Restricting Access to Menu

Hi all,
I just want to know if any way to Hide some of the Menu Elements for User in SAP Business one 2007 B?
I mean, selected user should not be given access to Form Settings or to Access Application from Top Menu.
They should be restricted only to Access Screens from Main Menu [Ctrl+0]
Thanks in Advance.
Regards,
Ravi

Hi Rohan and Gordon,
Thanks for the Response.
well, here is the answer for your question that why i want to block the Accessibility of Top Menu.
In cases where you Log in as a Normal User,Open Main Menu [Control+0],Go to Form Settings and
and Uncheck the Check Box for Visibility for Either Sales or Purchase for Example.
Once that is done, in main menu, what ever Invisible Module is Ticked will not appear for that user.
System will work exactly as per requirement till this Phase.
But once you Access "Modules" from Top Menu, all Unchecked and Checked Modules will appear
for that user.
Hence to avoid this , i was planning atleast to Prevent access of User atleast for Few Items in Top Menu.
Hope, you are Clear with my requirement.
Thanks & Regards,
Ravi Patil

Similar Messages

HT1178 How do I restrict access to my network to mac addresses?

I am setting-up a new Time Capsule and wish to restrict access to my wireless network to only those mac addresses of my equipment. I can't find instructions on how to do this. Any help in pointing me to the correct resource would be appreciated.

Suggest that you check the Help area in AirPort Utility for instructions.
Open AirPort Utility
Click the Help menu at the top of the screen
Click AirPort Utility Help
Wait for Help to load
Click Setting up a Wi-FI network on the left side of the main page
Click Control when a user can access your network
Click Control access to your wireless network

Restrict Access To Page Not Working with Different Auth Levels

I have just started playing with the idea of using different auth levels to allow different users access to certain pages on my site.
Within my SQL database I have a authlevel table consisting of 3 possible levels (guest, user, admin)
I am using the Dreamweaver "Log in user" to log in users based on username, pass, and auth level and "Restrict access to page" set to allow user levels 'user' and 'admin'.
The problem, however, occurs when trying to log in. No matter what auth level I try I am redirected to my page where users should be redirected if they are not allowed to enter that page.
I have included below my code from my login page and the page where all authorized users (user and admin) should be directed upon entering the restricted area.
Login Page:
<?php require_once('../Connections/hondovfd.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
return $theValue;
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "authlevel";
$MM_redirectLoginSuccess = "/membersonly/membersonly.php";
$MM_redirectLoginFailed = "/membersonly/loginfailed.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_hondovfd, $hondovfd);
$LoginRS__query=sprintf("SELECT username, password, authlevel FROM login WHERE username=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $hondovfd) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
    $loginStrGroup = mysql_result($LoginRS,0,'authlevel');
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    header("Location: " . $MM_redirectLoginSuccess );
else {
    header("Location: ". $MM_redirectLoginFailed );
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>Log In</title>

<meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
<meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
<link href="../stylesheet.css" type="text/css" rel="stylesheet" />

<script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
</head>
<body class="thrColLiqHdr">
<div id="container">
<div id="header"></div>
<div id="sidebar1">
<h3>Navigation : </h3>
<ul id="MenuBar1" class="MenuBarVertical">
<li><a href="/index.php">Home</a></li>
<li><a href="/support.php">Support Hondo</a></li>
<li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
    <ul>
      <li><a href="/people.php">Our People</a></li>
      <li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
      <li><a href="/medical.php">Medical</a></li>
      <li><a href="/apparatus.php">Apparatus</a></li>
      <li><a href="/training.php">Training</a></li>
      <li><a href="/volunteer.php">Volunteer</a></li>
      <li><a href="/statistics.php">Statistics</a></li>
      <li><a href="/patchtrading.php">Patch Trading</a></li>
    </ul>
</li>
<li><a href="/album.php">Photo Gallery</a></li>
<li><a href="/calendar.php">Calendar</a></li>
<li><a href="/news.php">Blog/News</a></li>
<li><a href="/links.php">Links</a></li>
<li><a href="/contact.php">Contact Us</a></li>
</ul>
<br />
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<span class="lefttext">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="8567201">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</img></input></input>
</span>
</form>
<span class="lefttext"><br />
</span>
<center>
<span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
</center>
</div>
<div id="sidebar2">
    <p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
    <p>Call Statistics for <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?> as of <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></p>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td width="60%">EMS Calls</td>
    <td width="40%"><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
<tr>
    <td>Fire Calls</td>
    <td><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
</table>
<hr />
    <div id="cse" style="width:100%;">Loading</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script type="text/javascript">
google.load('search', '1');
google.setOnLoadCallback(function(){
    new google.search.CustomSearchControl().draw('cse');
}, true);
</script>
     
