Restricting or limiting end users in APEX

Similar Messages

• Unable to Create End User in Apex 4.0.2

  I want an End User to use an application without seeing Development links at the bottom (like 'Edit page x' or 'Session' or 'Debug'). I go to the Administration tab, click 'Manage Users and Groups', and click Create User. In the Account Priveleges section I specify 'No' for User is a Workspace Administrator. I specify 'No' for User is a developer. I fill in the mandatory fields and click 'Create User' at the top.
  It processes the action BUT on the following page, for the row created representing the new user, the Account Type says Workspace Administrator and not End User. If I log in with the new user I see developer tabs at the bottom.
  How do I create an End User?
  I obtained APEX 4.0.2.00.08 by downloading Oracle Express 11g if that helps.

  Custom Authentication is behaving like an End User account, which is good - no developer tabs at the bottom. I used something similar to Chapter 11 of the Advanced Tutorials guide:
  CREATE OR REPLACE FUNCTION acl_custom_auth (
  p_username IN VARCHAR2,
  p_password IN VARCHAR2)
  RETURN BOOLEAN IS
  BEGIN
  FOR c1 IN (SELECT 1
  FROM acl_employees
  WHERE upper(userid) = upper(p_username)
  AND upper(last_name) = upper(p_password))
  LOOP
  RETURN TRUE;
  END LOOP;
  RETURN FALSE;
  END;
  /

• How to restrict the EBS end users to run only two same reports at a time?

  Hi,
  We are using EBS 12.0.6 and database 10.2.0.3.
  Is it possible to restrict the end business users to run only two reports at a time?
  OR
  Is it possible to restrict the end business users to run only two same reports at a time?
  Thanks.

  Is it possible to restrict the end business users to run only two same reports at a time?It is not possible.
  You can either make the report "incompatible" to itself (this means only one user in your company can run it at a time)
  Or not make it incompatible. (That means any user can run it any number of times)
  Incompatibility is a way of specifying which requests cannot be run under which circumstances.
  See http://download.oracle.com/docs/cd/A60725_05/html/comnls/us/fnd/incomp.htm
  You can use Hussain's suggestion to use Concurrent: Active Request Limit profile. You can set this profile value at each user level. But if you decide to set it at global level, remember to keep it a higher value for sysadmin kind of users that run scheduled jobs.
  Hope this helps,
  Sandeep Gandhi

• Restriction of back ground from end user

  Hi all, i am ABAPer, but i need  to work on authorization issue,
  I have to restrict our FI End users (8 users) from the back ground job,
  At present scenario is they can run others job also in SM35 including thier job, recently our company aduit found this given the below solution
  Excessive batch job authorisation was given to end users (End users should be restricted from the object S_BTCH_ADM and S_BTCH_NAM which allows them to release and schedule jobs using other usersu2019 ID)
  when i go thorugh i chenged the value S_BCTH_ADM as N and S_BCTH_NAM as *
  and S_BTCH_JOB as LIST,RELE,PROT.
  Kindly give me the solution <removed_by_moderator>
  Regards
  Chandra
  Edited by: Julius Bussche on Jun 16, 2008 6:02 AM

  > Is there any possiblity to restrict the naming convention of background job ie in the sm36 screen Jobname coloumn if i want to restrect with a particular naming convention is int possible example Z:XYZ is the first part of the job name.
  AFAIK you can only restrict this for JOBACTION 'SHOW' and this would only work if your JOBGROUP field was already populated with a value.
  The name of the job would not work. So I would say that you need to arrange that organizationally.
  I think way back a few years ago there was a thread here about this and the possibility of using the user's ID as the JOBGROUP value - but if I remember correctly it was disbanded as being impractical.
  So the answer is most likely: No.
  Cheers,
  Julius

• End user permission ignored

  Hello,
  I have a problem with an end user permission that seems to get ignored: I wanted to demonstrate the usage of the end user permission and assigned a role to a User (for simplicity's sake as an entry point, no worksets, pages etc. involved) and enabled end user permission on the role for that particular user.
  Now when that user logs in he gets to see the according entry in the navigation bar as expected. However if I disable the end user permission, log out and again log in the user, he stills sees the link. The end user permission setting is simply ignored. Can someone shed light onto this, could there be something wrong with the installation)?
  I don't think this is an issue of permission inheritance (the role permissions are set explicitly anyway) or overlapping permissions due to membership in several groups - the user is only member of the single standard  group 'authenticated users'.
  Regards,
  Sebastian
  P.S. What's the use of a role assignment to a user without end user permission anyway (I mean why the option)? What happens if you don't add permissions on a Role for a certain user at all (I tried it, but the effect is the same as described above - end user permission seem to be irrelevant)?

