Restricting access to private apps (using Enterprise Program)
I've been looking in to distributing private apps on iOS. I know that it is possible to use the Enterprise program to create a private app store. However, is it possible to host multiple apps inside this private app store but restrict access to certain apps? Or is this something I need to use a 3rd party service like Apperian or Appaloosa Store for?
For example, If I have two apps which I want to privately distribute, one available to everyone, and one restricted by some criteria (users who are a member of a specific group or assigned a certain role/permission)? Is this possible?
Thanks
I've been looking in to distributing private apps on iOS. I know that it is possible to use the Enterprise program to create a private app store. However, is it possible to host multiple apps inside this private app store but restrict access to certain apps? Or is this something I need to use a 3rd party service like Apperian or Appaloosa Store for?
For example, If I have two apps which I want to privately distribute, one available to everyone, and one restricted by some criteria (users who are a member of a specific group or assigned a certain role/permission)? Is this possible?
Thanks
Similar Messages
-
I see many posts about using SCCM to configure policies, etc., etc. However, I can't find any information about my specific issue:
I have installed the Antimalware extension on several Azure VMs. Only one VM allows access to "System Center Endpoint Protection". All the other ones say "your system administrator has restricted access to this app". Now, since I am the
system administrator, I am at a loss how to be able to see / configure the other VMs using this program.
I have not installed SCCM, since I didn't think I would need it. If, in fact, I must install SCCM, it pretty much defeats the purpose of an extension.
Any ideas would be greatly appreciated.
--- If I am in the wrong forum, please let me know where I should post my question, since there don't appear to be any forums discussing extensions for Azure.Although azure endpoint protection is the same core technology as SCEP it is not managed in the same way. Also, if the ConfigMgr agent is not installed on these VMs, then it's quite impossible for ConfigMgr to the source of the issue here. You are better
off posting to an Azure forum.
However, did you elevate when launching the EP console?
Jason | http://blog.configmgrftw.com | @jasonsandys -
Your system administrator has restricted access to this app.
Enabled the Endpoint role on primary site server.
Enabled Endpoint protection in Default Client Settings
We have Default Client Antimalware Policy set.
When I click on System Center EndPoint Protection in All Programs I get following error:
Your system administrator has restricted access to this app.I am getting this on several windows client builds with SCEP now, we don't have an Applocker policy at all, one of the computers in question is running Win 7 Pro!
I cant see how it could be malware as the users are standard users.
I also don't know how long its been like this, but a machine we just re-imaged last week is now doing it.
going to re-image and see if an update is causing it. -
Can i access my account and use the programs on another computer?
can i access my account and use the programs on another computer? i would like to be able to use both my laptop and my desktop
yes, you are allowed concurrent installations and activations on, up to, two computers.
by signing out of one, you can activate on a third etc. -
Restricting Access only for APPS account using SQLNET
Dear Friends,
Recently we have an incident that a functional consultant has cracked the Apps password. I don't know how.
Now what we are planning is to restrict the database access to only the dba team using sqlnet.ora file and its tcp.validnode_checking parameter.
However, the problem is that we want to continue the APPSRO(which is an Apps Read Only Account) access to them.
Is there any way possible to restrict access only for a particular database user account using sqlnet.ora
please help.
Thanks.Recently we have an incident that a functional consultant has cracked the Apps password. I don't know how.
Now what we are planning is to restrict the database access to only the dba team using sqlnet.ora file and its tcp.validnode_checking parameter.
However, the problem is that we want to continue the APPSRO(which is an Apps Read Only Account) access to them.
Is there any way possible to restrict access only for a particular database user account using sqlnet.ora
Now what we are planning is to restrict the database access to only the dba team using sqlnet.ora file and its tcp.validnode_checking parameter.
However, the problem is that we want to continue the APPSRO(which is an Apps Read Only Account) access to them.
