Restricting access to a  cube while it is being maintained

Similar Messages

• Best way to restrict access to documents (outside of the group or library level)

  Hi, we're thinking of implementing SharePoint Server 2013 Standard Edition for our organization. Many of our employees are research scientists working on proprietary information. From the (admittedly little) I understand about SharePoint, if a user wants
  to restrict access to a particular document to the 2 or 3 people with whom they're collaborating (and also have it not appear in the search results), they will have to email their power user to request that a new document library be created in which they can
  store their documents. Is that correct? In this case, what is the best way to handle item-level permissions? Users absolutely want to have the freedom to restrict access to their documents themselves rather than being forced to go to their power user. Thanks.

  Hi,
  Per my knowledge, if you want to restrict access to the documents to some users, then you need to have Manage Permissions permission to modify other users’ permission on the documents.
  If you do not have the Manage Permissions permission, I recommend to ask the site administrator to create a workflow as below to remove the corresponding users’ permission on the documents which you uploaded. You can start the workflow on the document you
  upload and then the permission of the users set on the workflow will be removed from the document.
  Best regards.
  Thanks
  Victoria Xia
  TechNet Community Support

• What is the best way to restrict access to the page

  Hello Everyone,
  We are trying to restrict access to the web page that is being accessed by the applet. Currently it is public so anybody can view it just by entering URL in the address window. We tried to restrict its access to only certain IP Addresses but then we need to enter every client's address out there since applets execute on the client and not on the server.
  Is there any good way of restricting access to the web page from an applet?
  Any help will be greatly appreciated.
  Thanks,
  Y.M.

  Most web servers allow protection of web resources.
  In particular, apache allows .htaccess (or other, if changed in the root configuration) files to change the access to various resources, and IIS allows you to set up protection domains to restrict access to folders.

• HT201304 I need to restrict access to Settings on an iPad so settings like VoiceOver cannot be activated while letting them access multiple apps on the device. Is their any way to restrict access to settings without locking the device with a PIN?

  I need to restrict access to Settings on an iPad so settings like VoiceOver cannot be activated while letting them access multiple apps on the device. Is their any way to restrict access to settings without locking the device with a PIN?
  This is so our guests cannot tamper or disable the device. We are already using Apple Configurator but their does not seem to be a way to lock down settings without a PIN.

  There's a lot of restrictions information in Chapter 19 of the 4.2 User Guide.
  http://support.apple.com/manuals/#ipad
  By the way, a more extensive version of the User Manual is available at no charge through iBooks.

• Regedit Permissions -"Access Denied" or "Error while deleting key" EVEN AS ADMIN!

  Anyone tried deleting a registry key in Windows 7?  Got "access denied" or "Error while deleting key"?
  The usual response is, "You need to run regedit as an administrator".  but I *AM* logged in as Administrator, and running regedit as administrator, trying to assign administrator full permissions on that registry key in order to delete it!!  
  Am I mistaken, or isn't Administrator supposed to be able to administer and control all the settings on the computer, in order to set it up for the "Average Joe" user?
  So, under the permissions menu of that key, go to advanced, change the owner from System to Administrator, and try again.  It's no longer saying "access denied", but "Cannot delete xxxxxx. Error while deleting key".
  The scenario: Basically, the wireless has stopped working on a laptop. The device does not show up in Device Manager, but is in the registry, so the normal procedure is to delete the registry entry for the device in HKLM/System/CurrentControlSet (and /ControlSet001) /Enum/PCI    ,then attach the device or restart the computer, it finds the "new" hardware and reinstalls it. Easy!...
  Not with permission restrictions on the administrator account it's not!  So I need to give myself permission, to give myself permission, to do a simple task like delete a single registry key!  Why, Microsoft, why???!!!  Please just make the Administrator account a hidden "God mode" account that can do anything, and make the lives of us techies much easier in the process!  
  /RANT
  Now, where did I put that XP disc?!....

  Hi,
  I explain you:
  Administrator does not mean "you get all rights to do anything." Administrator happens to be an account (or in your case, most likely the Local Administrators group) which by default is given some sensitive privileges like SeDebugPrivilege and
  similar. However, as far as the security subsystem is concerned, it is just an account. (Very much unlike root in
  Unix-like operating systems) If you aren't the owner of the key in question, and your account does not have WRITE_DAC access
  to the registry key in question, then you won't be able to change the access control list on the key in question.
  Try taking ownership first. By default, the local administrators group has SeTakeOwnershipPrivilege,
  which allows taking ownership of any object even without the WRITE_OWNER permission
  being granted by the object's discretionary access control list. Once you are the owner, you should be implicitly granted READ_CONTROL (which
  allows you to read the security descriptor on the object in question), and WRITE_DAC (which
  allows you to write to the DACL on the key in question). (Assuming the OWNER_RIGHTS SID
  isn't in use; that's extremely unlikely)

