Restricting category for individual users

Hello,
This is probably a stupid question but I have googled and googled it and can't figure out the answer. We just started using FDM and currently I am the only user. I am setting up additional user accounts and would like to restrict their access. I was able to set up the new users in User Maintenance, set the access to Intermediate-3, and restrict their access to one location.
I am having issues figuring out how to restrict access to Category. We have multiple categories like Budget and Actual but I would like to restrict the other users access to just Actual. Is it possible to restrict access to category by user?
Thanks!

Not a silly question. If you only have a few users, the simplest option is to use the "Global" setting on the Point of view. this prevents the non-admin users from changing the period or category in the Point of view which can only be amended by an admin user. (A Limitation of this (Needs confirming) is that if you are working on a different category when a user signs in, that is the category they would have access to)
A second option may be to have each user have their own location (assuming they are posting to different target entities), and then use the POV lock but that is a bit more maintenance as you would need to lock the Current Point of View base don location/period/category that you wish to restrict.
Both the above are explained in the admin guide
a third option would be to amend the Category adaptor script so for each user only the category(s) they are entitled to use are displayed (Rather than hard-code each user you may wish to hold the user / category details in a special location / mapping table that only an adminstrator can access)
a fourth option (similar to the third) might be to do something similar in an event script. I haven't used them but there is a Securitychanged event script and a POVChanged event script which might do the job.

Similar Messages

  • How to block calls based ANI for individual user?

    I want to know how to block calls based on ANI for individual user in CUCM?  Lets say if the individual wants to block calls from certain number.
    Malicious call id - softkey will not work for our purpose.
    calls come to cucm via mgcp gateway.  cucm 9.x
    thanks,

    How to block calls has been asked hundreds, and hundreds of times at CSC, a simple search would have provided you with all the necesarry information. Please search before you ask
    https://supportforums.cisco.com/docs/DOC-19628
    HTH
    java
    if this helps, please rate
    www.cisco.com/go/pdihelpdesk

  • "Role not defined for individual users" on user import

    Hello,
    I am trying to import a certain user from one portal to another and I get this warning message:
    "Role <pcd_role_path> not defined for individual users."
    This role is assigned to this user at the 1st portal and exists at the 2nd portal at the same location.
    What does it mean and what do I need to do in this case?

    hi Roy,
    just check one thing ....
    please check wether the user have permissions to those roles.
    please go to the PCD location, where the roles have defined.
    right click on the role and check permissions.
    see if the user you are using is mentioned there. if no, add your user with read/write end user permission.
    i hope this will help you .
    Regards,
    Sujay

  • Restricting  Access for SQ01 User Group

    Hi ,
    Please let me how to Restrict  Access for a   User Group  to only some of  the specific users?
    Thank you
    Edited by: Vibhor Arora on Apr 12, 2010 7:29 AM

    Hi,
    Can you please clarify what exactly you want to know, your request can be interpreted in a few different ways.
    If you are concerned that people have access to all user groups, then you need to remove access to S_QUERY activity 02 and I think activity 23.  They will lose access to all user groups that they are not assigned to via SQ03.

  • How to restrict login for multiple users having same Role

    Our Web Application is deployed on Tomcat 5.5
    The requirement is ?
    There are roles in application like "operator", "admin"?
    There are multiple users created for each of the above role.
    When one user of "operator" role is logged in, then
    It should not allow to login for another user of "operator" role.
    Also, if user did not log out & application gets close, then
    It should not allow to login for another user of "operator" role.
    Also, it should not allow to login for multiple requests of same user
    (using another browser instance...)
    Is it possible using session object?
    But, using session object, it will create separate objects for different users,
    So here I will not be able to restrict session object creation rolewise.
    Also, how to retrieve these multiple session objects created for different users on server?
    If anyone is having the solution please reply as soon as possible,
    Thank you.

    To tell you the truth, this is a stupid requirement. It must be an extremely fragile application.
    In any case, you will have to write your stuff for that. Probably a filter that on login, logout, and session expiration checks, makes, or removes entries in a DB (using a synchronized resource to prevent race conditions) or possibly even simply in an application context object.

  • How to apply Software Restriction policy for specific user in local group policy object ?