Is there any way possible to restrict access only for a particular database user account using sqlnet.oraNo (and even if it exists, I believe this does not fix the main issue with the apps password which could be cracked again).
The proper way would be changing the apps password and meet the security requirements in these docs.
Secure Configuration Guide for Oracle E-Business Suite 11i [ID 189367.1]
Secure Configuration Guide for Oracle E-Business Suite Release 12 [ID 403537.1]
FNDCPASS Utility New Feature: Enhance Security With Non-Reversible Hash Password [ID 457166.1
Thanks,
Hussein -
How do you restrict access to certain apps via the use of Time Restrictions?
Is there anyway to limit the use of certain apps to a time period of the day? I know the time restrictions on this site ONLY pertain to texting and calls, but not email or any other app, such as Twitter or Facebook, etc.
Well, there are a few different ways to go about it. You could add a preferences page with the admin functionality, and then an admin would just have to click the little pencil in the portlet titlebar. No admin/edit access, no little pencil.
I have often set the visibility of an ASPX control directly from activity rights, in OnPageLoad, if it isn't postback time. The activity rights should be inherited by the user, through the user's group. Best practise is to create empty groups called Roles, add activity rights to the Roles, and then have the actual groups (that contain users) inherit from one or more Roles.
You already knew that part, I added it for the others. My personal definition of a portlet is 'polymorphous instance of a web service'.
So:
Role: Store Manager (has Edit Shopping Cart activity right)
^
Group: Store Managers (has Store Manager parent group)
User: Vladimir (inherits Edit Shopping Cart activity right) -
How do I restrict access to 4 devices using ACS
Currenlty in our ACS we have Group A configured to have access to all network devices-f with ull privilege level 15 access to all devies
We are now trying to implement 4 new users, however we only want them
to have access to 4 devices-routers (4 IP addresses)-and only have
basic level 1 functions in the router
Is this done under Network Access Filter or Network Access Group?
Do I need to create a new group or can I somehow implent that intoI'm using ACS v 4.2 on windows server-TACACS
Under NAF I have configured the IP's of the server I want them to access under Selected Items
Under NAR I have permitted calling point
with the NAF and * *
Under the Group Settings
Network Access Restrictions (NAR)
Shared Network Access Restrictions
Only Allow network access when
All selected NARs result in permi
all selected NARs result in permit..with the NAR i just configured in the selected NAR list -
Need advice for an application that restricts access to other applications using a smart card
Hello everybody,
I am developing a system that uses a smart card reader attached to a USB port of a PC.
What the system should provide is:
When computer boots up and shows the users login screen, a user, previously registered, can use his smart card to access the system, instead of entering his password
Once the user is logged in, when he tries to launch an application, which has previously marked as "secured", a dialog box is shown indicating that the user has to present his smart card. If the smart card has access to the application, the application
is launched, otherwise an error message is shown to the user and the application is not executed.
I develop in C++ and C#. I have already created a library (in Visual C++) that manages the smart card reader and provides the card presented to it.
Now I am developing the applicastion (in C#) that will configure the security (assigning cards to users and applications).
Concerning this, I have 2 questions regarding each point above:
Is it possible to create the centralized application that lists all users and allows to assign cards to them? Then, when the users login screen is shown, the system must access that data before logging in, so that it can check which card was presented and
what user it corresponds to. I have seen in laptops, that have embedded fingerprint readers, a user must login to his account first and then he can register his fingerprints. In fact, what I need to do is something similar but with smart card reader instead
of fingerprint reader. So, perhaps, user must login into his account first and then he will be able to add his card and store that information somewhere (in windows registry maybe).
How can I launch my application when other application is executed but before its interface is actually shown? this is similar to what antivirus programs do, because they check the executable before it is actually ran. What is the best method to address
the application? by executable file name? process name? or other? if the best is by process name, how can I know the process name without actually running the application?
Well, that is all what I need to do. Please advice regarding this subject.
I look forward to hearing from you,
Best regards,
Jaime
Powered by C++> what was the guidance?
