Restricting access to form

Is there a way to restrict access to a form? The form - and some selections - might have proprietary data and we would like to restrict use of the form to a private workgroup. We are not trying to create a survey product that is open to the world. If not, is there a recommended solution with the same functionality as FormsCentral that has a feature to limit form access to authorized users? Thank you.

Unfortunately Formscentral does not have a way to limit access to forms. While you could control access to the form by embedding it in a web page that controls access this solution is not perfect.
Andrew

Similar Messages

Form Personalization - Restrict access to one lookup table

Need to pose this to the experts. I need to see if through a form personalization i can restrict access to certain lookup tables that a responsibility has access to. So responsibility 'XXHR' can only see and update lookup tables 'XXHR_A' and lookup table 'XXHR_B' and not be able to see or update any other table.
Thanks in advance for your support
Steve

Forms Personalization is a feature of the Oracle Enterprise Business Suite (EBS) not a feature of Oracle Forms. Please post EBS related questions in the appropriate EBS Forum. If you have a general Forms question, then this is the appropriate forum.
Craig...

Restrict Access To Page Not Working with Different Auth Levels

I have just started playing with the idea of using different auth levels to allow different users access to certain pages on my site.
Within my SQL database I have a authlevel table consisting of 3 possible levels (guest, user, admin)
I am using the Dreamweaver "Log in user" to log in users based on username, pass, and auth level and "Restrict access to page" set to allow user levels 'user' and 'admin'.
The problem, however, occurs when trying to log in. No matter what auth level I try I am redirected to my page where users should be redirected if they are not allowed to enter that page.
I have included below my code from my login page and the page where all authorized users (user and admin) should be directed upon entering the restricted area.
Login Page:
<?php require_once('../Connections/hondovfd.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
return $theValue;
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "authlevel";
$MM_redirectLoginSuccess = "/membersonly/membersonly.php";
$MM_redirectLoginFailed = "/membersonly/loginfailed.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_hondovfd, $hondovfd);
$LoginRS__query=sprintf("SELECT username, password, authlevel FROM login WHERE username=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $hondovfd) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
    $loginStrGroup = mysql_result($LoginRS,0,'authlevel');
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    header("Location: " . $MM_redirectLoginSuccess );
else {
    header("Location: ". $MM_redirectLoginFailed );
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>Log In</title>

<meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
<meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
<link href="../stylesheet.css" type="text/css" rel="stylesheet" />

<script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
</head>
<body class="thrColLiqHdr">
<div id="container">
<div id="header"></div>
<div id="sidebar1">
<h3>Navigation : </h3>
<ul id="MenuBar1" class="MenuBarVertical">
<li><a href="/index.php">Home</a></li>
<li><a href="/support.php">Support Hondo</a></li>
<li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
    <ul>
      <li><a href="/people.php">Our People</a></li>
      <li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
      <li><a href="/medical.php">Medical</a></li>
      <li><a href="/apparatus.php">Apparatus</a></li>
      <li><a href="/training.php">Training</a></li>
      <li><a href="/volunteer.php">Volunteer</a></li>
      <li><a href="/statistics.php">Statistics</a></li>
      <li><a href="/patchtrading.php">Patch Trading</a></li>
    </ul>
</li>
<li><a href="/album.php">Photo Gallery</a></li>
<li><a href="/calendar.php">Calendar</a></li>
<li><a href="/news.php">Blog/News</a></li>
<li><a href="/links.php">Links</a></li>
<li><a href="/contact.php">Contact Us</a></li>
</ul>
<br />
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<span class="lefttext">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="8567201">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</img></input></input>
</span>
</form>
<span class="lefttext"><br />
</span>
<center>
<span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
</center>
</div>
<div id="sidebar2">
    <p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
    <p>Call Statistics for <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?> as of <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></p>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td width="60%">EMS Calls</td>
    <td width="40%"><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
<tr>
    <td>Fire Calls</td>
    <td><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
</table>
<hr />
    <div id="cse" style="width:100%;">Loading</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script type="text/javascript">
google.load('search', '1');
google.setOnLoadCallback(function(){
    new google.search.CustomSearchControl().draw('cse');
}, true);
</script>
     
