Restricting Access To Specific Groups

Can security be set such that a portal administrator can only edit individual profiles under a select group? How do I do this?

Look at following 9026 plsql API doc link for usage of wwsec_api.remove_group_acl
http://portalstudio.oracle.com/pls/ops/docs/FOLDER/COMMUNITY/PDK/PLSQL/DOC/PLDOC_9026/wwsec_api.html

Similar Messages

  • HT201304 Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?

    Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?

    you might be able to block it if the app uses Internet access
    and depending on your wireless you might be able to block a specific user
    accessing the backend host that the app uses
    some firewalls offer application filtering but I'm not aware of any that work with ios apps

  • Error 23002 when restricting access to specific TS

    I am a bit stumped at the moment on my TSGW.  I am attempting to restrict which Terminal Servers the TSGW will redirect to.
    I am doing this via RAP > Network Resource > "RD Gateway-managed group"
    I created a new group and added the FQDN of the TS I want to connect to and I was unable to connect (received error 23002)
    I then modified the group to use the IP address of the TS and received the same error.
    I then set the Network Resource option in RAP to "Allow users to connect to any network resource" and I was able to connect.  I naturally don't want to do this and want to restrict access as we have other Terminal Servers for other groups.
    I must be missing something, but I am not sure what.  Any thoughts from anyone?

    OK... I may have solved my own issue here.  Sometimes typing it out makes me think...
    One thing I didn't try was the NetBIOS name within the RD Gateway-managed group.
    I entered the 3 entries:  IP/FQDN/NetBIOS  and things came alive.  Now, I shouldn't need all three, so I will need to do some more checking, but at least I'm now in the right direction.

  • HT2688 How do I restrict access to *specific* songs (or give access to a specific playlist) in Home Sharing

    http://support.apple.com/kb/HT2688?
    This article describes two different things:
    Music Sharing and
    Home Sharing
    Music Sharing allows you to select playlist(s) to share, and allows you to play the song from another device. It does *not* allow you to transfer the song to another device.
    Home Sharing allows you to share your ENTIRE music library and transfer the songs to another device. It does not allow you to restrict the share to a specific playlist(s).
    Try it. You can set a password and check the boxes to restrict your playlists, but that only restricts while Home Sharing is turned off. EVERY file is accessible when you have Home Sharing running.
    I have a bunch of music I don't want my kids listening to. I've created a playlist for them, and I want them to be able to load their ipods with music from that list without accessing other music.  Any ideas?

    say suppose i have no control over wcf client. so i want to do it at client side. so what is your suggestion. thanks
    If you can't  implement role based secuirty on the client-side, the you may want to look at what is in the link.
    http://blog.clauskonrad.net/2010/04/wcf-restrict-which-clients-can-call.html

  • Restrict access to specific network devices

    Is there a way through ACS to limit user logons to only specific devices? I know through NAR, I can restrict the source address, but how can I restrict the destination?
    Thanks

    I'm having the same problem.
    The ACS in NAR is mandatory to use a AAA Client plus the client and I would like to limit only by the AAA client.
    It means, the ACS uses the attributes
    Calling-station-ID (Final client)
    Called-station-ID (Network Access Server NAS)
    I would like to limit only based on Called station.
    If you get somehow to solve it please post here.
    Thanks

  • Restricting Access via User Groups

    So I have created some user groups via the Administration page in APEX. I would like to use these groups to control access to various tabs in my database application. Can someone please tell me how I might go about doing this? I can't seem to locate a good example.
    Thanks,
    Mark

    Hi Mark,
    You can e.g. create an authorization scheme (shared components) - pl/sql function returning boolean.
    You can use some functions in apex_util to determine if they should have access. e.g. apex_util.current_user_in_group(p_group_name in varchar2); http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21676/apex_util.htm#BABHCBEG
    Then just apply that authorization scheme to the tab and consequent pages associated to the tab.

  • DBLINK - restrict access to specific objects

    I have created private DBLINK to connect to a particular user. I want to restrict only select access to only selected tables under that schema?. Could someone let me know how to restrict the access?.

    Boochi wrote:
    I have created private DBLINK to connect to a particular user. I want to restrict only select access to only selected tables under that schema?. Could someone let me know how to restrict the access?.Create a new schema (on the remote database), grant SELECT on only the tables you want to allow access to. Create the private DB link to the new schema.

  • SQ00 Restrict Access By User Group

    Hi all,
    I've just created a BOM Overview Report (Query) in SQ00 by using a logical database. I've assigned user's to the User group for the Z_BOM info set to run the report.   
    In Production client nobody has permissions to run SQ00 at this time. My question is if I put transaction SQ00 or SQ01 in a role and assign to users will they be able to run for any info set, or try and create new queries on thier own in there?   I don't want my production floor folks being able to see financial queries.....how do I set this up from a security standpoint...so these users only see the new SQ00 BOM Overview Report?  Thanks for your Input!!