</div>

<div id="mainContent">
<div class="top"></div><div class="wrap">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td height="47" class="h2">Members Only Login</td>
</tr>
<tr>
    <td><form ACTION="<?php echo $loginFormAction; ?>" id="login" name="login" method="POST">
    <table width="40%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td width="31%">Username:</td>
    <td width="69%"><input name="username" type="text" /></td>
</tr>
<tr>
    <td>Password</td>
    <td><input name="password" type="password" /></td>
</tr>
</table>
<input name="Submit" type="submit" />
    </form></td>
</tr>
</table>

</div>
<div class="bottom"></div>
</div>
      <br class="clearfloat" />
<div id="footer">
    <p align="center">© Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
</div>
</div>
<script type="text/javascript">

</script>
<?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
</body>
</html>
Other Page:
<?php
if (!isset($_SESSION)) {
session_start();
$MM_authorizedUsers = "user,admin";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
      $isValid = true;
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
    if (($strUsers == "") && false) {
      $isValid = true;
return $isValid;
$MM_restrictGoTo = "/membersonly/loginfailed.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>Members Only Area</title>

<meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
<meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
<link href="../stylesheet.css" type="text/css" rel="stylesheet" />

<script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
</head>
<body class="thrColLiqHdr">
<div id="container">
<div id="header"></div>
<div id="sidebar1">
<h3>Navigation : </h3>
<ul id="MenuBar1" class="MenuBarVertical">
<li><a href="/index.php">Home</a></li>
<li><a href="/support.php">Support Hondo</a></li>
<li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
    <ul>
      <li><a href="/people.php">Our People</a></li>
      <li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
      <li><a href="/medical.php">Medical</a></li>
      <li><a href="/apparatus.php">Apparatus</a></li>
      <li><a href="/training.php">Training</a></li>
      <li><a href="/volunteer.php">Volunteer</a></li>
      <li><a href="/statistics.php">Statistics</a></li>
      <li><a href="/patchtrading.php">Patch Trading</a></li>
    </ul>
</li>
<li><a href="/album.php">Photo Gallery</a></li>
<li><a href="/calendar.php">Calendar</a></li>
<li><a href="/news.php">Blog/News</a></li>
<li><a href="/links.php">Links</a></li>
<li><a href="/contact.php">Contact Us</a></li>
</ul>
<br />
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<span class="lefttext">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="8567201">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</img></input></input>
</span>
</form>
<span class="lefttext"><br />
</span>
<center>
<span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
</center>
</div>
<div id="sidebar2">
    <p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
    <p>Call Statistics for <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?> as of <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></p>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td width="60%">EMS Calls</td>
    <td width="40%"><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
<tr>
    <td>Fire Calls</td>
    <td><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
</table>
<hr />
    <div id="cse" style="width:100%;">Loading</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script type="text/javascript">
google.load('search', '1');
google.setOnLoadCallback(function(){
    new google.search.CustomSearchControl().draw('cse');
}, true);
</script>
     
</div>

<div id="mainContent">
<div class="top"></div><div class="wrap">
    <table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td height="47" class="h2">Members Only Area</td>
</tr>
<tr>
    <td><p><a href="/membersonly/documents.php">Useful Documents</a></p>
      <p><a href="/membersonly/IncidentCount01_08.pdf">Current Call Statistics</a> as of 9/3/09</p>
      </td>
</tr>
</table>
<script type="text/javascript">

</script>
</div>
<div class="bottom"></div>
</div>
      <br class="clearfloat" />
<div id="footer">
    <p align="center">© Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
</div>
</div>
<script type="text/javascript">

</script>
<?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
</body>
</html>

you don't need all that bloat. set a session during login of some kind of uniquely identifying id. i.e.
$_SESSION['id'] = $row_rs['id'];
then on the pages you need to protect, check it like this....
<?php
session_start();
if (!(isset($_SESSION['id']) && $_SESSION['id'] != '')) {
die(header("Location: http://www.notinprotectedareas.com")); }
?>
you can use an include file i.e.
<?php require_once('login_check.php'); ?>
where file is name login_check.php to make your auth controls clean on your protected pages.