</div>

<div id="mainContent">
<div class="top"></div><div class="wrap">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td height="47" class="h2">Members Only Login</td>
</tr>
<tr>
    <td><form ACTION="<?php echo $loginFormAction; ?>" id="login" name="login" method="POST">
    <table width="40%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td width="31%">Username:</td>
    <td width="69%"><input name="username" type="text" /></td>
</tr>
<tr>
    <td>Password</td>
    <td><input name="password" type="password" /></td>
</tr>
</table>
<input name="Submit" type="submit" />
    </form></td>
</tr>
</table>

</div>
<div class="bottom"></div>
</div>
      <br class="clearfloat" />
<div id="footer">
    <p align="center">© Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
</div>
</div>
<script type="text/javascript">

</script>
<?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
</body>
</html>
Other Page:
<?php
if (!isset($_SESSION)) {
session_start();
$MM_authorizedUsers = "user,admin";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
      $isValid = true;
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
    if (($strUsers == "") && false) {
      $isValid = true;
return $isValid;
$MM_restrictGoTo = "/membersonly/loginfailed.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>Members Only Area</title>

<meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
<meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
<link href="../stylesheet.css" type="text/css" rel="stylesheet" />

<script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
</head>
<body class="thrColLiqHdr">
<div id="container">
<div id="header"></div>
<div id="sidebar1">
<h3>Navigation : </h3>
<ul id="MenuBar1" class="MenuBarVertical">
<li><a href="/index.php">Home</a></li>
<li><a href="/support.php">Support Hondo</a></li>
<li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
    <ul>
      <li><a href="/people.php">Our People</a></li>
      <li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
      <li><a href="/medical.php">Medical</a></li>
      <li><a href="/apparatus.php">Apparatus</a></li>
      <li><a href="/training.php">Training</a></li>
      <li><a href="/volunteer.php">Volunteer</a></li>
      <li><a href="/statistics.php">Statistics</a></li>
      <li><a href="/patchtrading.php">Patch Trading</a></li>
    </ul>
</li>
<li><a href="/album.php">Photo Gallery</a></li>
<li><a href="/calendar.php">Calendar</a></li>
<li><a href="/news.php">Blog/News</a></li>
<li><a href="/links.php">Links</a></li>
<li><a href="/contact.php">Contact Us</a></li>
</ul>
<br />
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<span class="lefttext">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="8567201">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</img></input></input>
</span>
</form>
<span class="lefttext"><br />
</span>
<center>
<span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
</center>
</div>
<div id="sidebar2">
    <p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
    <p>Call Statistics for <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?> as of <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></p>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td width="60%">EMS Calls</td>
    <td width="40%"><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
<tr>
    <td>Fire Calls</td>
    <td><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
</table>
<hr />
    <div id="cse" style="width:100%;">Loading</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script type="text/javascript">
google.load('search', '1');
google.setOnLoadCallback(function(){
    new google.search.CustomSearchControl().draw('cse');
}, true);
</script>
     
</div>

<div id="mainContent">
<div class="top"></div><div class="wrap">
    <table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td height="47" class="h2">Members Only Area</td>
</tr>
<tr>
    <td><p><a href="/membersonly/documents.php">Useful Documents</a></p>
      <p><a href="/membersonly/IncidentCount01_08.pdf">Current Call Statistics</a> as of 9/3/09</p>
      </td>
</tr>
</table>
<script type="text/javascript">

</script>
</div>
<div class="bottom"></div>
</div>
      <br class="clearfloat" />
<div id="footer">
    <p align="center">© Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
</div>
</div>
<script type="text/javascript">

</script>
<?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
</body>
</html>

you don't need all that bloat. set a session during login of some kind of uniquely identifying id. i.e.
$_SESSION['id'] = $row_rs['id'];
then on the pages you need to protect, check it like this....
<?php
session_start();
if (!(isset($_SESSION['id']) && $_SESSION['id'] != '')) {
die(header("Location: http://www.notinprotectedareas.com")); }
?>
you can use an include file i.e.
<?php require_once('login_check.php'); ?>
where file is name login_check.php to make your auth controls clean on your protected pages.