    Let me tell you a better way of doing this for all users...
    Steps:
    1. Remove authorizations for tcodes SQ00, SQ01, SQ03, SQVI.
    2. If possible remove authorization for SA38, SE38. This is to prevent users by copying the program name from other queries (menu >> system >> status) and executing.
    3. Note down the report name for a particular query. In SQ01 you can do this by clicking In background button or following the menu path Query >> More functions >> Display Report name
    4. Create a custom authorization object e.g. Y_SHOP_FLOOR in tcode SU21 (similarly for financials etc if you want) and assign it to relevant users.
    4. Create a Z or Y transaction code in SE93 (of type report), assign the step 4 custom authorization object to this tcode and enter the report name from step 3.
    Edited by: Jeevan Sagar on Feb 5, 2012 1:18 AM

  • ASA WebVPN. How do you restrict access to users in an AD group using LDAP?

    Hi All,
    I am trying to configure separate WebVPN connection profiles to give different portal bookmark contents to users based on their AD group membership.  This has been very difficult, even though I beleive it should be easy.
    The login page of teh ASA by default has a dropdown to allow default users to access the default portal and the SSL VPN client connection.
    There are two other portals that I would like to restrict access to based on AD group membership.  I have set these up to be selected by URL.
    The biggest problem is, I have no way of knowing how to go about this.  The AAA LDAP options show a group membership search, which I have configured, but I cannot say "Profile X is restricted to AD group CarpetBaggers", so that if soneone that is NOT a carpetbagger tries to log in, it fails.
    I can only do an all or nothing scenario.
    It would be nice to use Dynamic Access Policies to do this, and I have created a few, but they do NOT seem to work when the drop down aliases or URLs are in use.  So how do I go about using them in this scenario?  Turning off the aliases or URLs is not really an option right now.
    Scenario 1 would work the best for me.  Restrict access to profiles/groups based on AD group membership using LDAP.
    Scenario 2 would be an ideal longer term solution.
    Any thoughts, ideas or assitance would be greatly appreciated.
    Cheers

    This is exactly what i was looking for, and Nelson is correct.  When you enter the DAP configuration for a profile click on "Advanced" and there is the option to create a logical expression.  The guide (ther is a button to access this) is really helpful, with a couple of examples.  This is what i used:
    assert(function()
       if ( (type(aaa.ldap.distinguishedName) == "string") and
            (string.find(aaa.ldap.distinguishedName, "OU=Users") ~= nil) )
    then
           return true
       end
       return false
    end)()
    from the debug dap you can see what Users relates to;
    DAP_TRACE: Username: MyUsername, aaa.ldap.distinguishedName = CN=Mr B,OU=Users,OU=Site ******,DC=CH,DC=Mycompany,DC=com
    My admin account fails to get me in to the same profile:
    DAP_TRACE: dap_add_to_lua_tree:aaa["ldap"]["distinguishedName"]="CN=Admin Mr B,OU=Admin Users,OU=Site *****,DC=CH,DC=Mycompany,DC=com"
    Thanks
    Andrew

  • F_LFA1_BEK - access to specific vendor

    Hello,
    my first posting....hope someone has an answer...
    We need to give 2 users transaction FBL1N (vendor line items) with only access to 2 specific vendors.
    As far as we know there is no authority object for the vendor account number itself.
    So we thought we can use object F_LFA1_BEK. We entered an  authorization group (LFA1-BEGRU) to this 2 vendors and added this group to F_LFA1_BEK. So far so good.
    Problem is now that it is still possible to access all vendors where no authorization group is maintained in the vendors master record. (No authorization group is the default case and it is not possible to add another one the other vendors)
    Is it possible to achieve this with F_LFA1_BEK or is there any other solution? 
    Thanks a lot!
    Christian

    Hi Alex,
    of course it is possible to do it that way and we already use the LFB1-BEGRU to restrict access to specific vendors.
    But we have a lot of different accounting groups and a lot of users who create/maintain vendors each being responsible for one or more accounting groups. And furthermore this is relevant for 2 company codes.
    And what I haven't mentioned yet: This also needed for customers (FBL5N).
    So you are right it is possible and it is the standard way but in our case currently too much effort.
    Thanks.
    Christian

  • Restricting end user to one specific group with anyconnect

    Hello all
    I just started configuring AnyConnect with ASA 5520 that uses Cisco SecureACS to pass radius authentication.  I configured two profiles with different split tunnel restrictions and what I discovered is that when the client connects to the ASA, they are provided a choice of these two groups (I guess there is no way to restrict this) and I can log into either one with any user account.  How do I restrict this so that the user can only use one profile?  Currently users capable of VPN would be placed in one specifc AD group so that is what SecureACS checks.  Is there a sample configuration guide to handle multiple profiles with different levels of access?