1. Research other software that does similar things (not just exactly the same) as you need. If you like something in their solutions, copy it :)
The only software I know that does that is an antivirus, but I am unlucky to find some code in c++ that allows to intercept the program execution before actually executing it.
2. If a kernel driver would fit in your solution, go for it (google for what is available for free, or find a consultant to write it for you).
There are a lot of information about kernel drivers, but the question is, is that really the solution?
Otherwise, you can just hide the application from user's reach and substitute the executable in shortcuts, etc. to run your program instead.
Definetly this is not the way to go
What is the best method to address the application? by executable file name? process name? or other?
By executable file name, like in the Windows Applocker, I think. Processes do not have names (they are artifact of Task manager and debugging tools, to represent the processes for user somehow). Or, only by the filename part of the full path.
I agree with that
if the best is by process name, how can I know the process name without actually running the application?
When the user runs the application, the driver will detect this and do its magic.
I have found this page: http://stackoverflow.com/questions/3556048/how-to-detect-win32-process-creation-termination-in-c. They mention WMI, but I will study it tommorow... it is so late for today :-)
Regards,
-- pa
Regards
Jaime
Powered by C++ -
Can't configure deployed WebCenter app using Enterprise Manager after WLST
Using fusion middleware version 11.1.1.4 with WLS and WebCenter of same versions.
I deployed an ADF application using WLST and the application mostly runs, but I need to configure some portal connections from the Enterprise Manager. I am able to configure many options but when I try to select an option under WebCenter I get:
"You do not have permission to view this page. Contact your administrator"
I get this message for any deployed application even those I didn't deploy using WLST and I was able to configure them fine before this.
I am logged as the Weblogic administrator.
For the deployment using WLST, I connected to the admin server, deployed successfully and last issues exit().
I tried to shutdown the Managed server but took more than 5 minutes (which is not common) so I killed the process and restarted it. Was able to run the application but still can't configure the WebCenter options for any application???
Please advise how to get out of this stuck issue!!
ThanksSolved, seems browser caching. Opened a new browser and it worked !! (seems weird)
Thanks -
Is there a way to restrict access to certain apps on the iphone 4?
I would like to be able to block access on an iphone 4 to certain social networking apps/websites. Is this possible?
Once installed on the phone, there is no way to do what you want.
-
Using NAR to restrict access by MAC address
Hello All,
We have a solution where home users connect via ATM onto our network. Currenty their radius requests are passed onto Cisco ACS 3.3 and they are authenticated using RSA SecurID Fobs to an ACE server.
I am trying to look at an alternative to using a SecurID fob and restrict the end user's access based on MAC address.
I found this on the online documentation for ACS 3.3
"About Non-IP-based NAR Filters
A non-IP-based NAR filter (that is, a DNIS/CLI-based NAR filter) is a list of permitted or denied "calling"/"point of access" locations that you can use in restricting a AAA client. However, by entering an IP address in place of the CLI you can use the non-IP-based filter even when the AAA client does not use a Cisco IOS release that supports CLI or DNIS. In another exception to entering a CLI, you can enter a MAC address to permit or deny; for example, when you are using a Cisco Aironet AAA client. The format of what you specify in the CLI boxCLI, IP address, or MAC addressmust match the format of what you receive from your AAA client. You can determine this format from your RADIUS Accounting Log."
If I specify a clients MAC in any of the non IP NAR options (CLI, Port, DNIS)access is refused. I am using radius IETF and the only time I can see the MAC in the radius accounting logs is when I turn on the option to log cisco-av-pair. Nothing is being logged under CLI or DNIS, so I don't think I can restrict access based on MAC using a non IP NAR. Has anyone implemented what is referred to in the documentation above? Is it just applicable to cisco Aironet? Any ideas?
Thanks.A NAR is a definition, which you make in Cisco Secure ACS, of additional conditions that must be met before a user can access the network. Cisco Secure ACS applies these conditions using information from attributes sent by your AAA clients. So it is not device specific.