  Hi Robert,
  thanks for your answer and for the link (and I thought I had read everything). I am not so sure however if I really understand the term 'runtime environment' for a user. I thought runtime vs. design-time meant the difference between the content a user sees when he is actually using the portal and the content an administrator has access to in the portal content catalog, i.e. a meta-environment accessible only through certain tools like the permission editor or similar.
  I don't understand what you want to express with "<i>It's used to restrict ... end user runtime environment</i>" and why the "Page Personalization" is an example.
  I realize that for roles the availability for a user is solely defined by the assignment of that role to the user - end user permissions have no effect on this. Confusing, because I tought this availability (i.e. showing links in the toplevel or detailed navigation) was what was meant by 'runtime environment' but I seem to be wrong here.
  The docu says "<i>for roles the end user permission setting does enable you to define which users/groups/roles are able to preview the role content using the portal design-time tools</i>". Again, I am confused, I thought this was exactly the meaning of design-time environment.
  Great if you or someone else could comment on this..
  Regards,
  Sebastian

• Enabling Usage Rights for End User with Reader

  When I "Enable Usage Rights in Adobe Reader," utilizing Adobe
  Acrobat Pro 9, which functions are restricted for the end user?
  Specifically, if one cell property in Acrobat has a
  "Calculate" function, will the calculation perform properly in
  Adobe Reader 9 for the end user?

  Thank you for your posting. These forums are specific to the
  Acrobat.com website and it's set of hosted services, and do not
  cover the Acrobat family of desktop products. Please visit the
  following forums for any questions related to the Acrobat family of
  desktop products:
  http://www.adobeforums.com/cgi-bin/webx/.3bbeda8b/
  Note: Once Reader enabled certain functions like editing a
  PDF,inserting or deleting the pages will be restricted at end user
  part.Apart from this "Calculate" function will support both Acrobat
  as well as Reader application.

• To restrict End user to enter EAN code manually

  In Premargin check when we go for Bar code scanning, the EAN code field appears in editable mode. After scanning an article that field gets the EAN code automatically from database table for that particular article. But one can modify that ean code as it appears in editable mode. I want to make that field to appear in grey mode so that end user can not enter ean code manually and if i scan an article this field gets the ean code from master data.
  How can i restrict end user to enter the EAN code manually in the EAN code field.

  Dear Sri,
  Thanks for your reply but i have tried this option also. Let me explain you about the scenario.
  In UI screen there is a field EAN code. It can be filled either by scanner or an end user can feed the data on his own without scanning the article.
  What i want is to make this happen only by scanning not by manual entry.
  Whenever an article is scanned its EAN code automatically should come in that field.
  I have made the field in grey mode but while scanning it is not picking the EAN code of that article and throwing an error message as "EAN code field can not be left blank". When I am making that field in editable mode then it is able to pick the EAN code after scanning.

• How to restrict end-user from not using certain movement-types in MB1B

  Dear Gurus,
  My client wants that end user has access to only particular movement types in MB1B.i.e only to 311 and 412,421E.
  They do not want any other movement types to be access by end-users in MB1B
  How to go about this requirement?
  Thanks in advance
  Regards
  Ram
  Edited by: RAMKUMAR WARIYAR on Jun 27, 2009 2:14 PM

  hi,
  This is possible you can restrict and allow user for movement type which they can do through any t code.
  Contact yours BASIS consultant for that
  Regards,
  Vishal
  Edited by: VS on Jun 27, 2009 5:46 PM

• List of Calculated KFs and Restricted KFs created by end users

  Hi all,
  Is there one way that I can run a list of all Calcuated KFs and Restricted KFs created by end users in Production. We would like to DELETE all CKFs and RKFs created by end users that are not following the naming convention. So we are looking for a tool to list all CKFs and RKFs created by end users. Can you help?
  Thank you
  J.

  Hi
  Table RSZELTDIR will give you the CKF and RKF but will not tell who has created. The user entry you will find in table RSZCOMPDIR.
  So first go to second table display result by restricting to user name for which you want to delete the CKF and RKF. Select all the component ID and Put in first table and restrict the selection to CKF and RKF .
  thanks
  Tripple k

• Mass upload  of APEX end users

  Hi All,
  I wonder if I can do a mass upload of APEX end users? If so, can you please describe the process?
  Thanks

  These links might get you started in the right direction:
  Re: Create Multiple Developer logins with htmldb_util.create_user
  HTMLDB_UTIL.create_user_from_file did not create users
  Scott

• Audit Vault & Apex - ANONYMOUS user recorded rather than Apex end user

  Hi,
  We have Audit Vault 10.2.3 & Apex 3.2
  Audit Vault stores the name of the database user when a table is updated through SQL*Plus etc as expected.
  Problem is through Apex and insert to db table using simple form on table the user ANONYMOUS is recorded.
  We need to have the actual end user logged into Application Express.
  Is there anyway of configuring Audit Vault or Apex to use/pass v('APP_USER')? Does something need to be done in Apex to set a session?
  Running the below shows 2 ANONYMOUS users and no APEX_PUBLIC_USER or Apex end user.
  select username, count(*)
  from v$session
  group by username;
  Any advice & guidance would be great - thanks in advance.