How to restrict access in 2008?

How to restrict access in 2008?
So, I would like to do the 2 following things:
1. Grant developers access to read all Active Form Comonents
2. Create new Form Groups
3. Not be able to change nS Resticted AFC
and
1. Grant developers rights to Create Ous
2. Add/Rmeove Members to OUs
3. Remove rights to add/remove to/from Site Admin OU
Any suggestions on how to do that?
So far I tried the out of the box Capabilities and Permissions, created custome ones, but still no luck in accomplishing all 3 items.

Your request #1 is not possible. In paticular, you can't create new form groups and still not be able to change all form groups. Please submit an enhancement request, asking that newScale support your desired role configuration.
Similar problem with #2.

How to restrict access to views for some users in the app?

Hi SDN!
I have an WD application wich embedded in the portal. Appication has 2 iViews (and 2 pages respectively). These iViews consist several views connected with each other (e.g. one view provide list data, second view is add/edit form for this data). I need to restrict access for some users for view with add/edit form. I can't make separate page for this view.
What I've done:
1) create yet another UIContainer for this view in main window and embed view to this container. It was be done for create separate iView for form.
2) in the portal I create iView for this form but don't embedd in any page.
When I try to call my form from list data (that is one iView from another) I get exception:
<b>com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: duplicate usage of view .MyCarRentalAddCity</b>
Is there a way to get needed functional?
Thanks,
Lev

Hi,
do you need to remove the IView from the portal menu or do you just want to make a View container in your WD application invisible if the user doesn't have the rights to see it.
If so, you could create your own roles on the app server:
You need to create a new class that extends NamePermission like:
import com.sap.security.api.permissions.NamePermission;
public class ApplicationAccessPermission extends NamePermission {
           * @param name
          public ApplicationAccessPermission(String name) {
               super(name);
           * @param name
           * @param action
          public ApplicationAccessPermission(String name, String action) {
               super(name, action);
Also, you have to create an Action.XML file that looks like this:
<BUSINESSSERVICE
     NAME="com.vendor.administration">
     <DESCRIPTION
          LOCALE="en"
          VALUE="actions view usage"/>
     <ACTION
          NAME="View Permission">
          <DESCRIPTION
               LOCALE="en"
               VALUE="Show view"
               />
          <PERMISSION
               CLASS="com.vendor.utilities.ApplicationAccessPermission"
               NAME="ShowView"
               />
     </ACTION>
</BUSINESSSERVICE>
If you have created these to files in your packages, you can access this function like:
IUser user ;
try {
          user = WDClientUser.getCurrentUser().getSAPUser();
          if(user.hasPermission(new ApplicationAccessPermission("Show view"))){
               wdContext.currentV_UIElement().setViewVisibility(WDVisibility.VISIBLE);
          }else{
               wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
     }catch (WDUMException e1) {
          wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
                e1.printStacktrace();
You have to bind the ViewVisibility attribute of the context to the View Container you want to hide.
The applicationAccessPermission you defined in the XML File will be visible in the UME Manager of you J2EE engine. With this action you can create a new role and group that you can map to the users that should see you view.
But, the exception you get is because you have embedded one view twice, which is not possible.
Hope this helps.
Regards,
Dennis

OIM 11g R1 (11.1.1.5.0) Restricting access to Modify resources by field.

Is there a way to restrict the access to modify specific fields on a resource, based on roles? In design console you have the options of, "Allow Insert", "Allow Update", "Allow Delete" on the form associated with different roles. Is there any way you can restrict this access specifically to fields in the way you can restrict access to user attributes based on authorization policies?