• How do I restrict access at the field level in vendor creation XK01

  Hello All,
  Does anyone know a way to restrict access to a certain group of fields or a screen in vendor create? I know it is possible in vendor change XK02 using the field groups (transactions OBAT and OBAU) but we have a requirement to have one group of users create all vendor information except the bank details and another group of users just to create the bank details.
  Thanks for any help you can offer.
  rgds,
  ian

  We have had a similar discussion some while back. please refer to the thread below as it seems to be much similar to your requirement.
  [click here|Hide or Encrypt Bank Account Number]

• Ability to restrict access to different Plan Types in Planning 11.1.2 ?

  Hi, we're running Planning/EPM version 11.1.2, with DRM and EPMA.
  We're creating a new Plan Type (Plan 2) within the Planning app, and if possible I'd like to restrict access to this 2nd plan type to only a small group of users. This 2nd plan type would be for additional what-if testing and we don't want their work to interfere with the main cube in Plan 1. Is it possible to use security provisioning or another technique so I can restrict who can have access to Plan 2?
  Also if I can do this, is it also possible to have Planning data forms that are only visible to Plan 2 and it's users?
  Thanks in advance.

  You can restrict forms easily using groups and/or direct provisioning.
  Typically you will always have security on your scenario dimension; I suggest using scenario or version security to restrict access to your data.
  Regards,
  John A. Booth
  http://www.metavero.com

• Revoke access to Business Areas while loading data

  Hi,
  What is the best practive to restrict access to business areas (or entire EUL) while data is being loaded?
  Currently users could use Discoverer to query the tables being loaded. What would be an efficient way to make sure they are not able to query the database while loading the data? We load using OWB (PL/SQL).
  Thanks,

  Hi
  In the first step of your data load revoke select rigths from your eul and in the last step grant it back.
  Ott Karesz
  http://www.trendo-kft.hu

• Restricting access to form

  Is there a way to restrict access to a form? The form - and some selections - might have proprietary data and we would like to restrict use of the form to a private workgroup. We are not trying to create a survey product that is open to the world. If not, is there a recommended solution with the same functionality as FormsCentral that has a feature to limit form access to authorized users?  Thank you.

  Unfortunately Formscentral does not have a way to limit access to forms. While you could control access to the form by embedding it in a web page that controls access this solution is not perfect.
  Andrew

• Restrict access to rows in tables using S_TABU_LIN

  Hello
  Is it possible to use this authorization object to restrict access to rows in data tables, based on role?
  Namely, a query is created for table holding financial documents data, and I would like users in charge of one company code, to only be able to see rows relating to that company code when they execute the query.
  I have defined and activated an organization criteria, and included it in the role authorization data restricted to only one company code value, but the user is still able to see all rows in the table.
  The system trace doesn't show a check for the S_TABU_LIN Object while the user is executing the query.
  Can anyone tell me what I'm missing?
  Thanks in advance
  A.

  If you activate S_TABU_LIN, whenever that org criterion is hit with table data being retrieved then the check will be performed.  If it is a standard SAP table field then that could potentially become problematic depending how you set it up.
  By extending the security in the infoset query you are turning the query from a quick and dirty tool to extract data into something that you can control as you would a bespoke report.  Once your dev team have worked out what they need to do, you can apply the standard auth concept to queries with relative ease and without impacting other parts of your security.
  Another thing to mention is that if your developers use logical databases to retrieve query data then there is usually auth checks incorporated in there (which don't show up in SU53 or ST01).

• Need to restrict access to multiple servlet applications on same box

  Hi!
  I have deployed two separate servlet applications to the same IAS. I need
  to restrict access to each application - that is requests from one source
  should only have access to one application and not the other. The web
  server we are using is IIS.
  Should I create a separate IAS to deploy the second application to? Can I
  restrict based on IP - that is port 80 is reserved to application 1 while
  port 81 is restricted to application 2? If so, how do I go about this? It
  appears that the web connector only receives on one port (default 80).
  Any help would be greatly appreciated.
  Sheila

  I see. So do you mean that I can override the port number in the proxy startup script itself? I can try doing that and see if it works fine.
  About Coherence 3.7, yes. I did see that it has some cool features about proxy discovery. But at this point I am stuck at using 3.6 and 3.6.1.
  Edited by: online19 on Jun 29, 2011 5:41 PM

• Restrict access to Time Machine Disk?