    I am working on implementing user based software restriction policy programmatically for local group policy object.
    If i create a policy through Domain Controller,i do have option for software restriction policy in user configuration but in local group policy editor i don't have option for that.
    When i look for the changes made by policy applied from Domain Controller in registry, they modifies registry values for specific users on path HKEY_USERS\(SID of User)\Softwares\Policies\Microsoft\Windows\Safer\Codeidentifiers
    They also have registry.pol stored in SYSvol folder in Domain Controller. When i make the same changes in registry to block any other application, application is getting blocked.
    I achieved what i wanted but is it right to modify registry values ?  
    PS:- I am using Igrouppolicyobject API

    I achieved what I wanted but is it right to modify registry values ?
    You also can modify a registry programmatically based policy. Check this:
    http://blogs.msdn.com/b/dsadsi/archive/2009/07/23/working-with-group-policy-objects-programmatically-simple-c-example-illustrating-how-to-modify-a-registry-based-policy.aspx
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • How-to: Disable syncing of document library for individual users or groups

    Currently, as far as I know, disabling syncing for a document library is all or nothing - everyone with access can sync, or nobody can sync.
    Ideally, there would be an independent list permission, "disable syncing," which appears when assigning permissions to a permission level.  (Syncing is allowed by default if access to document library is granted, opposed to an alternative
    approach of having "enable syncing" which would set the default the other way).
    Given that this level of granularity is not provided out of the box (yet?),
    is there any way (SPD?) to disable syncing for individuals?  (Or to disable syncing for the entire library, then enable syncing to individual users?  Depends on who there is more of, 'syncers' or 'nonsyncers'.)
    * I know that syncing can be disabled across the board.  This is not an option.
    (2) "Open with Explorer" seems to be tied in with syncing, disabling syncing disables "Open with Explorer".  Is there a way to keep "Open with Explorer" functionality while disabling syncing?

    Hi,
    According to your post, my understanding is that you want to disable sync option in library.
    To disable sync option, and keen the open with explore option, we can use the JavaScript to achieve it.
    I have made a code demo below to disable sync option for a particular user, it works like a charm, you can modify it to fit your scenario.
    <script src="../jquery-1.11.0.min.js" type="text/javascript"></script>
    <script src="../jquery.SPServices-2014.01.min.js" type="text/javascript"></script>
    <script type="text/javascript">
    var userid= _spPageContextInfo.userId;
    var requestUri = _spPageContextInfo.webAbsoluteUrl + "/_api/web/getuserbyid(" + userid + ")";
    var requestHeaders = { "accept" : "application/json;odata=verbose" };
    $.ajax({
    url : requestUri,
    contentType : "application/json;odata=verbose",
    headers : requestHeaders,
    success : onSuccess,
    error : onError
    function onSuccess(data, request){
    var loginName = data.d.Title;
    //alert(loginName);
    if(loginName=="Administrator"){
    $("a[id='ctl00_SyncPromotedAction']").hide();
    function onError(error) {
    alert("error");
    </script>
    Thanks & Regards,
    Jason
    Jason Guo
    TechNet Community Support

  • Turn off log level for Individual Users

    Hi,
    we want to turn off logging level of individual users. We usually go to Identity and click on the user to set log level '0' but we have LDAP security setup so don't have idea how to do it.
    Any Ideas
    Thxs
    SYK

    Ok I will try to Set System Variable LOGLEVEL
    As we are using LDAP security we will not have users in RPD so i cant set to'0' in rpd.
    New Question: Suppose If I am able to set log level to '0' for a user i.e User1 and when he logs into OBIEE and get's a error  while running report like say table or view doesn't exist or non of fact table is compatible or number records exceed etc... and Error will show to user as Error Number and says "Please contact System Administrator for more details".
    Me considering as Admin if i want to debug that error that User1 is getting from above scenario  and when i open nqquery log file will I be able to see the log for that report which User1 is getting error or will it show NO LOGLEVEL Found.
    Thxs
    SYK

  • Restrict Data for a user without VPD

    I have read some posts, and maybe there are no better solutions, but I will try.
    For a particular user (User_A) I have to limit the data the user can see by Data_ID.
    Data_ID avialbe to User_A is 1, 2, 3.
    I know I can create a View for each Table and create a folder based on that for this purpose.
    Howevere I am wondering if there is something I can do through Discoverer Admin to accomplish this, so that I won't have to duplicate the folders.
    What I want to do is create a set of Folders in the main Business are and create "Filtered Folders" in a different Business Area.
    Any suggestions except VPD would be appreciated.