You are failing to utilize the product then. You don't have to utilize a soa-composite for this. They can be set to auto-approve anyway. But you should not just grant admin access to the user and all their resources so easily.
Not sure what kind of event handler you can even use. You could try and explicitly deny access to those roles by adding them to the form permissions and unchecking all the values.
-Kevin

Problem with Restrict Access to Page with access level using ASP

I'm using Dreamweaver CS3 with ASP-VBScript and an Access
database. The pages were created from scratch for this project,
using those tools all the way through.
I've created a login page, an admin homepage, and add, edit,
and list records pages for three tables. The login page uses the
Server Behavior "Log in User", all other pages use the Server
Behavior "Restrict Access to Page". All of these are based on an
Access Level.
Login seems to work correctly, and redirects to the admin
homepage. From the admin homepage, I can open any other page as
expected, and they initially display correctly. On the add and edit
pages, however,
submitting the form often results in getting logged out, but
not always.
Once this happens, I can log back in, but other problems will
sometimes occur during that second login session. Sometimes,
logouts will occur on pages that worked fine during the first login
session. Sometimes, another session variable that I've setup
manually will change when it shouldn't...as if there were two
values stored for my session variable, and reloading the page
changes to the other value.
This
post seems closest to my experience, but it doesn't look like
there was really an answer beyond "I had to fight with it for a bit
to get it to work":
I suspected that there is some problem with session settings
on the server. We have an almost identical tool on the same server
that was developed with an older version of DW that works more
reliably; it sometimes has problems with the initial login, but
never has a problem after that.
Has anyone experienced problems like this? Any suggestions
for what to check? I'm really pulling my hair out since it's so
unreliable...the kind of problem that goes away when you try to
show someone and comes back when they leave.

Hello,
I was thinking that all I would need would be the username, although username and paswsword would be more secure. There are about 50 users and no groups or levels. They are all equal ... same level.
The website is private and there is a general content area for all users and then there will be private areas for each user where proprietary documents will be held. I need to be able to ensure that user 'A' can only see the user 'A' pages, user 'B' can only see user 'B', etc.
I don't really understand what the Dreamweaver script is doing, but the overview sounded like it was the right tool to accomplish what I'm trying to do.
Any assistance greatly appreciated.
thanks.

Problems with Serv.Behav. Restrict Access Level

Hi,
I hope you can help - can't find an answer to this one. Been
going nuts on this! Thank you very much for anything help you can
provide.
1) Using DW 8.0, PHP 4.4.7, MySQL 4.1.22
2) Set up log in page, everything works if the LogIn Server
Behavior is set to "Restrict Access" to only Username &
Password. If set to Username, Password & Access Level get a
MySQL error page:
"You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to
use near 'Privileges FROM tbl_users WHERE Username=%s AND
Password=%s' at line 1"
3) Here's the code:
<?php require_once('Connections/conn_MemberList.php');
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType,
$theDefinedValue = "", $theNotDefinedValue = "")
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue)
: $theValue;
$theValue = function_exists("mysql_real_escape_string") ?
mysql_real_escape_string($theValue) :
mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" :
"NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) .
"'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" :
"NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue :
$theNotDefinedValue;
break;
return $theValue;
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
if (isset($_POST['textfield'])) {
$loginUsername=$_POST['textfield'];
$password=$_POST['textfield2'];
$MM_fldUserAuthorization = "Privileges";
$MM_redirectLoginSuccess = "MemberList.php";
$MM_redirectLoginFailed = "MemberDeny.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_conn_MemberList, $conn_MemberList);
$LoginRS__query=sprintf("SELECT Username, Password,
Privileges FROM tbl_users WHERE Username=%s AND Password=%s",
GetSQLValueString($loginUsername, "text"),
GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $conn_MemberList) or
die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = mysql_result($LoginRS,0,'Privileges');
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
header("Location: " . $MM_redirectLoginSuccess );
else {
header("Location: ". $MM_redirectLoginFailed );
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Transitional//EN" "
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="
http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">