  I'm hoping I'm missing something simple here, perhaps someone can enlighten me:
  I've set up an external drive on a new dual band Extreme Base Station to act as the Time Machine volume for all of my family's computers.
  In order to get the backups working without user intervention I have to enable file sharing on the disk in Airport Utility, and then because I have "Secure Shared Disks" enabled, I had to make sure the password was saved in each user's keychain (at least 1 per computer).
  My problem is that this now allows users access to the sparse images on the time Machine Disk.
  Can anybody suggest a way to restrict access while maintaining automatic Time Machine backups in the background? Like I said, I feel like I'm probably missing something as this seems like it should be a standard feature, no?
  Thanks!
  Jake

  Hmm, two points come to mind (again, with the caveat that I don't have any of the equipment and can't test or check anything).
  ..."I think the reason this doesn't work as we'd expect is that it would kill the ability of TM to back up to the network disk when logged in as anything other than the Admin user."...
  I don't think that's right -- if the password is stored in the "System" keychain, it shouldn't matter whether or not anyone is logged in. Just to make sure we aren't talking about different things, I was referring to the "System" keychain, not any individual users' keychain, including "admin" users or the "root" user. A user's login keychain would not normally be unlocked (requiring the user's password) unless they log in, but the system should have access to the "System" keychain whenever it needs it.
  ..."Even if I could hide just that particular share in the Finder sidebar, I'd be happy with that."...
  That raises an important point that I had previously overlooked -- initially, when I had raised the possibility of restricting file access to the backup itself, I suggested that restricting access to the password would be better. However, upon further consideration, it would probably be preferable to do both, because while restricting access to the password would limit users' ability to mount the share and look at backups whenever they felt like it, it might not prevent them from browsing backups while the system has mounted the remote volume and is in the process of performing the backup. That too would depend on how things are mounted (which I have no way of checking).
  Just something to keep in mind while you are experimenting...

• How do I setup my Time Capsule (3rd Generation) to be accessed from the internet while I'm traveling?

  How do I setup my Time Capsule (3rd Generation) to be accessed from the internet while I'm traveling? It is installed on my home network behind my TWC broadband router.

  Ok.. since the TWC modem is also a router.. all configuration takes place on this box.. NONE whatsoever takes place on the TC.
  There is no airport utility 7.7.3 but there is a firmware of that number for the latest AC model TC..
  Is it tall like this.
  Then it is Gen5.
  otherwise it will have a firmware.. 7.6.4 or earlier and the airport utility must be 6.3 or earlier.
  Open the Airport utility and give us a screenshot of the summary page.
  That will also help us determine that you have the TC, which version and how it is setup.
  You might want to press the edit and also give us the Internet and Network tab as they should be set correctly as well.
  I have created a DDNS through DYN.com although I am not sure how to implement this into the TC.
  You do not do anything in the TC.. set it up in the Ubee router.
  Port forward 548 to the TC in the Ubee router.
  And make sure the TC has a static IP in the Ubee router.
  Overall if you find this too hard I strongly recommend you buy a product designed for remote access .. eg WD MyCloud.. they are cheap and easy peasy to setup for remote access.. by PC or Mac and since it is built outside of Apple you not bound up in Apple limitations built into all their equipment to prevent you using it the way you want.. rather than apple want you too.. eg BTMM and iCloud being the only way apple provide for access to the TC and only when it is the main router of the network.
  You are fighting hard because Apple made this hard.. not easy.

• Shared Services, create read access to a cube into an application us a grou

  Hi,
  I have an application with 3 cubes. I have created a group in Shared Services, and i want to give read access only to one cube.
  If i give provision to this group , i only can give read to all the application, so all the cubes are going to have read access.
  How must i do to give only read access to one cube and not to all,
  Thnx
  Guillermo

  Hi,
  This post will help answer your question :- Assigning database access using Shared Services
  If you are using Shared Services access is applied at application level and you can't select individual access to each database.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Restricted access to attachments in SRM 7.0 web applications

  Hi,
  We have a very specific problem regarding the handling of attachments with SRM 7.0 web applications. The system is configured to use ArchiveLink for storing documents on a remote content server, which is working fine.
  Now we have a requirement which should restrict access to certain documents to specific user groups. As an example you could say that a Purchase order has (besides others) two documents attached, e.g.
  - signed contract
  - meeting minutes
  The contract should only be visible to a limited number of people, whereas the Meeting Minutes are accessible to everybody.
  Our problem is that apparently only one Content Category ("BBPFILESYS") is used by the SRM web applications for an upload. When granting authorizations on this content category, we cannot distinguish between contracts and meeting minutes anymore.
  Comparing this with the config in ECC we can freely define document types which can be used in AUTH profiles. Is there any similar solution that can be used in SRM 7.0?
  Any help would be greatly appreciated.
  Cheers,
  Mark

  Hello,
  Have a look at note 1334202. It provides some inputs.
  Regards,
  Ricardo