  Having posted the same question on the Apex forum I received the following response and have been able to use CLIENT_ID to return the apex user and session details. Thought it best to post here too incase others search for the same information.
  Since Audit Vault relies on native database auditing it can only collect information that is recorded by the "source" database in its audit trail. APEX populates the CLIENT_INFO field of the connection with the APP_USER. However, CLIENT_INFO is not recorded in the audit trail. Instead the CLIENT_ID is captured. APEX records a composite value in this field. The value is formatted as "APP_USER:SESSION_ID". This value should be recorded in the audit trail and consequently sent to Audit Vault. Audit Vault's reports should be able to display this field, and you can filter on it to get the information you need.

• How to restrict end user from modifying/saving the workbook?

  <Moderator Message: As you deleted my comment in this thread by editing it again, I am locking it now>
  Hi,
  We have created few workbooks. The requirement is that the end user should not be able to modify or save the workbook. We tried using S_RS_Tools authorization object with "themes" in the Command ID. But this does not seem to solve our problem. Please suggest whether it is possible to enter any other value in this field to restrict access to the end user.
  We also tried including the following authorization objects with the corresponding values :
  1.S_GUI with the value Activity=60(import)
  2.S_USER_AGR with Activity = 03 and * in Role.
  3.S_BDS_DS with Activity = 03(display) and 30 ; Class Type = OT.
  4. S_USER_TCD with tcode = RRMX.
  But still the end user is able to modify the workbooks. (The end user must not be able to make changes to settings of any of the buttons in the design mode, must not be able to save the workbook).
  Please suggest the corrections required. Also kindly suggest if there are any other ways to resolve this issue <removed by moderator>.
  Your help is appreciated.
  Thanks.
  Edited by: Siegfried Szameitat on Nov 26, 2008 12:55 PM
  Edited by: suresh naidu on Nov 26, 2008 1:19 PM
  Edited by: Siegfried Szameitat on Nov 26, 2008 1:23 PM

  Hi,
  Only few people have authorization to create S.O. w.r.t. quotation (as in our case, sales ppl create quotation and Finance ppl create S.0., with reference to Quotation Only - T.Code: VTAA).
  Others have only authorization to View/ Display, VA03.
  Consult your Basis-Admin, he will create appropriate role & assign T. Code: va03 for list of user, provided by you.
  Best Regards,
  Amit.
  Note: You can't restrict anyone with T. Code: VA02, to change qty or price in Sales order, directly.

• End user? in apex 4.2.3

  hi
  i have searched forum but could not understand the solutions yet
  i have create an user without admin and developing rights
  how should i enable applications created for view only?
  a step by step ...instructions pleaseeeeeeeeee

  hemu wrote:
  sir
  when i logged in with newly created user
  i do not see any of my applications i have created
  Unsurprisingly:
  i have create an user without admin and developing rights
  An "end user" account without admin or developer access to the app builder obviously can't access applications through the builder. They access applications directly using an application URL containing the application ID/alias and page ID/alias supplied by an admin or developer user.

• Pdf restricting to save from end user

  Hi
  I am working with filedownload ui element and my client requires that while opening the pdf the end user should not download and save it in their desktop .Please let me know the solution for how to make pdf only in readable mode

  Hi,
  check this link, it is how to do in java, hope you can use it here but not sure.
  http://programming.itags.org/development-tools/55232/
  Regards,
  SrinivaS

• Dimension administration by end-users

  Dear colleagues,
  I am designing BPC solution for Headcount planning. End users should be able to change properties for employee dimension. This would be done by approx. 40 users (Fund Centre managers). Is this possible to be done within BPC admininstation, what are the challenges and risks? Has anyone done it with so many users? As far as I know it is not possible to customize or limit dimensions, which can be changed by a user. So it would be very risky that someone changes property, which he should not.
  Thank you!
  Kind regards
  Ivan

  Hi Ivan,
  If the user activity will be limited to member property change (not creating of new members) then the risk is moderate. It can be done by modified code of Master Data on the Fly http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/2020b522-cdb9-2e10-a1b1-873309454fce?QuickLink=index&…
  Using this badi you can add required restrictions. You will need to change code to allow update of properties only.
  Vadim