    Hi
    To follow up on what Rod has said, yes this solution will work.
    When I do it I add a mandatory condition to my folder which restricts the data to only what the user can see.
    Here's a workflow for Row-level security without a VPD:
    1. Create a security table
    2. Create a security index
    3. Grant the select rights
    4. Populate the table
    5. Create a function
    6. Import the function into Discoverer
    7. Create mandatory condition using embedded calculation
    8. Test
    Here's a simple table script:
    CREATE TABLE GEN_SECR(
    USERNAME VARCHAR2(8) NOT NULL,
    SEC_TYPE VARCHAR2(32) NOT NULL,
    SEC_IND INTEGER NOT NULL);
    In the above table, the three columns are used as follows:
    USERNAME     Oracle username
    SEC_TYPE     An identifier for the item to secure.
    SEC_IND     Use 0 for no access, 1 for access
    Create an index:
    CREATE UNIQUE INDEX GEN_SECR_PK ON GEN_SECR(USERNAME, SEC_TYPE);
    Grant access
    GRANT SELECT ON GEN_SECR TO PUBLIC;
    Populate the table:
    INSERT INTO GEN_SECR VALUES
    ('DRAKE', SALES', 1);
    INSERT INTO GEN_SECR VALUES
    ('MSMITH', ‘SALES', 0);
    Here's my function:
    CREATE OR REPLACE FUNCTION F_GEN_SEC
    (SEC_TYPE_IN VARCHAR2)
    RETURN NUMBER IS
    GEN_ACCESS NUMBER := 0;
    BEGIN
    USER is a system variable and contains the Oracle user id of the currently logged in user
    SELECT SEC_IND INTO GEN_ACCESS
    FROM
    GEN_SECR A
    WHERE
    A.USERNAME = USER
    AND A.SEC_TYPE = SEC_TYPE_IN;
    RETURN (GEN_ACCESS);
    EXCEPTION
    WHEN NO_DATA_FOUND THEN
    RETURN (GEN_ACCESS);
    WHEN OTHERS THEN
    RETURN (GEN_ACCESS);
    END F_GEN_SEC;
    Here's a workflow to import function into Discoverer Admin:
    1. Use Tools | Import PL/SQL functions
    2. Click the Import button
    3. Locate the function to be imported
    4. Click the OK button
    5. Click the Validate button – the function should be valid
    6. Check the Arguments button - all should be fine
    7. Click the OK button
    Use this workflow to create a mandatory condition using embedded calculation
    1. Navigate to folder to be protected
    2. Right-click in folder, on any item, and from pop-up select New Condition
    3. Under Item: select Create Calculation
    F_GEN_SEC('SALES') = 1
    4. Click the OK button
    5. Test using Discoverer Plus
    Here's a methodology for Item-level security:
    We will use the same table, but rather than secure a whole table, we will secure an individual item
    Let’s secure the Credit column and prevent user MSMITH from seeing the content of that item
    Populate the table:
    INSERT INTO GEN_SECR VALUES
    ('DRAKE', CREDIT', 1);
    INSERT INTO GEN_SECR VALUES
    ('MSMITH', ‘CREDIT', 0);
    Here's the rest of the workflow:
    1. Locate and right-click on the item you want to secure
    2. From the pop-up menu select Properties
    3. Rename the item by adding the characters OLD to the end of the name.
    4. Change the Visible to user property to No
    5. Click the OK button to close the Item Properties dialog box.
    6. Right-click on the item again, and from the pop-up menu select New Item.
    7. The New Item dialog box will open.
    8. Give this new item exactly the same name as the item you renamed in step 3
    9. Check the Functions radio button. The Show box will display a list of the function folders. Functions that have been imported into Discoverer are located in the Database folder.
    10. Expand the Database folder and select the function you imported earlier
    11. Click Paste. The function specification will be pasted into the Calculation.
    12. Complete the calculation using DECODE:
    DECODE(F_GEN_SEC('CREDIT'),1,
    Credit OLD,NULL)
    13. Click the OK button to close the New Item dialog box
    14. Move the item to its correct location by placing it immediately above the original item
    15. Test using Plus
    I hope this helps
    Regards
    Michael

  • How to restrict permissions for individual business object fields?