</style>
</head>
<body>
<p> </p>
<form id="LogOn" name="LogOn" method="POST"
action="<?php echo $loginFormAction; ?>">
<table width="100%" border="0" cellspacing="2"
cellpadding="2">
<tr>
<th scope="col"><div align="right"><span
class="style3">User:</span></div></th>
<th scope="col"><label>
<div align="left">
<input type="text" name="textfield" />
</div>
</label></th>
</tr>
<tr>
<td><div align="right"><span
class="style3">Password:</span></div></td>
<td><label>
<div align="left">
<input type="text" name="textfield2" />
</div>
</label></td>
</tr>
<tr>
<td> </td>
<td><label>
<input type="submit" name="Submit" value="Submit" />
</label></td>
</tr>
</table>
</form>
<p> </p>
</body>
</html>
Thank you

I tried this and get the same error message.
ERROR at line 1:
ORA-28545: error diagnosed by Net8 when connecting to an agent
NCRO: Failed to make RSLV connection
ORA-02063: preceding 2 lines from ALPACWOBF
listener.ora:
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = spruce)(PORT = 1521))
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = alpacwobf)
(ORACLE_HOME = C:\oracle\ora92)
(PROGRAM = hsodbc)
tnsnames.ora
alpacwobf.3LOG.COM =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = SPRUCE)(PORT = 1521))
(CONNECT_DATA =
(SID_NAME = alpacwobf)
(HS=ok)
initalpacwobf.ora:
HS_FDS_CONNECT_INFO = AlpacWOBF
HS_FDS_TRACE_LEVEL = 4
HS_FDS_TRACE_FILE_NAME = alpacwobf.log
ODBC setting is ok. odbc name is alpacwobf, db is access 2000.
restart the listener.
tnsping alpacwobf is ok.
database link creating is ok.
but when query,I got error.
alpac > create database link alpacwobf using 'alpacwobf';
Database link created.
alpac > select count(*) from test@alpacwobf;
select count(*) from test@alpacwobf
ERROR at line 1:
ORA-28545: error diagnosed by Net8 when connecting to an agent
NCRO: Failed to make RSLV connection
ORA-02063: preceding 2 lines from ALPACWOBF
Any help will be appreciated.
Thanks a lot.
Richard

PI Sender HTTP adapter restricting access by IP

We have a web service hosted on PI and we would like to limit access to this web service to only one web service client application. This is a high volume interface and not particularly sensitive data so we are not really looking for the SSL overhead. Is there any way other than SSL or using the HTTP logon procedure of AS-ABAP to restrict access to this web service? For example, can we specify anywhere on the AS or in the configuration of the PI Sender HTTP adapter that only requests from a certain IP addresses be processed?

If you do not care about security then pass some basic authentication in the form of userid and password in either the header fields or in the url parameters. These could then be authenticated in the Web Service - though this is not ideal

Ability to restrict access to different Plan Types in Planning 11.1.2 ?

Hi, we're running Planning/EPM version 11.1.2, with DRM and EPMA.
We're creating a new Plan Type (Plan 2) within the Planning app, and if possible I'd like to restrict access to this 2nd plan type to only a small group of users. This 2nd plan type would be for additional what-if testing and we don't want their work to interfere with the main cube in Plan 1. Is it possible to use security provisioning or another technique so I can restrict who can have access to Plan 2?
Also if I can do this, is it also possible to have Planning data forms that are only visible to Plan 2 and it's users?
Thanks in advance.

You can restrict forms easily using groups and/or direct provisioning.
Typically you will always have security on your scenario dimension; I suggest using scenario or version security to restrict access to your data.
Regards,
John A. Booth
http://www.metavero.com

Can I setup username(s) and password(s) for accessing the form?

Dear all,
As the title states, is it possible to restrict the form access to certain people by setting up usernames and passwords?
If not, what would be a suitable (and similar) alternative to using quick reporting forms in a company environment that would allow trend analysis?