-
How to access the private method
All,
I have class ABC with private method getfilename().
I want to use this private method ...
Is it possible to use this method without inheritence ?
Is it possible to access this private method using annoymous inner class ?
or any other alternatives ??
namancI have class ABC with private method getfilename().
I want to use this private method ... You can't; it's private to the instantiations of that class.
Is it possible to use this method without inheritence ? No, no even with inheritance.
Is it possible to access this private method using
annoymous inner class ? Nope, unless you can write that anonymous inner class yourself.
or any other alternatives ?? Nope; privvy parts are privvy parts and only the owner of those privvy
parts can touch them. (ahem)
kind regards,
Jos
ps. unless you want to do reflection surgery of course. -
We are developing an iOS and complementary Mac OS X app for in house use by about 1500 users. I need to manage the devices and distribute the in-house app to these users.
We have an iOS Developer Enterprise Program (iDEP) licence.
Can I combine OSX Server and iDEP to distribute and manage the app? Or do I nee dot move to something like Air Watch?You should not have to do anything the user/group import should be automatic and you should not have to manually create any accounts and it does onging syncs automatically but I do not know how often.
Once you are install and connect to profile manager all the accounts should show up just by clinking on users or the groups icons and they will work with that. You should not need to mess with them in the actual server application Although I would assume the other services all ink into the OD directory I don't know exactly how services like email, file sharing or VPN work as we have other more full featured better scaling services for that like MS Exchange for email/calendar and Cisco VPN.
We are only using OD, Profile Manager and Software Update.
Just a note I am using Server 3.2 on OS 10.9.5 if you are using Server 4.X your mileage will probably vary slightly as I am not sure what the areas of major change are. -
Restricting Access but still allowing acces to Java Apps
I have a university lab that needs to use a Marching Band charting program that was written in Java. It uses the Apple JRE. I heavily restrict application access on these Macs and I can't get the Java app to run as the check box will not stick under User Limitations.
The company says that this is an Apple bug because the User Limitations restricts access to the JRE and Java only apps won't run.
Does anyone know a way around this? I need to restrict access but they need this app.
Thanks,
DavidI can't help with the mail problem, but you can always disable autologin via System Preferences->Accounts. That will prevent anyone from logging in without the password. If you have other admin accounts, either delete them or make them nonadmin accounts. To prevent anyone from booting the machine with an install disk or external HD, set an open firmware password. See http://docs.info.apple.com/article.html?artnum=106482 for details.
-
Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?
you might be able to block it if the app uses Internet access
and depending on your wireless you might be able to block a specific user
accessing the backend host that the app uses
some firewalls offer application filtering but I'm not aware of any that work with ios apps
Maybe you are looking for
-
i cannot connect to the internet through my home router allthough i have put in the correct password from my internt router into my ipod touch-what should i do????????????
-
My bad -- messing w/ my husband's laptop trying to get rid of left over Zone Alarm and Symantec files -- used a registry cleaner and even tho I checked back up registry first, I'm stuck w/ "windows could not start because the following file is missin
-
Connect Cable Box Output to MacPro USB Input
Is it possible (using appropriate cable) to connect the HDMI output of a cable box to a USB 2.0 input on a Mc Pro in order to view cable TV programs?
-
What *Can't* I export into a .swf file?
Hey all! I have a short, 5 slide presentation which includes a few slide transitions, some text animation (dissolves, disappears, timing) an aiff file and a little QT movie at the end. When I export the movie and throw it to Freeway Pro, all I see is
-
Materialized Views/Snapshots not displayed
SQL Devloper: 1.0.0.15.57 on Windows XP Remote Oracle version: Oracle9i Enterprise Edition Release 9.2.0.5.0 on Solaris 2.6 Another department created a combined Snapshot of two tables for another department. Under previous software (TOAD), Snapshot