How to restrict access to views for some users in the app?

Hi SDN!
I have an WD application wich embedded in the portal. Appication has 2 iViews (and 2 pages respectively). These iViews consist several views connected with each other (e.g. one view provide list data, second view is add/edit form for this data). I need to restrict access for some users for view with add/edit form. I can't make separate page for this view.
What I've done:
1) create yet another UIContainer for this view in main window and embed view to this container. It was be done for create separate iView for form.
2) in the portal I create iView for this form but don't embedd in any page.
When I try to call my form from list data (that is one iView from another) I get exception:
<b>com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: duplicate usage of view .MyCarRentalAddCity</b>
Is there a way to get needed functional?
Thanks,
Lev

Hi,
do you need to remove the IView from the portal menu or do you just want to make a View container in your WD application invisible if the user doesn't have the rights to see it.
If so, you could create your own roles on the app server:
You need to create a new class that extends NamePermission like:
import com.sap.security.api.permissions.NamePermission;
public class ApplicationAccessPermission extends NamePermission {
           * @param name
          public ApplicationAccessPermission(String name) {
               super(name);
           * @param name
           * @param action
          public ApplicationAccessPermission(String name, String action) {
               super(name, action);
Also, you have to create an Action.XML file that looks like this:
<BUSINESSSERVICE
     NAME="com.vendor.administration">
     <DESCRIPTION
          LOCALE="en"
          VALUE="actions view usage"/>
     <ACTION
          NAME="View Permission">
          <DESCRIPTION
               LOCALE="en"
               VALUE="Show view"
               />
          <PERMISSION
               CLASS="com.vendor.utilities.ApplicationAccessPermission"
               NAME="ShowView"
               />
     </ACTION>
</BUSINESSSERVICE>
If you have created these to files in your packages, you can access this function like:
IUser user ;
try {
          user = WDClientUser.getCurrentUser().getSAPUser();
          if(user.hasPermission(new ApplicationAccessPermission("Show view"))){
               wdContext.currentV_UIElement().setViewVisibility(WDVisibility.VISIBLE);
          }else{
               wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
     }catch (WDUMException e1) {
          wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
                e1.printStacktrace();
You have to bind the ViewVisibility attribute of the context to the View Container you want to hide.
The applicationAccessPermission you defined in the XML File will be visible in the UME Manager of you J2EE engine. With this action you can create a new role and group that you can map to the users that should see you view.
But, the exception you get is because you have embedded one view twice, which is not possible.
Hope this helps.
Regards,
Dennis

Why do I get a "restricted access" message?

I created a drop down menu which pointed selection to an iframe. All is well when I preview it in my Firefox browser, but when the files are uploaded to the internet server, the drop down menu selections give a "restricted access" message. Does anyone know why and how I can fix it. Thanks?

Thanks for the prompt reply
The drop down menu code is
The iframe code is
Select Closest Area
Durban
Strangely enough iy works on my computer browser

How do I restrict access to messaging and mail

I want to restrict access to mail and messaging for security reasons, but these don't seem to be options in the restrictions menu.
If this option is not available, when is it planned to be implemented? Or how do I make this a feature request.
I don't quite understand why I'd want to restrict someone from using youtube or the camera, yet give them full access to all my personal email and messages.

I don't quite understand why I'd want to restrict someone from using youtube or the camera, yet give them full access to all my personal email and messages.
I don't know what Apple thinks, but I've always assumed the restrictions are for the situation where a parent buys a teenager their own phone, and wants to restrict data use or time spent on the web. They are not security restrictions. Many people who let kids play with their phone want more flexibility in restrictions.

Restricting access to a cube while it is being maintained

Hi,
We are trying to restrict access via discoverer/excel add in to a CUBE while cube is being maintained. We were able to achieve this by revoking privileges to certain roles before the start of the cube build.
I would like to know if there is any better way or built in functionality(out of box) that restricts access to a cube a while it is refreshing? Any help is appreciated.

