while accessing Heirarchy node in report

  Hi Experts,
  I am getting an error message while accessing a node in hierarchy while using variables for reports. I used Tcode RSZV but its throwing error that it doesnot exist in BW 3.x and it is embedded in Bex. Can any one guide me for any other options available to get the same functionality in Bex?
  Thanks ,
  Pilli.

  Hi Pilligay,
  First check the version you are using.
  T code RSZV is used in the earlier version of 3.0B only.
  From 3.0B onwards it is possible in the query designer (BEx) itself. You need to  right click on the info object for which you want to use as a variable and proceed further in selecting variable type and processing type.
  Cheers,
  Tanish

• HT1178 How do I restrict access to my network to mac addresses?

  I am setting-up a new Time Capsule and wish to restrict access to my wireless network to only those mac addresses of my equipment.  I can't find instructions on how to do this.  Any help in pointing me to the correct resource would be appreciated.

  Suggest that you check the Help area in AirPort Utility for instructions.
  Open AirPort Utility
  Click the Help menu at the top of the screen
  Click AirPort Utility Help
  Wait for Help to load
  Click Setting up a Wi-FI network on the left side of the main page
  Click Control when a user can access your network
  Click Control access to your wireless network

• How do I restrict access at the field level in vendor creation XK01

  Hello All,
  Does anyone know a way to restrict access to a certain group of fields or a screen in vendor create? I know it is possible in vendor change XK02 using the field groups (transactions OBAT and OBAU) but we have a requirement to have one group of users create all vendor information except the bank details and another group of users just to create the bank details.
  Thanks for any help you can offer.
  rgds,
  ian

  We have had a similar discussion some while back. please refer to the thread below as it seems to be much similar to your requirement.
  [click here|Hide or Encrypt Bank Account Number]

• How do I restrict access to USB Disk connected to Airport Extreme

  I have attached a USB HDD to my Airport Extreme Base Station. The drive is divided into 4 partitions, which I did with the HDD connected directly to a MBP before plugging into the AEBS. All the Macs on the network seem to be able to read and write into all 4 partitions. Is there anyway to restrict which Macs can access with partition? Or, if I went to a single partition, is there a way to restrict access on a folder by folder basis?
  I've tried searching, but the best answer I've found so far is that the AEBS will only support a single partition/volume.... which doesn't appear to be true anymore.
  Thanks in advance

  You can put a filter on your wifi or use something like the K9 browser.

• How do I restrict access to a folder-like attaching a password in order for someone to open it.

  I want to locate a folder on my desktop, but want to restrict access so that anyone on my laptop can't access the folder, even though they will see it sitting on the desktop.  How do I set up folder permissions?

  Any file on YOUR desktop already has permissions set such that no other user account can access. But if you want to use the OS's native capability to encrypt the contents of a folder, place that folder within an encrypted image.
  Use Disk Utility to create a disk image, and encrypt it with the same utility (use settings in "new image") . Make sure you size the image to a size great enough to hold all your files. Once created, and placed on your desktop, open it, using your password. Once the image is mounted, place the files you want to protect into that image, and then dismount/eject the image. The image essentially becomes your password encrypted folder. Double click it at any time to access your files (enter password). Eject the mounted image to "re-encrypt".
  If you want a disk image that has cross platform capability, then try TrueCrypt. It is  great App for Mac & Windows, with other advantages as well.