Thank you for your response,
True as it may, I don't want anyone accessing the form except those authorized. For example, even though the form access can be limited by controlling the dirstribution of a URL, a quick google search of "incident report formscentral" produces a link to the Columbus School District Bully Incident Reporting Form on the first page of results!
In order to limit access, is it possible to Only embed the form on other websites (ones that require authentication), or to only use the PDF version of the form, allowing it to upload the data to formscentral?

Restricting Access to Menu

Hi all,
I just want to know if any way to Hide some of the Menu Elements for User in SAP Business one 2007 B?
I mean, selected user should not be given access to Form Settings or to Access Application from Top Menu.
They should be restricted only to Access Screens from Main Menu [Ctrl+0]
Thanks in Advance.
Regards,
Ravi

Hi Rohan and Gordon,
Thanks for the Response.
well, here is the answer for your question that why i want to block the Accessibility of Top Menu.
In cases where you Log in as a Normal User,Open Main Menu [Control+0],Go to Form Settings and
and Uncheck the Check Box for Visibility for Either Sales or Purchase for Example.
Once that is done, in main menu, what ever Invisible Module is Ticked will not appear for that user.
System will work exactly as per requirement till this Phase.
But once you Access "Modules" from Top Menu, all Unchecked and Checked Modules will appear
for that user.
Hence to avoid this , i was planning atleast to Prevent access of User atleast for Few Items in Top Menu.
Hope, you are Clear with my requirement.
Thanks & Regards,
Ravi Patil

Restrict access to bid invitation cFolder documents

SRM Experts,
I have a requirement to restrict access to bid invitation cFolder documents.
Here is the scenario:
Buyer1 creates a bid invitation and a cFolder. We do not want any other buyers within our organization to access this bid invitation cFolder.
How can this be achived?
At this time, if a buyer (ex: Buyer2) has access to create a bid invitation or view a bid invitation, the system is automatically gives Buyer2 access to cFolder created by Buyer1.
This needs to be restricted, any advice would be appreciated.
Note: BADI BAdI BBP_CFOLDER_BADI is already deactivated in the system
Please let me know if you have any ideas.
Thanks

Hi,
You can restrict the access through Product categories in the PPOMA_BBP for each user .
So that he can create Bid invitation only to that product category..
please check this link
you can find the customization guide for Cfolders on
https://websmp202.sap-ag.de/~form/sapnet?_FRAME=CONTAINER&_OBJECT=011000358700007402242002E
Please check with SAP PLM consultant . You can controlled through Authorisation role
This is the role used :User
- Role name: SAP_CFX_USER
Better check with the above link
Regards
G.Ganesh Kumar

Ver 8.8 Restricted access to BP accounts and activities

Currently, I am not aware of a way to restrict access to certain BP accounts, including the related activities for a BP. For example, our bank, HR consultants, etc. where I would like to limit the access to these BP accounts and related attachments to certain users, such as our management group.
Primary importance would be to limit access to related activities where sensitive information may be stored in the form of emails, attachments, etc.
Our previous CRM allowed us to flag BP accounts as restricted and set up permissions to authorized users.
Is anyone aware of a way to limit access to these activities?
If not, this is a great enhancement for future releases.

Current system design has only set up confidential GL Account but not for BP. You probably need to post it on the R&D forum here:
/community [original link is broken]
Thanks,
Gordon

Restrict access to particular websites in OS X Server 10.3

Hi!
Is there any way to restrict access to particular websites from the MAC OS X 10.3 server directly?
Thanks!

Restrict in what way?
Limit access to specific client IP addresses?
Require a username/password to access content?
The former can be done, but requires manual tweaking of the config file (and may block subsequent editing via Server Admin).
For the latter, use Server Admin -> (server) -> Web -> Sites -> (site) -> Realms to define a realm, then specify the users that can access the directory.
Note that latter doesn't prevent someone sniffing the network to gain credentials to view the content - for that you need to couple the site with SSL encryption.

Restricting access to form

Similar Messages

Maybe you are looking for