Ragnar is correct, the best way to do this is to attach the AW in exclusive mode. You can either do this manually yourself before starting your load job, or automatically by scheduling the job and using mutiple processes to load and solve the cube.
The problem is removing users currently viewing data via Excel/Disco when the job starts. If you can ensure there will be no users accessing the AW when the job starts, then the exclusive attach mode will prevent any users from attaching the AW during the processing. If you cannot guarantee this, then there is a problem because the job will fail when it tries to attach the AW in exclusive mode. Obviously you could put this in a loop and wait until a user exits the front end application and releases the AW. Alternatively, you could write a SQL script to disconnect/kill all sessions accessing the AW - not very nice for the users though if they are building a report because they will lose all their unsaved changes.
When the AW is attached in exclusive mode, bad news is that Discoverer/Excel will probably generate a nasty Java error message when a user tries to connect using Discoverer/Excel.
Therefore, overall not an ideal situation. But I cannot think of a really good way to manage this at the moment. Sorry I can't be more helpful.
Keith Laker
Oracle EMEA Consulting
OLAP Blog: http://oracleOLAP.blogspot.com/
OLAP Wiki: http://wiki.oracle.com/page/Oracle+OLAP+Option
DM Blog: http://oracledmt.blogspot.com/
OWB Blog : http://blogs.oracle.com/warehousebuilder/
OWB Wiki : http://wiki.oracle.com/page/Oracle+Warehouse+Builder
DW on OTN : http://www.oracle.com/technology/products/bi/db/11g/index.html

Restricted access to attachments in SRM 7.0 web applications

Hi,
We have a very specific problem regarding the handling of attachments with SRM 7.0 web applications. The system is configured to use ArchiveLink for storing documents on a remote content server, which is working fine.
Now we have a requirement which should restrict access to certain documents to specific user groups. As an example you could say that a Purchase order has (besides others) two documents attached, e.g.
- signed contract
- meeting minutes
The contract should only be visible to a limited number of people, whereas the Meeting Minutes are accessible to everybody.
Our problem is that apparently only one Content Category ("BBPFILESYS") is used by the SRM web applications for an upload. When granting authorizations on this content category, we cannot distinguish between contracts and meeting minutes anymore.
Comparing this with the config in ECC we can freely define document types which can be used in AUTH profiles. Is there any similar solution that can be used in SRM 7.0?
Any help would be greatly appreciated.
Cheers,
Mark

Hello,
Have a look at note 1334202. It provides some inputs.
Regards,
Ricardo

ASA WebVPN. How do you restrict access to users in an AD group using LDAP?

Hi All,
I am trying to configure separate WebVPN connection profiles to give different portal bookmark contents to users based on their AD group membership. This has been very difficult, even though I beleive it should be easy.
The login page of teh ASA by default has a dropdown to allow default users to access the default portal and the SSL VPN client connection.
There are two other portals that I would like to restrict access to based on AD group membership. I have set these up to be selected by URL.
The biggest problem is, I have no way of knowing how to go about this. The AAA LDAP options show a group membership search, which I have configured, but I cannot say "Profile X is restricted to AD group CarpetBaggers", so that if soneone that is NOT a carpetbagger tries to log in, it fails.
I can only do an all or nothing scenario.
It would be nice to use Dynamic Access Policies to do this, and I have created a few, but they do NOT seem to work when the drop down aliases or URLs are in use. So how do I go about using them in this scenario? Turning off the aliases or URLs is not really an option right now.
Scenario 1 would work the best for me. Restrict access to profiles/groups based on AD group membership using LDAP.
Scenario 2 would be an ideal longer term solution.
Any thoughts, ideas or assitance would be greatly appreciated.
Cheers

This is exactly what i was looking for, and Nelson is correct. When you enter the DAP configuration for a profile click on "Advanced" and there is the option to create a logical expression. The guide (ther is a button to access this) is really helpful, with a couple of examples. This is what i used:
assert(function()
   if ( (type(aaa.ldap.distinguishedName) == "string") and
        (string.find(aaa.ldap.distinguishedName, "OU=Users") ~= nil) )
then
       return true
   end
   return false
end)()
from the debug dap you can see what Users relates to;
DAP_TRACE: Username: MyUsername, aaa.ldap.distinguishedName = CN=Mr B,OU=Users,OU=Site ******,DC=CH,DC=Mycompany,DC=com
My admin account fails to get me in to the same profile:
DAP_TRACE: dap_add_to_lua_tree:aaa["ldap"]["distinguishedName"]="CN=Admin Mr B,OU=Admin Users,OU=Site *****,DC=CH,DC=Mycompany,DC=com"
Thanks
Andrew

SSH login- how do I restrict access to a shared folder?