    Alternatively, you can use Radius authorization to place user into a specific group-policy:
    - Configure the Group-Policy attribute under Radius to be OU=
    http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/vpn/vpn_extserver.html#wp1605475
    On  the ASA, just configure 1 tunnel-group, and depending on the  authentication, the user will be placed into the correct group-policy  specified under the ACS server.

  • Restricting  Access for SQ01 User Group

    Hi ,
    Please let me how to Restrict  Access for a   User Group  to only some of  the specific users?
    Thank you
    Edited by: Vibhor Arora on Apr 12, 2010 7:29 AM

    Hi,
    Can you please clarify what exactly you want to know, your request can be interpreted in a few different ways.
    If you are concerned that people have access to all user groups, then you need to remove access to S_QUERY activity 02 and I think activity 23.  They will lose access to all user groups that they are not assigned to via SQ03.

  • Restricting access using groups pulled from OID Authenticator

    Using the OID Authenticator provider, can access to WLS be limited to those ldap registered users who belong to a specific group (as specified in ldap) ?
    I have setup an oid authenticator provider which works in terms of WLS authentication. By looking in AdminServer.log I can see that a users group is picked up however, I'd like to use the group name to restrict access. Is this possible if specif param's in the oid authenticator are used ?

    Remove or replace the ACI that says "Anonymous access" with something more in line with the level of access desired

  • Restrict access to a specific method in JSE

    Hello all,
    I'd like to know if there is a way to restrict access to a specific method in JSE. Basically, my intention is to do this:
    Subject.doAs(subject, new ProtectedMethod());
    // only users with a specific role can access this method
    // (permission specified in my policy file?)
    public class ProtectedMethod implements PrivilegedAction<String> {
       public String run() {
    }I believe that is not possible to specify a method name in policy file via java.lang.RuntimePermission "accessDeclaredMembers", so is there another way to do this?
    Thanks in advance,
    Andre

    I am not an expert of this media hub, but what I would like to know is that are you referring to the security you have setup with the original folders? So after you have created a backup, whatever type of access you have setup was removed? Can you please elaborate?
    Check the FAQ's for NMH305 from here: http://support.linksys.com/en-us/support/storage/NMH305

  • Problems to restrict access to a page when the user belong to more than 1 group

    I have realized that Dreamweaver on a coldfusion document only works fine when the user only belongs to a single group, this is because the code supplied by dreamweave when you use the option "Restrict access to a page" at "Server behaviors" it assumes that the user only have one group as you can see on this line created automaticly by dreamweaver:
    <cfif MM_Username EQ "" OR MM_UserAuthorization EQ "" OR ListFind("admin",MM_UserAuthorization) EQ 0>
    MM_UserAutorization has the value of the field assigned for the list of groups or levels, as you can see it could work if we reverse the parameters of the listfind function but the problem would be if we grant the access to more than one group because the sentence would be like this:
    <cfif MM_Username EQ "" OR MM_UserAuthorization EQ "" OR ListFind("Admin,Manager",MM_UserAuthorization) EQ 0>
    so both paramethers are lists therefore no user will get access to the page.
    I am trying to make a work around to fix this problem but I don't know how to get the name of the page since the Application.cfc so I can validate the access to this page against tables on my database.
    Does someone have a work around or a tip how to fix this problem?
    Thanks in advance.
    AG

    Seems like you have a problem with your group names.ctxLdap.modifyAttributes(groupName,member);Ensure that the value of your variable groupName is a a valid distinguished name.
    Note that an OU (organizationalUnit) is not a group. You do not add users to OU's, you create users in OU's.

Maybe you are looking for

  • Itunes crashed too Blue Screen when I connect Ipod to computer

    My Itunes crashes to the Windows blue screen of death whenever I connect my Ipod to Itunes. I have ran tried both the solutions that are posted in the support section of this website, but none of those solutions seemed to work. I have an Ipod Classic

  • How do I empty the trash under OS 10.9.3 on my Macbook Pro

    I got an overload of messages in my mail box.  I had to delete them one by one.  Now I have a whole bunch of emails in my trash and in my sent box.  How do I delete those?  I do not want to do the sent box one by one.  There is no "Empty trash" in an

  • Java HotSpot Error

    I keep getting this Java HotSpot Error right before ColdFusion spontaneously restarts and I have no idea what's going on. Any ideas of what this error means? # An unexpected error has been detected by HotSpot Virtual Machine: # EXCEPTION_ACCESS_VIOLA

  • Failed to resolve JCO destination name in SLD

    I have installed the ESS/MSS business package, and configured all JCO connections. testing the JCO connections is successful. I can connect to the SLD from the WebDynpro administrator. when I run the ESS/MSS, I get the following error: "com.sap.tc.we

  • Passing Dashboard Prompt values to different dashboard.

    Hi All, I want to pass the selected prompt values from my current dashboard to a different dashboard. I am using a navigate function to go to the other dashboard. The scenario is: I am using a column formulae to navigate to the different dashboard.Th