    I know that ACE can restrict permissions (read/write/delete) for entire business objects (Business Partner, Opportunity, Activity...).
    Is it possible to assign security permissions (read/write) to individual attributes of business objects? For example, I want that some users could not view phone number for Business Partner.

    We had similar requirement for transaction but that was more to do edit or non-edit authorization at field level, but i feel this will work for your scenario too.
    First there is no standard tool available to do this, so, you'll have to create your own authorization objects in transaction SU21 (Basis will be able to do that) lets say ZAUTHOBJ, and then assign permitted activities for this object i.e. create/generate, change, display. Then you this authorization object in UI coding to check the permission level and give access at field level. Don't forget to assign this object to your PFCG role.
    I'm not technical so can't tell you where to put the code on UI (may be some prepare output method), your tech team will be able to help you.
    Also, its good idea to have seperate auth object for each field you want to restrict because of scalability in future.
    Hope this gives you some idea...
    Regards,
    Vikas

  • Restrict data for a user profile

    Hi,
    I've made a jsp application where i implemented a users profiles for the screens, so i defined that user x can access to the jsp y in insert mode but can't access in remove mode.
    But now i need to implement a second profile that restrict the data that the user can see, like a Portuguese user can only see Portuguese citys and i don't know what is the best way of doing this, i'm using a BC4J.
    Any ideias
    thanks in advanced
    rjc

    Hi,
    Not exactly sure the exact details of what you are trying to achieve, but when the user logs in you can create a session variable that can be retrieved during the user's session. You implement this by using:
    session.setAttribute(String attrname, String attr)
    Then you can retrieve the attribute at a later time. So on your jsp page (I'm not sure of your table structure) you can do something similar to this:
    <%String whereclause = "Country=" + session.getAttribute("Country");%>
    <jbo:ViewObject id="CityView" whereclause="<%=whereclause%>">
    Hope this helps....
    A
    Hi,
    I've made a jsp application where i implemented a users profiles for the screens, so i defined that user x can access to the jsp y in insert mode but can't access in remove mode.
    But now i need to implement a second profile that restrict the data that the user can see, like a Portuguese user can only see Portuguese citys and i don't know what is the best way of doing this, i'm using a BC4J.
    Any ideias
    thanks in advanced
    rjc

  • Assigned to user Notification for individual user/analyst

    Hello All,
    I am all new to SCSM.
    I have been given a SCSM deployment project by my management.
    I have successfully deployed the Management Server, Data Warehouse Server and the SQL Server.
    I am now into the configuration and the customization part of the project (the real game).
    I have created the Exchange connector and created few e-mail accounts for testing purpose.
    I have Wintel Team which works on the Windows Servers related issues. The Wintel team has got 5 team members.
    Now I have created e-mail notification templates to notify the individual team member and the whole team, when the incident is being assigned to them.
    A workflow and subscriptions are also created for both (the team and the individual team member).
    Now my question is : Is there any way to create a single subscription for all 5 team members but they are notified individually only when an incident is assigned to them.
    I have tested for one and its working fine. Just to avoid multiple subscriptions I wish to create only one. Is it possible or is there any workaround to this problem ?
    Appreciate your responses in advance :)
    Regards
    Manu

    The typical resolution to this is to create a subscription that targets a related role relationship. you'll want to create a subscription (or workflow, identical method for either) that has some dummy criteria (i.e. Title = "BLAH! this isn't real, just
    a searchable string <FIND AND FIX ME>" and get it to look like you want it, and then use
    this method, and export your notification MP out and  to replace the dummy criteria (which should look like this:)
    <InstanceSubscription Type="$MPElement[Name='WorkItem!System.WorkItem.Incident']$">
    <UpdateInstance>
    <Criteria>
    <Expression>
    <SimpleExpression>
    <ValueExpression>
    <Property State="Pre">$Context/Property[Type='WorkItem!System.WorkItem.Incident']/Title$</Property>
    </ValueExpression>
    <Operator>NotEqual</Operator>
    <ValueExpression>
    <Value>BLAH! this isn't real, just a searchable string &ltFIND AND FIX ME&gt</Value>
    </ValueExpression>
    </SimpleExpression>
    </Expression>
    </Criteria>
    </UpdateInstance>
    </InstanceSubscription>
    with something like the following:
    <RelationshipSubscription RelType="$MPElement[Name='WorkItem!System.WorkItemAssignedToUser']$" SourceType="$MPElement[Name='WorkItem!System.WorkItem.Incident']$" TargetType="$MPElement[Name='System!System.Domain.User']$">
    <AddRelationship />
    </RelationshipSubscription>
    This will send a notification any time the Assigned To user relationship is created (or replaced). 