I have created Shares in WGM for SMB and AFP access on my OS X 10.4.8 Server. However when I connect via SSH it's not restricting access to the folder based on the User Name I login with- I see the entire volume! How do I restrict access to a specific folder based on a user name setup in WGM? ACL's?

Hey George,
It sounds like you are trying to limit ssh/sftp users to a specific area, aka jails. The FTP server lets you 'chroot' users to a certain area making it appear as the root thus preventing them from navigating up the hierarchy, which is what I think you, and me and many others are trying to accomplish.
The ssh compiled into OS X is missing this very needed feature. There have been a few documented workarounds, but they've either been too insecure or too clunky for me.
I've dealt with the fact that my users can get to the root of the hard drive, and have just been very careful about my privileges (by using ACLs), thus preventing them from getting inside areas they shouldn't.
There's a good write up here: http://www.schwie.com/brad/macosxsftpchroot/ and if you include the term 'chroot' in your searches, you should find a bit about it here too.
And Roger, I think George meant the file sharing protocol used by ssh. man sftp.

How can I restrict access to add. internal hard drive by account?

Hello! Okay, so I am my computer's administrator, and I have a secondary 'guest' account that anyone else can use. So, I know that all my data on my main, OS hard drive is secure from the guest account accessing it, but what about the additional hard drive that I have installed?
I have a good deal of sensitive data and files stored (and aliased) on my second internal drive that I do not care for 'guest' users to stumble upon. How can I restrict access to the secondary storage hard drive from my Guest login account, and/or just plain hide it from it? Surely, there is a need for this that has brought about a solution. Any tips/advice/solutions?
Thanks!!!
=)

Click here and follow the instructions followed by placing the folders and files on the image; if the password is in the keychain, it will be supplied whenever you're logged in.
(41018)

HT201304 Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?

Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?

you might be able to block it if the app uses Internet access
and depending on your wireless you might be able to block a specific user
accessing the backend host that the app uses
some firewalls offer application filtering but I'm not aware of any that work with ios apps

Can no longer access my menu on Zen Neeon

I have upgraded to the .009 firmware so now my zen neeon loads quicker and skips tracks quicker but now when I press the scroll button to access the menu nothing happens except it resets to the first track on my player.
I've tried resetting my player. I've created playlists which I can't access. I just can't get to my menu!!!!
Do I need to do a recovery mode rescue?

Thanks for the reply Edmeister. All the tabs take a moment attempting to load, then the Inbox Preview screen pops up. I have even uninstalled FF and reinstalled it. I've checked my settings even though I've made no changes in months. Again, the mail box has never had a problem until about 2 weeks ago. Fortunately, I can retrieve my mail through my old Eudora program and do the house keeping through IE8. Just wish I knew what has changed, i.e., my fault or a program.
Thanks again.

How do I restrict access at the field level in vendor creation XK01

Hello All,
Does anyone know a way to restrict access to a certain group of fields or a screen in vendor create? I know it is possible in vendor change XK02 using the field groups (transactions OBAT and OBAU) but we have a requirement to have one group of users create all vendor information except the bank details and another group of users just to create the bank details.
Thanks for any help you can offer.
rgds,
ian

We have had a similar discussion some while back. please refer to the thread below as it seems to be much similar to your requirement.
[click here|Hide or Encrypt Bank Account Number]

How do I restrict access to USB Disk connected to Airport Extreme

I have attached a USB HDD to my Airport Extreme Base Station. The drive is divided into 4 partitions, which I did with the HDD connected directly to a MBP before plugging into the AEBS. All the Macs on the network seem to be able to read and write into all 4 partitions. Is there anyway to restrict which Macs can access with partition? Or, if I went to a single partition, is there a way to restrict access on a folder by folder basis?
I've tried searching, but the best answer I've found so far is that the AEBS will only support a single partition/volume.... which doesn't appear to be true anymore.
Thanks in advance

You can put a filter on your wifi or use something like the K9 browser.

Restricting Access to Menu

Similar Messages

Maybe you are looking for