  • QoS for individual users

    Hello all,
    I'm trying to apply QoS in my LAN network in order to give dedicated bandwidth to 100 users if any user is trying to go to www.youtube.com. For rest of the traffic, I don't need to dedicate the amount of bandwidth.
    As per my solution, I can create a class-map matching pattern "*youtube*" to classify the destination but not sure how can I define these 100 users in separate way.
    The issue is, if I give the range 192.168.10.0 0.0.0.127 in ACL, I think the bandwidth will be shared amongst the users in 10.0/25 network. Or, I have to write 100 individual ACLs & class-maps right?
    Can somene help me finding the feasible solution for the same? I think I have only issue with my LAN side where i'm not being able to understand how ACL & Class-map works in this situation.
    Thanks in advance!

    Hi Hari!
    What platform and software is this for? Some platforms support microflow policing but I think it's only available for higher end equipment such as 6500.
    Daniel Dib
    CCIE #37149
    Please rate helpful posts.

  • Restricting websites for domain users

    Hello,
    We have a Windows 2008 R2 Standard server with Service Pack 1 and IE 9.
    All users in the domain get to the internet through the server and are allowed to visit any web site.
    Users have a combination of Windows XP Pro SP3 and Windows 7 Pro.
    We would like to institute something to restrict user website browsing.
    I found this information in a search of the web:
    http://www.windowsecurity.com/articles/Restricting-Specific-Web-Sites-Internet-Explorer-Using-Group-Policy.html
    It looks like this should work, but it seems like it would be a lot of work to either get the allowed sites into IE or the not
    allowed sites into IE.
    Does anybody know of a file that can be imported into IE to populate the Allow this web site for Always or Never?
    Any help anybody can provide to institute a website restriction policy would be gratefully appreciated.
    Thanks,
    Tony
    Stop The World, I want To Get Off! ........... Life Isn't About Waiting For The Storm To Pass ... It's About Learning To Dance In The Rain.

    Hello,
    You can block URLs using group policies: http://www.grouppolicy.biz/2010/07/how-to-use-group-policy-to-allow-or-block-urls/
    Personally, I would recommend using a Proxy server like TMG Forefront to filter Web access instead of using group policies.
    This
    posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Microsoft Student Partner 2010 /
    2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator:
    Security
    Microsoft Certified Systems Engineer:
    Security
    Microsoft Certified Technology Specialist:
    Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist:
    Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist:
    Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist:
    Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise
    Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

  • Can we restrict help for some users

    Hello Experts,
    Can we restrict some users for Help.
    Help Required,
    Regards,

    I don't understand your motive to block the user browsing help.  However, it can be done through shared folder authorization to block those users.  You don't need any functions from B1.  Just need to set help files under shared folder.
    Thanks,
    Gordon

Maybe you are looking for

  • Get filename from EBS to BPEL

    Hi to all, I have an ESB process that has a file adaptor, that reads xml files from a certain folder and then routes them to a BPEL process. I want FROM Bpel to get the filename, becauase i need to store that filename in my database. Can anyone pleas

  • Mail to Exchange

    My work has an exchange server and I would like to connect to it using the Apple mail program. Here is what I am doing: -The incoming mail server is set to the mail server. From reading some of the posts it seems like I may have to put my webmail pat

  • How do you arrange 2 columns together in bin?

    I have a bin of footage of 5 different tapes. When I click on the top of the reel column it will arrange all my footage by tapes, which is great because all my tape 4 clips are together and tape 3 clips etc etc... When I click on media start column i

  • To get the employee with the largest salary

    Is it possible to find the employee with the largest salary without using a subquery???

  • Convert Table into string, No FM is working good for this

    Hi all, i want to convert a table into string, but while convert, i found out that the string has special lenght , and i am getting only some rows of the table  wihle converting, even if i am using concatinate, i got the same problem, please let me k